fix: only add SSH keys when they are due to be added, don't ignore errors, use...

fix: only add SSH keys when they are due to be added, don't ignore errors, use FQCMs, convert 'with_dict' to 'loop', correct typo for var name

fix: only add SSH keys when they are due to be added, don't ignore errors, use...
274cb2b4 · Jörg Sachse · 29a87517 · 274cb2b4 · 274cb2b4
Commit 274cb2b4 authored 3 years ago by Jörg Sachse
--- a/tasks/configure_ssh_keys.yml
+++ b/tasks/configure_ssh_keys.yml
@@ -6,7 +6,7 @@
    key: "{{ item.value.ssh_key_current | default('') }}"
    state: present
  with_dict: "{{ human_users }}"
-  ignore_errors: "yes"
+  when: item.value.state != "absent"
 - name: gültige SSH-Keys für Public-Key Authentication einspielen (ROBOT_USERS)
  authorized_key:
@@ -15,7 +15,7 @@
    key: "{{ item.value.ssh_key_current | default('') }}"
    state: present
  with_dict: "{{ robot_users }}"
-  ignore_errors: "yes"
+  when: item.value.state != "absent"
 - name: alle gültigen SSH-Keys zum Installationsuser hinzufügen
  authorized_key:
@@ -24,4 +24,4 @@
    key: "{{ item.value.ssh_key_current | default('') }}"
    state: present
  with_dict: "{{ human_users }}"
-  ignore_errors: "yes"
+  when: item.value.state != "absent"
--- a/tasks/remove_users_keys.yml
+++ b/tasks/remove_users_keys.yml
 ---
 - name: SSH-Keys gelöschter Benutzer entfernen (HUMAN USERS)
-  authorized_key:
+  ansible.posix.authorized_key:
    user: "{{ item.key }}"
    key: "{{ item.value.ssh_key_current }}"
    state: absent
-  with_dict: "{{ human_users | combine(robot_users) }}"
+  loop: "{{ human_users | combine(robot_users) | dict2items }}"
  when:
    - item.value.state == "absent"
-    - not item.value.ssh_key_current
+    - item.value.ssh_key_current is not defined
-  ignore_errors: true
- name: alte/ungültige SSH-Keys für Public-Key Authentication entfernen (tut nur etwas, wenn in vars ssh_key_old und ssh_comment_old hinterlegt sind)
+- name: alte/ungültige SSH-Keys für Public-Key Authentication entfernen (tut nur etwas, wenn in vars ssh_key_old UND ssh_comment_old hinterlegt sind)
-  authorized_key:
+  ansible.posix.authorized_key:
    user: "{{ item.key }}"
    key: "{{ item.value.ssh_key_old }}"
-    comment: "{{ item.vaule.ssh_comment_old }}"
+    comment: "{{ item.value.ssh_comment_old }}"
    state: absent
-  with_dict: "{{ human_users | combine(robot_users) }}"
+  loop: "{{ human_users | combine(robot_users) | dict2items }}"
  when:
-    - not item.value.ssh_key_old
+    - item.value.ssh_key_old is defined
-    - not item.vaule.ssh_comment_old
+    - item.value.ssh_comment_old is defined
-  ignore_errors: true
+    - item.value.ssh_key_old != item.value.ssh_key_current
 - name: alle ungültigen SSH-Keys vom Installationsuser entfernen
-  authorized_key:
+  ansible.posix.authorized_key:
    user: "{{ vault_install_username }}"
    key: "{{ item.value.ssh_key_current }}"
    state: absent
-  with_dict: "{{ human_users }}"
+  loop: "{{ human_users | dict2items }}"
  when: ( item.value.state == "absent" )
-  ignore_errors: true
-#  - name: debug
-#    debug:
-#      msg: "{{ item.value.state }}"
-#    with_dict: "{{ human_users }}"
-#    tags: [ssh]
 - name: delete HUMAN users
-  user:
+  ansible.builtin.user:
    name: "{{ item.key }}"
    state: "{{ item.value.state }}"
    remove: true
-  with_dict: "{{ human_users }}"
+  loop: "{{ human_users | dict2items }}"
  when: ( item.value.state == "absent" )
-  ignore_errors: "yes"
 - name: delete individual primary user group (HUMAN USERS)
-  group:
+  ansible.builtin.group:
    name: "{{ item.key }}"
    state: "{{ item.value.state }}"
-  with_dict: "{{ human_users }}"
+  loop: "{{ human_users | dict2items }}"
  when: ( item.value.state == "absent" )