From 8b318c2e2ec60d714ea08eaad4f7b3d578566536 Mon Sep 17 00:00:00 2001
From: Hannes Braun <hannes.braun@slub-dresden.de>
Date: Wed, 22 Mar 2023 10:16:28 +0100
Subject: [PATCH] Added capability to handle passwords

Role can now create users with passwords.
Will not set a password, even if provided, for users that shall be sudo.
---
 README.md         | 4 +++-
 defaults/main.yml | 3 ++-
 tasks/main.yml    | 5 +++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index e3b76b2..8de9e3c 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ roles:
   - name: role-manage-user
     src: https://25_read_ansible_roles:glpat-5Ci385Nui9Uvyy8dQcuC@git.slub-dresden.de/ansible/referat25/role-manage-users.git
     scm: git
-    version: v1.0
+    version: v1.1 # or whatever version you need
 ```
 
 ```bash
@@ -32,6 +32,8 @@ Provide valid variables and include role inside your playbook.
 
 For variables see `defaults/main.yml`.
 
+Note: Users with the variable `sudo: true` can not have a password. A set password will be ignored.
+
 ## License
 
 For open source projects, say how it is licensed.
diff --git a/defaults/main.yml b/defaults/main.yml
index 27f5c40..4200718 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,9 +2,10 @@
 human_users:
   # - name: "dummy"
   #   shell: /bin/bash
+  #   password:
   #   groups: "dummy"
   #   extra_groups: "ssh"
-  #   ssh_key_file: "claussni.pub"
+  #   ssh_key_file: "dummy.pub"
   #   ssh_key_url: https://git.slub-dresden.de/{{ name }}.keys
   #   sudo: false | true
 
diff --git a/tasks/main.yml b/tasks/main.yml
index afb967b..f15f359 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -19,11 +19,12 @@
   user:
     name: "{{ item.name }}"
     shell: "{{ item.shell | default('/bin/sh') }}"
-    password_lock: true
+    password: "{% if item.sudo == false %}{{ item.password }}{% endif %}"
+    password_lock: "{{ item.sudo }}"
   with_items: "{{ human_users }}"
   become: true
 
-- name: make user sudo if
+- name: Make user sudo if variables say so
   ansible.builtin.template:
     src: etc/sudoers.d/sudoers-user-file.jinja2
     dest: /etc/sudoers.d/{{ item.name }}
-- 
GitLab