Added capability to handle passwords

Role can now create users with passwords. Will not set a password, even if provided, for users that shall be sudo.

Added capability to handle passwords
8b318c2e · Hannes Braun · 630e814d · 8b318c2e · 8b318c2e · 8b318c2e
Commit 8b318c2e authored 2 years ago by Hannes Braun
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ roles:
  - name: role-manage-user
    src: https://25_read_ansible_roles:glpat-5Ci385Nui9Uvyy8dQcuC@git.slub-dresden.de/ansible/referat25/role-manage-users.git
    scm: git
-    version: v1.0
+    version: v1.1 # or whatever version you need
 ```

 ```bash
@@ -32,6 +32,8 @@ Provide valid variables and include role inside your playbook.

 For variables see `defaults/main.yml`.

+Note: Users with the variable `sudo: true` can not have a password. A set password will be ignored.
+
 ## License

 For open source projects, say how it is licensed.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,9 +2,10 @@
 human_users:
  # - name: "dummy"
  #   shell: /bin/bash
+  #   password:
  #   groups: "dummy"
  #   extra_groups: "ssh"
-  #   ssh_key_file: "claussni.pub"
+  #   ssh_key_file: "dummy.pub"
  #   ssh_key_url: https://git.slub-dresden.de/{{ name }}.keys
  #   sudo: false | true


--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -19,11 +19,12 @@
  user:
    name: "{{ item.name }}"
    shell: "{{ item.shell | default('/bin/sh') }}"
-    password_lock: true
+    password: "{% if item.sudo == false %}{{ item.password }}{% endif %}"
+    password_lock: "{{ item.sudo }}"
  with_items: "{{ human_users }}"
  become: true

- name: make user sudo if
+- name: Make user sudo if variables say so
  ansible.builtin.template:
    src: etc/sudoers.d/sudoers-user-file.jinja2
    dest: /etc/sudoers.d/{{ item.name }}