feat: set state for iam users

Mint-System · Jan 22, 2025 · 04116d6 · 04116d6
1 parent ec90ac9
commit 04116d6
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 14 deletions.
diff --git a/roles/clean/defaults/main.yml b/roles/clean/defaults/main.yml
@@ -7,4 +7,4 @@ odoo_config_map:
   - name: prod
 odoo_volume_name: "{{ odoo_hostname }}"
 postgres_volume_name: "{{ postgres_hostname }}"
-nginx_data_dir: "/usr/share/{{ nginx_hostname }}"
+nginx_data_dir: "/usr/share/{{ nginx_hostname }}"
diff --git a/roles/clean/tasks/iam.yml b/roles/clean/tasks/iam.yml
@@ -0,0 +1,8 @@
+---
+- name: Remove users
+  ansible.builtin.user:
+    user: "{{ item.username }}"
+    state: absent
+    remove: true
+  loop: "{{ iam_users }}"
+  when: item.state is defined and item.state == 'absent'
diff --git a/roles/clean/tasks/main.yml b/roles/clean/tasks/main.yml
@@ -46,4 +46,5 @@
       - pgadmin
       - meilisearch
       - crowdsec
-      - metabase
+      - metabase
+      - iam
diff --git a/roles/clean/tasks/metabase.yml b/roles/clean/tasks/metabase.yml
@@ -3,4 +3,4 @@
   community.docker.docker_container:
     name: "{{ metabase_hostname }}-{{ item.name}}"
     state: absent
-  loop: "{{ metabase_config_map }}"
+  loop: "{{ metabase_config_map }}"
diff --git a/roles/iam/tasks/main.yml b/roles/iam/tasks/main.yml
@@ -10,6 +10,14 @@
     iam_users: "{{ iam_users + host_iam_users }}"
   when: host_iam_users is defined
 
+- name: Remove absent users
+  set_fact:
+    iam_users: "{{ iam_users | rejectattr('state', 'equalto', 'absent') }}"
+
+- name: Filter users that don't match host
+  set_fact:
+    iam_users: "{{ iam_users | selectattr('hosts', 'defined') | selectattr('hosts', 'contains', inventory_hostname_short) }}"
+
 - name: Include users tasks
   ansible.builtin.include_tasks: users.yml
   when: iam_users is defined

diff --git a/roles/iam/tasks/users.yml b/roles/iam/tasks/users.yml
@@ -12,9 +12,7 @@
     shell: "{{ item.shell | default('/bin/bash') }}"
     groups: "{{ item.groups | default('') }}"
     append: true
-    state: "{{ item.state | default('present') }}"
   loop: "{{ iam_users }}"
-  when: item.hosts is defined and inventory_hostname_short in item.hosts
 
 # FIXME: Passwort does not work if not set manually
 - name: Set user passwords
@@ -27,7 +25,6 @@
 - name: Set authorized key
   ansible.posix.authorized_key:
     user: "{{ item.username }}"
-    state: "{{ item.state | default('present') }}"
     key: "{{ item.ssh_public_key }}"
   loop: "{{ iam_users }}"
   when: item.hosts is defined and inventory_hostname_short in item.hosts and item.ssh_public_key is defined
@@ -41,11 +38,3 @@
     mode: "0700"
   loop: "{{ iam_users }}"
   when: item.hosts is defined and inventory_hostname_short in item.hosts and item.ssh_private_key is defined
-
-- name: Remove users
-  ansible.builtin.user:
-    user: "{{ item.username }}"
-    state: absent
-    remove: true
-  loop: "{{ iam_users }}"
-  when: item.hosts is defined and inventory_hostname_short in item.hosts and item.state is defined and item.state == 'absent'