breaking change: "group" property from baserole_userlist_local was sp…

…litted into: - group_primary: string (primary group) - group_secondary (secondary/supplemental groups) string as list; empty: remove all (non-primary) groups and "group_append" (false, true) was introduced
selfhostx · May 4, 2023 · 4e2cb7f · 4e2cb7f
1 parent 715485d
commit 4e2cb7f
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 3 deletions.
diff --git a/roles/baserole/README.md b/roles/baserole/README.md
@@ -348,6 +348,9 @@ see https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_mod
 |---|---|---|---|---|
 | name | username | text | yes | empty |
 | group | group(s) | text | no | empty |
+| group_primary  | primary group(s) | text | no | empty |
+| group_secondary | secondary/supplemental group(s) membership(s) | text, comma seperated list | no | empty |
+| group_append | true: append group(s), false: set group(s) exactly as given | boolean (true, false) | no | empty |
 | conditional_hostgroup | Create this user only when this ansible-group (membership) is present (in inventory or dynamically assigned) | | | empty |
 | home | home-directory | text (path) | any valid path | no | /home/$name |
 | uid | Set specific user id | int (number 1-999 für sysaccounts or 1000-60000, depending on distribution) | no | |

diff --git a/roles/baserole/defaults/main.yml b/roles/baserole/defaults/main.yml
@@ -276,7 +276,9 @@ baserole_usercreate_local: true
 
 # valid attributes in baserole_userlist_local dictionary:
 # name: -> username # REQUIRED
-# group: -> group(s)
+# group_primary: -> primary group
+# group_secondary: -> secondary/supplemental group(s) membership(s)
+# group_append: (false, true) -> true: append group(s), false: set group(s) exactly as given
 # conditional_hostgroup: group -> only create the user when this ansible-group membership is present (from inventory)
 # home: -> home-directory
 # uid: user id

diff --git a/roles/baserole/tasks/user-manage-local.yml b/roles/baserole/tasks/user-manage-local.yml
@@ -62,7 +62,9 @@
   - name: Manage user accounts
     ansible.builtin.user:
       name:               '{{ item.user }}'
-      group:              '{{ item.group              | d(omit) }}'
+      group:              '{{ item.group_primary      | d(omit) }}'
+      groups:             '{{ item.group_additional   | d(omit) }}'
+      append:             '{{ item.group_append_group | d(omit) }}'
       home:               '{{ item.home               | d(omit) }}'
       uid:                '{{ item.uid                | d(omit) }}'
       state:              '{{ item.state              | d("present") }}'
@@ -158,7 +160,7 @@
         src: "{{ item.ssh_authorizedkeys_file }}"
         dest: "/home/{{ item.user }}/.ssh/authorized_keys"
         owner: "{{ item.user }}"
-        group: "{{ item.group | default(item.user) }}"
+        group: "{{ item.group_primary | default(item.user) }}"
         mode: 0600
       when:
         - item.ssh_authorizedkeys_file is defined