- Adds the user's public key to ~/.ssh/authorized_keys (tags: pubkeys)
+This role also supports revoking user access by removing all users in the
+``revoked_users`` variable.
+
+
Usage
+++++
users: []
+A list of usernames whose access is to be revoked::
+
+ revoked_users: []
+
Tags
++++
Available tags are listed below:
users
- Perform only user creation tasks, ssh keys will not be updated.
+ Perform only user creation/removal tasks; ssh keys will not be updated.
+
+revoke
+ Perform only user removal tasks.
pubkeys
Perform only authorized keys tasks, users will not be created but all
- Allow management of the UID for each user
- Allow management of the shell for each user
-
-- Add the ability to remove or revoke user access
- Ensure that the sudo group exists with the correct permissions. We currently depend on it
being created already by other playbooks (ansible_managed.yml) or created by cobbler
# both managed_users and managed_admin_users would be filtered
# to only contain the information for 'user1'.
users: []
+
+# A list of users whose access is to be revoked. These accounts will be deleted.
+revoked_users: []
delay: 5
tags:
- pubkeys
+
+- name: Filter the revoked_users list
+ set_fact:
+ revoked_users:
+ "[{% for user in revoked_users %}
+ {% if user in users %}'{{ user }}',{%endif%}
+ {%endfor%}]"
+ when: users|length > 0
+ tags:
+ - always
+
+- name: Remove revoked users
+ user:
+ name: "{{ item }}"
+ state: absent
+ with_items: revoked_users
+ tags:
+ - user
+ - revoke
projects / ceph-cm-ansible.git / commitdiff