diff --git a/roles/pulp_user/tasks/main.yml b/roles/pulp_user/tasks/main.yml index e4f8b5c..b753ec9 100644 --- a/roles/pulp_user/tasks/main.yml +++ b/roles/pulp_user/tasks/main.yml @@ -1,13 +1,15 @@ --- - name: Get information for each user uri: - url: "{{ pulp_user_url }}?username={{ item.username }}" + url: "{{ pulp_user_url }}?username={{ pulp_users[user_index].username }}" user: "{{ pulp_username }}" password: "{{ pulp_password }}" method: GET status_code: 200 force_basic_auth: true - loop: "{{ pulp_users }}" + loop: "{{ pulp_users | map(attribute='username') }}" + loop_control: + index_var: user_index register: users_get_result - name: Reset users facts @@ -18,37 +20,52 @@ - name: Set users to delete fact set_fact: - remove_users: "{{ remove_users + [user.json.results[0]] }}" - loop: "{{ users_get_result.results }}" + remove_users: "{{ remove_users + [users_get_result.results[user_index].json.results[0]] }}" + loop: "{{ users_get_result.results | map(attribute='item') }}" loop_control: - loop_var: "user" - label: "{{ user.item.username }}" + index_var: user_index when: - - user.json.count == 1 - - user.item.state is defined - - user.item.state == "absent" + - users_get_result.results[user_index].json.count == 1 + - pulp_users[user_index].state is defined + - pulp_users[user_index].state == "absent" - name: Set users to create fact set_fact: - create_users: "{{ create_users + [user.item] }}" - loop: "{{ users_get_result.results }}" + create_users: "{{ create_users + [pulp_users[user_index]] }}" + loop: "{{ users_get_result.results | map(attribute='item') }}" loop_control: - loop_var: "user" - label: "{{ user.item.username }}" + index_var: user_index when: - - user.json.count == 0 - - user.item.state is not defined or user.item.state != "absent" + - users_get_result.results[user_index].json.count == 0 + - pulp_users[user_index].state is not defined or pulp_users[user_index].state != "absent" - name: Set users to update fact set_fact: - update_users: "{{ update_users + [user.json.results[0] | combine(user.item) | combine({'existing_groups': user.json.results[0]['groups']}) ] }}" - loop: "{{ users_get_result.results }}" + update_users: >- + {{- update_users + [users_get_result.results[user_index].json.results[0] + | combine(pulp_users[user_index]) + | combine({'existing_groups': users_get_result.results[user_index].json.results[0]['groups']})] -}} + loop: "{{ users_get_result.results | map(attribute='item') }}" loop_control: - loop_var: "user" - label: "{{ user.item.username }}" + index_var: user_index when: - - user.json.count == 1 - - user.item.state is not defined or user.item.state != "absent" + - users_get_result.results[user_index].json.count == 1 + - pulp_users[user_index].state is not defined or pulp_users[user_index].state != "absent" + - >- + users_get_result.results[user_index].json.results[0].username != pulp_users[user_index].username or + (pulp_users[user_index].first_name is defined and + users_get_result.results[user_index].json.results[0].first_name != pulp_users[user_index].first_name) or + (pulp_users[user_index].last_name is defined and + users_get_result.results[user_index].json.results[0].last_name != pulp_users[user_index].last_name) or + (pulp_users[user_index].email is defined and + users_get_result.results[user_index].json.results[0].email != pulp_users[user_index].email) or + (pulp_users[user_index].is_active is defined and + users_get_result.results[user_index].json.results[0].is_active != pulp_users[user_index].is_active) or + (pulp_users[user_index].is_staff is defined and + users_get_result.results[user_index].json.results[0].is_staff != pulp_users[user_index].is_staff) or + (pulp_users[user_index].groups is defined and + users_get_result.results[user_index].json.results[0].groups | map(attribute='name') | list != pulp_users[user_index].groups) or + pulp_users[user_index].password is defined - name: Create users uri: @@ -59,59 +76,60 @@ method: POST status_code: 201 body: - username: "{{ item.username }}" - password: "{{ item.password | default(None) }}" - first_name: "{{ item.first_name | default(None) }}" - last_name: "{{ item.last_name | default(None) }}" - email: "{{ item.email | default(None) }}" - is_staff: "{{ item.is_staff | default(None) }}" - is_active: "{{ item.is_active | default(None) }}" + username: "{{ create_users[user_index].username }}" + password: "{{ create_users[user_index].password | default(None) }}" + first_name: "{{ create_users[user_index].first_name | default(None) }}" + last_name: "{{ create_users[user_index].last_name | default(None) }}" + email: "{{ create_users[user_index].email | default(None) }}" + is_staff: "{{ create_users[user_index].is_staff | default(None) }}" + is_active: "{{ create_users[user_index].is_active | default(None) }}" body_format: form-urlencoded - loop: "{{ create_users }}" + loop: "{{ create_users | map(attribute='username') }}" loop_control: - label: "{{ item.username }}" + index_var: user_index changed_when: true - name: Update existing users uri: - url: "{{ pulp_url }}{{ item.pulp_href }}" + url: "{{ pulp_url }}{{ update_users[user_index].pulp_href }}" user: "{{ pulp_username }}" password: "{{ pulp_password }}" force_basic_auth: true method: PATCH body: - username: "{{ item.username }}" - password: "{{ item.password | default(None) }}" - first_name: "{{ item.first_name | default(None) }}" - last_name: "{{ item.last_name | default(None) }}" - email: "{{ item.email | default(None) }}" - is_staff: "{{ item.is_staff | default(None) }}" - is_active: "{{ item.is_active | default(None) }}" + username: "{{ update_users[user_index].username }}" + password: "{{ update_users[user_index].password | default(None) }}" + first_name: "{{ update_users[user_index].first_name | default(None) }}" + last_name: "{{ update_users[user_index].last_name | default(None) }}" + email: "{{ update_users[user_index].email | default(None) }}" + is_staff: "{{ update_users[user_index].is_staff | default(None) }}" + is_active: "{{ update_users[user_index].is_active | default(None) }}" body_format: form-urlencoded - loop: "{{ update_users }}" + loop: "{{ update_users | map(attribute='username') }}" loop_control: - label: "{{ item.username }}" + index_var: user_index register: result changed_when: true - name: Add or remove user from group(s) + vars: + exist_users: "{{ create_users + update_users }}" include_tasks: user_groups/add_or_remove_users.yml # All users that aren't state: absent are in play here - loop: "{{ create_users + update_users }}" + loop: "{{ exist_users | map(attribute='username') }}" loop_control: - loop_var: user - label: "{{ user.username }}" + index_var: user_index - name: Delete users uri: - url: "{{ pulp_url }}{{ item.pulp_href }}" + url: "{{ pulp_url }}{{ remove_users[user_index].pulp_href }}" user: "{{ pulp_username }}" password: "{{ pulp_password }}" force_basic_auth: true method: DELETE status_code: 204 body_format: form-urlencoded - loop: "{{ remove_users }}" + loop: "{{ remove_users | map(attribute='username') }}" loop_control: - label: "{{ item.username }}" + index_var: user_index changed_when: true diff --git a/roles/pulp_user/tasks/user_groups/add_or_remove_users.yml b/roles/pulp_user/tasks/user_groups/add_or_remove_users.yml index 812a4a6..533dd3f 100644 --- a/roles/pulp_user/tasks/user_groups/add_or_remove_users.yml +++ b/roles/pulp_user/tasks/user_groups/add_or_remove_users.yml @@ -2,13 +2,13 @@ - name: Remove user from groups not defined in pulp_users include_tasks: remove_user_from_groups.yml - loop: "{{ user.existing_groups | map(attribute='name') | difference(user.groups | default([], true)) }}" + loop: "{{ exist_users[user_index].existing_groups | map(attribute='name') | difference(exist_users[user_index].groups | default([], true)) }}" loop_control: loop_var: remove_group - when: user.existing_groups is defined + when: exist_users[user_index].existing_groups is defined - name: Add user to groups defined in pulp_users include_tasks: add_user_to_groups.yml - loop: "{{ user.groups | default([], true) | difference(user.existing_groups | default([]) | map(attribute='name') ) }}" + loop: "{{ exist_users[user_index].groups | default([], true) | difference(exist_users[user_index].existing_groups | default([]) | map(attribute='name')) }}" loop_control: loop_var: add_group diff --git a/roles/pulp_user/tasks/user_groups/add_user_to_groups.yml b/roles/pulp_user/tasks/user_groups/add_user_to_groups.yml index 9343eea..1e88f0a 100644 --- a/roles/pulp_user/tasks/user_groups/add_user_to_groups.yml +++ b/roles/pulp_user/tasks/user_groups/add_user_to_groups.yml @@ -29,7 +29,7 @@ user: "{{ pulp_username }}" password: "{{ pulp_password }}" body: - username: "{{ user.username }}" + username: "{{ exist_users[user_index].username }}" body_format: json method: POST force_basic_auth: true diff --git a/roles/pulp_user/tasks/user_groups/remove_user_from_groups.yml b/roles/pulp_user/tasks/user_groups/remove_user_from_groups.yml index e5bb8d0..b547fed 100644 --- a/roles/pulp_user/tasks/user_groups/remove_user_from_groups.yml +++ b/roles/pulp_user/tasks/user_groups/remove_user_from_groups.yml @@ -5,7 +5,7 @@ - name: Remove user from group # DELETE {{ pulp_url }}/pulp/api/v3/groups/880/users/11/ uri: - url: "{{ pulp_url }}{{ user_group.pulp_href }}users/{{ user.id }}/" + url: "{{ pulp_url }}{{ user_group.pulp_href }}users/{{ exist_users[user_index].id }}/" user: "{{ pulp_username }}" password: "{{ pulp_password }}" method: DELETE @@ -14,7 +14,7 @@ force_basic_auth: true # If we get here, we're always changing something changed_when: true - loop: "{{ user.existing_groups | selectattr('name', 'equalto', remove_group) }}" + loop: "{{ exist_users[user_index].existing_groups | selectattr('name', 'equalto', remove_group) }}" loop_control: loop_var: user_group - label: "{{ user.username }} {{ user_group.name }}" + label: "{{ exist_users[user_index].username }} {{ user_group.name }}"