ansible-roles/library/roles/user_services_perms/tasks/sudoers-groups.yml

---
- block:
  - name: Add the additional service groups
    group: name={{ item }} state=present
    with_items: '{{ service_sudoers_group }}'

  when: users_system_users is defined
  tags: [ 'services', 'users' ]

- block:
  - name: Add selected users to the limited sudoers group
    user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes
    with_items: '{{ users_system_users | default([]) }}'
    when: item.limited_sudoers_user

  - name: Remove selected users to the limited sudoers group
    user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes
    with_items: '{{ users_system_users | default([]) }}'
    when: not item.limited_sudoers_user

  when:
    - users_system_users is defined
    - item.limited_sudoers_user is defined
  tags: [ 'services', 'users' ]

- block:
  - name: Add additional users to the limited sudoers group
    user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes
    with_items: '{{ users_system_users_adjunct }}'
    when: item.limited_sudoers_user

  - name: Remove additional users to the limited sudoers group
    user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes
    with_items: '{{ users_system_users_adjunct }}'
    when: not item.limited_sudoers_user

  when:
    - users_system_users_adjunct is defined
    - item.limited_sudoers_user is defined
  tags: [ 'services', 'users' ]
Role that configure users and sudo permissions. 2019-02-13 18:49:57 +01:00			`---`
			`- block:`
			`- name: Add the additional service groups`
			`group: name={{ item }} state=present`
Additional lists of users and data directories. See https://support.d4science.org/issues/2447 2019-04-09 15:56:36 +02:00			`with_items: '{{ service_sudoers_group }}'`
Fix a conditional. 2019-04-10 13:13:43 +02:00
			`when: users_system_users is defined`
			`tags: [ 'services', 'users' ]`

			`- block:`
Role that configure users and sudo permissions. 2019-02-13 18:49:57 +01:00			`- name: Add selected users to the limited sudoers group`
			`user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes`
			`with_items: '{{ users_system_users \| default([]) }}'`
			`when: item.limited_sudoers_user`

			`- name: Remove selected users to the limited sudoers group`
user_services_perms: remove more stuff, fix some tasks so that they do not overlap with the users role. 2019-02-14 15:18:05 +01:00			`user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes`
Role that configure users and sudo permissions. 2019-02-13 18:49:57 +01:00			`with_items: '{{ users_system_users \| default([]) }}'`
			`when: not item.limited_sudoers_user`

Fix a conditional. 2019-04-10 13:13:43 +02:00			`when:`
			`- users_system_users is defined`
			`- item.limited_sudoers_user is defined`
Additional lists of users and data directories. See https://support.d4science.org/issues/2447 2019-04-09 15:56:36 +02:00			`tags: [ 'services', 'users' ]`

			`- block:`
			`- name: Add additional users to the limited sudoers group`
			`user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes`
			`with_items: '{{ users_system_users_adjunct }}'`
			`when: item.limited_sudoers_user`

			`- name: Remove additional users to the limited sudoers group`
			`user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes`
			`with_items: '{{ users_system_users_adjunct }}'`
			`when: not item.limited_sudoers_user`

Fix a conditional. 2019-04-10 13:13:43 +02:00			`when:`
			`- users_system_users_adjunct is defined`
			`- item.limited_sudoers_user is defined`
Role that configure users and sudo permissions. 2019-02-13 18:49:57 +01:00			`tags: [ 'services', 'users' ]`