ansible-roles/d4s_user_services_perms/tasks/users-data-dirs.yml

---
- name: Create a common group
  group: name={{ d4science_common_group }} state=present
  tags: [ 'd4s', 'users', 'd4s_u_acl' ]

- name: Add the gcube users to the common group
  user: name={{ item.name }} append=yes groups={{ d4science_common_group }}
  with_items: '{{ ssh_users_list }}'
  tags: [ 'd4s', 'users', 'd4s_u_acl' ]

- name: Create the users d4s data dirs
  file: name={{ item.name }} state=directory owner={{ item.owner }} group={{ item.group }} mode={{ item.perms }}
  with_items: '{{ d4s_users_data_directories | default([]) }}'
  when: item.create and not item.file
  tags: [ 'd4s', 'users', 'd4s_u_acl' ]

- name: Set the read/write/access permissions on the users d4s data dirs
  acl: name={{ item.name }} entity={{ d4science_common_group }} etype=group permissions={{ item.aclperms | default ('rwx') }} state=present
  with_items: '{{ d4s_users_data_directories | default([])  }}'
  when: not item.file
  tags: [ 'd4s', 'users', 'd4s_u_acl' ]

- name: Set the default read/write/access permissions on the users d4s data dirs
  acl: name={{ item.name }} entity={{ d4science_common_group }} etype=group permissions={{ item.aclperms | default ('rwx') }} state=present default=yes
  with_items: '{{ d4s_users_data_directories | default([])  }}'
  when: not item.file
  tags: [ 'd4s', 'users', 'd4s_u_acl' ]

- name: Set the read/write permissions on pre-existing files inside the users d4s data dirs
  acl: name={{ item.name }} entity={{ d4s_group }} etype=group permissions={{ item.aclperms | default ('rw') }} state=present
  with_items: '{{ d4s_users_data_directories | default([])  }}'
  when: item.file
  tags: [ 'd4s', 'users', 'd4s_u_acl' ]
library/roles/d4s_user_services_perms: Add new tasks to manage ACLS, when multiple users need to read/write the same directories and files. See https://support.d4science.org/issues/6761#note-25 2017-04-20 20:33:53 +02:00			`---`
			`- name: Create a common group`
			`group: name={{ d4science_common_group }} state=present`
			`tags: [ 'd4s', 'users', 'd4s_u_acl' ]`

			`- name: Add the gcube users to the common group`
			`user: name={{ item.name }} append=yes groups={{ d4science_common_group }}`
			`with_items: '{{ ssh_users_list }}'`
			`tags: [ 'd4s', 'users', 'd4s_u_acl' ]`

			`- name: Create the users d4s data dirs`
			`file: name={{ item.name }} state=directory owner={{ item.owner }} group={{ item.group }} mode={{ item.perms }}`
			`with_items: '{{ d4s_users_data_directories \| default([]) }}'`
			`when: item.create and not item.file`
			`tags: [ 'd4s', 'users', 'd4s_u_acl' ]`

			`- name: Set the read/write/access permissions on the users d4s data dirs`
			`acl: name={{ item.name }} entity={{ d4science_common_group }} etype=group permissions={{ item.aclperms \| default ('rwx') }} state=present`
			`with_items: '{{ d4s_users_data_directories \| default([]) }}'`
			`when: not item.file`
			`tags: [ 'd4s', 'users', 'd4s_u_acl' ]`

			`- name: Set the default read/write/access permissions on the users d4s data dirs`
			`acl: name={{ item.name }} entity={{ d4science_common_group }} etype=group permissions={{ item.aclperms \| default ('rwx') }} state=present default=yes`
			`with_items: '{{ d4s_users_data_directories \| default([]) }}'`
			`when: not item.file`
			`tags: [ 'd4s', 'users', 'd4s_u_acl' ]`

			`- name: Set the read/write permissions on pre-existing files inside the users d4s data dirs`
			`acl: name={{ item.name }} entity={{ d4s_group }} etype=group permissions={{ item.aclperms \| default ('rw') }} state=present`
			`with_items: '{{ d4s_users_data_directories \| default([]) }}'`
			`when: item.file`
			`tags: [ 'd4s', 'users', 'd4s_u_acl' ]`