sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(users): update cloud-init template and input validation for dict users

Browse Source
This commit is contained in:
MORAWSKI Norbert
2026-03-20 15:10:31 +01:00
parent 3e85a44d8e
commit 704ff21f0e
2 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/global_defaults/tasks/_validate_input.yml
View File

@@ -8,11 +8,11 @@
that:
- system is mapping
- system.network is not defined or system.network is mapping
- system.users is not defined or (system.users is iterable and system.users is not string and system.users is not mapping)
- system.users is not defined or system.users is mapping
- system.root is not defined or system.root is mapping
- system.luks is not defined or system.luks is mapping
- system.features is not defined or system.features is mapping
fail_msg: "system and its nested keys (network, root, luks, features) must be dictionaries; system.users must be a list."
fail_msg: "system and its nested keys (network, root, luks, features, users) must be dictionaries."
quiet: true
- name: Validate DNS lists (not strings)

18
roles/virtualization/templates/cloud-user-data.yml.j2
View File

@@ -4,18 +4,22 @@ ssh_pwauth: true
package_update: false
package_upgrade: false
users:
{% for user in system_cfg.users %}
- name: "{{ user.name }}"
primary_group: "{{ user.name }}"
{% for username, attrs in system_cfg.users.items() %}
- name: "{{ username }}"
primary_group: "{{ username }}"
groups: users
{% if user.sudo | default(false) | bool %}
{% if attrs.sudo | default(false) | bool %}
sudo: "ALL=(ALL) NOPASSWD:ALL"
{% endif %}
passwd: "{{ user.password | password_hash('sha512') }}"
{% if attrs.password | default('') | length > 0 %}
passwd: "{{ attrs.password | password_hash('sha512') }}"
lock_passwd: false
{% if 'keys' in user and user['keys'] is iterable and user['keys'] is not string and user['keys'] | length > 0 %}
{% else %}
lock_passwd: true
{% endif %}
{% if 'keys' in attrs and attrs['keys'] is iterable and attrs['keys'] is not string and attrs['keys'] | length > 0 %}
ssh_authorized_keys:
{% for key in user['keys'] %}
{% for key in attrs['keys'] %}
- "{{ key }}"
{% endfor %}
{% endif %}