users: remove users which don't have access any more

Remove the users which are in users_database, but not in the individual users for the host/group.

users: remove users which don't have access any more
9a2fedee · Nico · 790f2eed · 9a2fedee · 9a2fedee
Commit 9a2fedee authored Feb 1, 2022 by Nico
--- a/roles/users/tasks/main.yml
+++ b/roles/users/tasks/main.yml
@@ -5,6 +5,12 @@
  loop_control:
    loop_var: user
+- name: Removing users without access
+  include: user_remove.yml
+  loop: '{{ user_database | dict2items }}'
+  loop_control:
+    loop_var: user
 - name: Deploying public key for users with root access
  include: root_pubkey.yml
  vars:

--- a/roles/users/tasks/user_remove.yml
+++ b/roles/users/tasks/user_remove.yml
+---
+- name: "Remove user {{ user.key }}"
+  user:
+    name: "{{ user.key }}"
+    uid: "{{ user_database[user.key].uid }}"
+    state: absent
+  when: 'user.key not in users'
+- name: "Remove root ssh keys for {{ user.key }}"
+  authorized_key:
+    user: "root"
+    state: absent
+    key: '{{ pubkey }}'
+  when: 'user.key not in users'
+  loop: '{{ user.value.pubkeys }}'
+  loop_control:
+    loop_var: pubkey