From 1ee504378131e3c1ecab97054cd49b32459f16b7 Mon Sep 17 00:00:00 2001
From: xpk <xpk@headdesk.me>
Date: Fri, 3 May 2019 19:50:29 +0800
Subject: [PATCH] enh: role now takes a list of users in the userlist variable

---
 README.md      | 20 +++++++-------------
 genpw.py       | 14 --------------
 tasks/main.yml | 28 +++++++++++++++++-----------
 3 files changed, 24 insertions(+), 38 deletions(-)
 delete mode 100644 genpw.py

diff --git a/README.md b/README.md
index 24742b6..87604cf 100644
--- a/README.md
+++ b/README.md
@@ -4,16 +4,9 @@ Create user and optionally put user into sudoers. By default, user is added to s
 
 URL: https://xpk.headdesk.me/git/xpk/role.users
 
-## Required variables:
-```
-user:
-  name: john
-  group: clientadmin
-  sudoers: yes/no
-```
-
 ## Usage:
-Create a playbook like this
+Provide the userlist, group, and sudoers variables in a playbook, e.g:
+
 ```
 ---
 - name: create user user1
@@ -22,10 +15,11 @@ Create a playbook like this
   roles:
     - role: users
       vars:
-        user:
-          name: user1
-          group: staff
-          sudoers: yes
+        userlist:
+          - foo1
+          - foo2
+        group: staff
+        sudoers: yes
 ```
 
 ## Tested on
diff --git a/genpw.py b/genpw.py
deleted file mode 100644
index 68c0200..0000000
--- a/genpw.py
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env python3
-import string
-import crypt
-import threading
-from random import *
-characters = string.ascii_letters + "~@#%^*()-_+=23456789"
-
-def genOne():
-    password =  "".join(choice(characters) for x in range(randint(12, 16)));
-    salt = crypt.mksalt(method=crypt.METHOD_SHA512);
-    print (password, "|", crypt.crypt(password,salt=salt));
-
-for i in range(4):
-    threading.Thread(target=genOne, args=()).start()
diff --git a/tasks/main.yml b/tasks/main.yml
index 8746e26..e17042c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,25 +3,31 @@
     name: ssh_access
     state: present
 
-- set_fact:
-    plain_pass: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,hexdigitsi length=15') }}"
-
-- name: Create user {{ user.name }}
+- name: Create user
   user:
-    name: "{{ user.name }}"
+    name: "{{item}}"
     shell: /bin/bash
-    groups: "{{ user.group }},ssh_access"
-    password: "{{ plain_pass | password_hash('sha512') }}"
+    groups: "{{ group }},ssh_access"
+    password: "{{lookup('password', 'cred.' + item + '.pass chars=ascii_letters,digits,hexdigitsi length=15') | password_hash('sha512')}}"
+  with_items: "{{userlist}}"
 
 - name: Add user to sudoers
   lineinfile:
-    path: "/etc/sudoers.d/{{ user.name }}"
+    path: "/etc/sudoers.d/{{item}}"
     create: yes
-    line: "{{ user.name }} ALL=(ALL) NOPASSWD: ALL"
+    line: "{{ item }} ALL=(ALL) NOPASSWD: ALL"
     mode: 0440
-  when: user.sudoers 
+  when: sudoers
+  with_items: "{{userlist}}"
 
 - name: Display generated password
   debug:
-    msg: "Generated password for {{ user.name }}: {{ plain_pass }}"
+    msg: "Generated password for {{item}}: {{lookup('password', 'cred.' + item + '.pass chars=ascii_letters,digits,hexdigitsi length=15')}}"
+  with_items: "{{userlist}}"
+
+- name: Remove password files created by ansible
+  file:
+    path: cred.{{item}}.pass
+    state: absent
+  with_items: "{{userlist}}"