Merge pull request #42 from singleplatform-eng/allow_individual_primary_group_overrides

Colin Hoglund · web-flow · commit 58fdd6967279 · 2017-03-24T14:50:40.000-04:00
Allow individual primary group overrides
diff --git a/.travis.yml b/.travis.yml
@@ -27,18 +27,21 @@ script:
   # its a big thing to bring in on a small pull.
   - id ansibletestuser  | grep --silent "uid=2222(ansibletestuser) gid=2222(ansibletestuser) groups=2222(ansibletestuser),2(bin),100(users)"
   - id ansibletestuser2 | grep --silent "uid=2223(ansibletestuser2) gid=2223(ansibletestuser2) groups=2223(ansibletestuser2),2(bin),100(users)"
-  - id ansibletestuser3 | grep --silent "uid=2224(ansibletestuser3) gid=4000(ansibletestgroup) groups=4000(ansibletestgroup),2(bin),100(users)"
+  - id ansibletestuser3 | grep --silent "uid=2224(ansibletestuser3) gid=4001(ansibletestgroup1) groups=4001(ansibletestgroup1),2(bin),100(users)"
   - id ansibletestuser4 | grep --silent "uid=2225(ansibletestuser4) gid=100(users) groups=100(users),2(bin)"
+  - id ansibletestuser5 | grep --silent "uid=2226(ansibletestuser5) gid=4000(ansibletestgroup) groups=4000(ansibletestgroup),2(bin),100(users)"
   - grep --silent "^ansibletestgroup:"  /etc/group
   - grep --silent "^ansibletestgroup1:" /etc/group
   - ls -lgd /home/ansibletestuser  | awk '{exit $3!="ansibletestuser"}'
   - ls -lgd /home/otherdirectory   | awk '{exit $3!="ansibletestuser2"}'
-  - ls -lgd /home/ansibletestuser3 | awk '{exit $3!="ansibletestgroup"}'
+  - ls -lgd /home/ansibletestuser3 | awk '{exit $3!="ansibletestgroup1"}'
   - ls -lgd /home/otherdirectory1  | awk '{exit $3!="users"}'
-  - ls -lg /home/ansibletestuser/.profile  | awk '{exit $3!="ansibletestuser"}'
-  - ls -lg /home/otherdirectory/.profile   | awk '{exit $3!="ansibletestuser2"}'
-  - ls -lg /home/ansibletestuser3/.profile | awk '{exit $3!="ansibletestgroup"}'
-  - ls -lg /home/otherdirectory1/.profile  | awk '{exit $3!="users"}'
+  - ls -lgd /home/ansibletestuser5 | awk '{exit $3!="ansibletestgroup"}'
+  - ls -lg /home/ansibletestuser/.profile   | awk '{exit $3!="ansibletestuser"}'
+  - ls -lg /home/otherdirectory/.profile    | awk '{exit $3!="ansibletestuser2"}'
+  - ls -lg /home/ansibletestuser3/.profile  | awk '{exit $3!="ansibletestgroup1"}'
+  - ls -lg /home/otherdirectory1/.profile   | awk '{exit $3!="users"}'
+  - ls -lgd /home/ansibletestuser5/.profile | awk '{exit $3!="ansibletestgroup"}'
 
 notifications:
   webhooks: https://galaxy.ansible.com/api/v1/notifications/
diff --git a/README.md b/README.md
@@ -33,6 +33,7 @@ The following attributes are required for each user:
   uid will be used
 * password - If a hash is provided then that will be used, but otherwise the
   account will be locked
+* group - optional primary group override
 * groups - a list of supplementary groups for the user.
 * profile - a string block for setting custom shell profiles
 * ssh-key - This should be a list of ssh keys for the user. Each ssh key
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -8,13 +8,13 @@
   group: name="{{item.username}}"
          gid="{{item.gid if item.gid is defined else item.uid}}"
   with_items: "{{users}}"
-  when: users_create_per_user_group
+  when: "'group' not in item and users_create_per_user_group"
   tags: ['users','configuration']
 
 - name: User creation
   user:
     name: "{{item.username}}"
-    group: "{{item.username if users_create_per_user_group else users_group}}"
+    group: "{{item.group | default(item.username if users_create_per_user_group else users_group)}}"
     # empty string removes user from all secondary groups
     groups: "{{item.groups | join(',') if 'groups' in item else ''}}"
     shell: "{{item.shell if item.shell is defined else users_default_shell}}"
@@ -41,7 +41,7 @@
     block: "{{item.profile}}"
     dest: "{{ item.home | default('/home/' + item.username) }}/.profile"
     owner: "{{item.username}}"
-    group: "{{item.username if users_create_per_user_group else users_group}}"
+    group: "{{item.group | default(item.username if users_create_per_user_group else users_group)}}"
     mode: 0644
     create: true
   when: users_create_homedirs and item.profile is defined
diff --git a/tests/test.yml b/tests/test.yml
@@ -84,3 +84,22 @@
 
   roles:
     - ansible-users
+
+- hosts: localhost
+  remote_user: root
+  vars:
+    users:
+      - name: Ansible Test User5
+        username: ansibletestuser5
+        uid: 2226
+        group: ansibletestgroup
+        groups: [users, bin]
+        shell: /bin/sh
+        profile: |
+          alias ll='ls -lah'
+          alias cp='cp -iv'
+        ssh_key:
+          - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVpUJQCOaPg3p5xro9e+1fkGRWNOGrrExiKMqTE91Fwu349bxfMnMzRS0PAERouR9EEL+Ee4Yzhav/uNc35eCtXzACtluXnAncMrQj6pM3IqASynhvXTygHljmcMbBSDQtLrTZeW+YzIcOgk5UM1yBi26WoUYva2aCr9IRvKdYreAK08OiMdZedpOye0ZdvIYJGcyITwc6YMmrAhP7jZlrk/mDEkf2a4eBp+475o7MJtaC9npqYkToM8vqvx5AGEKqXt7/f1/paOY7KsR+VGPQy6k2RkXjWBsXPesZ3d3XLZHE60wAk0EsuJO8A25+uWSB6ILQeRSYYmGea/WIf6kd noone@throwaway.example.com"
+
+  roles:
+    - ansible-users
