I've got a bunch of user groups to create, each users information is a dict.
Since each group maps to a team, I want to control access on a per-team
level.
so the natural 'shape' for this data is eg.
users:
dbas:
- user: bobby_tables
gecos: Bob Tables
- user: joinmaster
gecos: Dave The Joiner
devs:
- user: googler
gecos: Fred Google
- user: overflower
gecos: Stack OverFlow Searcher
and so on (this list is about 80+ users at least)
Ideally I want a list of groups as a var (either set per group or per inventory)
that a role can use to create accounts, setup pubkeys and sudoers, etc.
let's say a var like
ssh_groups:
- users.dbas
- users.devs
In which case I want to be able to loop over the ssh_groups list with
with_items,
and then loop _again_ with the sublist with with_dict to create the users.
Is there a construct in Ansible to do this? I can't find one.
I can only do what I want with this sort of structure:
users:
- user: bobby_tables
gecos: Bob Tables
group: dbas
- user: joinmaster
gecos: Dave The Joiner
group: dbas
- user: googler
gecos: Fred Google
group: devs
- user: overflower
gecos: Stack OverFlow Searcher
group: devs
and have every task in the role check each user with a clause like
when: item.group in ssh_groups
I mean it works, but there's a good chance we'll see typos etc.
Is there any way to do what I want with the original users: layout?