changing USER_INFO to user_info

4352fbca · John Jarvis · baded88e · 4352fbca · 4352fbca · 4352fbca
Commit 4352fbca authored Mar 10, 2014 by John Jarvis
8 changed files
--- a/playbooks/roles/analytics-server/meta/main.yml
+++ b/playbooks/roles/analytics-server/meta/main.yml
 ---
 dependencies:
  - role: user
-    USER_INFO:
+    user_info:
    - name: "{{ AS_AUTOMATOR_NAME }}"
      type: restricted
      sudo_cmds: "{{ AS_AUTOMATOR_SUDO_CMDS }}"

--- a/playbooks/roles/bastion/defaults/main.yml
+++ b/playbooks/roles/bastion/defaults/main.yml
@@ -16,7 +16,7 @@
 # to the databases from the bastion
 # box, it needs to be a subset of the
 # users created on the box which is
-# USER_INFO + BASTION_USER_INFO
+# COMMON_USER_INFO + BASTION_USER_INFO
 BASTION_REPLICA_USERS: []

--- a/playbooks/roles/bastion/meta/main.yml
+++ b/playbooks/roles/bastion/meta/main.yml
@@ -12,5 +12,5 @@
 #
 dependencies:
  - role: user
-    USER_INFO: "{{ BASTION_USER_INFO }}"
+    user_info: "{{ BASTION_USER_INFO }}"
  - aws
--- a/playbooks/roles/common/meta/main.yml
+++ b/playbooks/roles/common/meta/main.yml
 ---
 dependencies:
-  - user
+  - role: user
+    user_info: "{{ COMMON_USER_INFO }}"
--- a/playbooks/roles/edxapp/meta/main.yml
+++ b/playbooks/roles/edxapp/meta/main.yml
@@ -7,7 +7,7 @@ dependencies:
    rbenv_ruby_version: "{{ edxapp_ruby_version }}"
  - devpi
  - role: user
-    USER_INFO:
+    user_info:
      - name: "{{ EDXAPP_AUTOMATOR_NAME }}"
        sudo_cmds: "{{ EDXAPP_AUTOMATOR_SUDO_CMDS }}"
        type: restricted

--- a/playbooks/roles/user/defaults/main.yml
+++ b/playbooks/roles/user/defaults/main.yml
@@ -11,10 +11,6 @@
 # Vars for role user
 #
-# Role parameters
-# Override this list
-USER_INFO: []
 #
 # vars are namespace with the module name.
@@ -32,3 +28,11 @@ USER_CMD_PROMPT: ""
 # this var
 user_rbash_links:
  - /usr/bin/sudo
+# parameter for this role,
+# must be set when called and should NOT
+# be set in extra vars since it
+# will take precedence over the paramter
+user_info: []
--- a/playbooks/roles/user/tasks/main.yml
+++ b/playbooks/roles/user/tasks/main.yml
@@ -39,7 +39,7 @@
 #   #
 #
 #   - role: user
-#     USER_INFO:
+#     user_info:
 #       # This restricted user is defined in meta/
 #       # for edxapp, it creates a user that can only
 #       # run manage.py commands
@@ -69,7 +69,7 @@
 # which can be passed in as a paramter to the role.
 #
- debug: var=USER_INFO
+- debug: var=user_info
 - name: create the edxadmin group
  group: name=edxadmin state=present
@@ -85,20 +85,20 @@
  user:
    name={{ item.name }}
    shell=/bin/bash
-  with_items: USER_INFO
+  with_items: user_info
 - name: create .ssh directory
  file:
    path=/home/{{ item.name }}/.ssh state=directory mode=0750
    owner={{ item.name }}
-  with_items: USER_INFO
+  with_items: user_info
 - name: assign admin role to admin users
  user:
    name={{ item.name }}
    groups=edxadmin
  when: item.type is defined and item.type == 'admin'
-  with_items: USER_INFO
+  with_items: user_info
 # authorized_keys2 used here so that personal
 # keys can be copied to authorized_keys
@@ -112,7 +112,7 @@
    dest=/home/{{ item.name }}/.ssh/authorized_keys2 mode=0640
    owner={{ item.name }}
  when: item.github is defined
-  with_items: USER_INFO
+  with_items: user_info
 - name: copy additional authorized keys
  copy: >
@@ -121,7 +121,7 @@
    owner={{ item.name }}
    mode=0440
  when: item.authorized_keys is defined
-  with_items: USER_INFO
+  with_items: user_info
 - name: create bashrc file for normal users
  template: >
@@ -129,14 +129,14 @@
    dest=/home/{{ item.name }}/.bashrc mode=0640
    owner={{ item.name }}
  when: not (item.type is defined and item.type == 'restricted')
-  with_items: USER_INFO
+  with_items: user_info
 - name: create .profile for all users
  template: >
    src=default.profile.j2
    dest=/home/{{ item.name }}/.profile mode=0640
    owner={{ item.name }}
-  with_items: USER_INFO
+  with_items: user_info
 ########################################################
 # All tasks below this line are for restricted users
@@ -146,7 +146,7 @@
    name={{ item.name }}
    shell=/bin/rbash
  when: item.type is defined and item.type == 'restricted'
-  with_items: USER_INFO
+  with_items: user_info
 - name: create bashrc file for restricted users
  template: >
@@ -154,7 +154,7 @@
    dest=/home/{{ item.name }}/.bashrc mode=0640
    owner={{ item.name }}
  when: item.type is defined and item.type == 'restricted'
-  with_items: USER_INFO
+  with_items: user_info
 - name: create sudoers file from template
  template:
@@ -168,14 +168,14 @@
 - name: change home directory ownership to root for restricted users
  shell: "chown -R root:{{ item.name }} /home/{{ item.name }}"
  when: item.type is defined and item.type == 'restricted'
-  with_items: USER_INFO
+  with_items: user_info
 - name: create ~/bin directory
  file:
    path=/home/{{ item.name }}/bin state=directory mode=0750
    owner="root" group={{ item.name }}
  when: item.type is defined and item.type == 'restricted'
-  with_items: USER_INFO
+  with_items: user_info
 - name: create allowed command links
  file:
@@ -184,5 +184,5 @@
    state: link
  when: item[0].type is defined and item[0].type == 'restricted'
  with_nested:
-    - USER_INFO
+    - user_info
    - user_rbash_links
--- a/playbooks/roles/user/templates/restricted.sudoers.conf.j2
+++ b/playbooks/roles/user/templates/restricted.sudoers.conf.j2
-{% for user in USER_INFO -%}
+{% for user in user_info -%}
 {% if 'sudo_cmds' in user -%}
 {% for cmd in user['sudo_cmds'] -%}
 {{ user['name'] }} {{ cmd }}