renaming user_info to USER_INFO

a4e0042f · John Jarvis · 7cecdd82 · a4e0042f · a4e0042f · a4e0042f
Commit a4e0042f authored Mar 06, 2014 by John Jarvis
11 changed files
--- a/playbooks/edx-east/create_all_user_types.yml
+++ b/playbooks/edx-east/create_all_user_types.yml
@@ -15,7 +15,7 @@
      when: user is not defined
    - name: give access with no sudo
      set_fact:
-        user_info:
+        USER_INFO:
          - name: "{{ user }}"
            github: true
          - name: test-admin-user

--- a/playbooks/edx-east/create_user.yml
+++ b/playbooks/edx-east/create_user.yml
@@ -12,13 +12,13 @@
      when: user is not defined
    - name: give access with no sudo
      set_fact:
-        user_info:
+        USER_INFO:
          - name: "{{ user }}"
            github: true
      when: give_sudo is not defined
    - name: give access with sudo
      set_fact:
-        user_info:
+        USER_INFO:
          - name: "{{ user }}"
            type: admin
            github: true

--- a/playbooks/edx-west/prod-jumpbox.yml
+++ b/playbooks/edx-west/prod-jumpbox.yml
@@ -9,7 +9,7 @@
    - common
    - supervisor
    - role: user
-      user_data:
+      USER_INFO:
        - name: sefk
          github: true
          type: admin

--- a/playbooks/roles/analytics-server/meta/main.yml
+++ b/playbooks/roles/analytics-server/meta/main.yml
 ---
 dependencies:
  - role: user
-    user_info:
+    USER_INFO:
    - name: "{{ AS_AUTOMATOR_NAME }}"
      type: restricted
      sudo_cmds: "{{ AS_AUTOMATOR_SUDO_CMDS }}"

--- a/playbooks/roles/bastion/defaults/main.yml
+++ b/playbooks/roles/bastion/defaults/main.yml
@@ -11,7 +11,18 @@
 #
 # Defaults for role bastion
 #
+
+# These users are given access
+# to the databases from the bastion
+# box, it needs to be a subset of the
+# users created on the box which is
+# USER_INFO + BASTION_USER_INFO
+
 BASTION_REPLICA_USERS: []
+
+# These users are created on the bastion
+# server.
+BASTION_USER_INFO: []
 #
 # vars are namespace with the module name.
 #

--- a/playbooks/roles/bastion/meta/main.yml
+++ b/playbooks/roles/bastion/meta/main.yml
@@ -12,5 +12,5 @@
 #
 dependencies:
  - role: user
-    user_info: "{{ bastion_user_info }}"
+    USER_INFO: "{{ BASTION_USER_INFO }}"
  - aws
--- a/playbooks/roles/edxapp/meta/main.yml
+++ b/playbooks/roles/edxapp/meta/main.yml
@@ -7,7 +7,7 @@ dependencies:
    rbenv_ruby_version: "{{ edxapp_ruby_version }}"
  - devpi
  - role: user
-    user_info:
+    USER_INFO:
      - name: "{{ EDXAPP_AUTOMATOR_NAME }}"
        sudo_cmds: "{{ EDXAPP_AUTOMATOR_SUDO_CMDS }}"
        type: restricted

--- a/playbooks/roles/user/defaults/main.yml
+++ b/playbooks/roles/user/defaults/main.yml
@@ -11,15 +11,16 @@
 # Vars for role user
 #

+# Role parameters
+# Override this list
+USER_INFO: []
+
+
 #
 # vars are namespace with the module name.
 #
 user_role_name: user

-# Role parameters
-# Override this list
-user_info: []
-
 # override this var to add a prefix to the prompt
 # also need to set commont_update_bashrc for to
 # update the system bashrc default

--- a/playbooks/roles/user/tasks/main.yml
+++ b/playbooks/roles/user/tasks/main.yml
@@ -39,7 +39,7 @@
 #   #
 #
 #   - role: user
-#     user_info:
+#     USER_INFO:
 #       # This restricted user is defined in meta/
 #       # for edxapp, it creates a user that can only
 #       # run manage.py commands
@@ -69,7 +69,7 @@
 # which can be passed in as a paramter to the role.
 #

- debug: var=user_info
+- debug: var=USER_INFO

 - name: create the edxadmin group
  group: name=edxadmin state=present
@@ -85,20 +85,20 @@
  user:
    name={{ item.name }}
    shell=/bin/bash
-  with_items: user_info
+  with_items: USER_INFO

 - name: create .ssh directory
  file:
    path=/home/{{ item.name }}/.ssh state=directory mode=0750
    owner={{ item.name }}
-  with_items: user_info
+  with_items: USER_INFO

 - name: assign admin role to admin users
  user:
    name={{ item.name }}
    groups=edxadmin
  when: item.type is defined and item.type == 'admin'
-  with_items: user_info
+  with_items: USER_INFO

 # authorized_keys2 used here so that personal
 # keys can be copied to authorized_keys
@@ -108,7 +108,7 @@
    dest=/home/{{ item.name }}/.ssh/authorized_keys2 mode=0640
    owner={{ item.name }}
  when: item.github is defined
-  with_items: user_info
+  with_items: USER_INFO

 - name: copy additional authorized keys
  copy: >
@@ -117,7 +117,7 @@
    owner={{ item.name }}
    mode=0440
  when: item.authorized_keys is defined
-  with_items: user_info
+  with_items: USER_INFO

 - name: create bashrc file for normal users
  template: >
@@ -125,14 +125,14 @@
    dest=/home/{{ item.name }}/.bashrc mode=0640
    owner={{ item.name }}
  when: not (item.type is defined and item.type == 'restricted')
-  with_items: user_info
+  with_items: USER_INFO

 - name: create .profile for all users
  template: >
    src=default.profile.j2
    dest=/home/{{ item.name }}/.profile mode=0640
    owner={{ item.name }}
-  with_items: user_info
+  with_items: USER_INFO

 ########################################################
 # All tasks below this line are for restricted users
@@ -142,7 +142,7 @@
    name={{ item.name }}
    shell=/bin/rbash
  when: item.type is defined and item.type == 'restricted'
-  with_items: user_info
+  with_items: USER_INFO

 - name: create bashrc file for restricted users
  template: >
@@ -150,7 +150,7 @@
    dest=/home/{{ item.name }}/.bashrc mode=0640
    owner={{ item.name }}
  when: item.type is defined and item.type == 'restricted'
-  with_items: user_info
+  with_items: USER_INFO

 - name: create sudoers file from template
  template:
@@ -164,14 +164,14 @@
 - name: change home directory ownership to root for restricted users
  shell: "chown -R root:{{ item.name }} /home/{{ item.name }}"
  when: item.type is defined and item.type == 'restricted'
-  with_items: user_info
+  with_items: USER_INFO

 - name: create ~/bin directory
  file:
    path=/home/{{ item.name }}/bin state=directory mode=0750
    owner="root" group={{ item.name }}
  when: item.type is defined and item.type == 'restricted'
-  with_items: user_info
+  with_items: USER_INFO

 - name: create allowed command links
  file:
@@ -180,5 +180,5 @@
    state: link
  when: item[0].type is defined and item[0].type == 'restricted'
  with_nested:
-    - user_info
+    - USER_INFO
    - user_rbash_links
--- a/playbooks/roles/user/templates/restricted.sudoers.conf.j2
+++ b/playbooks/roles/user/templates/restricted.sudoers.conf.j2
-{% for user in user_info -%}
+{% for user in USER_INFO -%}
 {% if 'sudo_cmds' in user -%}
 {% for cmd in user['sudo_cmds'] -%}
 {{ user['name'] }} {{ cmd }}

--- a/util/jenkins/ansible-provision.sh
+++ b/util/jenkins/ansible-provision.sh
@@ -172,7 +172,7 @@ instance_tags:
    owner: $BUILD_USER
 root_ebs_size: $root_ebs_size
 name_tag: $name_tag
-user_info:
+USER_INFO:
  - name: ${github_username}
    github: true
    type: admin