fix templates variables #6

Author: ElieDeloumeau

Diff for: molecule/default/converge.yml

@@ -7,6 +7,13 @@
     - role: claranet.users
       vars:
         users:
+          root:
+            groups:
+              - adm
+            profile:
+              - export LANG=POSIX
+              - export LC_ALL=en_US
+
           claranet1:
             home: /home/claranet1
             group: claranet1
@@ -26,6 +33,7 @@
                   -----BEGIN OPENSSH PRIVATE KEY-----
                   xxxprivate
                   -----END OPENSSH PRIVATE KEY-----
+
           claranet2:
             group: adm
             groups:

Diff for: molecule/default/tests/test_default.py

@@ -13,6 +13,29 @@ def test_vim_version(host):
     assert command.rc == 0
 
 
+def test_root_user(host):
+    user = host.user("root")
+    assert user.exists
+    assert user.shell == "/bin/bash"
+    assert user.home == f"/{user.name}"
+    assert user.group == "root"
+    assert "adm" in user.groups
+
+
+def test_root_profile_file(host):
+    user_name = "root"
+    file_name = f"/{user_name}/.profile"
+    file = host.file(file_name)
+    assert file.exists
+    assert file.is_file
+    assert file.user == "root"
+    assert file.group == "root"
+    assert file.mode == 0o644
+    assert file.contains("\nreadonly HISTFILE\n")
+    assert file.contains("\nexport SHELL=/bin/bash\n")
+    assert file.contains("\nexport LANG=POSIX\n")
+
+
 def test_claranet1_user(host):
     user = host.user("claranet1")
     assert user.exists

Diff for: tasks/configure_bash.yml

@@ -5,7 +5,7 @@
     owner: "{{ item.key }}"
     group: "{{ item.value.group | default(item.key) }}"
     mode: 0600
-  when: "'bashrc' in item.value"
+  when: (item.value.bashrc is defined and item.value.bashrc|length>0) or users_default_bashrc|length>0
 
 - name: "configure_bash | include hardening.yml"
   include_tasks: hardening.yml

Diff for: tasks/configure_ssh.yml

@@ -6,9 +6,9 @@
     group: "{{ item.value.group | default(item.key) }}"
     mode: 0700
     state: directory
-  when: ("'authorized_keys' in item.value") or
-        ("'ssh_config' in item.value") or
-        ("'ssh_keys' in item.value")
+  when: item.value.authorized_keys is defined or
+        item.value.ssh_config is defined or
+        item.value.ssh_keys is defined
 
 - name: "configure_ssh | ~{{ item.key }}/.ssh/authorized_keys"
   template:
@@ -17,7 +17,7 @@
     owner: "{{ item.key }}"
     group: "{{ item.value.group | default(item.key) }}"
     mode: 0600
-  when: "'authorized_keys' in item.value"
+  when: item.value.authorized_keys is defined
 
 - name: "configure_ssh | ~{{ item.key }}/.ssh/config"
   template:
@@ -26,7 +26,7 @@
     owner: "{{ item.key }}"
     group: "{{ item.value.group | default(item.key) }}"
     mode: 0600
-  when: "'ssh_config' in item.value"
+  when: item.value.ssh_config is defined
 
 - name: "configure_ssh | adding a public key to ssh folder for ~{{ item.key }}"
   copy:
@@ -35,12 +35,10 @@
     owner: "{{ item.key }}"
     group: "{{ item.value.group | default(item.key) }}"
     mode: 0600
-  loop: "{{ item.value.ssh_keys | dict2items }}"
+  loop: "{{ item.value.ssh_keys | default({}) | dict2items }}"
   loop_control:
     loop_var: ssh_keys
-  when:
-    - "'ssh_keys' in item.value"
-    - "'public' in ssh_keys.value"
+  when: ssh_keys.value.public is defined
 
 - name: "configure_ssh | adding a private key to ssh folder for ~{{ item.key }}"
   copy:
@@ -49,9 +47,7 @@
     owner: "{{ item.key }}"
     group: "{{ item.value.group | default(item.key) }}"
     mode: 0600
-  loop: "{{ item.value.ssh_keys | dict2items }}"
+  loop: "{{ item.value.ssh_keys | default({}) | dict2items }}"
   loop_control:
     loop_var: ssh_keys
-  when:
-    - "'ssh_keys' in item.value"
-    - "'private' in ssh_keys.value"
+  when: ssh_keys.value.private is defined

Diff for: tasks/configure_vim.yml

@@ -6,4 +6,4 @@
     owner: "{{ item.key }}"
     group: "{{ item.value.group | default(item.key) }}"
     mode: 0600
-  when: "'vimrc' in item.value"
+  when: (item.value.vimrc is defined and item.value.vimrc|length>0) or users_default_vimrc|length>0

Diff for: tasks/create_groups.yml

@@ -1,6 +1,6 @@
 ---
-- name: "create_groups | create group {{ item.value.group }}"
+- name: "create_groups | create group {{ item.value.group | default('') }}"
   group:
     name: "{{ item.value.group }}"
     gid: "{{ item.value.gid | default(omit) }}"
-  when: "'group' in item.value"
+  when: item.value.group is defined

Diff for: tasks/create_users.yml

@@ -10,7 +10,7 @@
     append: "{{ item.value.append | default(true if item.value.groups|default([])|length > 0 else omit) }}"
     shell: "{{ item.value.shell | default('/bin/bash') }}"
     createhome: "{{ item.value.createhome | default(true) }}"
-    home: "{{ item.value.home | default('/home/' + item.key) }}"
+    home: "{{ '/root' if item.key == 'root' else (item.value.home | default('/home/' + item.key)) }}"
     password: "{{ item.value.password | default('*') }}"
     uid: "{{ item.value.uid | default(omit) }}"
     group: "{{ item.value.group | default(omit) }}"

Diff for: tasks/hardening.yml

@@ -37,5 +37,5 @@
     group: "root"
     mode: 0644
   when:
-    - (item.value|selectattr("profile", "defined")|list|length > 0) or (users_default_profile|length > 0)
+    - (item.value.profile is defined and item.value.profile|length>0) or users_default_profile|length>0
     - _users_status == "set_profile"

Diff for: templates/users/authorized_keys.j2

@@ -2,6 +2,6 @@
 # {{ ansible_managed }}
 #
 
-{% for key in item.value.authorized_keys -%}
+{% for key in item.value.authorized_keys %}
 {{key}}
-{% endfor -%}
+{% endfor %}

Diff for: templates/users/bashrc.j2

@@ -2,12 +2,10 @@
 # {{ ansible_managed }}
 #
 
-{% for line in users_default_bashrc %}
+{% for line in users_default_bashrc|mandatory %}
 {{ line }}
 {% endfor %}
 
-{%- if "bashrc" in item.value.keys() %}
-{%- for line in item.value.bashrc %}
+{% for line in item.value.bashrc|default([]) %}
 {{ line }}
 {% endfor %}
-{%- endif %}

Diff for: templates/users/profile.j2

@@ -30,12 +30,10 @@ if [ -d "$HOME/.local/bin" ] ; then
 PATH="$HOME/.local/bin:$PATH"
 fi
 
-{%- for line in users_default_profile %}
+{% for line in users_default_profile|mandatory %}
 {{ line }}
-{%- endfor %}
+{% endfor %}
 
-{%- if "profile" in item.value.keys() %}
-{%- for line in item.value.profile %}
+{% for line in item.value.profile|default([]) %}
 {{ line }}
 {% endfor %}
-{%- endif %}

Diff for: templates/users/ssh_config.j2

@@ -2,9 +2,9 @@
 # {{ ansible_managed }}
 #
 
-{%- for (host_entry, cfg) in item.value.ssh_config.items() %}
+{% for (host_entry, cfg) in item.value.ssh_config.items() %}
 host {{host_entry}}
-  {%- for (k,v) in cfg.items() %}
+  {% for (k,v) in cfg.items() %}
   {{k}} {{v}}
-  {%- endfor %}
-{%- endfor %}
+  {% endfor %}
+{% endfor %}

Diff for: templates/users/vimrc.j2

@@ -2,12 +2,10 @@
 " {{ ansible_managed }}
 "
 
-{% for line in users_default_vimrc %}
+{% for line in users_default_vimrc|mandatory %}
 {{ line }}
 {% endfor %}
 
-{%- if "vimrc" in item.value.keys() %}
-{%- for line in item.value.vimrc %}
+{% for line in item.value.vimrc|default([]) %}
 {{ line }}
 {% endfor %}
-{%- endif %}