From 9f5bab1863892e9c6b8d06d0e49d3650cc52d9fc Mon Sep 17 00:00:00 2001
From: Paul Belanger <pabelanger@redhat.com>
Date: Sat, 16 Mar 2019 17:56:12 -0400
Subject: [PATCH] Refactor windmill_users logic

We now have windmill_users, which is all the users in the system. And
windmill_root_users indicate which users should be considered root.

Change-Id: I2f2240a9fef36372f5aa0642bcc7a1b5403bf60b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
---
 .../bootstrap/roles/users/defaults/main.yaml  |  1 +
 .../bootstrap/roles/users/tasks/main.yaml     | 20 +++++++++----------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/playbooks/bootstrap/roles/users/defaults/main.yaml b/playbooks/bootstrap/roles/users/defaults/main.yaml
index 8c2b09c..7463726 100644
--- a/playbooks/bootstrap/roles/users/defaults/main.yaml
+++ b/playbooks/bootstrap/roles/users/defaults/main.yaml
@@ -12,4 +12,5 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 ---
+windmill_root_users: []
 windmill_users: {}
diff --git a/playbooks/bootstrap/roles/users/tasks/main.yaml b/playbooks/bootstrap/roles/users/tasks/main.yaml
index b918c14..aaa5570 100644
--- a/playbooks/bootstrap/roles/users/tasks/main.yaml
+++ b/playbooks/bootstrap/roles/users/tasks/main.yaml
@@ -15,29 +15,29 @@
 - name: Create windmill_users group
   become: true
   group:
-    name: "{{ item.name }}"
-    gid: "{{ item.gid }}"
+    name: "{{ item }}"
+    gid: "{{ windmill_users[item].gid }}"
     state: present
-  with_items: "{{ windmill_users }}"
+  with_items: "{{ windmill_root_users }}"
 
 - name: Create windmill_users user
   become: true
   user:
-    name: "{{ item.name }}"
-    group: "{{ item.gid }}"
+    name: "{{ item }}"
+    group: "{{ windmill_users[item].gid }}"
     groups: sudo
     shell: /bin/bash
-    uid: "{{ item.uid }}"
-  with_items: "{{ windmill_users }}"
+    uid: "{{ windmill_users[item].uid }}"
+  with_items: "{{ windmill_root_users }}"
 
 - name: Add SSH public key
   become: true
   authorized_key:
     exclusive: true
-    key: "{{ item.key }}"
+    key: "{{ windmill_users[item].key }}"
     state: present
-    user: "{{ item.name }}"
-  with_items: "{{ windmill_users }}"
+    user: "{{ item }}"
+  with_items: "{{ windmill_root_users }}"
 
 - name: Disable password for sudo users
   become: true