---
# This playbook is meant to be used with callable variables, like adhoc or AWX.
# What: Creates users in the idm infrastructure based on the variables provided.

- name: Create a User
  hosts: "{{ host|default('ipaserver') }}"
  become: false
  gather_facts: false
  collections:
    - freeipa.ansible_freeipa

  tasks:
    - name: "Checking for user variables"
      ansible.builtin.assert:
        that:
          - ipaadmin_principal | mandatory
          - ipaadmin_password | mandatory
          - ipa_name | mandatory
          - ipa_first | mandatory
          - ipa_last | mandatory
          - ipa_email | mandatory
          - ipa_password | mandatory
          - ipa_title | mandatory
        success_msg: "Required variables provided"
        fail_msg: "We are missing user information or ipa admin password"

    - name: "Creating User Account"
      freeipa.ansible_freeipa.ipauser:
        ipaadmin_principal: "{{ ipaadmin_principal }}"
        ipaadmin_password: "{{ ipaadmin_password }}"
        name: "{{ ipa_name }}"
        first: "{{ ipa_first }}"
        last: "{{ ipa_last }}"
        email: "{{ ipa_email }}"
        password: "{{ ipa_password }}"
        title: "{{ ipa_title }}"
        loginshell: "{{ ipa_loginshell|default('/sbin/nologin', True) }}"
        update_password: on_create
      tags:
        - users
...