77 lines
2.5 KiB
YAML
77 lines
2.5 KiB
YAML
---
|
|
# This playbook is meant to be used with callable variables, like adhoc or AWX.
|
|
# What: Disables users in the idm infrastructure based on the variables provided.
|
|
# This is primarily used in the event a user wishes to have their personal
|
|
# information removed from the project. However, signing of the agreements
|
|
# in Account Services cannot be removed and should still be available
|
|
# for the RESF to query.
|
|
|
|
- name: Disable a User - PDR
|
|
hosts: "{{ host|default('ipaserver') }}"
|
|
become: false
|
|
gather_facts: false
|
|
vars:
|
|
cleanup_attributes:
|
|
fasGPGKeyId: []
|
|
fasGitHubUsername: []
|
|
fasGitLabUsername: []
|
|
fasIRCNick: []
|
|
fasRHBZEmail: []
|
|
fasWebsiteURL: []
|
|
fasgpgkeyid: []
|
|
fasLocale: []
|
|
fasTimezone: []
|
|
homePhone: []
|
|
homePostalAddress: []
|
|
postalAddress: []
|
|
postalCode: []
|
|
postOfficeBox: []
|
|
st: []
|
|
street: []
|
|
ipaSshPubKey: []
|
|
telephoneNumber: []
|
|
collections:
|
|
- freeipa.ansible_freeipa
|
|
|
|
tasks:
|
|
- name: "Checking for user variables"
|
|
ansible.builtin.assert:
|
|
that:
|
|
- ipaadmin_principal | mandatory
|
|
- ipaadmin_password | mandatory
|
|
- ipa_name | mandatory
|
|
- ticket_id | mandatory
|
|
success_msg: "Required variables provided"
|
|
fail_msg: "We are missing user information or ipa admin password"
|
|
|
|
- name: "Disabling User Account"
|
|
freeipa.ansible_freeipa.ipauser:
|
|
ipaadmin_principal: "{{ ipaadmin_principal }}"
|
|
ipaadmin_password: "{{ ipaadmin_password }}"
|
|
name: "{{ ipa_name }}"
|
|
state: disabled
|
|
tags:
|
|
- users
|
|
|
|
- name: "Remove personal information attributes"
|
|
community.general.ldap_attrs:
|
|
dn: "uid={{ ipa_name }},cn=users,cn=accounts,dc=rockylinux,dc=org"
|
|
attributes: "{{ cleanup_attributes }}"
|
|
state: exact
|
|
server_uri: ldap://localhost/
|
|
bind_dn: "uid={{ ipaadmin_principal }},cn=users,cn=accounts,dc=rockylinux,dc=org"
|
|
bind_pw: "{{ ipaadmin_password }}"
|
|
|
|
- name: "Set FAS Status Note and set isprivate"
|
|
community.general.ldap_attrs:
|
|
dn: "uid={{ ipa_name }},cn=users,cn=accounts,dc=rockylinux,dc=org"
|
|
attributes: "{{ item }}"
|
|
state: exact
|
|
server_uri: ldap://localhost/
|
|
bind_dn: "uid={{ ipaadmin_principal }},cn=users,cn=accounts,dc=rockylinux,dc=org"
|
|
bind_pw: "{{ ipaadmin_password }}"
|
|
loop:
|
|
- fasStatusNote: "Account Disabled: {{ ticket_id }}"
|
|
- fasisprivate: true
|
|
...
|