From 6b03ad75ec113658ce01eed4bfca1ae4cceae6f4 Mon Sep 17 00:00:00 2001
From: Linus Kirkwood <linuskirkwood@gmail.com>
Date: Tue, 17 Sep 2024 13:16:16 +1000
Subject: [PATCH] feat: Now remove account passwords on creation

---
 src/plays.rs | 61 ++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 42 insertions(+), 19 deletions(-)

diff --git a/src/plays.rs b/src/plays.rs
index 667bb69..4d1e5c2 100644
--- a/src/plays.rs
+++ b/src/plays.rs
@@ -40,24 +40,47 @@ impl AnsiblePlay {
             hosts: user.access.to_owned(),
             gather_facts: false,
             r#become: true,
-            tasks: vec![AnsibleTask {
-                name: "Create account.",
-                module: AnsibleModule::users(if Role::SuperUser == user.role {
-                    HashMap::from([
-                        ("name", user.name.to_owned()),
-                        ("groups", user.role.group().to_string()),
-                        ("non_unique", "true".to_string()),
-                        ("uid", "0".to_string()),
-                    ])
-                } else {
-                    HashMap::from([
-                        ("name", user.name.to_owned()),
-                        ("groups", user.role.group().to_string()),
-                        ("password", "*".to_string()),
-                    ])
-                }),
-                params: HashMap::new(),
-            }],
+            tasks: match user.role {
+                Role::SuperUser => vec![
+                    AnsibleTask {
+                        name: "Create root alias.",
+                        module: AnsibleModule::users(HashMap::from([
+                            ("name", user.name.to_owned()),
+                            ("groups", user.role.group().to_string()),
+                            ("non_unique", "true".to_string()),
+                            ("uid", "0".to_string()),
+                        ])),
+                        params: HashMap::new(),
+                    },
+                    AnsibleTask {
+                        name: "Remove root alias password.",
+                        module: AnsibleModule::users(HashMap::from([
+                            ("name", user.name.to_owned()),
+                            ("password", "*".to_string()),
+                        ])),
+                        params: HashMap::new(),
+                    },
+                ],
+                Role::Sudoer => vec![
+                    AnsibleTask {
+                        name: "Create sudoer account.",
+                        module: AnsibleModule::users(HashMap::from([
+                            ("name", user.name.to_owned()),
+                            ("groups", user.role.group().to_string()),
+                        ])),
+                        params: HashMap::new(),
+                    },
+                    AnsibleTask {
+                        name: "Remove sudoer account password.",
+                        module: AnsibleModule::users(HashMap::from([
+                            ("name", user.name.to_owned()),
+                            ("password", "*".to_string()),
+                        ])),
+                        params: HashMap::new(),
+                    },
+                ],
+                Role::Blocked => vec![],
+            },
         }
     }
 
@@ -77,7 +100,7 @@ impl AnsiblePlay {
                     ("exclusive", "true".to_string()),
                     (
                         "state",
-                        if let Role::Blocked = user.role {
+                        if user.role == Role::Blocked {
                             "absent".to_string()
                         } else {
                             "present".to_string()