Add support no-restart flag for clickhouse_user_files

Documentation/Advanced_Configuration.md

@@ -180,6 +180,37 @@ $ { echo 00-ansible-role-config; echo 99-override-config; echo 9-override-config
 
 </details>
 
+##### User configuration files
+
+You can specify additional user configuration files using the `clickhouse_user_files` variable.
+
+```yaml
+clickhouse_user_files:
+  - file: group_templates/clickhouse/clickhouse-server/users.d/additional_user.yml
+    no_log: true
+    no_restart: true
+```
+There are the following attributes supported:
+- `no_restart` - changes of this configuration file will not restart the clickhouse-server (i.e. due to it is known that it is applied on fly)
+- `no_log` - do not show diff (ansible option), see [Sensitive data in server configuration directives overrides](#sensitive-data-in-server-configuration-directives-overrides) section for more details
+
+<details>
+
+<summary>templates/group_templates/clickhouse/clickhouse-server/users.d/additional_user.yml.j2</summary>
+
+```yaml
+# templates/group_templates/clickhouse/clickhouse-server/users.d/additional_user.yml.j2
+users:
+  additional_user:
+    password: user_password
+    profile: default
+    quota: default
+    networks:
+      ip: "::/0"
+```
+
+</details>
+
 ##### Sensitive data in server configuration directives overrides
 
 In case server or users configuration templates contains sensitive data, e. g. plain passwords,

defaults/main.yml

@@ -54,6 +54,8 @@ clickhouse_quotas:
 
 # List for additional user-configuration file to override or extend
 # variable based configuration
+# - no_log -- do not log the diff (ansible)
+# - no_restart -- assume that clickhouse-server restart is not required
 clickhouse_user_files: []
 
 #

example/clickhouse.yml

@@ -58,5 +58,9 @@
     clickhouse_online_configuration_files:
       - group_templates/clickhouse/clickhouse-server/config.d/remote_servers.yml
       - group_templates/clickhouse/clickhouse-server/config.d/zookeeper.yml
+    clickhouse_user_files:
+      - file: group_templates/clickhouse/clickhouse-server/users.d/additional_users.yml
+        no_log: true
+        no_restart: true
   roles:
     - clickhouse

example/templates/group_templates/clickhouse/clickhouse-server/users.d/additional_user.yml.j2

@@ -0,0 +1,8 @@
+---
+users:
+  additional_user:
+    password: testpass
+    profile: default
+    quota: default
+    networks:
+      ip: "::/0"

molecule/default/inventory/group_vars/all.yml

@@ -42,6 +42,10 @@ clickhouse_user_files:
   - users.d/01-first_test_user.yml
   - file: users.d/02-second_test_user.yml
     no_log: true
+  - file: users.d/03-third_test_user.yml
+    # TODO: properly test that attributes are supported
+    no_log: false
+    no_restart: true
 
 clickhouse_configuration_files:
   - config.d/01-merge_tree.yml

molecule/default/templates/users.d/03-third_test_user.yml.j2

@@ -0,0 +1,6 @@
+---
+users:
+  third_test_user:
+    password: testpass
+    networks:
+      ip: "::/0"

molecule/default/verify.yml

@@ -9,7 +9,7 @@
 
       # All configured users created
       - query: select count() from system.users
-        result: 4
+        result: 5
 
       # Profile applied to user
       - query: >

tasks/pre_configure.yml

@@ -163,10 +163,9 @@
       set_fact:
         _user_configs: "{{
           _user_configs | default([]) + ((item is mapping) | ternary(
-            [{'file': item.file, 'no_log': item.no_log | default(False)}],
-            [{'file': item, 'no_log': False}]
-          ))
-        }}"  # noqa: jinja[spacing]
+            [{'file': item.file, 'no_log': item.no_log | default(False), 'no_restart': item.no_restart | default(False)}],
+            [{'file': item, 'no_log': False, 'no_restart': False}]
+          )) }}"  # noqa: jinja[spacing]
       loop: "{{ common_user_configs + clickhouse_user_files | default([]) }}"
     - name: Deploy clickhouse-server users overrides (requires restart)
       template:
@@ -177,7 +176,16 @@
         mode: "u=r,go="
       notify: restart-clickhouse
       no_log: "{{ item.no_log }}"
-      loop: "{{ _user_configs }}"
+      loop: "{{ _user_configs | selectattr('no_restart', 'eq', False) }}"
+    - name: Deploy clickhouse-server users overrides (without restart)
+      template:
+        src: "{{ (item is mapping) | ternary(item.file, item) }}.j2"
+        dest: "/etc/clickhouse-server/users.d/{{ (item is mapping) | ternary(item.file, item) | basename }}"
+        owner: clickhouse
+        group: clickhouse
+        mode: "u=r,go="
+      no_log: "{{ item.no_log }}"
+      loop: "{{ _user_configs | selectattr('no_restart', 'eq', True) }}"
     - name: Deploy dictionaries configuration (requires restart)
       template:
         src: "{{ item }}.j2"