Skip to content

Commit

Permalink
Use id -nG to query existing groups
Browse files Browse the repository at this point in the history
  • Loading branch information
@andyundso
andyundso committed Oct 25, 2023
1 parent 85cf43e commit 81b69e0
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 6 deletions.
9 changes: 5 additions & 4 deletions molecule/deletion/verify.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,12 @@
- name: Get sudo group members
getent:
database: group
key: sudo
register: sudo_group
register: group_data
changed_when: false

- name: Assert 'erwin' is not in 'sudo' group
- name: Assert 'erwin' is in the correct groups
assert:
that:
- "'erwin' not in sudo_group['ansible_facts']['getent_group']['sudo'][2].split(',')" # Index 2 typically holds the user list for the group.
- "'erwin' in group_data['ansible_facts']['getent_group']['erwin'][2].split(',')"
- "'erwin' in group_data['ansible_facts']['getent_group']['accounts'][2].split(',')"
- "'erwin' not in group_data['ansible_facts']['getent_group']['sudo'][2].split(',')" # Index 2 typically holds the user list for the group.
4 changes: 2 additions & 2 deletions tasks/revoke-sudo.yml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
- name: Get groups for user '{{ user }}'
command: "groups {{ user }}"
command: "id -nG {{ user }}"
register: current_groups
changed_when: false

- name: Revoke 'sudo' for '{{ user }}'
user:
name: "{{ user }}"
groups: "{{ current_groups.stdout | replace(user + ' : ', '') | replace('sudo', '') | split }}"
groups: "{{ current_groups.stdout | replace('sudo', '') | split }}"
append: no

0 comments on commit 81b69e0

Please sign in to comment.