claranet · ElieDeloumeau · Jun 10, 2024 · Jun 10, 2024 · Jun 10, 2024 · Jun 10, 2024
diff --git a/README.md b/README.md
@@ -23,6 +23,10 @@ ansible-galaxy install claranet.users
 ## :gear: Role variables
 
 ### Users
+
+Users supported attributes are `name`, `append`, `shell`, `createhome`, `home`, `password`, `uid`, `group`, `groups`, `update_password`, `state`, `remove` and `comment`.
+[More informations](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html)
+
 Variable | Default value | Description
 ---------|---------------|----------------------------------------------------------------------------
 users    | **{}**        | Create groups, users and enable bashrc, ssh/config, vimrc and profile files

diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -3,8 +3,10 @@
   hosts: all
   become: true
   become_user: root
-  roles:
-    - role: claranet.users
+  tasks:
+    - name: Include role claranet.users
+      ansible.builtin.include_role:
+        name: claranet.users
       vars:
         users:
           root:
@@ -38,3 +40,20 @@
             group: adm
             groups:
               - daemon
+
+    - name: Create tbd user
+      ansible.builtin.include_role:
+        name: claranet.users
+      vars:
+        users:
+          tbd:
+      tags:
+        - molecule-idempotence-notest
+
+    - name: Remove tbd user
+      ansible.builtin.include_role:
+        name: claranet.users
+      vars:
+        users:
+          tbd:
+            state: absent
diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py
@@ -155,3 +155,16 @@ def test_installed_packages(host):
     else:
         assert host.package("vim").is_installed
     assert host.package("e2fsprogs").is_installed
+
+
+def test_tbd_user(host):
+    user = host.user("tbd")
+    assert not user.exists
+
+
+def test_tbd_home(host):
+    user_name = "tbd"
+    file_name = f"/home/{user_name}"
+    file = host.file(file_name)
+    assert file.exists
+    assert file.is_directory
diff --git a/tasks/install.yml b/tasks/install.yml
@@ -3,3 +3,5 @@
   ansible.builtin.package:
     name: "{{ _users_packages }}"
     state: present
+  tags:
+    - molecule-idempotence-notest
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -29,11 +29,11 @@
 - ansible.builtin.include_tasks: install.yml
 
 # create users and groups
-- ansible.builtin.include_tasks: create_groups.yml
+- ansible.builtin.include_tasks: manage_groups.yml
   loop: "{{ users | dict2items }}"
   loop_control:
     label: "{{ item.key }}"
-- ansible.builtin.include_tasks: create_users.yml
+- ansible.builtin.include_tasks: manage_users.yml
   loop: "{{ users | dict2items }}"
   loop_control:
     label: "{{ item.key }}"
@@ -43,15 +43,19 @@
   loop: "{{ users | dict2items }}"
   loop_control:
     label: "{{ item.key }}"
+  when: item.value.state|default("present") != "absent"
 - ansible.builtin.include_tasks: configure_ssh.yml
   loop: "{{ users | dict2items }}"
   loop_control:
     label: "{{ item.key }}"
+  when: item.value.state|default("present") != "absent"
 - ansible.builtin.include_tasks: configure_vim.yml
   loop: "{{ users | dict2items }}"
   loop_control:
     label: "{{ item.key }}"
+  when: item.value.state|default("present") != "absent"
 - ansible.builtin.include_tasks: configure_profile.yml
   loop: "{{ users | dict2items }}"
   loop_control:
     label: "{{ item.key }}"
+  when: item.value.state|default("present") != "absent"
diff --git a/tasks/create_groups.yml → tasks/manage_groups.yml b/tasks/create_groups.yml → tasks/manage_groups.yml
@@ -1,6 +1,7 @@
 ---
-- name: "create_groups | create group {{ item.value.group | default('') }}"
+- name: "manage_groups | create group {{ item.value.group | default('') }}"
   ansible.builtin.group:
     name: "{{ item.value.group }}"
     gid: "{{ item.value.gid | default(omit) }}"
+    state: "{{ item.value.state | default('present') }}"
   when: item.value.group is defined
diff --git a/tasks/create_users.yml → tasks/manage_users.yml b/tasks/create_users.yml → tasks/manage_users.yml
@@ -1,10 +1,10 @@
 ---
-- name: "create_users | include hardening.yml"
+- name: "manage_users | include hardening.yml"
   ansible.builtin.include_tasks: hardening.yml
   vars:
     _users_status: "unset"
 
-- name: "create_users | create user {{ item.key }}"
+- name: "manage_users | {{ 'create' if (item.value.state | default('present')) != 'absent' else 'remove' }} user {{ item.key }}"
   ansible.builtin.user:
     name: "{{ item.key }}"
     append: "{{ item.value.append | default(true if item.value.groups | default([]) | length > 0 else omit) }}"
@@ -16,3 +16,6 @@
     group: "{{ item.value.group | default(omit) }}"
     groups: "{{ item.value.groups | default(omit) }}"
     update_password: "{{ item.value.update_password | default(omit) }}"
+    state: "{{ item.value.state | default('present') }}"
+    remove: "{{ item.value.remove | default(false) }}"
+    comment: "{{ item.value.comment | default(omit) }}"