admin-user-exists

Example:

# Create admin user with passwordless-sudo enabled, and ssh-keys added.
- admin-user-exists:
    user_name: admin
    ssh_keys:
    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQA....
    passwordless_sudo: true

Description

Create an admin user with an (optionally) provided password (hashed, for details see: Ansible user module).

If no admin_password argument is provided, the created user won't be able do login via ssh via password auth, and they won't be able to do sudo if passwordless sudo is not enabled for the user.

Also lets you choose the default shell of that user, provide public ssh keys, and whether passwordless sudo should be enabled for the user.

Variables

Name Type Default Description

user_name

 string --

The username of the admin user. Required

admin_password

 string --

This sets the users password in plain text. The user input will be sha512-hashed before forwareded to the connector.

If not provided, the user won't be able to login via password auth, and can't do sudo if passwordless sudo is not configured.

passwordless_sudo

 boolean False

Whether to enable passwordless sudo for this user.

shell

 string /bin/bash

Default shell of admin user.

ssh_keys

 list --

A list of public ssh keys for this admin user.

Examples

Example 1

Create admin user with passwordless-sudo enabled, and ssh-keys added.

Code
- admin-user-exists:
    user_name: admin
    ssh_keys:
    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQA....
    passwordless_sudo: true
Description

Create

Code

doc:
  short_help: Ensure an admin user with elevated permissions exists.
  help: |
    Create an admin user with an (optionally) provided password (hashed, for details see: [Ansible user module](https://docs.ansible.com/ansible/latest/modules/user_module.html)).

    If no ``admin_password`` argument is provided, the created user won't be able do login via ssh via
    password auth, and they won't be able to do sudo if passwordless sudo is not enabled for the user.

    Also lets you choose the default shell of that user, provide public ssh keys, and whether passwordless sudo should be enabled for the user.
  furter_reading:
  - https://docs.ansible.com/ansible/latest/modules/user_module.html

  examples:
  - title: Create admin user with passwordless-sudo enabled, and ssh-keys added.
    desc: |
      Create
    vars:
      user_name: admin
      ssh_keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQA....
      passwordless_sudo: true

args:
  user_name:
    doc:
      short_help: The username of the admin user.
    type: string
    required: true
    cli:
      param_type: argument
  admin_password:
    doc:
      short_help: The user password.
      help: |
        This sets the users password in plain text. The user input will be sha512-hashed before forwareded to the connector.

        If not provided, the user won't be able to login via password auth, and can't do
        sudo if passwordless sudo is not configured.
    type: string
    secret: true
    required: false
    cli:
      metavar: PWD
  shell:
    doc:
      short_help: Default shell of admin user.
    type: string
    required: false
    default: /bin/bash
    cli:
      metavar: SHELL
  ssh_keys:
    doc:
      short_help: A list of public ssh keys for this admin user.
    type: list
    required: false
    cli:
      param_decls:
      - --ssh-key
      - -k
      metavar: KEY
  passwordless_sudo:
    doc:
      short_help: Whether to enable passwordless sudo for this user.
    type: boolean
    required: false
    cli:
      is_flag: true
    default: false

meta:
  tags:
  - user
  - admin
  - featured-frecklecutable
  - hardening

frecklets:

- frecklet:
    name: freckfrackery.basic-security
    type: ansible-role
    resources:
      ansible-role:
      - freckfrackery.basic-security
    properties:
      idempotent: true
      elevated: true
      internet: false
    desc:
      references:
        "'freckfrackery.basic-security' Ansible role": https://gitlab.com/freckfrackery/freckfrackery.basic-security
      short: "ensure admin user '{{:: user_name ::}}' exists"
      long: |
        Ensure user '{{:: user_name ::}} exists on this system is the sudoers group to be able to gain elevated permissions.
        {%:: if passwordless_sudo ::%}Grant the user permission to execute ``sudo`` without having to enter a password.{%:: endif ::%}

        {%:: if ssh_keys ::%}Add the following public ssh keys to ``~{{:: user_name ::}}/.ssh/authorized_keys``:
        {%:: for k in ssh_keys ::%}
        - {{:: k ::}}
        {%:: endfor ::%}{%:: endif ::%}
  vars:
    basic_security_user_name: '{{:: user_name ::}}'
    basic_security_user_pw: '{{:: admin_password | sha512_crypt ::}}'
    basic_security_user_shell: '{{:: shell ::}}'
    basic_security_user_public_keys: '{{:: ssh_keys ::}}'
    basic_security_enable_passwordless_sudo: '{{:: passwordless_sudo ::}}'

frecklecute admin-user-exists --help

Usage: frecklecute admin-user-exists [OPTIONS] USER_NAME

  Create an admin user with an (optionally) provided password (hashed, for
  details see: [Ansible user module](https://docs.ansible.com/ansible/latest
  /modules/user_module.html)).

  If no ``admin_password`` argument is provided, the created user won't be
  able do login via ssh via password auth, and they won't be able to do sudo
  if passwordless sudo is not enabled for the user.

  Also lets you choose the default shell of that user, provide public ssh
  keys, and whether passwordless sudo should be enabled for the user.

Options:
  --admin-password PWD            The user password.
  --passwordless-sudo / --no-passwordless-sudo
                                  Whether to enable passwordless sudo for this
                                  user.
  --shell SHELL                   Default shell of admin user.
  -k, --ssh-key KEY               A list of public ssh keys for this admin
                                  user.
  --help                          Show this message and exit.

# -*- coding: utf-8 -*-


#
# module path: pycklets.admin_user_exists.AdminUserExists
#


from dataclasses import dataclass
from pyckles import AutoPycklet
from typing import *    # noqa

@dataclass
class AdminUserExists(AutoPycklet):
    """Create an admin user with an (optionally) provided password (hashed, for details see: [Ansible user module](https://docs.ansible.com/ansible/latest/modules/user_module.html)).

     If no ``admin_password`` argument is provided, the created user won't be able do login via ssh via
     password auth, and they won't be able to do sudo if passwordless sudo is not enabled for the user.

     Also lets you choose the default shell of that user, provide public ssh keys, and whether passwordless sudo should be enabled for the user.

       Args:
         admin_password: The user password.
         passwordless_sudo: Whether to enable passwordless sudo for this user.
         shell: Default shell of admin user.
         ssh_keys: A list of public ssh keys for this admin user.
         user_name: The username of the admin user.

    """

    FRECKLET_ID = "admin-user-exists"

    admin_password: str = None
    passwordless_sudo: bool = None
    shell: str = None
    ssh_keys: List = None
    user_name: str = None


    def __post_init__(self):
        super(AdminUserExists, self).__init__(var_names=["admin_password", "passwordless_sudo", "shell", "ssh_keys", "user_name"])


frecklet_class = AdminUserExists

# -*- coding: utf-8 -*-


#
# module path: pycklets.admin_user_exists.AdminUserExists
#


from pyckles import AutoPycklet

class AdminUserExists(AutoPycklet):
    """Create an admin user with an (optionally) provided password (hashed, for details see: [Ansible user module](https://docs.ansible.com/ansible/latest/modules/user_module.html)).

     If no ``admin_password`` argument is provided, the created user won't be able do login via ssh via
     password auth, and they won't be able to do sudo if passwordless sudo is not enabled for the user.

     Also lets you choose the default shell of that user, provide public ssh keys, and whether passwordless sudo should be enabled for the user.

       Args:
         admin_password: The user password.
         passwordless_sudo: Whether to enable passwordless sudo for this user.
         shell: Default shell of admin user.
         ssh_keys: A list of public ssh keys for this admin user.
         user_name: The username of the admin user.

    """

    FRECKLET_ID = "admin-user-exists"

    def __init__(self, admin_password=None, passwordless_sudo=None, shell="/bin/bash", ssh_keys=None, user_name=None):

        super(AdminUserExists, self).__init__(var_names=["admin_password", "passwordless_sudo", "shell", "ssh_keys", "user_name"])
        self._admin_password = admin_password
        self._passwordless_sudo = passwordless_sudo
        self._shell = shell
        self._ssh_keys = ssh_keys
        self._user_name = user_name

    @property
    def admin_password(self):
        return self._admin_password

    @admin_password.setter
    def admin_password(self, admin_password):
        self._admin_password = admin_password

    @property
    def passwordless_sudo(self):
        return self._passwordless_sudo

    @passwordless_sudo.setter
    def passwordless_sudo(self, passwordless_sudo):
        self._passwordless_sudo = passwordless_sudo

    @property
    def shell(self):
        return self._shell

    @shell.setter
    def shell(self, shell):
        self._shell = shell

    @property
    def ssh_keys(self):
        return self._ssh_keys

    @ssh_keys.setter
    def ssh_keys(self, ssh_keys):
        self._ssh_keys = ssh_keys

    @property
    def user_name(self):
        return self._user_name

    @user_name.setter
    def user_name(self, user_name):
        self._user_name = user_name



frecklet_class = AdminUserExists