ansible/roles/pve_auth/templates/user.cfg.j2

{{ ansible_managed | comment }}

{% for name, user in pve_auth__users.items() %}
{% set enabled = user.enabled | default(True) %}
user:{{ name }}@pve:{{ enabled | ternary(1, 0) }}:0::::::
{% endfor %}

{% for group in pve_auth__groups.keys() %}
{% set users = pve_auth__users
               | dict2items
               | selectattr("value.groups", "defined")
	       | selectattr("value.groups", "contains", group)
	       | map(attribute="key")
	       | map("suffix", "@pve") %}
group:{{ group }}:{{ users | join(",") }}::
{% endfor %}

{% for group, roles in pve_auth__groups.items() %}
acl:1:/:@{{ group }}:{{ roles | join(",") }}:
{% endfor %}
pve_auth: create role 2023-04-05 22:06:50 +02:00			`{{ ansible_managed \| comment }}`

			`{% for name, user in pve_auth__users.items() %}`
pve_auth: fix groups + enabled 2023-04-05 23:27:11 +02:00			`{% set enabled = user.enabled \| default(True) %}`
			`user:{{ name }}@pve:{{ enabled \| ternary(1, 0) }}:0::::::`
pve_auth: create role 2023-04-05 22:06:50 +02:00			`{% endfor %}`

			`{% for group in pve_auth__groups.keys() %}`
			`{% set users = pve_auth__users`
pve_auth: fix groups + enabled 2023-04-05 23:27:11 +02:00			`\| dict2items`
			`\| selectattr("value.groups", "defined")`
			`\| selectattr("value.groups", "contains", group)`
			`\| map(attribute="key")`
			`\| map("suffix", "@pve") %}`
pve_auth: create role 2023-04-05 22:06:50 +02:00			`group:{{ group }}:{{ users \| join(",") }}::`
			`{% endfor %}`

			`{% for group, roles in pve_auth__groups.items() %}`
			`acl:1:/:@{{ group }}:{{ roles \| join(",") }}:`
			`{% endfor %}`