[ansible-project] How can I process an array of private keys during user creation

[Bob Brown]

What I have set up so far is working well.

My playbook is:

---
- hosts: bastion_hosts
  vars_files:
  - data/users.yml
  gather_facts: no
  sudo: True
  name: Add/Delete/Update InPowered Users onto an instance. Usually 
BounceBox
  tasks:
    - name: Add Users to the remote system
      user: name={{ item.key }}
            shell={{ item.value.shell }}
            state={{ item.value.state }}
            uid={{ item.value.uid }}
            home={{ item.value.home }}
            comment="{{ item.value.comment }}"
      with_dict: users

    - name: Pushing authorized key to remote server
      authorized_key: user={{ item.key }} key="{{ item.value.ssh_pubkey }}"
      with_dict: users

    - name: Add wheel Group to sudo users
      user: name={{ item.key }}
            groups=wheel
      when: '{{ item.value.setsudo }} == True'
      with_dict: users

    - name: Copy Private Keys to each user
      debug: var={{ item.value.authkeys }}
      with_dict: users


The authkeys variable contains a list of private key names  "qa, prd, dev"

For each user, I want copy each of the listed private key files into the 
.ssh directory. Something like

      copy:  src=/keypath/{{ first item in item.value.authkeys }}.pem 
dest=/home/{{ item.keys }}/.ssh/{{ first item in item.value.authkeys }}.pem 
mode=0600

But I'm not clear on how to grab the elements out of the authkeys to copy 
down each file.  (Further, I'm thinking I should be using vault, but... one 
step at a time now)

My users.yml file looks like this:


---
  users:
    bob.brown:
      state: present
      uid: 1027
      comment: "Bob Brown"
      home: /home/bob.brown
      ssh_pubkey: "ssh-rsa AAAAB3NzaC1yc2E..."
      authkeys: "dev,qa,prd,ops"
      shell: /bin/sh
      setsudo: yes

    colin.johnson:
      state: present
      uid: 1041
      comment: "Colin Johnson"
      home: /home/colin.johnson
      ssh_pubkey: "ssh-rsa AAAAB3NzaC1..."
      authkeys: "dev,qa,prd"
      shell: /bin/sh
      setsudo: no

Thanks to anyone who can help.

Bob

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/eb64eb1e-0ffd-4628-a024-d7eb618e7eea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.