From cb65705ebca73e012124d63d6a963b0198a3dd3b Mon Sep 17 00:00:00 2001
From: Bertrand Lanson <bertrand.lanson@protonmail.com>
Date: Sun, 26 Mar 2023 00:00:42 +0100
Subject: [PATCH] stuff

---
 defaults/main.yml                            |  1 +
 molecule/with_ssh_keys/converge.yml          |  7 ++++
 molecule/with_ssh_keys/group_vars/all.yml    | 10 +++++
 molecule/with_ssh_keys/molecule.yml          | 41 ++++++++++++++++++++
 molecule/with_ssh_keys/requirements.yml      |  3 ++
 molecule/with_ssh_keys/tests/conftest.py     | 22 +++++++++++
 molecule/with_ssh_keys/tests/test_default.py | 10 +++++
 tasks/add_ssh_keys.yml                       |  9 +++++
 tasks/create_user.yml                        |  8 +---
 tasks/main.yml                               |  4 ++
 10 files changed, 108 insertions(+), 7 deletions(-)
 create mode 100644 molecule/with_ssh_keys/converge.yml
 create mode 100644 molecule/with_ssh_keys/group_vars/all.yml
 create mode 100644 molecule/with_ssh_keys/molecule.yml
 create mode 100644 molecule/with_ssh_keys/requirements.yml
 create mode 100644 molecule/with_ssh_keys/tests/conftest.py
 create mode 100644 molecule/with_ssh_keys/tests/test_default.py
 create mode 100644 tasks/add_ssh_keys.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index 9c3066c..f38e157 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -5,6 +5,7 @@ provision_ansible_user_password: supersecretpassword
 provision_ansible_user_is_system: true
 provision_ansible_user_shell: /bin/bash
 provision_ansible_user_sudoer: false
+provision_ansible_user_add_ssh_key: false
 provision_ansible_user_ssh_key:
 provision_ansible_user_ssh_key_options: ""
 provision_ansible_user_ssh_key_exclusive: true
\ No newline at end of file
diff --git a/molecule/with_ssh_keys/converge.yml b/molecule/with_ssh_keys/converge.yml
new file mode 100644
index 0000000..4bcc437
--- /dev/null
+++ b/molecule/with_ssh_keys/converge.yml
@@ -0,0 +1,7 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: "Include ednxzu.provision_ansible_user"
+      ansible.builtin.include_role:
+        name: "ednxzu.provision_ansible_user"
diff --git a/molecule/with_ssh_keys/group_vars/all.yml b/molecule/with_ssh_keys/group_vars/all.yml
new file mode 100644
index 0000000..f41bd90
--- /dev/null
+++ b/molecule/with_ssh_keys/group_vars/all.yml
@@ -0,0 +1,10 @@
+---
+provision_ansible_user_name: ansible
+provision_ansible_user_password: supersecretpassword
+provision_ansible_user_is_system: true
+provision_ansible_user_shell: /bin/bash
+provision_ansible_user_sudoer: true
+provision_ansible_user_add_ssh_key: true
+provision_ansible_user_ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF17FFrBY4dZyvJ7Yf1Ev4NA2+/tW5krKxVrpq45Cujg lanson@lead"
+provision_ansible_user_ssh_key_options: ""
+provision_ansible_user_ssh_key_exclusive: true
diff --git a/molecule/with_ssh_keys/molecule.yml b/molecule/with_ssh_keys/molecule.yml
new file mode 100644
index 0000000..b4013f2
--- /dev/null
+++ b/molecule/with_ssh_keys/molecule.yml
@@ -0,0 +1,41 @@
+---
+dependency:
+  name: galaxy
+  options:
+    requirements-file: ./requirements.yml
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: geerlingguy/docker-${MOLECULE_TEST_OS}-ansible
+    command: ""
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      remote_tmp: /tmp/.ansible
+verifier:
+  name: testinfra
+lint: |
+  yamllint -c .yamllint .
+  ansible-lint
+scenario:
+  name: with_ssh_keys
+  test_sequence:
+    - dependency
+    - lint
+    - cleanup
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    - idempotence
+    - verify
+    - cleanup
+    - destroy
diff --git a/molecule/with_ssh_keys/requirements.yml b/molecule/with_ssh_keys/requirements.yml
new file mode 100644
index 0000000..e9320f9
--- /dev/null
+++ b/molecule/with_ssh_keys/requirements.yml
@@ -0,0 +1,3 @@
+---
+# requirements file for molecule
+roles: []
diff --git a/molecule/with_ssh_keys/tests/conftest.py b/molecule/with_ssh_keys/tests/conftest.py
new file mode 100644
index 0000000..f7ddb3f
--- /dev/null
+++ b/molecule/with_ssh_keys/tests/conftest.py
@@ -0,0 +1,22 @@
+"""PyTest Fixtures."""
+from __future__ import absolute_import
+
+import os
+
+import pytest
+
+
+def pytest_runtest_setup(item):
+    """Run tests only when under molecule with testinfra installed."""
+    try:
+        import testinfra
+    except ImportError:
+        pytest.skip("Test requires testinfra", allow_module_level=True)
+    if "MOLECULE_INVENTORY_FILE" in os.environ:
+        pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+            os.environ["MOLECULE_INVENTORY_FILE"]
+        ).get_hosts("all")
+    else:
+        pytest.skip(
+            "Test should run only from inside molecule.", allow_module_level=True
+        )
diff --git a/molecule/with_ssh_keys/tests/test_default.py b/molecule/with_ssh_keys/tests/test_default.py
new file mode 100644
index 0000000..0cff669
--- /dev/null
+++ b/molecule/with_ssh_keys/tests/test_default.py
@@ -0,0 +1,10 @@
+"""Role testing files using testinfra."""
+
+
+def test_hosts_file(host):
+    """Validate /etc/hosts file."""
+    f = host.file("/etc/hosts")
+
+    assert f.exists
+    assert f.user == "root"
+    assert f.group == "root"
diff --git a/tasks/add_ssh_keys.yml b/tasks/add_ssh_keys.yml
new file mode 100644
index 0000000..f4e56ef
--- /dev/null
+++ b/tasks/add_ssh_keys.yml
@@ -0,0 +1,9 @@
+---
+# task/add_ssh_keys file for provision_ansible_user
+- name: "Add key to authorized_keys"
+  ansible.posix.authorized_key:
+    user: "{{ provision_ansible_user_name }}"
+    key: "{{ provision_ansible_user_ssh_key }}"
+    comment: "ansible@{{ ansible_hostname }}"
+    key_options: "{{ provision_ansible_user_ssh_key_options }}"
+    exclusive: "{{ provision_ansible_user_ssh_key_exclusive }}"
diff --git a/tasks/create_user.yml b/tasks/create_user.yml
index 99e853f..220610e 100644
--- a/tasks/create_user.yml
+++ b/tasks/create_user.yml
@@ -14,10 +14,4 @@
     dest: "/etc/sudoers.d/{{ provision_ansible_user_name }}"
     mode: 0640
     content: "{{ provision_ansible_user_name }}  ALL=(ALL)  NOPASSWD: ALL"
-
-- name: "Add key to authorized_keys"
-  user: "{{ provision_ansible_user_name }}"
-  key: "{{ provision_ansible_user_ssh_key }}"
-  comment: "ansible@{{ ansible_hostname }}"
-  key_options: "{{ provision_ansible_user_ssh_key_options }}"
-  exclusive: "{{ provision_ansible_user_ssh_key_exclusive }}"
+  when: provision_ansible_user_sudoer
diff --git a/tasks/main.yml b/tasks/main.yml
index 81ebf85..b8298ce 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -2,3 +2,7 @@
 # task/main file for provision_ansible_user
 - name: "Import create_user.yml"
   ansible.builtin.include_tasks: create_user.yml
+
+- name: "Import add_ssh_keys.yml"
+  ansible.builtin.include_tasks: add_ssh_keys.yml
+  when: provision_ansible_user_add_ssh_key