From d36700b0522ff1de196fe5b086b24184a8bf740a Mon Sep 17 00:00:00 2001 From: Christian Lefebvre Date: Fri, 3 Nov 2023 23:15:57 +0100 Subject: [PATCH] create only required users empty groups must not imply user creation --- roles/variables/defaults/main.yml | 36 +++++++++++++++---------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/roles/variables/defaults/main.yml b/roles/variables/defaults/main.yml index a25a0993cf..ed260a20e3 100644 --- a/roles/variables/defaults/main.yml +++ b/roles/variables/defaults/main.yml @@ -1226,27 +1226,27 @@ _sasl_scram_users: "{ 'client': { 'principal': 'client', 'password': 'client-secret' - }{% if 'schema_registry' in groups %}, + }{% if 'schema_registry' in groups and groups['schema_registry']|length > 0 %}, 'schema_registry': { 'principal': 'schema_registry', 'password': 'schema_registry-secret' - }{% endif %}{% if 'kafka_connect' in groups %}, + }{% endif %}{% if 'kafka_connect' in groups and groups['kafka_connect']|length > 0 %}, 'kafka_connect': { 'principal': 'kafka_connect', 'password': 'kafka_connect-secret' - }{% endif %}{% if 'kafka_rest' in groups %}, + }{% endif %}{% if 'kafka_rest' in groups and groups['kafka_rest']|length > 0 %}, 'kafka_rest': { 'principal': 'kafka_rest', 'password': 'kafka_rest-secret' - }{% endif %}{% if 'ksql' in groups %}, + }{% endif %}{% if 'ksql' in groups and groups['ksql']|length > 0 %}, 'ksql': { 'principal': 'ksql', 'password': 'ksql-secret' - }{% endif %}{% if 'control_center' in groups %}, + }{% endif %}{% if 'control_center' in groups and groups['control_center']|length > 0 %}, 'control_center': { 'principal': 'control_center', 'password': 'control_center-secret' - }{% endif %}{% if 'kafka_connect_replicator' in groups %}, + }{% endif %}{% if 'kafka_connect_replicator' in groups and groups['kafka_connect_replicator']|length > 0 %}, 'kafka_connect_replicator': { 'principal': 'kafka_connect_replicator', 'password': 'kafka_connect_replicator-secret' @@ -1267,27 +1267,27 @@ _sasl_scram256_users: "{ 'client': { 'principal': 'client', 'password': 'client-secret' - }{% if 'schema_registry' in groups %}, + }{% if 'schema_registry' in groups and groups['schema_registry']|length > 0 %}, 'schema_registry': { 'principal': 'schema_registry', 'password': 'schema_registry-secret' - }{% endif %}{% if 'kafka_connect' in groups %}, + }{% endif %}{% if 'kafka_connect' in groups and groups['kafka_connect']|length > 0 %}, 'kafka_connect': { 'principal': 'kafka_connect', 'password': 'kafka_connect-secret' - }{% endif %}{% if 'kafka_rest' in groups %}, + }{% endif %}{% if 'kafka_rest' in groups and groups['kafka_rest']|length > 0 %}, 'kafka_rest': { 'principal': 'kafka_rest', 'password': 'kafka_rest-secret' - }{% endif %}{% if 'ksql' in groups %}, + }{% endif %}{% if 'ksql' in groups and groups['ksql']|length > 0 %}, 'ksql': { 'principal': 'ksql', 'password': 'ksql-secret' - }{% endif %}{% if 'control_center' in groups %}, + }{% endif %}{% if 'control_center' in groups and groups['control_center']|length > 0 %}, 'control_center': { 'principal': 'control_center', 'password': 'control_center-secret' - }{% endif %}{% if 'kafka_connect_replicator' in groups %}, + }{% endif %}{% if 'kafka_connect_replicator' in groups and groups['kafka_connect_replicator']|length > 0 %}, 'kafka_connect_replicator': { 'principal': 'kafka_connect_replicator', 'password': 'kafka_connect_replicator-secret' @@ -1308,27 +1308,27 @@ _sasl_plain_users: "{ 'client': { 'principal': 'client', 'password': 'client-secret' - }{% if 'schema_registry' in groups %}, + }{% if 'schema_registry' in groups and groups['schema_registry']|length > 0 %}, 'schema_registry': { 'principal': '{% if ccloud_kafka_enabled|bool %}{{ccloud_kafka_key}}{% else %}schema_registry{% endif %}', 'password': '{% if ccloud_kafka_enabled|bool %}{{ccloud_kafka_secret}}{% else %}schema_registry-secret{% endif %}' - }{% endif %}{% if 'kafka_connect' in groups %}, + }{% endif %}{% if 'kafka_connect' in groups and groups['kafka_connect']|length > 0 %}, 'kafka_connect': { 'principal': '{% if ccloud_kafka_enabled|bool %}{{ccloud_kafka_key}}{% else %}kafka_connect{% endif %}', 'password': '{% if ccloud_kafka_enabled|bool %}{{ccloud_kafka_secret}}{% else %}kafka_connect-secret{% endif %}' - }{% endif %}{% if 'kafka_rest' in groups %}, + }{% endif %}{% if 'kafka_rest' in groups and groups['kafka_rest']|length > 0 %}, 'kafka_rest': { 'principal': '{% if ccloud_kafka_enabled|bool %}{{ccloud_kafka_key}}{% else %}kafka_rest{% endif %}', 'password': '{% if ccloud_kafka_enabled|bool %}{{ccloud_kafka_secret}}{% else %}kafka_rest-secret{% endif %}' - }{% endif %}{% if 'ksql' in groups %}, + }{% endif %}{% if 'ksql' in groups and groups['ksql']|length > 0 %}, 'ksql': { 'principal': '{% if ccloud_kafka_enabled|bool %}{{ccloud_kafka_key}}{% else %}ksql{% endif %}', 'password': '{% if ccloud_kafka_enabled|bool %}{{ccloud_kafka_secret}}{% else %}ksql-secret{% endif %}' - }{% endif %}{% if 'control_center' in groups %}, + }{% endif %}{% if 'control_center' in groups and groups['control_center']|length > 0 %}, 'control_center': { 'principal': '{% if ccloud_kafka_enabled|bool %}{{ccloud_kafka_key}}{% else %}control_center{% endif %}', 'password': '{% if ccloud_kafka_enabled|bool %}{{ccloud_kafka_secret}}{% else %}control_center-secret{% endif %}' - }{% endif %}{% if 'kafka_connect_replicator' in groups %}, + }{% endif %}{% if 'kafka_connect_replicator' in groups and groups['kafka_connect_replicator']|length > 0 %}, 'kafka_connect_replicator': { 'principal': 'kafka_connect_replicator', 'password': 'kafka_connect_replicator-secret'