Ansible/roles/luther38.okta/tasks/main.yml

90 lines
2.2 KiB
YAML

---
- name: Check for {{ login }}
okta_users:
organization: "{{ organization }}"
api_key: "{{ api_key }}"
action: list
login: "{{ login }}"
register: oktalist
# if the account is not found, make it
- name: Create {{ login }}
okta_users:
organization: "{{ organization }}"
api_key: "{{ api_key }}"
action: create
login: "{{ login }}"
email: "{{ email }}"
first_name: "{{ first_name }}"
last_name: "{{ last_name }}"
when:
- oktalist['json'] is not defined
- isActive|bool == True
- name: Update {{ login }} first_name
okta_users:
organization: "{{ organization }}"
api_key: "{{ api_key }}"
action: update
id: "{{ oktalist.json.0.id }}"
first_name: "{{ first_name }}"
when:
- oktalist.json.0.profile.firstName != first_name
- isActive|bool == True
- name: Update {{ login }} last_name
okta_users:
organization: "{{ organization }}"
api_key: "{{ api_key }}"
action: update
id: "{{ oktalist.json.0.id }}"
last_name: "{{ last_name }}"
when:
- oktalist.json.0.profile.lastName != last_name
- isActive|bool == True
- name: Update {{ login }} email
okta_users:
organization: "{{ organization }}"
api_key: "{{ api_key }}"
action: update
id: "{{ oktalist.json.0.id }}"
email: "{{ email }}"
when:
- oktalist.json.0.profile.email != email
- isActive|bool == True
- name: Disable {{ login }}
okta_users:
organization: "{{ organization }}"
api_key: "{{ api_key }}"
action: deactivate
id: "{{ oktalist.json.0.id }}"
when:
- oktalist.json is defined
- isActive|bool == False
- name: debug
debug:
msg: "{{ item }}"
with_items: "{{ add_groups }}"
- name: add groups
okta_groups:
action: add_user
organization: "{{ organization }}"
api_key: "{{ api_key }}"
user_id: "{{ oktalist.json.0.id }}"
id: "{{ item }}"
with_items: "{{ add_groups }}"
ignore_errors: yes
- name: remove groups
okta_groups:
action: remove_user
organization: "{{ organization }}"
api_key: "{{ api_key }}"
user_id: "{{ oktalist.json.0.id }}"
id: "{{ item }}"
with_items: "{{ remove_groups }}"
ignore_errors: yes