---
# Synchronization des clefs SSH avec option de suppression via admin_blacklist_ssh_keys
# En utilisant la variable hash_behaviour = merge dans la configuration ansible,
# permet de deployer differentes clefs sur differentes serveurs en mergeant les dictionnaire

- name: Check vars
  fail: 
    msg: "Missing variable admin_ssh_keys"
  tags: ssh_keys
  when: admin_ssh_keys is not defined

- name: Install libselinux-python needed for centos
  tags: ssh_keys
  yum: 
    name: libselinux-python
    state: installed
  when: ansible_distribution == 'CentOS'

- name: Remove old SSH keys
  tags: ssh_keys
  authorized_key: 
    user: root 
    key: "{{ item.value }}"
    state: absent
  with_dict: "{{ admin_blacklist_ssh_keys }}"
  when: admin_blacklist_ssh_keys is defined

- name: Deploy SSH keys
  tags: ssh_keys
  authorized_key: 
    user: root 
    key: "{{ item.value }}"
    state: present
  with_dict: "{{ admin_ssh_keys }}"