perf: 改密去掉sudo (#11094)

Co-authored-by: feng <1304903146@qq.com>

apps/accounts/automations/change_secret/host/aix/main.yml

@@ -4,6 +4,26 @@
     - name: Test privileged account
       ansible.builtin.ping:
 
+    - name: Check user
+      ansible.builtin.user:
+        name: "{{ account.username }}"
+        shell: "{{ params.shell }}"
+        home: "{{ params.home | default('/home/' + account.username, true) }}"
+        groups: "{{ params.groups }}"
+        expires: -1
+        state: present
+
+    - name: "Add {{ account.username }} group"
+      ansible.builtin.group:
+        name: "{{ account.username }}"
+        state: present
+
+    - name: Add user groups
+      ansible.builtin.user:
+        name: "{{ account.username }}"
+        groups: "{{ params.groups }}"
+      when: params.groups
+
     - name: Change password
       ansible.builtin.user:
         name: "{{ account.username }}"
@@ -23,8 +43,8 @@
         regexp: "{{ ssh_params.regexp }}"
         state: absent
       when:
-      - account.secret_type == "ssh_key"
-      - ssh_params.strategy == "set_jms"
+        - account.secret_type == "ssh_key"
+        - ssh_params.strategy == "set_jms"
 
     - name: Change SSH key
       ansible.builtin.authorized_key:

apps/accounts/automations/change_secret/host/aix/manifest.yml

@@ -5,12 +5,6 @@ type:
   - AIX
 method: change_secret
 params:
-  - name: sudo
-    type: str
-    label: 'Sudo'
-    default: '/bin/whoami'
-    help_text: "{{ 'Params sudo help text' | trans }}"
-
   - name: shell
     type: str
     label: 'Shell'

apps/accounts/automations/change_secret/host/posix/main.yml

@@ -53,16 +53,6 @@
         exclusive: "{{ ssh_params.exclusive }}"
       when: account.secret_type == "ssh_key"
 
-    - name: Set sudo setting
-      ansible.builtin.lineinfile:
-        dest: /etc/sudoers
-        state: present
-        regexp: "^{{ account.username }} ALL="
-        line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
-        validate: visudo -cf %s
-      when:
-        - params.sudo
-
     - name: Refresh connection
       ansible.builtin.meta: reset_connection
 

apps/accounts/automations/change_secret/host/posix/manifest.yml

@@ -6,12 +6,6 @@ type:
   - linux
 method: change_secret
 params:
-  - name: sudo
-    type: str
-    label: 'Sudo'
-    default: '/bin/whoami'
-    help_text: "{{ 'Params sudo help text' | trans }}"
-
   - name: shell
     type: str
     label: 'Shell'