Creating task for editing user status

Addressing need to lock down system users

Change-Id: I76c3772bda963bff1e861e6361977010d5964ef3

image-builder/assets/playbooks/roles/osconfig/defaults/main.yaml

@@ -226,6 +226,16 @@ file_permissions:
       # combined with previous item)
       run_contexts:
           - "{{ default_run_context }}"
+# Set password and login shell for existing users
+# Mainly intended to lock down system users
+# Will not create user if does not exist
+user_management:
+    - name: test
+      shell: /usr/sbin/nologin
+      password: '!'
+      password_lock: yes
+      run_contexts:
+          - "{{ default_run_context }}"
 # If any required resources need to be fetched from URL for image build customization, they can be added here.
 # Downloaded resources can be found in /tmp/url_resources directory.
 # Example:-

image-builder/assets/playbooks/roles/osconfig/tasks/main.yaml

@@ -59,6 +59,8 @@
   include_tasks: user-scripts.yaml
 - name: "configure file permissions"
   include_tasks: file-permissions.yaml
+- name: "configure user password settings"
+  include_tasks: user-management.yaml
 
 # Context-independent cleanup tasks
 - name: "finalize rootfs"

image-builder/assets/playbooks/roles/osconfig/tasks/user-management.yaml

@@ -0,0 +1,12 @@
+- name: "Get all account info"
+  getent:
+    database: passwd
+
+- name: "User Management | Modifying user settings for {{ item.name }}"
+  user:
+    name: "{{ item.name }}"
+    password: "{{ item.password }}"
+    password_lock: "{{ item.password_lock }}"
+    shell: "{{ item.shell }}"
+  loop: "{{ user_management  }}"
+  when: run_context in item.run_contexts and item.name in ansible_facts.getent_passwd