From 27e3cff9a2e1a7152cedd47a2b57981b7ba88cd1 Mon Sep 17 00:00:00 2001
From: pemontto <pemontto@gmail.com>
Date: Tue, 15 Oct 2019 15:37:39 +0100
Subject: [PATCH] Add option to keep existing users

---
 defaults/main.yml                                      | 2 ++
 tasks/xpack/security/elasticsearch-security-file.yml   | 6 +++---
 tasks/xpack/security/elasticsearch-security-native.yml | 4 ++--
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 19d9732..dc674cc 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -60,3 +60,5 @@ es_ssl_certificate_authority: ""
 es_ssl_certificate_path: "/etc/elasticsearch/certs"
 es_ssl_verification_mode: "certificate"
 es_validate_certs: "yes"
+delete_unmanaged_file: true
+delete_unmanaged_native: true
diff --git a/tasks/xpack/security/elasticsearch-security-file.yml b/tasks/xpack/security/elasticsearch-security-file.yml
index f81117a..82aca12 100644
--- a/tasks/xpack/security/elasticsearch-security-file.yml
+++ b/tasks/xpack/security/elasticsearch-security-file.yml
@@ -11,7 +11,7 @@
   register: old_users_file
   check_mode: no
 
-- name: Copy the old users file from the old depreacted location
+- name: Copy the old users file from the old deprecated location
   copy:
     remote_src: yes
     force: no # only copy it if the new path doesn't exist yet
@@ -33,7 +33,7 @@
 
 - name: set fact users_to_remove
   set_fact: users_to_remove={{ current_file_users.stdout_lines | difference (es_users.file.keys() | list) }}
-  when: manage_file_users
+  when: manage_file_users and delete_unmanaged_file
 
 #Remove users
 - name: Remove Users
@@ -49,7 +49,7 @@
 
 - name: set fact users_to_add
   set_fact: users_to_add={{ es_users.file.keys() | list | difference (current_file_users.stdout_lines) }}
-  when: manage_file_users
+  when: manage_file_users and delete_unmanaged_file
 
 #Add users
 - name: Add Users
diff --git a/tasks/xpack/security/elasticsearch-security-native.yml b/tasks/xpack/security/elasticsearch-security-native.yml
index ba54266..563688b 100644
--- a/tasks/xpack/security/elasticsearch-security-native.yml
+++ b/tasks/xpack/security/elasticsearch-security-native.yml
@@ -82,7 +82,7 @@
     password: "{{es_api_basic_auth_password}}"
     force_basic_auth: yes
     validate_certs: "{{ es_validate_certs }}"
-  when: manage_native_users
+  when: manage_native_users and delete_unmanaged_native
   with_items: "{{ users_to_remove | default([]) }}"
 
 - name: set fact users_to_ignore
@@ -178,7 +178,7 @@
     password: "{{es_api_basic_auth_password}}"
     force_basic_auth: yes
     validate_certs: "{{ es_validate_certs }}"
-  when: manage_native_roles
+  when: manage_native_roles  and delete_unmanaged_native
   with_items: "{{roles_to_remove | default([]) }}"
 
 - name: set fact roles_to_modify