Ansible tasks for adding users to hosts, and adding their authorized keys to other users so they can login as those users

add_users.yml

---
- name: add users
  user:
    name: "{{ item.name }}"
    state: present
    groups: "{{ item.groups }}"
    shell: /bin/bash
  with_items: "{{ users }}"

- name: add authorized keys
  authorized_key:
    user: "{{ item.name }}"
    key: "{{ item.authorized_keys_url }}"
  with_items: "{{ users }}"
  when: item.authorized_keys_url is defined

- name: create bin directory
  file:
    path: "/home/{{ item.name }}/bin"
    state: directory
    owner: "{{ item.name }}"
    group: "{{ item.name }}"
    mode: 0755
  with_items: "{{ users }}"
  when: item.create_bin_dir

- name: add login_as
  authorized_key:
    user: "{{ item[0] }}"
    key: "{{ users | selectattr('name', 'equalto', item[1]) | map(attribute='authorized_keys_url') | join }}"
  with_nested:
    - "{{ users| selectattr('login_as', 'defined') | map(attribute='name') | list }}"
    - "{{ users| selectattr('login_as', 'defined') | map(attribute='login_as') | join }}"
  tags: login_as

user_vars.yml

users:
  -
    name: creisor
    groups: admins
    authorized_keys_url: "http://some_url/authorized_keys"
    aws_access_key_url: "https://some_secrets_url/secrets.json"
    create_bin_dir: true
  -
    name: janedoe
    groups: web_admins
    authorized_keys_url: "http://some_url/authorized_keys"
    create_bin_dir: false
  -
    name: joeblow
    groups: ops
    authorized_keys_url: "http://some_url/authorized_keys"
    create_bin_dir: false
  -
    name: backup
    groups:
    aws_access_key_url: "https://some_secrets_url/secrets.json"
    create_bin_dir: true
    login_as:
      - creisor
      - janedoe
      - joeblow