refactored ood demo user into cookiecutter

Author: wtripp180901

docs/openondemand.README.md

@@ -46,4 +46,4 @@ The appliance automatically configures Open Ondemand to proxy Grafana and adds a
 [^1]: Note that if `openondemand_auth` is `basic_pam` and anonymous Grafana login is enabled, the appliance will (by default) configure Open Ondemand's Apache server to remove the Authorisation header from proxying of all `node/` addresses. This is done as otherwise Grafana tries to use this header to authenticate, which fails with the default configuration where only the admin Grafana user `grafana` is created. Note that the removal of this header in this configuration means it cannot be used to authenticate proxied interactive applications - however the appliance-deployed remote desktop and Jupyter Notebook server applications use other authentication methods. An alternative if using `basic_pam` is not to enable anonymous Grafana login and to create Grafana users matching the local users (e.g. in `environments/<env>/hooks/post.yml`).
 
 # Access
-By default the appliance authenticates against OOD with basic auth through PAM. If the `basic_users` group is enabled, by default it will create a user with username `ood_user` and its password is found under `vault_openondemand_default_user` in the appliance secrets store in `environments/{ENV}/inventory/group_vars/all/secrets.yml`. Other users can be defined by overriding the variables in `environments/common/inventory/group_vars/all/basic_users.yml`.
+By default the appliance authenticates against OOD with basic auth through PAM. When creating a new environment, a new user with username `demo_user` will be created. Its password is found under `vault_openondemand_default_user` in the appliance secrets store in `environments/{ENV}/inventory/group_vars/all/secrets.yml`. Other users can be defined by overriding the `basic_users_users` variable in your environment (templated into `environments/{ENV}/inventory/group_vars/all/basic_users.yml` by default).

environments/common/inventory/group_vars/all/basic_users.yml

@@ -3,10 +3,6 @@
 # See: ansible/roles/basic_users/README.md 
 # for variable definitions.
 
-ondemand_user_password: "{{ vault_openondemand_default_user_password }}"
-
 basic_users_homedir: /home
-basic_users_users:
-  - name: ood_user
-    password: "{{ ondemand_user_password | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}" # idempotent
-    uid: 1006
+basic_users_users: []
+

environments/skeleton/{{cookiecutter.environment}}/inventory/group_vars/all/basic_users.yml

@@ -0,0 +1,4 @@
+basic_users_users:
+  - name: demo_user
+    password: "{% raw %}{{ vault_openondemand_default_user_password | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}{% endraw %}" # idempotent
+    uid: 1006