roles/object_diff/tasks/user_accounts.yml

---
# tasks file for controller_ldap_settings
- name: "OBJECT DIFF: Get the current controller user to determine if it is super-admin"
  ansible.builtin.set_fact:
    __controller_api_current_user_check_is_admin: "{{ lookup(controller_api_plugin, 'users',
                                                              query_params={'username': controller_username},
                                                              host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs)
                                                   }}"

- name: "OBJECT DIFF: Sets the current controller user to determine if it is super-admin"
  ansible.builtin.set_fact:
    __controller_api_user_accounts: "{{ query(controller_api_plugin, 'users',
                                              host=controller_hostname, oauth_token=controller_oauthtoken, verify_ssl=controller_validate_certs)
                                     }}"

- name: "Populate user accounts (block)"
  block:
    - name: "Populate User Accounts list"
      ansible.builtin.set_fact:
        populate_controller_api_user_accounts_without_external_accounts: "{{ __controller_api_user_accounts | selectattr('external_account', 'none') | list }}"

    - name: "Set User Accounts from API without External Accounts Data Structure"
      ansible.builtin.set_fact:
        __controller_api_user_accounts: "{{ populate_controller_api_user_accounts_without_external_accounts }}"
      when: populate_controller_api_user_accounts_without_external_accounts is defined

  when: not drop_user_external_accounts

- name: "User account differences (block)"
  block:
    - name: "OBJECT DIFF: Find the difference of User Accounts between what is on the Controller versus CasC on SCM"
      ansible.builtin.set_fact:
        __user_accounts_difference: "{{ lookup('redhat_cop.controller_configuration.controller_object_diff',
                                                api_list=__controller_api_user_accounts, compare_list=controller_user_accounts,
                                                with_present=false, set_absent=true)
                                     }}"

    - name: "OBJECT DIFF: Sets the difference of User Accounts between what is on the Controller versus CasC on SCM"
      ansible.builtin.set_fact:
        controller_user_accounts: "{{ __user_accounts_difference }}"
  when:
    - __controller_api_current_user_check_is_admin.is_superuser

...