Add the /etc/group_managed_scope control file, which defines the limits of the automation's scope of control over groups. Any groups NOT listed in that file will NOT be automatically deleted. Any groups listed in that file CAN be subject to automatic deletion when the ansible config (intent) changes to no longer require them.
This feature is analogous to users being present in managed groups, where any user that is a member of the group, but shouldn't be, falls within the scope of that group's user management, and is automatically deleted.
UNIX doesn't have the ability to put groups into other groups, or another way of grouping groups, so this /etc/group_managed_scope method needed to be invented here to express scope of management.
Add the /etc/group_managed_scope control file, which defines the limits of the automation's scope of control over groups. Any groups NOT listed in that file will NOT be automatically deleted. Any groups listed in that file CAN be subject to automatic deletion when the ansible config (intent) changes to no longer require them.
This feature is analogous to users being present in managed groups, where any user that is a member of the group, but shouldn't be, falls within the scope of that group's user management, and is automatically deleted.
UNIX doesn't have the ability to put groups into other groups, or another way of grouping groups, so this /etc/group_managed_scope method needed to be invented here to express scope of management.