I'm writing an Ansible play to automate new user creation in 100+ Unix servers. I've got the part right where it creates an user and assigns password. But our organization hardening policy demands, whenever a new user is added, username must be updated in "AllowUsers" parameter of sshd_config file. I'm new to Ansible and have no clue how to get this done.

Here's "AllowUsers" section of sshd_config file.

AllowUsers root user1 user2 user2

This is how it should be after adding a new user "testuser"

AllowUsers root user1 user2 testuser

with lineinfile module match regexp of the line say "^AllowUsers .+" and construct the line with new user name. some sample example

- command: grep "^AllowUsers " /etc/ssh/sshd_config
  register: old_user_list
- lineinfile:
     regexp: "^AllowUsers .+"
     line: "{{ old_user_list.stdout }} {{new-user-name}}"
  when: old_user_list.rc == 0