1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/plugins/modules/database/influxdb/influxdb_user.py

287 lines
8.7 KiB
Python
Raw Normal View History

2020-03-09 10:11:07 +01:00
#!/usr/bin/python
# -*- coding: utf-8 -*-
2020-03-09 10:11:07 +01:00
# Copyright (c) 2017, Vitaliy Zhhuta <zhhuta () gmail.com>
2020-03-09 10:11:07 +01:00
# insipred by Kamil Szczygiel <kamil.szczygiel () intel.com> influxdb_database module
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
2020-03-09 10:11:07 +01:00
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = r'''
---
module: influxdb_user
short_description: Manage InfluxDB users
description:
- Manage InfluxDB users.
author: "Vitaliy Zhhuta (@zhhuta)"
requirements:
- "python >= 2.6"
- "influxdb >= 0.9"
options:
user_name:
description:
- Name of the user.
required: True
type: str
user_password:
description:
- Password to be set for the user.
required: false
type: str
admin:
description:
- Whether the user should be in the admin role or not.
- Since version 2.8, the role will also be updated.
default: false
2020-03-09 10:11:07 +01:00
type: bool
state:
description:
- State of the user.
choices: [ absent, present ]
default: present
type: str
grants:
description:
- Privileges to grant to this user.
- Takes a list of dicts containing the "database" and "privilege" keys.
- If this argument is not provided, the current grants will be left alone.
- If an empty list is provided, all grants for the user will be removed.
type: list
elements: dict
extends_documentation_fragment:
- community.general.influxdb
'''
EXAMPLES = r'''
- name: Create a user on localhost using default login credentials
community.general.influxdb_user:
2020-03-09 10:11:07 +01:00
user_name: john
user_password: s3cr3t
- name: Create a user on localhost using custom login credentials
community.general.influxdb_user:
2020-03-09 10:11:07 +01:00
user_name: john
user_password: s3cr3t
login_username: "{{ influxdb_username }}"
login_password: "{{ influxdb_password }}"
- name: Create an admin user on a remote host using custom login credentials
community.general.influxdb_user:
2020-03-09 10:11:07 +01:00
user_name: john
user_password: s3cr3t
admin: true
2020-03-09 10:11:07 +01:00
hostname: "{{ influxdb_hostname }}"
login_username: "{{ influxdb_username }}"
login_password: "{{ influxdb_password }}"
- name: Create a user on localhost with privileges
community.general.influxdb_user:
2020-03-09 10:11:07 +01:00
user_name: john
user_password: s3cr3t
login_username: "{{ influxdb_username }}"
login_password: "{{ influxdb_password }}"
grants:
- database: 'collectd'
privilege: 'WRITE'
- database: 'graphite'
privilege: 'READ'
- name: Destroy a user using custom login credentials
community.general.influxdb_user:
2020-03-09 10:11:07 +01:00
user_name: john
login_username: "{{ influxdb_username }}"
login_password: "{{ influxdb_password }}"
state: absent
'''
RETURN = r'''
#only defaults
'''
import json
2020-03-09 10:11:07 +01:00
from ansible.module_utils.urls import ConnectionError
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.common.text.converters import to_native
2020-03-09 10:11:07 +01:00
import ansible_collections.community.general.plugins.module_utils.influxdb as influx
def find_user(module, client, user_name):
user_result = None
try:
users = client.get_list_users()
for user in users:
if user['user'] == user_name:
user_result = user
break
except ConnectionError as e:
2020-03-09 10:11:07 +01:00
module.fail_json(msg=to_native(e))
return user_result
def check_user_password(module, client, user_name, user_password):
try:
client.switch_user(user_name, user_password)
client.get_list_users()
except influx.exceptions.InfluxDBClientError as e:
if e.code == 401:
return False
except ConnectionError as e:
module.fail_json(msg=to_native(e))
finally:
# restore previous user
client.switch_user(module.params['username'], module.params['password'])
return True
def set_user_password(module, client, user_name, user_password):
if not module.check_mode:
try:
client.set_user_password(user_name, user_password)
except ConnectionError as e:
module.fail_json(msg=to_native(e))
def create_user(module, client, user_name, user_password, admin):
if not module.check_mode:
try:
client.create_user(user_name, user_password, admin)
except ConnectionError as e:
module.fail_json(msg=to_native(e))
def drop_user(module, client, user_name):
if not module.check_mode:
try:
client.drop_user(user_name)
except influx.exceptions.InfluxDBClientError as e:
module.fail_json(msg=e.content)
module.exit_json(changed=True)
def set_user_grants(module, client, user_name, grants):
changed = False
try:
current_grants = client.get_list_privileges(user_name)
parsed_grants = []
2020-03-09 10:11:07 +01:00
# Fix privileges wording
for i, v in enumerate(current_grants):
if v['privilege'] != 'NO PRIVILEGES':
if v['privilege'] == 'ALL PRIVILEGES':
v['privilege'] = 'ALL'
parsed_grants.append(v)
2020-03-09 10:11:07 +01:00
# check if the current grants are included in the desired ones
for current_grant in parsed_grants:
2020-03-09 10:11:07 +01:00
if current_grant not in grants:
if not module.check_mode:
client.revoke_privilege(current_grant['privilege'],
current_grant['database'],
user_name)
changed = True
# check if the desired grants are included in the current ones
for grant in grants:
if grant not in parsed_grants:
2020-03-09 10:11:07 +01:00
if not module.check_mode:
client.grant_privilege(grant['privilege'],
grant['database'],
user_name)
changed = True
except influx.exceptions.InfluxDBClientError as e:
module.fail_json(msg=e.content)
return changed
INFLUX_AUTH_FIRST_USER_REQUIRED = "error authorizing query: create admin user first or disable authentication"
2020-03-09 10:11:07 +01:00
def main():
argument_spec = influx.InfluxDb.influxdb_argument_spec()
argument_spec.update(
state=dict(default='present', type='str', choices=['present', 'absent']),
user_name=dict(required=True, type='str'),
user_password=dict(required=False, type='str', no_log=True),
admin=dict(default='False', type='bool'),
grants=dict(type='list', elements='dict'),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True
)
state = module.params['state']
user_name = module.params['user_name']
user_password = module.params['user_password']
admin = module.params['admin']
grants = module.params['grants']
influxdb = influx.InfluxDb(module)
client = influxdb.connect_to_influxdb()
user = None
try:
user = find_user(module, client, user_name)
except influx.exceptions.InfluxDBClientError as e:
if e.code == 403:
reason = None
try:
msg = json.loads(e.content)
reason = msg["error"]
except (KeyError, ValueError):
module.fail_json(msg=to_native(e))
if reason != INFLUX_AUTH_FIRST_USER_REQUIRED:
module.fail_json(msg=to_native(e))
else:
module.fail_json(msg=to_native(e))
2020-03-09 10:11:07 +01:00
changed = False
if state == 'present':
if user:
if not check_user_password(module, client, user_name, user_password) and user_password is not None:
set_user_password(module, client, user_name, user_password)
changed = True
try:
if admin and not user['admin']:
if not module.check_mode:
client.grant_admin_privileges(user_name)
2020-03-09 10:11:07 +01:00
changed = True
elif not admin and user['admin']:
if not module.check_mode:
client.revoke_admin_privileges(user_name)
2020-03-09 10:11:07 +01:00
changed = True
except influx.exceptions.InfluxDBClientError as e:
module.fail_json(msg=to_native(e))
else:
user_password = user_password or ''
create_user(module, client, user_name, user_password, admin)
changed = True
if grants is not None:
if set_user_grants(module, client, user_name, grants):
changed = True
module.exit_json(changed=changed)
if state == 'absent':
if user:
drop_user(module, client, user_name)
else:
module.exit_json(changed=False)
if __name__ == '__main__':
main()