ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

Add update_password argument to os_user (#5219)

Browse source 
There is a desire to not have this module always result in a change if a
password argument is supplied. The OpenStack API does not return a
password back when we get a user, so we've been assuming that if a
password argument was supplied, we should attempt to change the password
(even if nothing else is changing), and that results in a "changed"
state. Now we will only send along a password change attempt if the user
wants one (the default to match history).

Fixes #5217
This commit is contained in:
Jesse Keating 2016-11-04 09:38:17 -07:00 committed by Matt Clay
parent f8bcf55289
commit 0ec56bb563
1 changed files with 42 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
lib/ansible/modules/cloud/openstack/os_user.py
View file

@ -43,6 +43,14 @@ options:
- Password for the user - Password for the user
required: false required: false
default: None default: None
update_password:
required: false
default: always
choices: ['always', 'on_create']
version_added: "2.3"
description:
- C(always) will attempt to update password. C(on_create) will only
set the password for newly created users.
email: email:
description: description:
- Email address for the user - Email address for the user
@ -89,6 +97,17 @@ EXAMPLES = '''
cloud: mycloud cloud: mycloud
state: absent state: absent
name: demouser name: demouser
# Create a user but don't update password if user exists
- os_user:
cloud: mycloud
state: present
name: demouser
password: secret
update_password: on_create
email: demo@example.com
domain: default
default_project: demo
''' '''
@ -122,12 +141,13 @@ user:
def _needs_update(params_dict, user): def _needs_update(params_dict, user):
for k, v in params_dict.items(): for k, v in params_dict.items():
if k != 'password' and user[k] != v: if k not in ('password', 'update_password') and user[k] != v:
return True return True
# We don't get password back in the user object, so assume any supplied # We don't get password back in the user object, so assume any supplied
# password is a change. # password is a change.
if params_dict['password'] is not None: if (params_dict['password'] is not None and
params_dict['update_password'] == 'always'):
return True return True
return False return False
@ -164,11 +184,17 @@ def main():
domain=dict(required=False, default=None), domain=dict(required=False, default=None),
enabled=dict(default=True, type='bool'), enabled=dict(default=True, type='bool'),
state=dict(default='present', choices=['absent', 'present']), state=dict(default='present', choices=['absent', 'present']),
update_password=dict(default='always', choices=['always',
'on_create']),
) )
module_kwargs = openstack_module_kwargs() module_kwargs = openstack_module_kwargs()
module = AnsibleModule( module = AnsibleModule(
argument_spec, argument_spec,
required_if=[
('update_password', 'always', ['password']),
('update_password', 'on_create', ['password']),
],
**module_kwargs) **module_kwargs)
if not HAS_SHADE: if not HAS_SHADE:
@ -181,6 +207,7 @@ def main():
domain = module.params['domain'] domain = module.params['domain']
enabled = module.params['enabled'] enabled = module.params['enabled']
state = module.params['state'] state = module.params['state']
update_password = module.params['update_password']
try: try:
cloud = shade.openstack_cloud(**module.params) cloud = shade.openstack_cloud(**module.params)
@ -203,17 +230,25 @@ def main():
enabled=enabled) enabled=enabled)
changed = True changed = True
else: else:
params_dict = {'email': email, 'enabled': enabled, 'password': password} params_dict = {'email': email, 'enabled': enabled,
'password': password,
'update_password': update_password}
if domain_id is not None: if domain_id is not None:
params_dict['domain_id'] = domain_id params_dict['domain_id'] = domain_id
if default_project_id is not None: if default_project_id is not None:
params_dict['default_project_id'] = default_project_id params_dict['default_project_id'] = default_project_id
if _needs_update(params_dict, user): if _needs_update(params_dict, user):
user = cloud.update_user( if update_password == 'always':
user['id'], password=password, email=email, user = cloud.update_user(
default_project=default_project_id, domain_id=domain_id, user['id'], password=password, email=email,
enabled=enabled) default_project=default_project_id,
domain_id=domain_id, enabled=enabled)
else:
user = cloud.update_user(
user['id'], email=email,
default_project=default_project_id,
domain_id=domain_id, enabled=enabled)
changed = True changed = True
else: else:
changed = False changed = False