mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Add fail_on_user option
fail_on_user option can be used to ignore silently if the user cannot be removed because of remaining privilege dependencies to other objects in the database. By default it will fail, so that this new behavior won't surprise unsuspecting users.
This commit is contained in:
parent
4e833cf506
commit
95169b75c4
1 changed files with 12 additions and 8 deletions
|
@ -194,13 +194,13 @@ def main():
|
||||||
state=dict(default="present", choices=["absent", "present"]),
|
state=dict(default="present", choices=["absent", "present"]),
|
||||||
priv=dict(default=None),
|
priv=dict(default=None),
|
||||||
db=dict(default=''),
|
db=dict(default=''),
|
||||||
fail_on_user=dict(default=True)
|
fail_on_user=dict(default='yes')
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
user = module.params["user"]
|
user = module.params["user"]
|
||||||
password = module.params["password"]
|
password = module.params["password"]
|
||||||
state = module.params["state"]
|
state = module.params["state"]
|
||||||
fail_on_user = module.params["fail_on_user"]
|
fail_on_user = module.params["fail_on_user"] == 'yes'
|
||||||
db = module.params["db"]
|
db = module.params["db"]
|
||||||
if db == '' and module.params["priv"] is not None:
|
if db == '' and module.params["priv"] is not None:
|
||||||
module.fail_json(msg="privileges require a database to be specified")
|
module.fail_json(msg="privileges require a database to be specified")
|
||||||
|
@ -221,12 +221,14 @@ def main():
|
||||||
kw = dict( (params_map[k], v) for (k, v) in module.params.iteritems()
|
kw = dict( (params_map[k], v) for (k, v) in module.params.iteritems()
|
||||||
if k in params_map and v != "" )
|
if k in params_map and v != "" )
|
||||||
try:
|
try:
|
||||||
db_connection = psycopg2.connect(database=db, **kw)
|
db_connection = psycopg2.connect(**kw)
|
||||||
cursor = db_connection.cursor()
|
cursor = db_connection.cursor()
|
||||||
except Exception, e:
|
except Exception, e:
|
||||||
module.fail_json(msg="unable to connect to database: %s" % e)
|
module.fail_json(msg="unable to connect to database: %s" % e)
|
||||||
|
|
||||||
|
kw = dict(user=user)
|
||||||
changed = False
|
changed = False
|
||||||
|
user_removed = False
|
||||||
if state == "present":
|
if state == "present":
|
||||||
if user_exists(cursor, user):
|
if user_exists(cursor, user):
|
||||||
changed = user_chpass(cursor, user, password)
|
changed = user_chpass(cursor, user, password)
|
||||||
|
@ -241,14 +243,16 @@ def main():
|
||||||
changed = revoke_privileges(cursor, user, privs)
|
changed = revoke_privileges(cursor, user, privs)
|
||||||
user_removed = user_delete(cursor, user)
|
user_removed = user_delete(cursor, user)
|
||||||
changed = changed or user_removed
|
changed = changed or user_removed
|
||||||
|
|
||||||
if fail_on_user and not user_removed:
|
if fail_on_user and not user_removed:
|
||||||
msg = "unabel to remove user"
|
msg = "unabel to remove user"
|
||||||
module.fail_json(msg=msg)
|
module.fail_json(msg=msg)
|
||||||
|
kw['user_removed'] = user_removed
|
||||||
|
|
||||||
if changed:
|
if changed:
|
||||||
db_connection.commit()
|
db_connection.commit()
|
||||||
module.exit_json(changed=changed, user=user, user_removed=user_removed)
|
|
||||||
|
kw['changed'] = changed
|
||||||
|
module.exit_json(**kw)
|
||||||
|
|
||||||
# this is magic, see lib/ansible/module_common.py
|
# this is magic, see lib/ansible/module_common.py
|
||||||
#<<INCLUDE_ANSIBLE_MODULE_COMMON>>
|
#<<INCLUDE_ANSIBLE_MODULE_COMMON>>
|
||||||
|
|
Loading…
Reference in a new issue