mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
FreeIPA: Fix ipa_user password option (#48453)
Maintain idempotency in ipa_user while user update.
This commit is contained in:
parent
8d00ccf60f
commit
cd5c64c818
2 changed files with 28 additions and 2 deletions
|
@ -314,6 +314,7 @@ Noteworthy module changes
|
||||||
<https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks>`_. Contributions to the role can be made
|
<https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks>`_. Contributions to the role can be made
|
||||||
`here <https://github.com/PaloAltoNetworks/ansible-pan>`_.
|
`here <https://github.com/PaloAltoNetworks/ansible-pan>`_.
|
||||||
|
|
||||||
|
* The ``ipa_user`` module originally always sent ``password`` to FreeIPA regardless of whether the password changed. Now the module only sends ``password`` if ``update_password`` is set to ``always``, which is the default.
|
||||||
|
|
||||||
Plugins
|
Plugins
|
||||||
=======
|
=======
|
||||||
|
|
|
@ -21,6 +21,13 @@ description:
|
||||||
options:
|
options:
|
||||||
displayname:
|
displayname:
|
||||||
description: Display name
|
description: Display name
|
||||||
|
update_password:
|
||||||
|
description:
|
||||||
|
- Set password for a user.
|
||||||
|
type: str
|
||||||
|
default: 'always'
|
||||||
|
choices: [ always, on_create ]
|
||||||
|
version_added: 2.8
|
||||||
givenname:
|
givenname:
|
||||||
description: First name
|
description: First name
|
||||||
krbpasswordexpiration:
|
krbpasswordexpiration:
|
||||||
|
@ -38,7 +45,7 @@ options:
|
||||||
- If None is passed email addresses will not be checked or changed.
|
- If None is passed email addresses will not be checked or changed.
|
||||||
password:
|
password:
|
||||||
description:
|
description:
|
||||||
- Password for new user
|
- Password for a user. Will not be set for an existing user unless C(update_password) is set to C(always), which is the default.
|
||||||
sn:
|
sn:
|
||||||
description: Surname
|
description: Surname
|
||||||
sshpubkey:
|
sshpubkey:
|
||||||
|
@ -77,7 +84,7 @@ requirements:
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = '''
|
||||||
# Ensure pinky is present
|
# Ensure pinky is present and always reset password
|
||||||
- ipa_user:
|
- ipa_user:
|
||||||
name: pinky
|
name: pinky
|
||||||
state: present
|
state: present
|
||||||
|
@ -104,6 +111,19 @@ EXAMPLES = '''
|
||||||
ipa_host: ipa.example.com
|
ipa_host: ipa.example.com
|
||||||
ipa_user: admin
|
ipa_user: admin
|
||||||
ipa_pass: topsecret
|
ipa_pass: topsecret
|
||||||
|
|
||||||
|
# Ensure pinky is present but don't reset password if already exists
|
||||||
|
- ipa_user:
|
||||||
|
name: pinky
|
||||||
|
state: present
|
||||||
|
givenname: Pinky
|
||||||
|
sn: Acme
|
||||||
|
password: zounds
|
||||||
|
ipa_host: ipa.example.com
|
||||||
|
ipa_user: admin
|
||||||
|
ipa_pass: topsecret
|
||||||
|
update_password: on_create
|
||||||
|
|
||||||
'''
|
'''
|
||||||
|
|
||||||
RETURN = '''
|
RETURN = '''
|
||||||
|
@ -257,6 +277,7 @@ def ensure(module, client):
|
||||||
userpassword=module.params['password'],
|
userpassword=module.params['password'],
|
||||||
gidnumber=module.params.get('gidnumber'), uidnumber=module.params.get('uidnumber'))
|
gidnumber=module.params.get('gidnumber'), uidnumber=module.params.get('uidnumber'))
|
||||||
|
|
||||||
|
update_password = module.params.get('update_password')
|
||||||
ipa_user = client.user_find(name=name)
|
ipa_user = client.user_find(name=name)
|
||||||
|
|
||||||
changed = False
|
changed = False
|
||||||
|
@ -266,6 +287,8 @@ def ensure(module, client):
|
||||||
if not module.check_mode:
|
if not module.check_mode:
|
||||||
ipa_user = client.user_add(name=name, item=module_user)
|
ipa_user = client.user_add(name=name, item=module_user)
|
||||||
else:
|
else:
|
||||||
|
if update_password == 'on_create':
|
||||||
|
module_user.pop('userpassword', None)
|
||||||
diff = get_user_diff(client, ipa_user, module_user)
|
diff = get_user_diff(client, ipa_user, module_user)
|
||||||
if len(diff) > 0:
|
if len(diff) > 0:
|
||||||
changed = True
|
changed = True
|
||||||
|
@ -284,6 +307,8 @@ def main():
|
||||||
argument_spec = ipa_argument_spec()
|
argument_spec = ipa_argument_spec()
|
||||||
argument_spec.update(displayname=dict(type='str'),
|
argument_spec.update(displayname=dict(type='str'),
|
||||||
givenname=dict(type='str'),
|
givenname=dict(type='str'),
|
||||||
|
update_password=dict(type='str', default="always",
|
||||||
|
choices=['always', 'on_create']),
|
||||||
krbpasswordexpiration=dict(type='str'),
|
krbpasswordexpiration=dict(type='str'),
|
||||||
loginshell=dict(type='str'),
|
loginshell=dict(type='str'),
|
||||||
mail=dict(type='list'),
|
mail=dict(type='list'),
|
||||||
|
|
Loading…
Reference in a new issue