mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
5dc34829c4
Add attributes to manageiq, udm, utm, and webfaction modules (#5955)
Add attributes to manageiq, udm, utm, and webfaction modules.
(cherry picked from commit e944a67c18)
Co-authored-by: Felix Fontein <felix@fontein.de>
573 lines
19 KiB
Python
573 lines
19 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# Copyright (c) 2016, Adfinis SyGroup AG
|
|
# Tobias Rueetschi <tobias.ruetschi@adfinis-sygroup.ch>
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
__metaclass__ = type
|
|
|
|
|
|
DOCUMENTATION = r'''
|
|
---
|
|
module: udm_user
|
|
author:
|
|
- Tobias Rüetschi (@keachi)
|
|
short_description: Manage posix users on a univention corporate server
|
|
description:
|
|
- "This module allows to manage posix users on a univention corporate
|
|
server (UCS).
|
|
It uses the python API of the UCS to create a new object or edit it."
|
|
extends_documentation_fragment:
|
|
- community.general.attributes
|
|
attributes:
|
|
check_mode:
|
|
support: full
|
|
diff_mode:
|
|
support: partial
|
|
options:
|
|
state:
|
|
default: "present"
|
|
choices: [ present, absent ]
|
|
description:
|
|
- Whether the user is present or not.
|
|
type: str
|
|
username:
|
|
required: true
|
|
description:
|
|
- User name
|
|
aliases: ['name']
|
|
type: str
|
|
firstname:
|
|
description:
|
|
- First name. Required if I(state=present).
|
|
type: str
|
|
lastname:
|
|
description:
|
|
- Last name. Required if I(state=present).
|
|
type: str
|
|
password:
|
|
description:
|
|
- Password. Required if I(state=present).
|
|
type: str
|
|
birthday:
|
|
description:
|
|
- Birthday
|
|
type: str
|
|
city:
|
|
description:
|
|
- City of users business address.
|
|
type: str
|
|
country:
|
|
description:
|
|
- Country of users business address.
|
|
type: str
|
|
department_number:
|
|
description:
|
|
- Department number of users business address.
|
|
aliases: [ departmentNumber ]
|
|
type: str
|
|
description:
|
|
description:
|
|
- Description (not gecos)
|
|
type: str
|
|
display_name:
|
|
description:
|
|
- Display name (not gecos)
|
|
aliases: [ displayName ]
|
|
type: str
|
|
email:
|
|
default: ['']
|
|
description:
|
|
- A list of e-mail addresses.
|
|
type: list
|
|
elements: str
|
|
employee_number:
|
|
description:
|
|
- Employee number
|
|
aliases: [ employeeNumber ]
|
|
type: str
|
|
employee_type:
|
|
description:
|
|
- Employee type
|
|
aliases: [ employeeType ]
|
|
type: str
|
|
gecos:
|
|
description:
|
|
- GECOS
|
|
type: str
|
|
groups:
|
|
default: []
|
|
description:
|
|
- "POSIX groups, the LDAP DNs of the groups will be found with the
|
|
LDAP filter for each group as $GROUP:
|
|
C((&(objectClass=posixGroup)(cn=$GROUP)))."
|
|
type: list
|
|
elements: str
|
|
home_share:
|
|
description:
|
|
- "Home NFS share. Must be a LDAP DN, e.g.
|
|
C(cn=home,cn=shares,ou=school,dc=example,dc=com)."
|
|
aliases: [ homeShare ]
|
|
type: str
|
|
home_share_path:
|
|
description:
|
|
- Path to home NFS share, inside the homeShare.
|
|
aliases: [ homeSharePath ]
|
|
type: str
|
|
home_telephone_number:
|
|
default: []
|
|
description:
|
|
- List of private telephone numbers.
|
|
aliases: [ homeTelephoneNumber ]
|
|
type: list
|
|
elements: str
|
|
homedrive:
|
|
description:
|
|
- Windows home drive, e.g. C("H:").
|
|
type: str
|
|
mail_alternative_address:
|
|
default: []
|
|
description:
|
|
- List of alternative e-mail addresses.
|
|
aliases: [ mailAlternativeAddress ]
|
|
type: list
|
|
elements: str
|
|
mail_home_server:
|
|
description:
|
|
- FQDN of mail server
|
|
aliases: [ mailHomeServer ]
|
|
type: str
|
|
mail_primary_address:
|
|
description:
|
|
- Primary e-mail address
|
|
aliases: [ mailPrimaryAddress ]
|
|
type: str
|
|
mobile_telephone_number:
|
|
default: []
|
|
description:
|
|
- Mobile phone number
|
|
aliases: [ mobileTelephoneNumber ]
|
|
type: list
|
|
elements: str
|
|
organisation:
|
|
description:
|
|
- Organisation
|
|
aliases: [ organization ]
|
|
type: str
|
|
overridePWHistory:
|
|
type: bool
|
|
default: false
|
|
description:
|
|
- Override password history
|
|
aliases: [ override_pw_history ]
|
|
overridePWLength:
|
|
type: bool
|
|
default: false
|
|
description:
|
|
- Override password check
|
|
aliases: [ override_pw_length ]
|
|
pager_telephonenumber:
|
|
default: []
|
|
description:
|
|
- List of pager telephone numbers.
|
|
aliases: [ pagerTelephonenumber ]
|
|
type: list
|
|
elements: str
|
|
phone:
|
|
description:
|
|
- List of telephone numbers.
|
|
type: list
|
|
elements: str
|
|
default: []
|
|
postcode:
|
|
description:
|
|
- Postal code of users business address.
|
|
type: str
|
|
primary_group:
|
|
description:
|
|
- Primary group. This must be the group LDAP DN.
|
|
- If not specified, it defaults to C(cn=Domain Users,cn=groups,$LDAP_BASE_DN).
|
|
aliases: [ primaryGroup ]
|
|
type: str
|
|
profilepath:
|
|
description:
|
|
- Windows profile directory
|
|
type: str
|
|
pwd_change_next_login:
|
|
choices: [ '0', '1' ]
|
|
description:
|
|
- Change password on next login.
|
|
aliases: [ pwdChangeNextLogin ]
|
|
type: str
|
|
room_number:
|
|
description:
|
|
- Room number of users business address.
|
|
aliases: [ roomNumber ]
|
|
type: str
|
|
samba_privileges:
|
|
description:
|
|
- "Samba privilege, like allow printer administration, do domain
|
|
join."
|
|
aliases: [ sambaPrivileges ]
|
|
type: list
|
|
elements: str
|
|
default: []
|
|
samba_user_workstations:
|
|
description:
|
|
- Allow the authentication only on this Microsoft Windows host.
|
|
aliases: [ sambaUserWorkstations ]
|
|
type: list
|
|
elements: str
|
|
default: []
|
|
sambahome:
|
|
description:
|
|
- Windows home path, e.g. C('\\$FQDN\$USERNAME').
|
|
type: str
|
|
scriptpath:
|
|
description:
|
|
- Windows logon script.
|
|
type: str
|
|
secretary:
|
|
default: []
|
|
description:
|
|
- A list of superiors as LDAP DNs.
|
|
type: list
|
|
elements: str
|
|
serviceprovider:
|
|
default: ['']
|
|
description:
|
|
- Enable user for the following service providers.
|
|
type: list
|
|
elements: str
|
|
shell:
|
|
default: '/bin/bash'
|
|
description:
|
|
- Login shell
|
|
type: str
|
|
street:
|
|
description:
|
|
- Street of users business address.
|
|
type: str
|
|
title:
|
|
description:
|
|
- Title, e.g. C(Prof.).
|
|
type: str
|
|
unixhome:
|
|
description:
|
|
- Unix home directory
|
|
- If not specified, it defaults to C(/home/$USERNAME).
|
|
type: str
|
|
userexpiry:
|
|
description:
|
|
- Account expiry date, e.g. C(1999-12-31).
|
|
- If not specified, it defaults to the current day plus one year.
|
|
type: str
|
|
position:
|
|
default: ''
|
|
description:
|
|
- "Define the whole position of users object inside the LDAP tree,
|
|
e.g. C(cn=employee,cn=users,ou=school,dc=example,dc=com)."
|
|
type: str
|
|
update_password:
|
|
default: always
|
|
choices: [ always, on_create ]
|
|
description:
|
|
- "C(always) will update passwords if they differ.
|
|
C(on_create) will only set the password for newly created users."
|
|
type: str
|
|
ou:
|
|
default: ''
|
|
description:
|
|
- "Organizational Unit inside the LDAP Base DN, e.g. C(school) for
|
|
LDAP OU C(ou=school,dc=example,dc=com)."
|
|
type: str
|
|
subpath:
|
|
default: 'cn=users'
|
|
description:
|
|
- "LDAP subpath inside the organizational unit, e.g.
|
|
C(cn=teachers,cn=users) for LDAP container
|
|
C(cn=teachers,cn=users,dc=example,dc=com)."
|
|
type: str
|
|
'''
|
|
|
|
|
|
EXAMPLES = '''
|
|
- name: Create a user on a UCS
|
|
community.general.udm_user:
|
|
name: FooBar
|
|
password: secure_password
|
|
firstname: Foo
|
|
lastname: Bar
|
|
|
|
- name: Create a user with the DN C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
|
|
community.general.udm_user:
|
|
name: foo
|
|
password: secure_password
|
|
firstname: Foo
|
|
lastname: Bar
|
|
ou: school
|
|
subpath: 'cn=teachers,cn=users'
|
|
|
|
# or define the position
|
|
- name: Create a user with the DN C(uid=foo,cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com)
|
|
community.general.udm_user:
|
|
name: foo
|
|
password: secure_password
|
|
firstname: Foo
|
|
lastname: Bar
|
|
position: 'cn=teachers,cn=users,ou=school,dc=school,dc=example,dc=com'
|
|
'''
|
|
|
|
|
|
RETURN = '''# '''
|
|
|
|
import crypt
|
|
from datetime import date, timedelta
|
|
|
|
from ansible.module_utils.basic import AnsibleModule
|
|
from ansible_collections.community.general.plugins.module_utils.univention_umc import (
|
|
umc_module_for_add,
|
|
umc_module_for_edit,
|
|
ldap_search,
|
|
base_dn,
|
|
)
|
|
|
|
|
|
def main():
|
|
expiry = date.strftime(date.today() + timedelta(days=365), "%Y-%m-%d")
|
|
module = AnsibleModule(
|
|
argument_spec=dict(
|
|
birthday=dict(type='str'),
|
|
city=dict(type='str'),
|
|
country=dict(type='str'),
|
|
department_number=dict(type='str',
|
|
aliases=['departmentNumber']),
|
|
description=dict(type='str'),
|
|
display_name=dict(type='str',
|
|
aliases=['displayName']),
|
|
email=dict(default=[''],
|
|
type='list',
|
|
elements='str'),
|
|
employee_number=dict(type='str',
|
|
aliases=['employeeNumber']),
|
|
employee_type=dict(type='str',
|
|
aliases=['employeeType']),
|
|
firstname=dict(type='str'),
|
|
gecos=dict(type='str'),
|
|
groups=dict(default=[],
|
|
type='list',
|
|
elements='str'),
|
|
home_share=dict(type='str',
|
|
aliases=['homeShare']),
|
|
home_share_path=dict(type='str',
|
|
aliases=['homeSharePath']),
|
|
home_telephone_number=dict(default=[],
|
|
type='list',
|
|
elements='str',
|
|
aliases=['homeTelephoneNumber']),
|
|
homedrive=dict(type='str'),
|
|
lastname=dict(type='str'),
|
|
mail_alternative_address=dict(default=[],
|
|
type='list',
|
|
elements='str',
|
|
aliases=['mailAlternativeAddress']),
|
|
mail_home_server=dict(type='str',
|
|
aliases=['mailHomeServer']),
|
|
mail_primary_address=dict(type='str',
|
|
aliases=['mailPrimaryAddress']),
|
|
mobile_telephone_number=dict(default=[],
|
|
type='list',
|
|
elements='str',
|
|
aliases=['mobileTelephoneNumber']),
|
|
organisation=dict(type='str',
|
|
aliases=['organization']),
|
|
overridePWHistory=dict(default=False,
|
|
type='bool',
|
|
aliases=['override_pw_history']),
|
|
overridePWLength=dict(default=False,
|
|
type='bool',
|
|
aliases=['override_pw_length']),
|
|
pager_telephonenumber=dict(default=[],
|
|
type='list',
|
|
elements='str',
|
|
aliases=['pagerTelephonenumber']),
|
|
password=dict(type='str',
|
|
no_log=True),
|
|
phone=dict(default=[],
|
|
type='list',
|
|
elements='str'),
|
|
postcode=dict(type='str'),
|
|
primary_group=dict(type='str',
|
|
aliases=['primaryGroup']),
|
|
profilepath=dict(type='str'),
|
|
pwd_change_next_login=dict(type='str',
|
|
choices=['0', '1'],
|
|
aliases=['pwdChangeNextLogin']),
|
|
room_number=dict(type='str',
|
|
aliases=['roomNumber']),
|
|
samba_privileges=dict(default=[],
|
|
type='list',
|
|
elements='str',
|
|
aliases=['sambaPrivileges']),
|
|
samba_user_workstations=dict(default=[],
|
|
type='list',
|
|
elements='str',
|
|
aliases=['sambaUserWorkstations']),
|
|
sambahome=dict(type='str'),
|
|
scriptpath=dict(type='str'),
|
|
secretary=dict(default=[],
|
|
type='list',
|
|
elements='str'),
|
|
serviceprovider=dict(default=[''],
|
|
type='list',
|
|
elements='str'),
|
|
shell=dict(default='/bin/bash',
|
|
type='str'),
|
|
street=dict(type='str'),
|
|
title=dict(type='str'),
|
|
unixhome=dict(type='str'),
|
|
userexpiry=dict(type='str'),
|
|
username=dict(required=True,
|
|
aliases=['name'],
|
|
type='str'),
|
|
position=dict(default='',
|
|
type='str'),
|
|
update_password=dict(default='always',
|
|
choices=['always', 'on_create'],
|
|
type='str'),
|
|
ou=dict(default='',
|
|
type='str'),
|
|
subpath=dict(default='cn=users',
|
|
type='str'),
|
|
state=dict(default='present',
|
|
choices=['present', 'absent'],
|
|
type='str')
|
|
),
|
|
supports_check_mode=True,
|
|
required_if=([
|
|
('state', 'present', ['firstname', 'lastname', 'password'])
|
|
])
|
|
)
|
|
username = module.params['username']
|
|
position = module.params['position']
|
|
ou = module.params['ou']
|
|
subpath = module.params['subpath']
|
|
state = module.params['state']
|
|
changed = False
|
|
diff = None
|
|
|
|
users = list(ldap_search(
|
|
'(&(objectClass=posixAccount)(uid={0}))'.format(username),
|
|
attr=['uid']
|
|
))
|
|
if position != '':
|
|
container = position
|
|
else:
|
|
if ou != '':
|
|
ou = 'ou={0},'.format(ou)
|
|
if subpath != '':
|
|
subpath = '{0},'.format(subpath)
|
|
container = '{0}{1}{2}'.format(subpath, ou, base_dn())
|
|
user_dn = 'uid={0},{1}'.format(username, container)
|
|
|
|
exists = bool(len(users))
|
|
|
|
if state == 'present':
|
|
try:
|
|
if not exists:
|
|
obj = umc_module_for_add('users/user', container)
|
|
else:
|
|
obj = umc_module_for_edit('users/user', user_dn)
|
|
|
|
if module.params['displayName'] is None:
|
|
module.params['displayName'] = '{0} {1}'.format(
|
|
module.params['firstname'],
|
|
module.params['lastname']
|
|
)
|
|
if module.params['unixhome'] is None:
|
|
module.params['unixhome'] = '/home/{0}'.format(
|
|
module.params['username']
|
|
)
|
|
for k in obj.keys():
|
|
if (k != 'password' and
|
|
k != 'groups' and
|
|
k != 'overridePWHistory' and
|
|
k in module.params and
|
|
module.params[k] is not None):
|
|
obj[k] = module.params[k]
|
|
# handle some special values
|
|
obj['e-mail'] = module.params['email']
|
|
if 'userexpiry' in obj and obj.get('userexpiry') is None:
|
|
obj['userexpiry'] = expiry
|
|
password = module.params['password']
|
|
if obj['password'] is None:
|
|
obj['password'] = password
|
|
if module.params['update_password'] == 'always':
|
|
old_password = obj['password'].split('}', 2)[1]
|
|
if crypt.crypt(password, old_password) != old_password:
|
|
obj['overridePWHistory'] = module.params['overridePWHistory']
|
|
obj['overridePWLength'] = module.params['overridePWLength']
|
|
obj['password'] = password
|
|
|
|
diff = obj.diff()
|
|
if exists:
|
|
for k in obj.keys():
|
|
if obj.hasChanged(k):
|
|
changed = True
|
|
else:
|
|
changed = True
|
|
if not module.check_mode:
|
|
if not exists:
|
|
obj.create()
|
|
elif changed:
|
|
obj.modify()
|
|
except Exception:
|
|
module.fail_json(
|
|
msg="Creating/editing user {0} in {1} failed".format(
|
|
username,
|
|
container
|
|
)
|
|
)
|
|
try:
|
|
groups = module.params['groups']
|
|
if groups:
|
|
filter = '(&(objectClass=posixGroup)(|(cn={0})))'.format(
|
|
')(cn='.join(groups)
|
|
)
|
|
group_dns = list(ldap_search(filter, attr=['dn']))
|
|
for dn in group_dns:
|
|
grp = umc_module_for_edit('groups/group', dn[0])
|
|
if user_dn not in grp['users']:
|
|
grp['users'].append(user_dn)
|
|
if not module.check_mode:
|
|
grp.modify()
|
|
changed = True
|
|
except Exception:
|
|
module.fail_json(
|
|
msg="Adding groups to user {0} failed".format(username)
|
|
)
|
|
|
|
if state == 'absent' and exists:
|
|
try:
|
|
obj = umc_module_for_edit('users/user', user_dn)
|
|
if not module.check_mode:
|
|
obj.remove()
|
|
changed = True
|
|
except Exception:
|
|
module.fail_json(
|
|
msg="Removing user {0} failed".format(username)
|
|
)
|
|
|
|
module.exit_json(
|
|
changed=changed,
|
|
username=username,
|
|
diff=diff,
|
|
container=container
|
|
)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|