ansible  2.9.27
About: Ansible is an IT Configuration Management, Deployment \
About: Ansible (2.x) is an IT Configuration Management, Deployment & Orchestration tool.
ansible download page.
  Fossies Dox: ansible-2.9.27.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

mso_user.py
Go to the documentation of this file.
1#!/usr/bin/python
2# -*- coding: utf-8 -*-
3
4# Copyright: (c) 2018, Dag Wieers (@dagwieers) <dag@wieers.com>
5# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
6
7from __future__ import absolute_import, division, print_function
8__metaclass__ = type
9
10ANSIBLE_METADATA = {'metadata_version': '1.1',
11 'status': ['preview'],
12 'supported_by': 'community'}
13
14DOCUMENTATION = r'''
15---
16module: mso_user
17short_description: Manage users
18description:
19- Manage users on Cisco ACI Multi-Site.
20author:
21- Dag Wieers (@dagwieers)
22version_added: '2.8'
23options:
24 user:
25 description:
26 - The name of the user.
27 type: str
28 required: yes
29 aliases: [ name ]
30 user_password:
31 description:
32 - The password of the user.
33 type: str
34 first_name:
35 description:
36 - The first name of the user.
37 - This parameter is required when creating new users.
38 type: str
39 last_name:
40 description:
41 - The last name of the user.
42 - This parameter is required when creating new users.
43 type: str
44 email:
45 description:
46 - The email address of the user.
47 - This parameter is required when creating new users.
48 type: str
49 phone:
50 description:
51 - The phone number of the user.
52 - This parameter is required when creating new users.
53 type: str
54 account_status:
55 description:
56 - The status of the user account.
57 type: str
58 choices: [ active ]
59 domain:
60 description:
61 - The domain this user belongs to.
62 - When creating new users, this defaults to C(Local).
63 type: str
64 roles:
65 description:
66 - The roles for this user.
67 type: list
68 state:
69 description:
70 - Use C(present) or C(absent) for adding or removing.
71 - Use C(query) for listing an object or multiple objects.
72 type: str
73 choices: [ absent, present, query ]
74 default: present
75notes:
76- A default installation of ACI Multi-Site ships with admin password 'we1come!' which requires a password change on first login.
77 See the examples of how to change the 'admin' password using Ansible.
78extends_documentation_fragment: mso
79'''
80
81EXAMPLES = r'''
82- name: Update initial admin password
83 mso_user:
84 host: mso_host
85 username: admin
86 password: we1come!
87 user_name: admin
88 user_password: SomeSecretPassword
89 state: present
90 delegate_to: localhost
91
92- name: Add a new user
93 mso_user:
94 host: mso_host
95 username: admin
96 password: SomeSecretPassword
97 user_name: dag
98 description: Test user
99 first_name: Dag
100 last_name: Wieers
101 email: dag@wieers.com
102 phone: +32 478 436 299
103 state: present
104 delegate_to: localhost
105
106- name: Remove a user
107 mso_user:
108 host: mso_host
109 username: admin
110 password: SomeSecretPassword
111 user_name: dag
112 state: absent
113 delegate_to: localhost
114
115- name: Query a user
116 mso_user:
117 host: mso_host
118 username: admin
119 password: SomeSecretPassword
120 user_name: dag
121 state: query
122 delegate_to: localhost
123 register: query_result
124
125- name: Query all users
126 mso_user:
127 host: mso_host
128 username: admin
129 password: SomeSecretPassword
130 state: query
131 delegate_to: localhost
132 register: query_result
133'''
134
135RETURN = r''' # '''
136
137from ansible.module_utils.basic import AnsibleModule
138from ansible.module_utils.network.aci.mso import MSOModule, mso_argument_spec, issubset
139
140
141def main():
142 argument_spec = mso_argument_spec()
143 argument_spec.update(
144 user=dict(type='str', aliases=['name']),
145 user_password=dict(type='str', no_log=True),
146 first_name=dict(type='str'),
147 last_name=dict(type='str'),
148 email=dict(type='str'),
149 phone=dict(type='str'),
150 # TODO: What possible options do we have ?
151 account_status=dict(type='str', choices=['active']),
152 domain=dict(type='str'),
153 roles=dict(type='list'),
154 state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
155 )
156
157 module = AnsibleModule(
158 argument_spec=argument_spec,
159 supports_check_mode=True,
160 required_if=[
161 ['state', 'absent', ['user']],
162 ['state', 'present', ['user']],
163 ],
164 )
165
166 user_name = module.params['user']
167 user_password = module.params['user_password']
168 first_name = module.params['first_name']
169 last_name = module.params['last_name']
170 email = module.params['email']
171 phone = module.params['phone']
172 account_status = module.params['account_status']
173 state = module.params['state']
174
175 mso = MSOModule(module)
176
177 roles = mso.lookup_roles(module.params['roles'])
178 domain = mso.lookup_domain(module.params['domain'])
179
180 user_id = None
181 path = 'users'
182
183 # Query for existing object(s)
184 if user_name:
185 mso.existing = mso.get_obj(path, username=user_name)
186 if mso.existing:
187 user_id = mso.existing['id']
188 # If we found an existing object, continue with it
189 path = 'users/{id}'.format(id=user_id)
190 else:
191 mso.existing = mso.query_objs(path)
192
193 if state == 'query':
194 pass
195
196 elif state == 'absent':
197 mso.previous = mso.existing
198 if mso.existing:
199 if module.check_mode:
200 mso.existing = {}
201 else:
202 mso.existing = mso.request(path, method='DELETE')
203
204 elif state == 'present':
205 mso.previous = mso.existing
206
207 payload = dict(
208 id=user_id,
209 username=user_name,
210 password=user_password,
211 firstName=first_name,
212 lastName=last_name,
213 emailAddress=email,
214 phoneNumber=phone,
215 accountStatus=account_status,
216 domainId=domain,
217 roles=roles,
218 # active=True,
219 # remote=True,
220 )
221
222 mso.sanitize(payload, collate=True)
223
224 if mso.sent.get('accountStatus') is None:
225 mso.sent['accountStatus'] = 'active'
226
227 if mso.existing:
228 if not issubset(mso.sent, mso.existing):
229 # NOTE: Since MSO always returns '******' as password, we need to assume a change
230 if 'password' in mso.proposed:
231 mso.module.warn("A password change is assumed, as the MSO REST API does not return passwords we do not know.")
232 mso.result['changed'] = True
233
234 if module.check_mode:
235 mso.existing = mso.proposed
236 else:
237 mso.existing = mso.request(path, method='PUT', data=mso.sent)
238 else:
239 if module.check_mode:
240 mso.existing = mso.proposed
241 else:
242 mso.existing = mso.request(path, method='POST', data=mso.sent)
243
244 mso.exit_json()
245
246
247if __name__ == "__main__":
248 main()
def issubset(subset, superset)
Definition: mso.py:19