VMware: Improve module vmware_local_user_facts (#47868)
* add check mode support * add assigned role to the output * change output to match vmware_local_user_manager output * change principal to user_name * change full_name to user_description
This commit is contained in:
Christian Kotte
Abhijeet Kasurde
parent
03f71e778b
commit
3a339695a8
1 changed files with 86 additions and 21 deletions
|
|
@ -1,6 +1,7 @@
|
|||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
# Copyright: (c) 2018, Abhijeet Kasurde <akasurde@redhat.com>
|
||||
# Copyright: (c) 2018, Christian Kotte <christian.kotte@gmx.de>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
|
|
@ -24,9 +25,11 @@ description:
|
|||
- User must hold the 'Authorization.ModifyPermissions' privilege to invoke this module.
|
||||
version_added: "2.6"
|
||||
author:
|
||||
- Abhijeet Kasurde (@Akasurde) <akasurde@redhat.com>
|
||||
- Abhijeet Kasurde (@Akasurde)
|
||||
- Christian Kotte (@ckotte)
|
||||
notes:
|
||||
- Tested on ESXi 6.5
|
||||
- The C(full_name), C(principal), and C(user_group) properties are deprecated starting from Ansible v2.12
|
||||
requirements:
|
||||
- "python >= 2.6"
|
||||
- PyVmomi
|
||||
|
|
@ -50,56 +53,118 @@ local_user_facts:
|
|||
type: dict
|
||||
sample: [
|
||||
{
|
||||
"role": "admin",
|
||||
"description": "Administrator",
|
||||
"full_name": "Administrator",
|
||||
"principal": "root",
|
||||
"group": false,
|
||||
"user_group": false,
|
||||
"user_id": 0,
|
||||
"user_shell_access": true
|
||||
"user_name": "root",
|
||||
"principal": "root",
|
||||
"shell_access": true
|
||||
},
|
||||
{
|
||||
"role": "admin",
|
||||
"description": "DCUI User",
|
||||
"full_name": "DCUI User",
|
||||
"principal": "dcui",
|
||||
"group": false,
|
||||
"user_group": false,
|
||||
"user_id": 100,
|
||||
"user_shell_access": false
|
||||
"user_name": "dcui",
|
||||
"principal": "dcui",
|
||||
"shell_access": false
|
||||
},
|
||||
]
|
||||
'''
|
||||
|
||||
try:
|
||||
from pyVmomi import vmodl
|
||||
except ImportError:
|
||||
pass
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.vmware import PyVmomi, vmware_argument_spec
|
||||
from ansible.module_utils._text import to_native
|
||||
|
||||
|
||||
class VMwareUserFactsManager(PyVmomi):
|
||||
"""Class to manage local user facts"""
|
||||
def __init__(self, module):
|
||||
super(VMwareUserFactsManager, self).__init__(module)
|
||||
|
||||
if self.is_vcenter():
|
||||
self.module.fail_json(msg="Failed to get local authorization manager settings.",
|
||||
details="It seems that %s is a vCenter server "
|
||||
"instead of an ESXi server." % self.params['hostname'])
|
||||
self.module.fail_json(
|
||||
msg="Failed to get local account manager settings.",
|
||||
details="It seems that '%s' is a vCenter server instead of an ESXi server" % self.module.params['hostname']
|
||||
)
|
||||
|
||||
def gather_user_facts(self):
|
||||
"""
|
||||
Function to gather facts about local users
|
||||
|
||||
"""
|
||||
"""Gather facts about local users"""
|
||||
results = dict(changed=False, local_user_facts=[])
|
||||
user_account = self.content.userDirectory.RetrieveUserGroups(None, '', None, None, False, True, False)
|
||||
if user_account:
|
||||
for user in user_account:
|
||||
temp_user = dict(principal=user.principal,
|
||||
full_name=user.fullName,
|
||||
user_group=user.group,
|
||||
user_id=user.id,
|
||||
user_shell_access=user.shellAccess)
|
||||
search_string = ''
|
||||
exact_match = False
|
||||
find_users = True
|
||||
find_groups = False
|
||||
user_accounts = self.content.userDirectory.RetrieveUserGroups(
|
||||
None, search_string, None, None, exact_match, find_users, find_groups
|
||||
)
|
||||
if user_accounts:
|
||||
for user in user_accounts:
|
||||
temp_user = dict()
|
||||
# NOTE: the properties full_name, principal, and user_group are deprecated starting from Ansible v2.12
|
||||
temp_user['full_name'] = user.fullName
|
||||
temp_user['principal'] = user.principal
|
||||
temp_user['user_group'] = user.group
|
||||
temp_user['user_name'] = user.principal
|
||||
temp_user['description'] = user.fullName
|
||||
temp_user['group'] = user.group
|
||||
temp_user['user_id'] = user.id
|
||||
temp_user['shell_access'] = user.shellAccess
|
||||
temp_user['role'] = None
|
||||
try:
|
||||
permissions = self.content.authorizationManager.RetrieveEntityPermissions(
|
||||
entity=self.content.rootFolder,
|
||||
inherited=False
|
||||
)
|
||||
except vmodl.fault.ManagedObjectNotFound as not_found:
|
||||
self.module.fail_json(
|
||||
msg="The entity doesn't exist" % to_native(not_found)
|
||||
)
|
||||
for permission in permissions:
|
||||
if permission.principal == user.principal:
|
||||
temp_user['role'] = self.get_role_name(permission.roleId, self.content.authorizationManager.roleList)
|
||||
break
|
||||
|
||||
results['local_user_facts'].append(temp_user)
|
||||
self.module.exit_json(**results)
|
||||
|
||||
@staticmethod
|
||||
def get_role_name(role_id, role_list):
|
||||
"""Get role name from role ID"""
|
||||
role_name = None
|
||||
# Default role: No access
|
||||
if role_id == -5:
|
||||
role_name = 'no-access'
|
||||
# Default role: Read-only
|
||||
elif role_id == -2:
|
||||
role_name = 'read-only'
|
||||
# Default role: Administrator
|
||||
elif role_id == -1:
|
||||
role_name = 'admin'
|
||||
# Custom roles
|
||||
else:
|
||||
for role in role_list:
|
||||
if role.roleId == role_id:
|
||||
role_name = role.name
|
||||
break
|
||||
return role_name
|
||||
|
||||
|
||||
def main():
|
||||
"""Main"""
|
||||
argument_spec = vmware_argument_spec()
|
||||
module = AnsibleModule(argument_spec=argument_spec)
|
||||
module = AnsibleModule(argument_spec=argument_spec,
|
||||
supports_check_mode=True)
|
||||
vmware_local_user_facts = VMwareUserFactsManager(module)
|
||||
vmware_local_user_facts.gather_user_facts()
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue