From 99f6f0ccc234e64925a30881135fd307f8a90c97 Mon Sep 17 00:00:00 2001 From: Joel Diaz Date: Tue, 19 Sep 2017 09:10:12 -0400 Subject: [PATCH] add 'update_password' param to manageiq_user (#29093) * add 'update_password' param to manageiq_user Currently with the manageiq_user module, if you call it repeatedly while passing the 'password' parameter, it will always run the task and mark it as 'changed'. Following the pattern of the AWS IAM module, add an 'update_password' parameter that takes 'always' (default) or 'on_create'. This will let you set an initial password when creating a user, but allow the user to modify their password and not stomp over their password changes if you re-run the playbook/task that created the user. * don't stomp password when other fields change Handle case where user fields change, but we don't want to stomp on a potentially user-changed password. Previously, if a non-password field changed, and the password param was passed in, it would ignore the 'update_password': 'on_create' setting (ie it would update/modify the password even if the user already exists). Add trailing ',' to list of params. --- .../manageiq/manageiq_user.py | 20 ++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/lib/ansible/modules/remote_management/manageiq/manageiq_user.py b/lib/ansible/modules/remote_management/manageiq/manageiq_user.py index cb680c01766..de461fc3bc1 100755 --- a/lib/ansible/modules/remote_management/manageiq/manageiq_user.py +++ b/lib/ansible/modules/remote_management/manageiq/manageiq_user.py @@ -68,6 +68,13 @@ options: - The users' E-mail address. required: false default: null + update_password: + required: false + default: always + choices: ['always', 'on_create'] + description: + - C(always) will update passwords unconditionally. C(on_create) will only set the password for a newly created user. + version_added: '2.5' ''' EXAMPLES = ''' @@ -219,11 +226,16 @@ class ManageIQUser(object): resource['group'] = dict(id=group_id) if name is not None: resource['name'] = name - if password is not None: - resource['password'] = password if email is not None: resource['email'] = email + # if there is a password param, but 'update_password' is 'on_create' + # then discard the password (since we're editing an existing user) + if self.module.params['update_password'] == 'on_create': + password = None + if password is not None: + resource['password'] = password + # check if we need to update ( compare_user is true is no difference found ) if self.compare_user(user, name, group_id, password, email): return dict( @@ -280,7 +292,9 @@ def main(): password=dict(no_log=True), group=dict(), email=dict(), - state=dict(choices=['absent', 'present'], default='present') + state=dict(choices=['absent', 'present'], default='present'), + update_password=dict(choices=['always', 'on_create'], + default='always'), ), )