user: Modify RBAC attributes for Illumos/Solaris based system (#48409)
This commit is contained in:
parent
fb782fa3e9
commit
a4ad59fdf6
1 changed files with 74 additions and 0 deletions
|
@ -206,6 +206,30 @@ options:
|
||||||
type: bool
|
type: bool
|
||||||
default: 'no'
|
default: 'no'
|
||||||
version_added: "2.4"
|
version_added: "2.4"
|
||||||
|
profile:
|
||||||
|
description:
|
||||||
|
- Sets the profile of the user.
|
||||||
|
- Does nothing when used with other platforms.
|
||||||
|
- Can set multiple profiles using comma separation.
|
||||||
|
- To delete all the profiles, use profile=''
|
||||||
|
- Currently supported on Illumos/Solaris.
|
||||||
|
version_added: "2.8"
|
||||||
|
authorization:
|
||||||
|
description:
|
||||||
|
- Sets the authorization of the user.
|
||||||
|
- Does nothing when used with other platforms.
|
||||||
|
- Can set multiple authorizations using comma separation.
|
||||||
|
- To delete all authorizations, use authorization=''
|
||||||
|
- Currently supported on Illumos/Solaris.
|
||||||
|
version_added: "2.8"
|
||||||
|
role:
|
||||||
|
description:
|
||||||
|
- Sets the role of the user.
|
||||||
|
- Does nothing when used with other platforms.
|
||||||
|
- Can set multiple roles using comma separation.
|
||||||
|
- To delete all roles, use role=''
|
||||||
|
- Currently supported on Illumos/Solaris.
|
||||||
|
version_added: "2.8"
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = '''
|
||||||
|
@ -433,6 +457,9 @@ class User(object):
|
||||||
self.password_lock = module.params['password_lock']
|
self.password_lock = module.params['password_lock']
|
||||||
self.groups = None
|
self.groups = None
|
||||||
self.local = module.params['local']
|
self.local = module.params['local']
|
||||||
|
self.profile = module.params['profile']
|
||||||
|
self.authorization = module.params['authorization']
|
||||||
|
self.role = module.params['role']
|
||||||
|
|
||||||
if module.params['groups'] is not None:
|
if module.params['groups'] is not None:
|
||||||
self.groups = ','.join(module.params['groups'])
|
self.groups = ','.join(module.params['groups'])
|
||||||
|
@ -1591,11 +1618,13 @@ class SunOS(User):
|
||||||
- create_user()
|
- create_user()
|
||||||
- remove_user()
|
- remove_user()
|
||||||
- modify_user()
|
- modify_user()
|
||||||
|
- user_info()
|
||||||
"""
|
"""
|
||||||
|
|
||||||
platform = 'SunOS'
|
platform = 'SunOS'
|
||||||
distribution = None
|
distribution = None
|
||||||
SHADOWFILE = '/etc/shadow'
|
SHADOWFILE = '/etc/shadow'
|
||||||
|
USER_ATTR = '/etc/user_attr'
|
||||||
|
|
||||||
def get_password_defaults(self):
|
def get_password_defaults(self):
|
||||||
# Read password aging defaults
|
# Read password aging defaults
|
||||||
|
@ -1670,6 +1699,18 @@ class SunOS(User):
|
||||||
cmd.append('-k')
|
cmd.append('-k')
|
||||||
cmd.append(self.skeleton)
|
cmd.append(self.skeleton)
|
||||||
|
|
||||||
|
if self.profile is not None:
|
||||||
|
cmd.append('-P')
|
||||||
|
cmd.append(self.profile)
|
||||||
|
|
||||||
|
if self.authorization is not None:
|
||||||
|
cmd.append('-A')
|
||||||
|
cmd.append(self.authorization)
|
||||||
|
|
||||||
|
if self.role is not None:
|
||||||
|
cmd.append('-R')
|
||||||
|
cmd.append(self.role)
|
||||||
|
|
||||||
cmd.append(self.name)
|
cmd.append(self.name)
|
||||||
|
|
||||||
(rc, out, err) = self.execute_command(cmd)
|
(rc, out, err) = self.execute_command(cmd)
|
||||||
|
@ -1773,6 +1814,18 @@ class SunOS(User):
|
||||||
cmd.append('-s')
|
cmd.append('-s')
|
||||||
cmd.append(self.shell)
|
cmd.append(self.shell)
|
||||||
|
|
||||||
|
if self.profile is not None and info[7] != self.profile:
|
||||||
|
cmd.append('-P')
|
||||||
|
cmd.append(self.profile)
|
||||||
|
|
||||||
|
if self.authorization is not None and info[8] != self.authorization:
|
||||||
|
cmd.append('-A')
|
||||||
|
cmd.append(self.authorization)
|
||||||
|
|
||||||
|
if self.role is not None and info[9] != self.role:
|
||||||
|
cmd.append('-R')
|
||||||
|
cmd.append(self.role)
|
||||||
|
|
||||||
# modify the user if cmd will do anything
|
# modify the user if cmd will do anything
|
||||||
if cmd_len != len(cmd):
|
if cmd_len != len(cmd):
|
||||||
cmd.append(self.name)
|
cmd.append(self.name)
|
||||||
|
@ -1813,6 +1866,24 @@ class SunOS(User):
|
||||||
|
|
||||||
return (rc, out, err)
|
return (rc, out, err)
|
||||||
|
|
||||||
|
def user_info(self):
|
||||||
|
info = super(SunOS, self).user_info()
|
||||||
|
if info:
|
||||||
|
info += self._user_attr_info()
|
||||||
|
return info
|
||||||
|
|
||||||
|
def _user_attr_info(self):
|
||||||
|
info = [''] * 3
|
||||||
|
with open(self.USER_ATTR, 'r') as file_handler:
|
||||||
|
for line in file_handler:
|
||||||
|
lines = line.strip().split('::::')
|
||||||
|
if lines[0] == self.user:
|
||||||
|
tmp = dict(x.split('=') for x in lines[1].split(';'))
|
||||||
|
info[0] = tmp.get('profiles', '')
|
||||||
|
info[1] = tmp.get('auths', '')
|
||||||
|
info[2] = tmp.get('roles', '')
|
||||||
|
return info
|
||||||
|
|
||||||
|
|
||||||
class DarwinUser(User):
|
class DarwinUser(User):
|
||||||
"""
|
"""
|
||||||
|
@ -2509,6 +2580,9 @@ def main():
|
||||||
expires=dict(type='float'),
|
expires=dict(type='float'),
|
||||||
password_lock=dict(type='bool'),
|
password_lock=dict(type='bool'),
|
||||||
local=dict(type='bool'),
|
local=dict(type='bool'),
|
||||||
|
profile=dict(type='str'),
|
||||||
|
authorization=dict(type='str'),
|
||||||
|
role=dict(type='str'),
|
||||||
),
|
),
|
||||||
supports_check_mode=True
|
supports_check_mode=True
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in a new issue