Removes bigip_user from skip file (#32451)
This commit is contained in:
parent
83674af284
commit
c239749052
3 changed files with 207 additions and 89 deletions
|
@ -4,16 +4,26 @@
|
|||
# Copyright (c) 2017 F5 Networks Inc.
|
||||
# GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = '''
|
||||
DOCUMENTATION = r'''
|
||||
---
|
||||
module: bigip_user
|
||||
short_description: Manage user accounts and user attributes on a BIG-IP.
|
||||
short_description: Manage user accounts and user attributes on a BIG-IP
|
||||
description:
|
||||
- Manage user accounts and user attributes on a BIG-IP.
|
||||
- Manage user accounts and user attributes on a BIG-IP. Typically this
|
||||
module operates only on the REST API users and not the CLI users. There
|
||||
is one exception though and that is if you specify the C(username_credential)
|
||||
of C(root). When specifying C(root), you may only change the password.
|
||||
Your other parameters will be ignored in this case. Changing the C(root)
|
||||
password is not an idempotent operation. Therefore, it will change it
|
||||
every time this module attempts to change it.
|
||||
version_added: "2.4"
|
||||
options:
|
||||
full_name:
|
||||
|
@ -21,7 +31,8 @@ options:
|
|||
- Full name of the user.
|
||||
username_credential:
|
||||
description:
|
||||
- Name of the user to create, remove or modify.
|
||||
- Name of the user to create, remove or modify. There is a special case
|
||||
that exists for the user C(root).
|
||||
required: True
|
||||
aliases:
|
||||
- name
|
||||
|
@ -57,7 +68,8 @@ options:
|
|||
update_password:
|
||||
description:
|
||||
- C(always) will allow to update passwords if the user chooses to do so.
|
||||
C(on_create) will only set the password for newly created users.
|
||||
C(on_create) will only set the password for newly created users. When
|
||||
C(username_credential) is C(root), this value will be forced to C(always).
|
||||
default: on_create
|
||||
choices:
|
||||
- always
|
||||
|
@ -74,59 +86,59 @@ author:
|
|||
- Wojciech Wypior (@wojtek0806)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
EXAMPLES = r'''
|
||||
- name: Add the user 'johnd' as an admin
|
||||
bigip_user:
|
||||
server: "lb.mydomain.com"
|
||||
user: "admin"
|
||||
password: "secret"
|
||||
username_credential: "johnd"
|
||||
password_credential: "password"
|
||||
full_name: "John Doe"
|
||||
partition_access: "all:admin"
|
||||
update_password: "on_create"
|
||||
state: "present"
|
||||
server: lb.mydomain.com
|
||||
user: admin
|
||||
password: secret
|
||||
username_credential: johnd
|
||||
password_credential: password
|
||||
full_name: John Doe
|
||||
partition_access: all:admin
|
||||
update_password: on_create
|
||||
state: present
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Change the user "johnd's" role and shell
|
||||
bigip_user:
|
||||
server: "lb.mydomain.com"
|
||||
user: "admin"
|
||||
password: "secret"
|
||||
username_credential: "johnd"
|
||||
partition_access: "NewPartition:manager"
|
||||
shell: "tmsh"
|
||||
state: "present"
|
||||
server: lb.mydomain.com
|
||||
user: admin
|
||||
password: secret
|
||||
username_credential: johnd
|
||||
partition_access: NewPartition:manager
|
||||
shell: tmsh
|
||||
state: present
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Make the user 'johnd' an admin and set to advanced shell
|
||||
bigip_user:
|
||||
server: "lb.mydomain.com"
|
||||
user: "admin"
|
||||
password: "secret"
|
||||
name: "johnd"
|
||||
partition_access: "all:admin"
|
||||
shell: "bash"
|
||||
state: "present"
|
||||
server: lb.mydomain.com
|
||||
user: admin
|
||||
password: secret
|
||||
name: johnd
|
||||
partition_access: all:admin
|
||||
shell: bash
|
||||
state: present
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Remove the user 'johnd'
|
||||
bigip_user:
|
||||
server: "lb.mydomain.com"
|
||||
user: "admin"
|
||||
password: "secret"
|
||||
name: "johnd"
|
||||
state: "absent"
|
||||
server: lb.mydomain.com
|
||||
user: admin
|
||||
password: secret
|
||||
name: johnd
|
||||
state: absent
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Update password
|
||||
bigip_user:
|
||||
server: "lb.mydomain.com"
|
||||
user: "admin"
|
||||
password: "secret"
|
||||
state: "present"
|
||||
username_credential: "johnd"
|
||||
password_credential: "newsupersecretpassword"
|
||||
server: lb.mydomain.com
|
||||
user: admin
|
||||
password: secret
|
||||
state: present
|
||||
username_credential: johnd
|
||||
password_credential: newsupersecretpassword
|
||||
delegate_to: localhost
|
||||
|
||||
# Note that the second time this task runs, it would fail because
|
||||
|
@ -138,43 +150,65 @@ EXAMPLES = '''
|
|||
# * Include `ignore_errors` on this task
|
||||
- name: Change the Admin password
|
||||
bigip_user:
|
||||
server: "lb.mydomain.com"
|
||||
user: "admin"
|
||||
password: "secret"
|
||||
state: "present"
|
||||
username_credential: "admin"
|
||||
password_credential: "NewSecretPassword"
|
||||
server: lb.mydomain.com
|
||||
user: admin
|
||||
password: secret
|
||||
state: present
|
||||
username_credential: admin
|
||||
password_credential: NewSecretPassword
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Change the root user's password
|
||||
bigip_user:
|
||||
server: lb.mydomain.com
|
||||
user: admin
|
||||
password: secret
|
||||
username_credential: root
|
||||
password_credential: secret
|
||||
state: present
|
||||
delegate_to: localhost
|
||||
'''
|
||||
|
||||
RETURN = '''
|
||||
RETURN = r'''
|
||||
full_name:
|
||||
description: Full name of the user
|
||||
returned: changed and success
|
||||
type: string
|
||||
sample: "John Doe"
|
||||
description: Full name of the user
|
||||
returned: changed and success
|
||||
type: string
|
||||
sample: John Doe
|
||||
partition_access:
|
||||
description:
|
||||
- List of strings containing the user's roles and which partitions they
|
||||
are applied to. They are specified in the form "partition:role".
|
||||
returned: changed and success
|
||||
type: list
|
||||
sample: "['all:admin']"
|
||||
description:
|
||||
- List of strings containing the user's roles and which partitions they
|
||||
are applied to. They are specified in the form "partition:role".
|
||||
returned: changed and success
|
||||
type: list
|
||||
sample: ['all:admin']
|
||||
shell:
|
||||
description: The shell assigned to the user account
|
||||
returned: changed and success
|
||||
type: string
|
||||
sample: "tmsh"
|
||||
description: The shell assigned to the user account
|
||||
returned: changed and success
|
||||
type: string
|
||||
sample: tmsh
|
||||
'''
|
||||
|
||||
import os
|
||||
import tempfile
|
||||
|
||||
from distutils.version import LooseVersion
|
||||
from ansible.module_utils.f5_utils import (
|
||||
AnsibleF5Client,
|
||||
AnsibleF5Parameters,
|
||||
HAS_F5SDK,
|
||||
F5ModuleError,
|
||||
iControlUnexpectedHTTPError
|
||||
)
|
||||
from ansible.module_utils.f5_utils import AnsibleF5Client
|
||||
from ansible.module_utils.f5_utils import AnsibleF5Parameters
|
||||
from ansible.module_utils.f5_utils import defaultdict
|
||||
from ansible.module_utils.f5_utils import HAS_F5SDK
|
||||
from ansible.module_utils.f5_utils import F5ModuleError
|
||||
from ansible.module_utils.six import iteritems
|
||||
|
||||
try:
|
||||
from StringIO import StringIO
|
||||
except ImportError:
|
||||
from io import StringIO
|
||||
|
||||
try:
|
||||
from ansible.module_utils.f5_utils import iControlUnexpectedHTTPError
|
||||
except ImportError:
|
||||
HAS_F5SDK = False
|
||||
|
||||
|
||||
class Parameters(AnsibleF5Parameters):
|
||||
|
@ -195,6 +229,36 @@ class Parameters(AnsibleF5Parameters):
|
|||
'shell', 'partitionAccess', 'description', 'name', 'password'
|
||||
]
|
||||
|
||||
def __init__(self, params=None):
|
||||
self._values = defaultdict(lambda: None)
|
||||
self._values['__warnings'] = []
|
||||
if params:
|
||||
self.update(params=params)
|
||||
|
||||
def update(self, params=None):
|
||||
if params:
|
||||
for k, v in iteritems(params):
|
||||
if self.api_map is not None and k in self.api_map:
|
||||
map_key = self.api_map[k]
|
||||
else:
|
||||
map_key = k
|
||||
|
||||
# Handle weird API parameters like `dns.proxy.__iter__` by
|
||||
# using a map provided by the module developer
|
||||
class_attr = getattr(type(self), map_key, None)
|
||||
if isinstance(class_attr, property):
|
||||
# There is a mapped value for the api_map key
|
||||
if class_attr.fset is None:
|
||||
# If the mapped value does not have
|
||||
# an associated setter
|
||||
self._values[map_key] = v
|
||||
else:
|
||||
# The mapped value has a setter
|
||||
setattr(self, map_key, v)
|
||||
else:
|
||||
# If the mapped value is not a @property
|
||||
self._values[map_key] = v
|
||||
|
||||
@property
|
||||
def partition_access(self):
|
||||
"""Partition access values will require some transformation.
|
||||
|
@ -265,11 +329,12 @@ class ModuleManager(object):
|
|||
self.client = client
|
||||
|
||||
def exec_module(self):
|
||||
if self.is_version_less_than_13():
|
||||
if self.is_root_username_credential():
|
||||
manager = RootUserManager(self.client)
|
||||
elif self.is_version_less_than_13():
|
||||
manager = UnparitionedManager(self.client)
|
||||
else:
|
||||
manager = PartitionedManager(self.client)
|
||||
|
||||
return manager.exec_module()
|
||||
|
||||
def is_version_less_than_13(self):
|
||||
|
@ -286,6 +351,12 @@ class ModuleManager(object):
|
|||
else:
|
||||
return False
|
||||
|
||||
def is_root_username_credential(self):
|
||||
user = self.client.module.params.get('username_credential', None)
|
||||
if user == 'root':
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
class BaseManager(object):
|
||||
def __init__(self, client):
|
||||
|
@ -333,8 +404,7 @@ class BaseManager(object):
|
|||
# not return it.
|
||||
if self.want.shell == 'bash':
|
||||
self.validate_shell_parameter()
|
||||
if self.want.shell == 'none' and \
|
||||
self.have.shell is None:
|
||||
if self.want.shell == 'none' and self.have.shell is None:
|
||||
self.have.shell = 'none'
|
||||
attr1 = getattr(self.want, key)
|
||||
attr2 = getattr(self.have, key)
|
||||
|
@ -526,6 +596,67 @@ class PartitionedManager(BaseManager):
|
|||
resource.delete()
|
||||
|
||||
|
||||
class RootUserManager(BaseManager):
|
||||
def exec_module(self):
|
||||
changed = False
|
||||
result = dict()
|
||||
state = self.want.state
|
||||
|
||||
try:
|
||||
if state == "present":
|
||||
changed = self.present()
|
||||
elif state == "absent":
|
||||
raise F5ModuleError(
|
||||
"You may not remove the root user."
|
||||
)
|
||||
except iControlUnexpectedHTTPError as e:
|
||||
raise F5ModuleError(str(e))
|
||||
|
||||
changes = self.changes.to_return()
|
||||
result.update(**changes)
|
||||
result.update(dict(changed=changed))
|
||||
return result
|
||||
|
||||
def exists(self):
|
||||
return True
|
||||
|
||||
def update(self):
|
||||
file = tempfile.NamedTemporaryFile()
|
||||
self.want.update({'tempfile': os.path.basename(file.name)})
|
||||
self.upload_password_file_to_device()
|
||||
self.update_on_device()
|
||||
self.remove_password_file_from_device()
|
||||
return True
|
||||
|
||||
def update_on_device(self):
|
||||
errors = [
|
||||
'not confirmed',
|
||||
'change canceled'
|
||||
]
|
||||
cmd = '-c "cat /var/config/rest/downloads/{0} | tmsh modify auth password root"'.format(self.want.tempfile)
|
||||
output = self.client.api.tm.util.bash.exec_cmd(
|
||||
'run',
|
||||
utilCmdArgs=cmd
|
||||
)
|
||||
if hasattr(output, 'commandResult'):
|
||||
result = str(output.commandResult)
|
||||
if any(x for x in errors if x in result):
|
||||
raise F5ModuleError(result)
|
||||
|
||||
def upload_password_file_to_device(self):
|
||||
content = "{0}\n{0}\n".format(self.want.password_credential)
|
||||
template = StringIO(content)
|
||||
upload = self.client.api.shared.file_transfer.uploads
|
||||
upload.upload_stringio(template, self.want.tempfile)
|
||||
return True
|
||||
|
||||
def remove_password_file_from_device(self):
|
||||
self.client.api.tm.util.unix_rm.exec_cmd(
|
||||
'run',
|
||||
utilCmdArgs='/var/config/rest/downloads/{0}'.format(self.want.tempfile)
|
||||
)
|
||||
|
||||
|
||||
class ArgumentSpec(object):
|
||||
def __init__(self):
|
||||
self.supports_check_mode = True
|
||||
|
|
|
@ -24,7 +24,6 @@ lib/ansible/modules/network/f5/bigip_qkview.py
|
|||
lib/ansible/modules/network/f5/bigip_snmp.py
|
||||
lib/ansible/modules/network/f5/bigip_snmp_trap.py
|
||||
lib/ansible/modules/network/f5/bigip_ucs.py
|
||||
lib/ansible/modules/network/f5/bigip_user.py
|
||||
lib/ansible/modules/network/ios/ios_static_route.py
|
||||
lib/ansible/modules/network/lenovo/cnos_backup.py
|
||||
lib/ansible/modules/network/lenovo/cnos_bgp.py
|
||||
|
|
|
@ -1,21 +1,7 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Copyright 2017 F5 Networks Inc.
|
||||
#
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
# Copyright (c) 2017 F5 Networks Inc.
|
||||
# GNU General Public License v3.0 (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
__metaclass__ = type
|
||||
|
@ -42,6 +28,7 @@ try:
|
|||
from library.bigip_user import ArgumentSpec
|
||||
from library.bigip_user import UnparitionedManager
|
||||
from library.bigip_user import PartitionedManager
|
||||
from ansible.module_utils.f5_utils import iControlUnexpectedHTTPError
|
||||
except ImportError:
|
||||
try:
|
||||
from ansible.modules.network.f5.bigip_user import Parameters
|
||||
|
@ -49,6 +36,7 @@ except ImportError:
|
|||
from ansible.modules.network.f5.bigip_user import ArgumentSpec
|
||||
from ansible.modules.network.f5.bigip_user import UnparitionedManager
|
||||
from ansible.modules.network.f5.bigip_user import PartitionedManager
|
||||
from ansible.module_utils.f5_utils import iControlUnexpectedHTTPError
|
||||
except ImportError:
|
||||
raise SkipTest("F5 Ansible modules require the f5-sdk Python library")
|
||||
|
||||
|
|
Loading…
Reference in a new issue