File: //lib/python3.9/site-packages/ansible_collections/cisco/mso/plugins/modules/mso_user.py
# -*- coding: utf-8 -*-
# Copyright: (c) 2018, Dag Wieers (@dagwieers) <[email protected]>
# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {"metadata_version": "1.1", "status": ["preview"], "supported_by": "community"}
DOCUMENTATION = r"""
---
module: mso_user
short_description: Manage users
description:
- Manage users on Cisco ACI Multi-Site.
author:
- Dag Wieers (@dagwieers)
options:
user:
description:
- The name of the user.
type: str
aliases: [ name ]
user_password:
description:
- The password of the user.
type: str
first_name:
description:
- The first name of the user.
- This parameter is required when creating new users.
type: str
last_name:
description:
- The last name of the user.
- This parameter is required when creating new users.
type: str
email:
description:
- The email address of the user.
- This parameter is required when creating new users.
type: str
phone:
description:
- The phone number of the user.
- This parameter is required when creating new users.
type: str
account_status:
description:
- The status of the user account.
type: str
choices: [ active, inactive ]
domain:
description:
- The domain this user belongs to.
- When creating new users, this defaults to C(Local).
type: str
roles:
description:
- The roles for this user and their access types (read or write).
- Access type defaults to C(write).
type: list
elements: str
state:
description:
- Use C(present) or C(absent) for adding or removing.
- Use C(query) for listing an object or multiple objects.
type: str
choices: [ absent, present, query ]
default: present
notes:
- A default installation of ACI Multi-Site ships with admin password 'we1come!' which requires a password change on first login.
See the examples of how to change the 'admin' password using Ansible.
extends_documentation_fragment: cisco.mso.modules
"""
EXAMPLES = r"""
- name: Update initial admin password
cisco.mso.mso_user:
host: mso_host
username: admin
password: initialPassword
validate_certs: false
user: admin
user_password: newPassword
state: present
delegate_to: localhost
- name: Add a new user
cisco.mso.mso_user:
host: mso_host
username: admin
password: SomeSecretPassword
validate_certs: false
user: dag
user_password: userPassword
first_name: Dag
last_name: Wieers
email: [email protected]
phone: +32 478 436 299
roles:
- name: siteManager
access_type: write
- name: schemaManager
access_type: read
state: present
delegate_to: localhost
- name: Add a new user
cisco.mso.mso_user:
host: mso_host
username: admin
password: SomeSecretPassword
validate_certs: false
user: dag
first_name: Dag
last_name: Wieers
email: [email protected]
phone: +32 478 436 299
roles:
- powerUser
delegate_to: localhost
- name: Remove a user
cisco.mso.mso_user:
host: mso_host
username: admin
password: SomeSecretPassword
validate_certs: false
user: dag
state: absent
delegate_to: localhost
- name: Query a user
cisco.mso.mso_user:
host: mso_host
username: admin
password: SomeSecretPassword
validate_certs: false
user: dag
state: query
delegate_to: localhost
register: query_result
- name: Query all users
cisco.mso.mso_user:
host: mso_host
username: admin
password: SomeSecretPassword
validate_certs: false
state: query
delegate_to: localhost
register: query_result
"""
RETURN = r""" # """
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.cisco.mso.plugins.module_utils.mso import MSOModule, mso_argument_spec, issubset
def main():
argument_spec = mso_argument_spec()
argument_spec.update(
user=dict(type="str", aliases=["name"]),
user_password=dict(type="str", no_log=True),
first_name=dict(type="str"),
last_name=dict(type="str"),
email=dict(type="str"),
phone=dict(type="str"),
# TODO: What possible options do we have ?
account_status=dict(type="str", choices=["active", "inactive"]),
domain=dict(type="str"),
roles=dict(type="list", elements="str"),
state=dict(type="str", default="present", choices=["absent", "present", "query"]),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_if=[
["state", "absent", ["user"]],
["state", "present", ["user"]],
],
)
user_name = module.params.get("user")
user_password = module.params.get("user_password")
first_name = module.params.get("first_name")
last_name = module.params.get("last_name")
email = module.params.get("email")
phone = module.params.get("phone")
account_status = module.params.get("account_status")
state = module.params.get("state")
mso = MSOModule(module)
roles = mso.lookup_roles(module.params.get("roles"))
domain = mso.lookup_domain(module.params.get("domain"))
user_id = None
path = "users"
# Query for existing object(s)
if user_name:
if mso.module._socket_path and mso.connection.get_platform() == "cisco.nd":
mso.existing = mso.get_obj(path, loginID=user_name, api_version="v2")
if mso.existing:
mso.existing["id"] = mso.existing.get("userID")
mso.existing["username"] = mso.existing.get("loginID")
else:
mso.existing = mso.get_obj(path, username=user_name)
if mso.existing:
user_id = mso.existing.get("id")
# If we found an existing object, continue with it
path = "users/{id}".format(id=user_id)
else:
mso.existing = mso.query_objs(path)
if state == "query":
pass
elif state == "absent":
mso.previous = mso.existing
if mso.existing:
if module.check_mode:
mso.existing = {}
else:
mso.existing = mso.request(path, method="DELETE")
elif state == "present":
mso.previous = mso.existing
payload = dict(
id=user_id,
username=user_name,
firstName=first_name,
lastName=last_name,
emailAddress=email,
phoneNumber=phone,
accountStatus=account_status,
domainId=domain,
roles=roles,
# active=True,
# remote=True,
)
if user_password is not None:
payload.update(password=user_password)
mso.sanitize(payload, collate=True)
if mso.sent.get("accountStatus") is None:
mso.sent["accountStatus"] = "active"
if mso.existing:
if not issubset(mso.sent, mso.existing):
# NOTE: Since MSO always returns '******' as password, we need to assume a change
if "password" in mso.proposed:
mso.module.warn("A password change is assumed, as the MSO REST API does not return passwords we do not know.")
mso.result["changed"] = True
if module.check_mode:
mso.existing = mso.proposed
else:
mso.existing = mso.request(path, method="PUT", data=mso.sent)
else:
if user_password is None:
mso.fail_json("The user {0} does not exist. The 'user_password' attribute is required to create a new user.".format(user_name))
if module.check_mode:
mso.existing = mso.proposed
else:
mso.existing = mso.request(path, method="POST", data=mso.sent)
mso.exit_json()
if __name__ == "__main__":
main()