ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-25 06:10:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

cyberark_user: Fix validate-modules issue (#52515)

Browse source 
This PR includes:
- validate-modules fixes
- fix parameter types
- code bugfix
This commit is contained in:
Dag Wieers 2019-02-22 12:28:04 +01:00 committed by John R Barker
commit 1f9da61bce
2 changed files with 84 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

157
lib/ansible/modules/identity/cyberark/cyberark_user.py
View file

@ -1,4 +1,6 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: (c) 2017, Ansible Project # Copyright: (c) 2017, Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -9,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'], 'status': ['preview'],
'supported_by': 'certified'} 'supported_by': 'certified'}
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: cyberark_user module: cyberark_user
short_description: Module for CyberArk User Management using PAS Web Services SDK short_description: Module for CyberArk User Management using PAS Web Services SDK
@ -19,99 +21,109 @@ author:
- erasmix (@erasmix) - erasmix (@erasmix)
version_added: 2.4 version_added: 2.4
description: description:
- CyberArk User Management using PAS Web Services SDK. It currently supports the following - CyberArk User Management using PAS Web Services SDK.
actions Get User Details, Add User, Update User, Delete User. - It currently supports the following actions Get User Details, Add User, Update User, Delete User.
options: options:
username: username:
required: True
description: description:
- The name of the user who will be queried (for details), added, updated or deleted. - The name of the user who will be queried (for details), added, updated or deleted.
state: type: str
default: present
choices: [present, absent]
description:
- Specifies the state needed for the user
present for create user, absent for delete user.
cyberark_session:
required: True required: True
state:
description:
- Specifies the state needed for the user present for create user, absent for delete user.
type: str
choices: [ absent, present ]
default: present
cyberark_session:
description: description:
- Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, - Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session,
please see M(cyberark_authentication) module for an example of cyberark_session. please see M(cyberark_authentication) module for an example of cyberark_session.
type: dict
required: True
initial_password: initial_password:
description: description:
- The password that the new user will use to log on the first time. This password must meet the password policy requirements. - The password that the new user will use to log on the first time.
this parameter is required when state is present -- Add User. - This password must meet the password policy requirements.
- This parameter is required when state is present -- Add User.
type: str
new_password: new_password:
description: description:
- The user updated password. Make sure that this password meets the password policy requirements. - The user updated password. Make sure that this password meets the password policy requirements.
type: str
email: email:
description: description:
- The user email address. - The user email address.
type: str
first_name: first_name:
description: description:
- The user first name. - The user first name.
type: str
last_name: last_name:
description: description:
- The user last name. - The user last name.
type: str
change_password_on_the_next_logon: change_password_on_the_next_logon:
type: bool
default: 'no'
description: description:
- Whether or not the user must change their password in their next logon. - Whether or not the user must change their password in their next logon.
Valid values = true/false. type: bool
default: no
expiry_date: expiry_date:
description: description:
- The date and time when the user account will expire and become disabled. - The date and time when the user account will expire and become disabled.
type: str
user_type_name: user_type_name:
default: EPVUser
description: description:
- The type of user. - The type of user.
- The parameter defaults to C(EPVUser).
type: str
disabled: disabled:
type: bool
default: 'no'
description: description:
- Whether or not the user will be disabled. Valid values = true/false. - Whether or not the user will be disabled.
type: bool
default: no
location: location:
description: description:
- The Vault Location for the user. - The Vault Location for the user.
type: str
group_name: group_name:
description: description:
- The name of the group the user will be added to. - The name of the group the user will be added to.
type: str
''' '''
EXAMPLES = ''' EXAMPLES = r'''
- name: Logon to CyberArk Vault using PAS Web Services SDK - name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication: cyberark_authentication:
api_base_url: "https://components.cyberark.local" api_base_url: https://components.cyberark.local
use_shared_logon_authentication: true use_shared_logon_authentication: yes
- name: Create user & immediately add it to a group - name: Create user & immediately add it to a group
cyberark_user: cyberark_user:
username: "username" username: username
initial_password: "password" initial_password: password
user_type_name: "EPVUser" user_type_name: EPVUser
change_password_on_the_next_logon: false change_password_on_the_next_logon: no
group_name: "GroupOfUsers" group_name: GroupOfUser
state: present state: present
cyberark_session: "{{ cyberark_session }}" cyberark_session: '{{ cyberark_session }}'
- name: Make sure user is present and reset user credential if present - name: Make sure user is present and reset user credential if present
cyberark_user: cyberark_user:
username: "Username" username: Username
new_password: "password" new_password: password
disabled: false disabled: no
state: present state: present
cyberark_session: "{{ cyberark_session }}" cyberark_session: '{{ cyberark_session }}'
- name: Logoff from CyberArk Vault - name: Logoff from CyberArk Vault
cyberark_authentication: cyberark_authentication:
state: absent state: absent
cyberark_session: "{{ cyberark_session }}" cyberark_session: '{{ cyberark_session }}'
''' '''
RETURN = ''' RETURN = r'''
changed: changed:
description: Whether there was a change done. description: Whether there was a change done.
type: bool type: bool
@ -133,7 +145,6 @@ status_code:
''' '''
import json import json
import traceback
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_text from ansible.module_utils._text import to_text
@ -187,7 +198,6 @@ def user_details(module):
msg=("Unknown error while performing user_details." msg=("Unknown error while performing user_details."
"\n*** end_point=%s%s\n%s" % (api_base_url, end_point, to_text(unknown_exception))), "\n*** end_point=%s%s\n%s" % (api_base_url, end_point, to_text(unknown_exception))),
headers=headers, headers=headers,
exception=traceback.format_exc(),
status_code=-1) status_code=-1)
@ -285,7 +295,6 @@ def user_add_or_update(module, HTTPMethod):
"\n*** end_point=%s%s\n%s" % (api_base_url, end_point, to_text(unknown_exception))), "\n*** end_point=%s%s\n%s" % (api_base_url, end_point, to_text(unknown_exception))),
payload=payload, payload=payload,
headers=headers, headers=headers,
exception=traceback.format_exc(),
status_code=-1) status_code=-1)
@ -340,7 +349,6 @@ def user_delete(module):
msg=("Unknown error while performing user_delete." msg=("Unknown error while performing user_delete."
"\n*** end_point=%s%s\n%s" % (api_base_url, end_point, to_text(unknown_exception))), "\n*** end_point=%s%s\n%s" % (api_base_url, end_point, to_text(unknown_exception))),
headers=headers, headers=headers,
exception=traceback.format_exc(),
status_code=-1) status_code=-1)
@ -390,7 +398,6 @@ def user_add_to_group(module):
"\n*** end_point=%s%s\n ==> %s" % (api_base_url, end_point, exception_text)), "\n*** end_point=%s%s\n ==> %s" % (api_base_url, end_point, exception_text)),
payload=payload, payload=payload,
headers=headers, headers=headers,
exception=traceback.format_exc(),
status_code=http_exception.code) status_code=http_exception.code)
except Exception as unknown_exception: except Exception as unknown_exception:
@ -405,47 +412,51 @@ def user_add_to_group(module):
def main(): def main():
fields = { module = AnsibleModule(
"username": {"required": True, "type": "str"}, argument_spec=dict(
"state": {"type": "str", username=dict(type='str', required=True),
"choices": ["present", "absent"], state=dict(type='str', default='present', choices=['absent', 'present']),
"default": "present"}, cyberark_session=dict(type='dict', required=True),
"cyberark_session": {"required": True, "type": "dict"}, initial_password=dict(type='str', no_log=True),
"initial_password": {"type": "str", "no_log": True}, new_password=dict(type='str', no_log=True),
"new_password": {"type": "str", "no_log": True}, email=dict(type='str'),
"email": {"type": "str"}, first_name=dict(type='str'),
"first_name": {"type": "str"}, last_name=dict(type='str'),
"last_name": {"type": "str"}, change_password_on_the_next_logon=dict(type='bool'),
"change_password_on_the_next_logon": {"type": "bool"}, expiry_date=dict(type='str'),
"expiry_date": {"type": "str"}, user_type_name=dict(type='str'),
"user_type_name": {"type": "str"}, disabled=dict(type='bool'),
"disabled": {"type": "bool"}, location=dict(type='str'),
"location": {"type": "str"}, group_name=dict(type='str'),
"group_name": {"type": "str"}, ),
} )
module = AnsibleModule(argument_spec=fields) state = module.params['state']
new_password = module.params['new_password']
state = module.params["state"] group_name = module.params['group_name']
changed = False
result = {}
if (state == "present"): if (state == "present"):
(changed, result, status_code) = user_details(module) (changed, result, status_code) = user_details(module)
if (status_code == 200): # user already exists
if ("new_password" in module.params): if (status_code == 200):
# if new_password specified, proceed to update user credential # User already exists
# If new_password specified, proceed to update user credential
if (new_password is not None):
(changed, result, status_code) = user_add_or_update(module, "PUT") (changed, result, status_code) = user_add_or_update(module, "PUT")
if ("group_name" in module.params and module.params["group_name"] is not None):
# if user exists, add to group if needed if (group_name is not None):
# If user exists, add to group if needed
(changed, ignored_result, ignored_status_code) = user_add_to_group(module) (changed, ignored_result, ignored_status_code) = user_add_to_group(module)
elif (status_code == 404): elif (status_code == 404):
# user does not exist, proceed to create it # User does not exist, proceed to create it
(changed, result, status_code) = user_add_or_update(module, "POST") (changed, result, status_code) = user_add_or_update(module, "POST")
if (status_code == 201 and "group_name" in module.params and module.params["group_name"] is not None):
# if user was created, add to group if needed if (status_code == 201 and group_name is not None):
# If user was created, add to group if needed
(changed, ignored_result, ignored_status_code) = user_add_to_group(module) (changed, ignored_result, ignored_status_code) = user_add_to_group(module)
elif (state == "absent"): elif (state == "absent"):
(changed, result, status_code) = user_delete(module) (changed, result, status_code) = user_delete(module)

1
test/sanity/validate-modules/ignore.txt
View file

@ -402,7 +402,6 @@ lib/ansible/modules/files/synchronize.py E323
lib/ansible/modules/files/synchronize.py E324 lib/ansible/modules/files/synchronize.py E324
lib/ansible/modules/files/synchronize.py E327 lib/ansible/modules/files/synchronize.py E327
lib/ansible/modules/files/unarchive.py E323 lib/ansible/modules/files/unarchive.py E323
lib/ansible/modules/identity/cyberark/cyberark_user.py E324
lib/ansible/modules/identity/keycloak/keycloak_client.py E324 lib/ansible/modules/identity/keycloak/keycloak_client.py E324
lib/ansible/modules/identity/keycloak/keycloak_clienttemplate.py E324 lib/ansible/modules/identity/keycloak/keycloak_clienttemplate.py E324
lib/ansible/modules/messaging/rabbitmq/rabbitmq_binding.py E324 lib/ansible/modules/messaging/rabbitmq/rabbitmq_binding.py E324