|
|
6e61fb |
#!/usr/bin/python
|
|
|
6e61fb |
from ansible.module_utils.basic import AnsibleModule
|
|
|
6e61fb |
from ansible.module_utils import common_koji
|
|
|
6e61fb |
|
|
|
6e61fb |
|
|
|
6e61fb |
ANSIBLE_METADATA = {
|
|
|
6e61fb |
'metadata_version': '1.0',
|
|
|
6e61fb |
'status': ['preview'],
|
|
|
6e61fb |
'supported_by': 'community'
|
|
|
6e61fb |
}
|
|
|
6e61fb |
|
|
|
6e61fb |
|
|
|
6e61fb |
DOCUMENTATION = '''
|
|
|
6e61fb |
---
|
|
|
6e61fb |
module: koji_user
|
|
|
6e61fb |
|
|
|
6e61fb |
short_description: Create and manage Koji user accounts
|
|
|
6e61fb |
description:
|
|
|
6e61fb |
- This module can add new users and manage existing users.
|
|
|
6e61fb |
- 'Koji only supports adding new users, not deleting them. Once they are
|
|
|
6e61fb |
defined, you can enable or disable the users with "state: enabled" or
|
|
|
6e61fb |
"state: disabled".'
|
|
|
6e61fb |
|
|
|
6e61fb |
options:
|
|
|
6e61fb |
name:
|
|
|
6e61fb |
description:
|
|
|
6e61fb |
- The name of the Koji user.
|
|
|
6e61fb |
- 'Example: "kdreyer".'
|
|
|
6e61fb |
required: true
|
|
|
6e61fb |
state:
|
|
|
6e61fb |
description:
|
|
|
6e61fb |
- Whether to set this user as "enabled" or "disabled". If unset, this
|
|
|
6e61fb |
defaults to "enabled".
|
|
|
6e61fb |
permissions:
|
|
|
6e61fb |
description:
|
|
|
6e61fb |
- A list of permissions for this user.
|
|
|
6e61fb |
- 'Example: [admin]'
|
|
|
6e61fb |
krb_principal:
|
|
|
6e61fb |
description:
|
|
|
6e61fb |
- Set a non-default krb principal for this user. If unset, Koji will
|
|
|
6e61fb |
use the standard krb principal scheme for user accounts.
|
|
|
6e61fb |
- Warning, Koji only allows you to set this one time, at the point at
|
|
|
6e61fb |
which you create the new account. You cannot edit the krb_principal
|
|
|
6e61fb |
for an existing account.
|
|
|
6e61fb |
requirements:
|
|
|
6e61fb |
- "python >= 2.7"
|
|
|
6e61fb |
- "koji"
|
|
|
6e61fb |
'''
|
|
|
6e61fb |
|
|
|
6e61fb |
EXAMPLES = '''
|
|
|
6e61fb |
- name: create a koji user
|
|
|
6e61fb |
hosts: localhost
|
|
|
6e61fb |
tasks:
|
|
|
6e61fb |
- name: Add new kdreyer user
|
|
|
6e61fb |
koji_user:
|
|
|
6e61fb |
name: kdreyer
|
|
|
6e61fb |
state: enabled
|
|
|
6e61fb |
permissions: [admin]
|
|
|
6e61fb |
'''
|
|
|
6e61fb |
|
|
|
6e61fb |
|
|
|
6e61fb |
def ensure_user(session, name, check_mode, state, permissions, krb_principal):
|
|
|
6e61fb |
"""
|
|
|
6e61fb |
Ensure that this user is configured in Koji.
|
|
|
6e61fb |
|
|
|
6e61fb |
:param session: Koji client session
|
|
|
6e61fb |
:param str name: Koji builder user name
|
|
|
6e61fb |
:param bool check_mode: don't make any changes
|
|
|
6e61fb |
:param str state: "enabled" or "disabled"
|
|
|
6e61fb |
:param list permissions: list of permissions for this user.
|
|
|
6e61fb |
:param str krb_principal: custom kerberos principal, or None. Used only at
|
|
|
6e61fb |
account creation time.
|
|
|
6e61fb |
"""
|
|
|
6e61fb |
result = {'changed': False, 'stdout_lines': []}
|
|
|
6e61fb |
if state == 'enabled':
|
|
|
6e61fb |
desired_status = common_koji.koji.USER_STATUS['NORMAL']
|
|
|
6e61fb |
else:
|
|
|
6e61fb |
desired_status = common_koji.koji.USER_STATUS['BLOCKED']
|
|
|
6e61fb |
user = session.getUser(name)
|
|
|
6e61fb |
if not user:
|
|
|
6e61fb |
result['changed'] = True
|
|
|
6e61fb |
result['stdout_lines'] = ['created %s user' % name]
|
|
|
6e61fb |
if check_mode:
|
|
|
6e61fb |
return result
|
|
|
6e61fb |
common_koji.ensure_logged_in(session)
|
|
|
6e61fb |
id_ = session.createUser(name, desired_status, krb_principal)
|
|
|
6e61fb |
user = session.getUser(id_)
|
|
|
6e61fb |
if user['status'] != desired_status:
|
|
|
6e61fb |
result['changed'] = True
|
|
|
6e61fb |
result['stdout_lines'] = ['%s %s user' % (state, name)]
|
|
|
6e61fb |
if not check_mode:
|
|
|
6e61fb |
common_koji.ensure_logged_in(session)
|
|
|
6e61fb |
if state == 'enabled':
|
|
|
6e61fb |
session.enableUser(name)
|
|
|
6e61fb |
else:
|
|
|
6e61fb |
session.disableUser(name)
|
|
|
6e61fb |
if not permissions:
|
|
|
6e61fb |
return result
|
|
|
6e61fb |
current_perms = session.getUserPerms(user['id'])
|
|
|
6e61fb |
to_grant = set(permissions) - set(current_perms)
|
|
|
6e61fb |
to_revoke = set(current_perms) - set(permissions)
|
|
|
6e61fb |
if to_grant or to_revoke:
|
|
|
6e61fb |
result['changed'] = True
|
|
|
6e61fb |
if not check_mode:
|
|
|
6e61fb |
common_koji.ensure_logged_in(session)
|
|
|
6e61fb |
for permission in to_grant:
|
|
|
6e61fb |
result['stdout_lines'].append('grant %s' % permission)
|
|
|
6e61fb |
if not check_mode:
|
|
|
6e61fb |
session.grantPermission(name, permission, True)
|
|
|
6e61fb |
for permission in to_revoke:
|
|
|
6e61fb |
result['stdout_lines'].append('revoke %s' % permission)
|
|
|
6e61fb |
if not check_mode:
|
|
|
6e61fb |
session.revokePermission(name, permission)
|
|
|
6e61fb |
return result
|
|
|
6e61fb |
|
|
|
6e61fb |
|
|
|
6e61fb |
def run_module():
|
|
|
6e61fb |
module_args = dict(
|
|
|
6e61fb |
koji=dict(type='str', required=False),
|
|
|
6e61fb |
name=dict(type='str', required=True),
|
|
|
6e61fb |
permissions=dict(type='list', required=True),
|
|
|
6e61fb |
krb_principal=dict(type='str', required=False, default=None),
|
|
|
6e61fb |
state=dict(type='str', choices=[
|
|
|
6e61fb |
'enabled', 'disabled'], required=False, default='enabled'),
|
|
|
6e61fb |
)
|
|
|
6e61fb |
module = AnsibleModule(
|
|
|
6e61fb |
argument_spec=module_args,
|
|
|
6e61fb |
supports_check_mode=True
|
|
|
6e61fb |
)
|
|
|
6e61fb |
|
|
|
6e61fb |
if not common_koji.HAS_KOJI:
|
|
|
6e61fb |
module.fail_json(msg='koji is required for this module')
|
|
|
6e61fb |
|
|
|
6e61fb |
check_mode = module.check_mode
|
|
|
6e61fb |
params = module.params
|
|
|
6e61fb |
profile = params['koji']
|
|
|
6e61fb |
name = params['name']
|
|
|
6e61fb |
state = params['state']
|
|
|
6e61fb |
|
|
|
6e61fb |
session = common_koji.get_session(profile)
|
|
|
6e61fb |
|
|
|
6e61fb |
result = ensure_user(session, name, check_mode, state,
|
|
|
6e61fb |
permissions=params['permissions'],
|
|
|
6e61fb |
krb_principal=params['krb_principal'])
|
|
|
6e61fb |
|
|
|
6e61fb |
module.exit_json(**result)
|
|
|
6e61fb |
|
|
|
6e61fb |
|
|
|
6e61fb |
def main():
|
|
|
6e61fb |
run_module()
|
|
|
6e61fb |
|
|
|
6e61fb |
|
|
|
6e61fb |
if __name__ == '__main__':
|
|
|
6e61fb |
main()
|