Vh"YddlmZmZmZeZdZdZdZddl m Z ddl m Z ddl mZddlmZmZmZmZmZGd d eZd Zd Zed k(reyy))absolute_importdivisionprint_functiona module: gitlab_user short_description: Creates/updates/deletes/blocks/unblocks GitLab Users description: - When the user does not exist in GitLab, it will be created. - When the user exists and state=absent, the user will be deleted. - When the user exists and state=blocked, the user will be blocked. - When changes are made to user, the user will be updated. notes: - From community.general 0.2.0 and onwards, name, email and password are optional while deleting the user. author: - Werner Dijkerman (@dj-wasabi) - Guillaume Martinez (@Lunik) - Lennert Mertens (@LennertMertens) - Stef Graces (@stgrace) requirements: - python-gitlab python module - administrator rights on the GitLab server extends_documentation_fragment: - community.general.auth_basic - community.general.gitlab - community.general.attributes attributes: check_mode: support: full diff_mode: support: none options: name: description: - Name of the user you want to create. - Required only if O(state=present). type: str username: description: - The username of the user. required: true type: str password: description: - The password of the user. - GitLab server enforces minimum password length to 8, set this value with 8 or more characters. type: str reset_password: description: - Whether the user can change its password or not. default: false type: bool version_added: 3.3.0 email: description: - The email that belongs to the user. - Required only if O(state=present). type: str sshkey_name: description: - The name of the SSH public key. type: str sshkey_file: description: - The SSH public key itself. type: str sshkey_expires_at: description: - The expiration date of the SSH public key in ISO 8601 format C(YYYY-MM-DDTHH:MM:SSZ). - This is only used when adding new SSH public keys. type: str version_added: 3.1.0 group: description: - ID or Full path of parent group in the form of group/name. - Add user as a member to this group. type: str access_level: description: - The access level to the group. - The value V(master) is an alias for V(maintainer). default: guest type: str choices: ["guest", "reporter", "developer", "master", "maintainer", "owner"] state: description: - Create, delete or block a user. default: present type: str choices: ["present", "absent", "blocked", "unblocked"] confirm: description: - Require confirmation. type: bool default: true isadmin: description: - Grant admin privileges to the user. type: bool default: false external: description: - Define external parameter for this user. type: bool default: false identities: description: - List of identities to be added/updated for this user. - To remove all other identities from this user, set O(overwrite_identities=true). type: list elements: dict suboptions: provider: description: - The name of the external identity provider. type: str extern_uid: description: - User ID for external identity. type: str version_added: 3.3.0 overwrite_identities: description: - Overwrite identities with identities added in this module. - This means that all identities that the user has and that are not listed in O(identities) are removed from the user. - This is only done if a list is provided for O(identities). To remove all identities, provide an empty list. type: bool default: false version_added: 3.3.0 a - name: "Delete GitLab User" community.general.gitlab_user: api_url: https://gitlab.example.com/ api_token: "{{ access_token }}" username: myusername state: absent - name: "Create GitLab User" community.general.gitlab_user: api_url: https://gitlab.example.com/ validate_certs: true api_username: dj-wasabi api_password: "MySecretPassword" name: My Name username: myusername password: mysecretpassword email: me@example.com sshkey_name: MySSH sshkey_file: ssh-rsa AAAAB3NzaC1yc... state: present group: super_group/mon_group access_level: owner - name: "Create GitLab User using external identity provider" community.general.gitlab_user: api_url: https://gitlab.example.com/ validate_certs: true api_token: "{{ access_token }}" name: My Name username: myusername password: mysecretpassword email: me@example.com identities: - provider: Keycloak extern_uid: f278f95c-12c7-4d51-996f-758cc2eb11bc state: present group: super_group/mon_group access_level: owner - name: "Block GitLab User" community.general.gitlab_user: api_url: https://gitlab.example.com/ api_token: "{{ access_token }}" username: myusername state: blocked - name: "Unblock GitLab User" community.general.gitlab_user: api_url: https://gitlab.example.com/ api_token: "{{ access_token }}" username: myusername state: unblocked a msg: description: Success or failure message. returned: always type: str sample: "Success" result: description: JSON-parsed response from the server. returned: always type: dict error: description: The error message returned by the GitLab API. returned: failed type: str sample: "400: path is already in use" user: description: API object. returned: always type: dict )basic_auth_argument_spec) AnsibleModule) to_native)auth_argument_spec find_groupgitlab_authenticationgitlablist_all_kwargsceZdZdZ dZ dZ dZ dZ dZ dZ dZ d Z d Z d Z dd Z d Z dZ dZ dZdZdZdZy) GitLabUsercj||_||_d|_tjj tjj tjjtjjtjjtjjd|_ y)N)guestreporter developermaster maintainerowner) _module_gitlab user_objectr const GUEST_ACCESSREPORTER_ACCESSDEVELOPER_ACCESSMAINTAINER_ACCESS OWNER_ACCESS ACCESS_LEVEL)selfmodulegitlab_instances q/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/gitlab_user.py__init__zGitLabUser.__init__sp & \\.. 4466ll44 ,,88\\..  c Bd}d}|j7|j|d||d|d|d|d |d|d|d d }d }n\|j|jd |did |di|dd dd |did |d idd |d id |did |did |did\}}d }|dr*|dr%|j||d|d|dd}|xs|}|dr|j ||d|d}|xs|}||_|s|r'|j j s |j|r7|j j r |j jd d|zy y#t$r2}|j jdt|zYd}~pd}~wwxYw)NFnamepasswordreset_passwordemailconfirmisadminexternal identities) r(usernamer)r*r+skip_confirmationadminr.r/Tvaluer2)r3setter)r(r+is_adminr.r/overwrite_identities)skip_reconfirmationr)r*r6 sshkey_name sshkey_filesshkey_expires_at)r(file expires_at group_path access_levelzFailed to update user: %s msg+Successfully created or updated the user %schangedr@) r create_user update_useradd_ssh_key_to_userassign_user_to_groupr check_modesave Exception fail_jsonr exit_json) r!r0optionsrCpotentionally_changeduser key_changed group_changedes r$create_or_update_userz GitLabUser.create_or_update_usersG %    ###$#J/")*:"; ))0);%; +#J/%l3 % DG ,,  %gfo6%ww'78")!3w!")'**= >#*GL,A"B#(-49K5K+L!('**= >'.8H0I&J-4g>T6U,V#MGT@%) ! = !gm&<224 . .%&9::<=K,G <  55dGLz,GitLabUser.ssh_key_exists..Vs"  GG{ " s)anykeyslistr )r!rOr8s `r$ssh_key_existszGitLabUser.ssh_key_existsUs/ #TYY^^6o6   r&cj|j||dsL|jjry |d|dd}|d|d|d<|jj |yy#t j j$r2}|jjdt|zYd}~yd}~wwxYw) Nr(Tr;)r[keyr<z#Failed to assign sshkey to user: %sr?F) rcrrHracreater exceptionsGitlabCreateErrorrKr)r!rOsshkey parameterrRs r$rFzGitLabUser.add_ssh_key_to_user_s""48||&& a#F^!&> ,'3.4\.BIl+   +$$66 a &&+PS\]^S_+_&`` as3A##B2(B--B2c |jj|}|S#tjj$rYywxYwrU)membersgetr rgGitlabGetErrorr!groupuser_idmembers r$ find_memberzGitLabUser.find_memberusB ]]&&w/F   //  s ??c.|j||}|duSrU)rsros r$ member_existszGitLabUser.member_existss!!%1T!!r&cD|j||}|j|k(SrU)rsr>)r!rprqr>rrs r$member_as_good_access_levelz&GitLabUser.member_as_good_access_levels%!!%1""l22r&ct|j|}|jjry|y|j ||j |rq|j ||j |}|j||j|j|s%|j||_ |jyy |jj|j ||j|dy#tjj $r2}|jj#dt%|zYd}~yd}~wwxYw)NTF)rqr>z"Failed to assign user to group: %sr?)r rrrHrurXrsrwrVr r>rIrlrfr rgrhrKr)r!rOgroup_identifierr>rprrrRs r$rGzGitLabUser.assign_user_to_groups14<<)9: << " " =   eT%5%5d%; <%%eT-=-=d-CDF33E699dFWFWXdFef&*&7&7 &E#  ` $$#//5$($5$5l$C&EF $$66 ` &&+OR[\]R^+^&__ `s:C??E(E  Ecdd}|jD][\}}|d}||dk(r|j|||dd}-t|||k7s=t||j d||d}]|jD]*\}}|d}|t||j d||,||fS)NFr3r/r6r4T)itemsadd_identitiesgetattrsetattrrm)r!rO argumentsuncheckable_argsrCarg_key arg_valueavs r$rEzGitLabUser.update_users"+//"3 # GY7#B~l*"11$C  D r&cj|jjryd}d|vr|d}|d= |jjj |}|r|j |||S#t jj$r3}|jjdt|zYd}~Sd}~wwxYw)NTr/zFailed to create user: %s r?) rrHrusersrfr|r rgrhrKr)r!rr/rOrRs r$rDzGitLabUser.create_users << " " 9 $"<0J,' T<<%%,,Y7D##D*5  !!33 T LL " "'CiPQl'R " S S  Ts9A""B2?(B--B2cd}|r|j||}|D]Y}||jvst|d|dt|d|d|jjs|j d}[|S)NFprovider extern_uidT)delete_identitiesr/r~rrHrI)r!rOr/r6rCidentitys r$r|zGitLabUser.add_identitiess{ ,,T:>G" Ht.j(:*>?lH\,BC||..IIK  r&cd}|jD]=}||vs|jjs|jj |dd}?|S)NFrT)r/rrHidentityprovidersdelete)r!rOr/rCrs r$rzGitLabUser.delete_identitiessT Hz)||..**11(:2FG   r&ctfd|jjjdditDdS)Nc3@K|]}|jk(r|ywrU)r0)r\rOr0s r$r^z'GitLabUser.find_user..s% ==H, ssearchr_)nextrrrbr )r!r0s `r$ find_userzGitLabUser.find_usersA !8!3!3!8!8!\!\O!\     r&c:|j|}|r||_yy)NTF)rrr!r0rOs r$ exists_userzGitLabUser.exists_user s!~~h' #D r&cH|j|}|jddk(S)Nstateactive)r attributesrs r$ is_activezGitLabUser.is_actives$~~h'w'833r&ch|jjry|j}|jSNT)rrHrrrWs r$ delete_userzGitLabUser.delete_users) << " "{{}r&ch|jjry|j}|jSr)rrHrblockrWs r$ block_userzGitLabUser.block_user#s) << " "zz|r&ch|jjry|j}|jSr)rrHrunblockrWs r$ unblock_userzGitLabUser.unblock_user+s) << " "||~r&N)F)__name__ __module__ __qualname__r%rSrXrcrFrsrurwrGrErDr|rrrrrrrr_r&r$rrs  N`  $"  3  2,&  4r&rcTt|jD] \}}| ||= |SrU)rbr{)rrer3s r$sanitize_argumentsr4s59??,- U =# r&ct}|jt|jtd7idtddtddgddtdd d tdd d tddddtddtddtdd dtdd dtddtddgddtdd dtdddtdddtdd d!tddt |d"d#gd"d$gd"d%gd#d$gd#d%ggd"d&gggd'gd ddddgff(}t |}|j d}|j d}|j dj}|j d }|j d }|j d}|j d} |j d} |j d} |j d} |j d} |j d}|j d}|j d}|j d}|j d!}t||}|j|}|r|j|}nd}|d)k(r<|r'|j|jd d*|z+n|jdd,+|d-k(r>|r)|r'|j|jd d.|z+n|jdd/+|d0k(r>|r)|s'|j|jd d1|z+n|jdd2+|dk(ry|j|||||| | | | | |||||d3r,|jd d4|z|j j"5y|jdd6|z|j j"5yy)8Nr(str)typerpresent)absentrblocked unblocked)rdefaultchoicesr0T)rrequiredr))rno_logr*boolF)rrrr+r8r9r:rpr>r)rrrrrrr,)rrr-r.r/rbdict)relementsr6 api_username api_tokenapi_oauth_token api_job_token api_password)rrrr) argument_specmutually_exclusiverequired_togetherrequired_one_ofsupports_check_mode required_ifrzSuccessfully deleted user %srBzUser deleted or does not existsrzSuccessfully blocked user %sz'User already blocked or does not existsrzSuccessfully unblocked user %sz&User is not blocked or does not exists)r(r)r*r+r8r9r:r=r>r,r-r.r/r6rA)rCr@rOzNo need to update the user %sr_)rupdater rrr paramslowerrrrrrLrrrSr_attrs)rr"r# user_namer user_username user_passworduser_reset_password user_emailuser_sshkey_nameuser_sshkey_fileuser_sshkey_expires_atr=r>r, user_isadmin user_externaluser_identitiesr6 gitlab_user user_existsuser_is_actives r$mainr;sw,.M+-. u y:gh5405.  uE   e$eE2E%8ug@CD&$/&%0651Vf5 "vu=!&# [ ) . / _ - + , / *  ^ ,  N ! i&'!2 3 !F,,F3O f%I MM' "EMM*-335MMM*-M --(89w'J}}]3}}]3#]]+>?w'J==0LmmI&G==+LMM*-MmmL1O!==)?@V_5K))-8K$..}=    # # %   T/MP]/]  ^   U0Q  R  >  " " $   T/MP]/]  ^   U0Y  Z  ~  $ $ &   T/OR_/_  `   U0X  Y   , ,]%1++!7$(#%)$8=    T/\_l/ls~tKtKtRtR  S   U0OR_0_fqf}f}gEgE  F'r&__main__N) __future__rrrr __metaclass__ DOCUMENTATIONEXAMPLESRETURNansible.module_utils.apiransible.module_utils.basicr+ansible.module_utils.common.text.convertersrAansible_collections.community.general.plugins.module_utils.gitlabr r r r r objectrrrrr_r&r$rspA@  B5 n 2>4A JJZ nFb zFr&