Vh*ddlmZmZmZeZdZdZdZddl m Z ddl m Z ddl mZddlmcmcmcmcmZGd d e Zd Zed k(reyy) )absolute_importdivisionprint_functiona --- module: zabbix_mfa short_description: Create/update/delete Zabbix MFA method description: - This module allows you to create, update and delete Zabbix MFA method. author: - ONODERA Masaru(@masa-orca) requirements: - "python >= 3.11" version_added: 3.1.0 options: name: description: - Name of this MFA method type: str required: true method_type: description: - A type of this MFA method type: str choices: - "totp" - "duo_universal_prompt" hash_function: description: - Type of the hash function for generating TOTP codes. - Required when C(method_type=totp). type: str choices: - "sha-1" - "sha-256" - "sha-512" code_length: description: - Verification code length. - Required when C(method_type=totp). type: int choices: - 6 - 8 api_hostname: description: - API hostname provided by the Duo authentication service. - Required when C(method_type=duo_universal_prompt). type: str clientid: description: - Client ID provided by the Duo authentication service. - Required when C(method_type=duo_universal_prompt). type: str client_secret: description: - Client secret provided by the Duo authentication service. - Required when C(method_type=duo_universal_prompt). type: str state: description: - State of this MFA. type: str choices: ['present', 'absent'] default: 'present' notes: - Only Zabbix >= 7.0 is supported. - This module returns changed=true when I(method_type) is C(duo_universal_prompt) as Zabbix API will not return any sensitive information back for module to compare. extends_documentation_fragment: - community.zabbix.zabbix a{ # If you want to use Username and Password to be authenticated by Zabbix Server - name: Set credentials to access Zabbix Server API ansible.builtin.set_fact: ansible_user: Admin ansible_httpapi_pass: zabbix # If you want to use API token to be authenticated by Zabbix Server # https://www.zabbix.com/documentation/current/en/manual/web_interface/frontend_sections/administration/general#api-tokens - name: Set API token ansible.builtin.set_fact: ansible_zabbix_auth_key: 8ec0d52432c15c91fcafe9888500cf9a607f44091ab554dbee860f6b44fac895 - name: Create a 'Zabbix TOTP' MFA method # set task level variables as we change ansible_connection plugin here vars: ansible_network_os: community.zabbix.zabbix ansible_connection: httpapi ansible_httpapi_port: 443 ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_zabbix_url_path: 'zabbixeu' # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu ansible_host: zabbix-example-fqdn.org community.zabbix.zabbix_mfa: name: Zabbix TOTP method_type: totp hash_function: sha-1 code_length: 6 z msg: description: The result of the creating operation returned: success type: str sample: 'Successfully created MFA method' ) AnsibleModule) ZabbixBase) LooseVersionNc>eZdZdfd ZdZdZdZdZdZxZ S)MFActt| |||t|jtdkr|j dyy)Nz7.0z:This module doesn't support Zabbix versions lower than 7.0msg)superr __init__r_zbx_api_version fail_json)selfmodulezbx zapi_wrapper __class__s o/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/zabbix/plugins/modules/zabbix_mfa.pyrz MFA.__init__sJ c4!&#|< -- .e1D D   P   Ec |jjjdd|id}d}|D] }|d|k(s |}|S#t$r)}|jj d|zYd}~yd}~wwxYw)Nextendname)outputsearchzFailed to get MFA method: %sr )_zapimfaget Exception_moduler)rmfa_namemfasr_mfaes rget_mfaz MFA.get_mfas ::>>%%&%x0D C LH,C J  LL " "2Q6 #   s9AA A4 A//A4cd |dg}|jjr|jjd|jjj ||jjddy#t $r)}|jjd|zYd}~yd}~wwxYw)NmfaidTchangedz Successfully deleted MFA method.r+r zFailed to delete MFA method: %sr )r" check_mode exit_jsonrrdeleter!r)rr parameterr&s r delete_mfazMFA.delete_mfas WI||&& &&t&4 JJNN ! !) , LL " ""D #   LL " "59 #   sA:A== B/B**B/c"i}||d<ttjgd||d<|dk(r4ttjgd||d<t||d<|St||d<t||d <t||d <|S) Nr)Ntotpduo_universal_prompttyper3)Nsha-1sha-256sha-512 hash_function code_length api_hostnameclientid client_secret)str zabbix_utilshelper_to_numeric_value) rr method_typer9r:r;r<r=r0s r_convert_to_parameterzMFA._convert_to_parameters  & D D   !  & 6 !),\-Q-Q .*Io &(+;'7Im $ ),L(9In %$'MIj !),]);Io &rc |j|||||||} |jjr|jjd|jj j ||jjddy#t$r)} |jjd| zYd} ~ yd} ~ wwxYw)NTr*z Successfully created MFA method.r,zFailed to create MFA method: %sr ) rBr"r-r.rrcreater!r) rrrAr9r:r;r<r=r0r&s r create_mfazMFA.create_mfas..t[-Q\^jltwDE  ||&& &&t&4 JJNN ! !) , LL " ""D #   LL " "59 #   sA4B CB;;Cc h |j|||||||} | jd|di|dk(rVtj|ddgd}i} tj| || | ik(r|j j d|j jr|j j d |jjj| |j j d d y#t$r)} |j jd | z Yd} ~ yd} ~ wwxYw)Nr)r3r;r<)del_keysrFr*Tz Successfully updated MFA method.r,zFailed to update MFA method: %sr ) rBupdater?helper_normalize_datahelper_compare_dictionariesr"r.r-rrr!r) r current_mfarrAr9r:r;r<r=r0 differencer&s r update_mfazMFA.update_mfas2 224mU`bnpx{HII   g{7';< =v%*@@>:*F  88KQ[\"$LL**5*9||&& &&t&4 JJNN ! !) , LL " ""D #   LL " "59 #   sCT)r5requiredr3r4)r5choices)r6r7r8int)r5)r5no_logpresentabsent)r5defaultrT)rrAr9r:r;r<r=staterAr9r:)r;r<r=)r9r;)r9r:r;r<r=) argument_spec required_ifmutually_exclusive required_bysupports_check_moderr;r<r=r\Fr*N) r?zabbix_common_argument_specrHdictrparamsr r'r1r.rMrE) r]rrrAr9r:r;r<r=r\ mfa_class_objrs rmainrfs!<<>M 540*A5)u%E$7!"H-1 B##! &  ( . +()%*  !? FD == D-- .KMM/2M-- .K==0L}}Z(HMM/2M MM' "EKM    %C    $ $S )   U  +   $ $S$ ]KYegoq~   $ $T; {T`bjly zr__main__) __future__rrrr5 __metaclass__ DOCUMENTATIONEXAMPLESRETURNansible.module_utils.basicr>ansible_collections.community.zabbix.plugins.module_utils.baser#ansible.module_utils.compat.versionrAansible_collections.community.zabbix.plugins.module_utils.helpers communityzabbixplugins module_utilshelpersr?r rfrNrrrwsiA@ O b < 5U<XXXh*hV\{~ zFr