VhsddlmZmZmZeZdZdZdZddl Z ddl m Z ddl m Z ddlmZdd lmZddlmcmcmcmcmZGd d e Zd Zed k(reyy))absolute_importdivisionprint_functiona module: zabbix_user short_description: Create/update/delete Zabbix users author: - sky-joker (@sky-joker) description: - This module allows you to create, modify and delete Zabbix users. requirements: - "python >= 3.9" options: username: description: - Username. - username is the unique identifier used and cannot be updated using this module. required: true type: str name: description: - Name of the user. type: str surname: description: - Surname of the user. type: str usrgrps: description: - User groups to add the user to. - Required when I(state=present). required: false type: list elements: str passwd: description: - User's password. - Required unless all of the I(usrgrps) are set to use LDAP as frontend access. required: false type: str override_passwd: description: - Override password for the user. - Password will not be updated on subsequent runs without setting this value to yes. default: no type: bool current_passwd: description: - Current password for the user when overriding its password. - Required when overriding the logged in user's password. - https://www.zabbix.com/documentation/6.4/en/manual/api/reference/user/update required: false type: str lang: description: - Language code of the user's language. choices: - "en_GB" - "en_US" - "zh_CN" - "cs_CZ" - "fr_FR" - "he_IL" - "it_IT" - "ko_KR" - "ja_JP" - "nb_NO" - "pl_PL" - "pt_BR" - "pt_PT" - "ru_RU" - "sk_SK" - "tr_TR" - "uk_UA" - "default" type: str theme: description: - User's theme. choices: - "default" - "blue-theme" - "dark-theme" type: str autologin: description: - Whether to enable auto-login. - If enable autologin, cannot enable autologout. type: bool autologout: description: - User session life time in seconds. If set to 0, the session will never expire. - If enable autologout, cannot enable autologin. type: str refresh: description: - Automatic refresh period in seconds. type: str rows_per_page: description: - Amount of object rows to show per page. type: str after_login_url: description: - URL of the page to redirect the user to after logging in. type: str user_medias: description: - Set the user's media. - If not set, makes no changes to media. suboptions: mediatype: description: - Media type name to set. default: "Email" type: str sendto: description: - Address, user name or other identifier of the recipient. - If C(mediatype) is Email, values are represented as array. For other types of Media types, value is represented as a string. required: true type: raw period: description: - Time when the notifications can be sent as a time period or user macros separated by a semicolon. - Please review the documentation for more information on the supported time period. - https://www.zabbix.com/documentation/current/en/manual/appendix/time_period default: "1-7,00:00-24:00" type: str severity: description: - Trigger severities to send notifications about. suboptions: not_classified: description: - severity not_classified enable/disable. default: true type: bool information: description: - severity information enable/disable. default: true type: bool warning: description: - severity warning enable/disable. default: true type: bool average: description: - severity average enable/disable. default: true type: bool high: description: - severity high enable/disable. default: true type: bool disaster: description: - severity disaster enable/disable. default: true type: bool default: not_classified: true information: true warning: true average: true high: true disaster: true type: dict active: description: - Whether the media is enabled. default: true type: bool type: list elements: dict timezone: description: - User's time zone. - For the full list of supported time zones please refer to U(https://www.php.net/manual/en/timezones.php) type: str version_added: 1.2.0 role_name: description: - User's role. - Default is C(User role) when creating a new user. - The default value will be removed at the version 2.0.0. type: str version_added: 1.2.0 state: description: - State of the user. - On C(present), it will create if user does not exist or update the user if the associated data is different. - On C(absent) will remove a user if it exists. default: "present" choices: ["present", "absent"] type: str extends_documentation_fragment: - community.zabbix.zabbix a # If you want to use Username and Password to be authenticated by Zabbix Server - name: Set credentials to access Zabbix Server API ansible.builtin.set_fact: ansible_user: Admin ansible_httpapi_pass: zabbix # If you want to use API token to be authenticated by Zabbix Server # https://www.zabbix.com/documentation/current/en/manual/web_interface/frontend_sections/administration/general#api-tokens - name: Set API token ansible.builtin.set_fact: ansible_zabbix_auth_key: 8ec0d52432c15c91fcafe9888500cf9a607f44091ab554dbee860f6b44fac895 - name: create a new zabbix user. # set task level variables as we change ansible_connection plugin here vars: ansible_network_os: community.zabbix.zabbix ansible_connection: httpapi ansible_httpapi_port: 443 ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu ansible_host: zabbix-example-fqdn.org community.zabbix.zabbix_user: username: example name: user name surname: user surname usrgrps: - Guests - Disabled passwd: password lang: en_GB theme: blue-theme autologin: no autologout: "0" refresh: "30" rows_per_page: "200" after_login_url: "" user_medias: - mediatype: Email sendto: - example@example.com - example1@example.com period: 1-7,00:00-24:00 severity: not_classified: no information: yes warning: yes average: yes high: yes disaster: yes active: no state: present - name: delete existing zabbix user. # set task level variables as we change ansible_connection plugin here vars: ansible_network_os: community.zabbix.zabbix ansible_connection: httpapi ansible_httpapi_port: 443 ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu ansible_host: zabbix-example-fqdn.org community.zabbix.zabbix_user: username: example state: absent z user_ids: description: User id created or changed returned: success type: dict sample: { "userids": [ "5" ] } N) AnsibleModule) ZabbixBase)helper_normalize_data) LooseVersioncBeZdZdZdZdZdZdZdZdZ dZ d Z y ) Userc |jjjddi} |ddk(ry|ddk(ry|jj d|z y#t $r)}|jj d |z Yd}~yd}~wwxYw) Noutputextendauthentication_type0internal1LDAPzCFailed to query authentication type. Unknown authentication type %smsgz6Unhandled error while querying authentication type. %s)_zapiauthenticationget_module fail_json Exception)selfauthes p/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/zabbix/plugins/modules/zabbix_user.pyget_default_authenticationzUser.get_default_authentication1szz((,,h-AB )*c1!+,3 &&]'  LL " "LPQR #   s!AAA B $BB cgdd|id}|jjj|}|r|Dcgc] }d|di }}t|Dcgc] }|ddk(s |c}rd}nht|Dcgc]}|ddk(s |dd k(s|c}rd }n;t|Dcgc] }|dd k(s |c}r|j }|d k(rdnd }t |t |Dcgc]}|d c}z }|r|j jd |z|fS|j jdycc}wcc}wcc}wcc}wcc}w)N)usrgrpidname gui_accessr#)r filterr"r$rT23FrrzUser groups not found: %srzNo user groups found)r usergrouprboolr setrr) rusrgrpsparamsresgidsrequire_passworddefault_authenticationnot_found_groupss rget_usergroups_by_namezUser.get_usergroups_by_nameBsr8w' jj""&&v. 8;<1J* .1q#'=Q>?#' Tq1\?c#9Q|_PS=ST$) #@Q<C)?q@A*.)H)H)J&2j@De! #7|cc2J1V92J.KK  &&36FF'(( ( LL " "'= " >;=?UA3Ks/D< EE3E E E .E % E c`|jjjdd|idddd}|S)NrusernameT)r r% getAccess selectMedias selectUsrgrps)ruserr)rr5zbx_users rcheck_user_existzUser.check_user_exisths:::??&&"%x0! (!)   ctj|}|D]Q}|jjj ddi}|D]}|d|dk(s|d|d<|d|d<nd|vr#|j j d|dzn|dd k(r^t|d ts.t|d ts|j j d t|d tr8|d g|d <n.t|d ts|j j d |d=d }dD]}|d|r|dz}|d z}tt|d|d<|drd |d<Md|d<T|S)Nr rr# mediatype mediatypeidtypezMedia type not found: %srrsendtozBFor Email media type sendto parameter must be of type list or str.zIFor any other than Email media type sendto parameter must be of type str.)disasterhighaveragewarning informationnot_classifiedseverityractive) copydeepcopyrr>rrr isinstanceliststrint)r user_mediascopy_user_medias user_media media_types media_typeseverity_binary_number severity_keys r#convert_user_medias_parameter_typesz(User.convert_user_medias_parameter_typesus==5*1 +J**..22Hh3GHK)  f%K)@@0:=0IJ}-.8.@J{+   J. &&2Z 5LL'k*c1#:h#7>%j&:C@ ..`"*X"6<0:80D/E 8,%j&:C@ ..g{+%' "! J j),7-Cc-I*-Cc-I* J&)-CQ)G%HJz "(#'* 8$'* 8$c1 +f r<c|jjjddi}|D]}|d|k(s |dcS|jj d|zy)Nr rr#roleidzRole not found: %sr)rrolerrr)r role_namerolesr\s rget_roleid_by_namezUser.get_roleid_by_namesa ##Xx$89 &DF|y(H~% & #7)#CDr<c tj|d}g}|dD]}|jd|dit|d|d<|d|d<dD]}||=d|vr|dr|dD]}d D] }||vs||= |dd |||t|d ||| | | | | d }|r||d<n d|vr|dr|d=|r||d <|r|j |nd|d<||d<t |\}}t ||\}}d}i}t j|||sd}t|jtdk\r |r||d<|d=||d}||fS)Nrr+r"c |dSNr"xs rz6User.user_parameter_difference_check..s 1Z=r<)keymediasrR)rh attempt_clockattempt_failed attempt_ip debug_mode users_statusr$)mediaiduseridroc |dSrbrcrds rrfz6User.user_parameter_difference_check..s AjMr< ror5r#surnamer+langtheme autologin autologoutrefresh rows_per_pageurlpasswdr[timezoneTF6.4beforeafter) rLrMappendsortedr_r zabbix_utilshelper_compare_dictionariesr _zbx_api_version)rr:r5r#rruser_group_idsrzrsrtrurvrwrxryrRr{r]override_passwd existing_data usrgrpidsusrgrpdel_keyrT request_datadel_keys _del_keys&user_parameter_difference_check_result diff_dict diff_paramss ruser_parameter_difference_checkz$User.user_parameter_difference_checks, hqk2  #I. ?F   j&*<= > ?#))9P#Q i '4X'> m$ 'Gg& ' M )mM.J+M: 0 40G*,&w/0 0qk(+ n2IJ"$*   *5L ' -- 2N!-0 %+L "3K$$  &&:BAF' $$ s,A B!"B  BN) __name__ __module__ __qualname__r r3r;rYr_rrrrrcr<rr r 0s9"$?L 5 nE\C|@%DGR%r<r ctj}|jtd4idtdddtddtddtd d d tdd d dtdd d d dtdd d dtdgddtdgddtddtddtddtddtddtd dttddtd dtdd!tdttddtddtddtddtddtdd"tdddddd"#tdd$%d&tdd'tdd(tdd)d)d*g+t |d(d)dgggd,}|j d}|j d}|j d}|j d}|j d }|j d}|j d}|j d} |j d} |j d} |j d} |j d} |j d}|j d}|j d}|j d&}|j d'}|j d(}| | rd-} nd.} t |}|r|j|}i}|j|}|d)k(r|j|\}}|r||jd/0|rU|j||||||| | | | | ||||||\}}|jsJ|rH|j||||||| | | | | |||||||}n%d}|j|||||| | | | | ||||||\}}|d*k(r|rd}|j||\}}nd }i}|js)|r|j!d|1y|j!d 2yr|j!d3y|j!d 3y)5Nr5rPT)r@requiredr#)r@rrr+rO)r@elementsrzF)r@rno_logrr))r@rdefaultrrrs)en_GBen_USzh_CNcs_CZfr_FRhe_ILit_ITko_KRja_JPnb_NOpl_PLpt_BRpt_PTru_RUsk_SKtr_TRuk_UAr)r@choicesrt)rz blue-themez dark-themerurvrwrxafter_login_urlrRdictEmail)r@rrawz1-7,00:00-24:00)rHrGrFrErDrC)r@optionsr)r>rAperiodrIrK)r@rrr{r]statepresentabsent)r@rr) argument_spec required_ifsupports_check_moderrzAUser password is required. One or more groups are not LDAP based.r)changedr)r)rdiffrc)rzabbix_common_argument_specrrrr,r rYr;r3rrrrrr exit_json)rmoduler5r#rrr+rzrrrsrtrurvrwrxrrRr{r]rr9rr:rr0diff_check_resultrs rmainrsC <<>M G ut4G 5!G e$G fu5 G UU4@ G !eU5 G  UU4HG G BE+RSCG D'EG F'GG He$IG JE*KG L!e,MG N"w?UT:U4EF!# $+/VT+J(,&$(G$(fd$C$(fd$C!%64!@%)vt%D !!%+/(,$($(!%%) !& VT:/OG Hu%IG J&KG LE9y(>STMG IT#y9+67 F }}Z(H == DmmI&GmmI&G ]]8 $Fmm$56O]]#34N == D MM' "E k*I|,JmmI&GMM/2Mmm$56O-- .K}}Z(H k*I MM' "E II >{K H$$X.H +/+F+Fw+O(( ~  [! -1-Q-Q#. * {($$):++"!##"%*!% $(MM !% !Hk&   $ $($4$4Xx$H !Hk % K       TH  =   U  +    T  <   U  =r<__main__) __future__rrrr@ __metaclass__ DOCUMENTATIONEXAMPLESRETURNrLansible.module_utils.basicr>ansible_collections.community.zabbix.plugins.module_utils.baserAansible_collections.community.zabbix.plugins.module_utils.helpersr#ansible.module_utils.compat.versionr communityzabbixplugins module_utilshelpersrr rrrcr<rrstA@ G RC J  4U=XXX{%:{%| J>Z zFr<