VhyddlmZmZmZeZdZdZdZddl m Z ddl m Z ddl mZddlmcmcmcmcmZGd d e ZGd d e ZGd de ZGddeZGdde ZdZedk(reyy))absolute_importdivisionprint_functiona" --- module: zabbix_usergroup short_description: Create/delete/update Zabbix user groups description: - Create user groups if they do not exist. - Delete existing user groups if they exist and are empty. - Update existing user groups. author: - "Tobias Birkefeld (@tcraxs)" requirements: - "python >= 3.9" options: name: description: - Name of the user group to create, update or delete. required: true type: str aliases: [ "user_group" ] gui_access: description: - Frontend authentication method of the users in the group. - "Possible values:" - default - use the system default authentication method; - internal - use internal authentication; - LDAP - use LDAP authentication; - disable - disable access to the frontend. required: false type: str default: "default" choices: [ "default", "internal", "LDAP", "disable"] debug_mode: description: - Whether debug mode is enabled or disabled. required: false type: str default: "disabled" choices: [ "disabled", "enabled" ] status: description: - Whether the user group is enabled or disabled. required: false type: str default: "enabled" choices: [ "enabled", "disabled" ] rights: description: - Permissions to assign to the group - For <= Zabbix 6.0 required: false type: list elements: dict suboptions: host_group: description: - Name of the host group to add permission to. required: true type: str permission: description: - Access level to the host group. required: true type: str choices: [ "denied", "read-only", "read-write" ] hostgroup_rights: description: - Host group permissions to assign to the user group - For => Zabbix 6.2 required: false type: list elements: dict suboptions: host_group: description: - Name of the host group to add permission to. required: true type: str permission: description: - Access level to the host group. required: true type: str choices: [ "denied", "read-only", "read-write" ] templategroup_rights: description: - Template group permissions to assign to the user group - For => Zabbix 6.2 required: false type: list elements: dict suboptions: template_group: description: - Name of the template group to add permission to. required: true type: str permission: description: - Access level to the templategroup. required: true type: str choices: [ "denied", "read-only", "read-write" ] tag_filters: description: - Tag based permissions to assign to the group required: false type: list elements: dict suboptions: host_group: description: - Name of the host group to add permission to. required: true type: str tag: description: - Tag name. required: false type: str default: "" value: description: - Tag value. required: false type: str default: "" userdirectory: description: - Authentication user directory when gui_access set to LDAP or System default. - For => Zabbix 6.2 required: false type: str state: description: - State of the user group. - On C(present), it will create if user group does not exist or update the user group if the associated data is different. - On C(absent) will remove a user group if it exists. required: false type: str default: "present" choices: [ "present", "absent" ] extends_documentation_fragment: - community.zabbix.zabbix a: # If you want to use Username and Password to be authenticated by Zabbix Server - name: Set credentials to access Zabbix Server API ansible.builtin.set_fact: ansible_user: Admin ansible_httpapi_pass: zabbix # If you want to use API token to be authenticated by Zabbix Server # https://www.zabbix.com/documentation/current/en/manual/web_interface/frontend_sections/administration/general#api-tokens - name: Set API token ansible.builtin.set_fact: ansible_zabbix_auth_key: 8ec0d52432c15c91fcafe9888500cf9a607f44091ab554dbee860f6b44fac895 # Base create user group example - name: Create user group # set task level variables as we change ansible_connection plugin here vars: ansible_network_os: community.zabbix.zabbix ansible_connection: httpapi ansible_httpapi_port: 443 ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu ansible_host: zabbix-example-fqdn.org community.zabbix.zabbix_usergroup: name: ACME userdirectory: LDAP infra 1 state: present # Base create user group with selected user directory for LDAP authentication - name: Create user group # set task level variables as we change ansible_connection plugin here vars: ansible_network_os: community.zabbix.zabbix ansible_connection: httpapi ansible_httpapi_port: 443 ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu ansible_host: zabbix-example-fqdn.org community.zabbix.zabbix_usergroup: name: ACME userdirectory: LDAP infra 1 state: present # Base create user group with disabled gui access - name: Create user group with disabled gui access # set task level variables as we change ansible_connection plugin here vars: ansible_network_os: community.zabbix.zabbix ansible_connection: httpapi ansible_httpapi_port: 443 ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu ansible_host: zabbix-example-fqdn.org community.zabbix.zabbix_usergroup: name: ACME gui_access: disable # Base create user group with permissions for Zabbix <= 6.0 - name: Create user group with permissions # set task level variables as we change ansible_connection plugin here vars: ansible_network_os: community.zabbix.zabbix ansible_connection: httpapi ansible_httpapi_port: 443 ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu ansible_host: zabbix-example-fqdn.org community.zabbix.zabbix_usergroup: name: ACME rights: - host_group: Webserver permission: read-write - host_group: Databaseserver permission: read-only state: present # Base create user group with permissions for Zabbix => 6.2 - name: Create user group with permissions # set task level variables as we change ansible_connection plugin here vars: ansible_network_os: community.zabbix.zabbix ansible_connection: httpapi ansible_httpapi_port: 443 ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu ansible_host: zabbix-example-fqdn.org community.zabbix.zabbix_usergroup: name: ACME hostgroup_rights: - host_group: Webserver permission: read-write - host_group: Databaseserver permission: read-only templategroup_rights: - template_group: Linux Templates permission: read-write - template_group: Templates permission: read-only state: present # Base create user group with tag permissions - name: Create user group with tag permissions # set task level variables as we change ansible_connection plugin here vars: ansible_network_os: community.zabbix.zabbix ansible_connection: httpapi ansible_httpapi_port: 443 ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu ansible_host: zabbix-example-fqdn.org community.zabbix.zabbix_usergroup: name: ACME tag_filters: - host_group: Webserver tag: Application value: Java - host_group: Discovered hosts tag: Service value: JIRA state: present # Base delete user groups example - name: Delete user groups # set task level variables as we change ansible_connection plugin here vars: ansible_network_os: community.zabbix.zabbix ansible_connection: httpapi ansible_httpapi_port: 443 ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_zabbix_url_path: "zabbixeu" # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http:///zabbixeu ansible_host: zabbix-example-fqdn.org community.zabbix.zabbix_usergroup: name: ACME state: absent a state: description: User group state at the end of execution. returned: on success type: str sample: "present" usergroup: description: User group name. returned: on success type: str sample: "ACME" usrgrpid: description: User group id, if created, changed or deleted. returned: on success type: str sample: "42" msg: description: The result of the operation returned: always type: str sample: "User group created: ACME, ID: 42" ) AnsibleModule) ZabbixBase) LooseVersionNceZdZdZdZdZy)RightszP Restructure the user defined rights to fit the Zabbix API requirements c0 |jjjdd|gid}t|dkr |jj d|zy |dS#t $r,}|jj d|d |Yd }~y d }~wwxYw zGet host group by host group name. Parameters: name: Name of the host group. Returns: host group matching host group name. extendnameoutputfilterzHost group not found: %smsgrzFailed to get host group '': N_zapi hostgroupgetlen_module fail_json Exceptionselfr _hostgroupes u/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/zabbix/plugins/modules/zabbix_usergroup.pyget_hostgroup_by_hostgroup_namez&Rights.get_hostgroup_by_hostgroup_nameOs X--11#/?@J:" &&+E+L&M!!}$ X LL " "dTU'V " W W XAA A B)"BBc|gSg}|D]^}|j|jddtjgd|jdd}|j |`tj |S)zConstruct the user defined rights to fit the Zabbix API requirements Parameters: _rights: rights to construct Returns: dict: user defined rights host_groupgroupiddeniedN read-only read-write permissionidr,r#r zabbix_utilshelper_to_numeric_valueappendhelper_cleanup_datar_rightsconstructed_datarightconstructed_rights r"construct_the_datazRights.construct_the_datacs ?I 7E::599\;RS+BB?"Q& &&+ID+P&Q%a(( \ LL " "RVXY'Z " [ [ \r$c|gSg}|D]^}|j|jddtjgd|jdd}|j |`tj |S)zConstruct the user defined template rights to fit the Zabbix API requirements Parameters: _rights: rights to construct Returns: dict: user defined rights template_groupr'r(r,r-)rJrr0r1r2r3r4s r"r9z&TemplategroupRights.construct_the_datas ?I 7EBB599M]C^_`ij*BBD"$)99\#: !   # #$5 6 7//0@AAr:N)r<r=r>r?rJr9r@r:r"rFrFs\*Br:rFceZdZdZdZy) TagFilterszU Restructure the user defined tag_filters to fit the Zabbix API requirements c|gSg}|D]X}|j|jdd|jd|jdd}|j|Ztj|S)zConstruct the user defined tag filters to fit the Zabbix API requirements Parameters: _tag_filters: tag filters to construct Returns: dict: user defined tag filters r&r'tagvalue)r'rPrQ)r#rr2r0r3)r _tag_filtersr6 tag_filterconstructed_tag_filters r"r9zTagFilters.construct_the_datas  I& r?r9r@r:r"rNrNs Br:rNc6eZdZdZdZdZdZdZdZdZ y) UserGroupc "|dtjgd|dtjddg|dtjddg|d|dd }t|jtd kr |d |d <|S|d |d <|d |d <|dr t|jtd kr/|jj j dd|dgid}n.|jj j dd|dgid}tdk(r"|jjd|dz|dd|d<|S#t$r/}|jjd|dd|Yd}~pd}~wwxYw)zConstruct parameters of UserGroup object Parameters: **kwargs: Arbitrary keyword parameters. Returns: dict: dictionary of specified parameters rdefaultinternalLDAPdisable gui_accessdisabledenabled debug_modestatus tag_filters)rr]r` users_statusrb6.2rightshostgroup_rightstemplategroup_rights userdirectoryr r)rsearchzFailed to get user directory 'rrNrzUser directory '%s' not founduserdirectoryid) r0r1r_zbx_api_versionrrhrrrrr)rkwargs_params_userdirr!s r"_construct_parameterszUserGroup._construct_parameterss6N&>>:F<>Y' )=)@@J')9"-0   -- .e1D D &x 0GH @=+11C*DG& '.45K.LG* +o&#D$9$9:l5>QQ#'::#;#;#?#?*2+1F?4K3L*M$$(::#;#;#?#?*2+1F?4K3L*M$x=A%LL**;f_>UU+.6a[9J-K)*!LL**!/2A7+sA>E F%F  Fc |jjjdd|gid}t|dkDr|Sy#t$r,}|j j d|d|Yd}~yd}~wwxYw) zCheck if user group exists. Parameters: name: Name of the user group. Returns: The return value. True for success, False otherwise. r rrrzFailed to check if user group 'z ' exists: rN)r usergrouprrrrrrr _usergroupr!s r"check_if_usergroup_existsz#UserGroup.check_if_usergroup_exists;s} --11#/?@J:"!!#  LL " "GKQO #   s:> A3"A..A3c t|jtdkr.|jjj dddd|gid}n.|jjj ddddd|gid}t |dkr |j jd|zy |d S#t$r,}|j jd |d |Yd }~y d }~wwxYw) zGet user group by user group name. Parameters: name: Name of the user group. Returns: User group matching user group name. rdr r)rselectTagFilters selectRightsr)rrvselectHostGroupRightsselectTemplateGroupRightsrrzUser group not found: %srrzFailed to get user group 'rN) rrkrrqrrrrrrrs r"get_usergroup_by_usergroup_namez)UserGroup.get_usergroup_by_usergroup_nameOs XD112\%5HH!ZZ1155"*,4(0#)D6"2  "ZZ1155"*,4195=#)D6"2  :" &&+E+L&M!!}$ X LL " "dTU'V " W W XsB*B2-B22 C';"C""C'c tj|j|d}tj|jdi|}i}tj|||}|S)zCheck difference between user group and user specified parameters. Parameters: **kwargs: Arbitrary keyword parameters. Returns: dict: dictionary of differences rr@)r0helper_convert_unicode_to_strrzrohelper_compare_dictionaries)rrlexisting_usergroup parameterschange_parameters_diffs r"check_differencezUserGroup.check_differencetst*GG  0 0 @ "?? &D & & 0 0 88 *,=  r:c ( |jjr|jjd|jjj |S#t $r/}|jjd|dd|Yd}~yd}~wwxYw)zUpdate user group. Parameters: **kwargs: Arbitrary keyword parameters. Returns: usergroup: updated user group TchangedzFailed to update user group 'usrgrpidrrN)r check_mode exit_jsonrrqupdaterr)rrlr!s r"rzUserGroup.updates~ ||&& &&t&4::''..v6 6  LL " ">DZ>PRST #   sAA B"%B  Bc \ |jjr|jjd|jd i|}|jj j |}|ddS#t$r/}|jjd|dd|Yd }~y d }~wwxYw) zAdd user group. Parameters: **kwargs: Arbitrary keyword parameters. Returns: usergroup: added user group Tr usrgrpidsrzFailed to create user group 'rrrNr@) rrrrorrqcreaterr)rrlrrqr!s r"addz UserGroup.adds ||&& &&t&4333=f=J ,,33J?I[)!, ,  LL " ">DVnaP #   sA0A33 B+<%B&&B+c& |jjr|jjdy|jjj |gS#t $r,}|jjd|d|Yd}~yd}~wwxYw)zDelete user group. Parameters: usrgrpid: User group id. Returns: usergroup: deleted user group TrzFailed to delete user group 'rrN)rrrrrqdeleterr)rrr!s r"rzUserGroup.deletesz ||&& &&t&4zz++22H:>>  LL " ">FJ #   s2A%A B$"B  BN) r<r=r>rortrzrrrrr@r:r"rVrVs(7r(#XJ*$(r:rVctj}|jtdddgtdddgdtddd d d gtddd d d gtd d dttdd tddgdtd d dttdd tddgdtd d dttdd tddgdtd d dttdd tddtddtdd tddddg t |d}|j d}|j d}|j d}|j d}|j d}|j d }|j d!}|j d"} |j d#} |j d$} t |} | j} t| jtd%kr t|| }nt|| }t|| }t|| }| j|}|r6| j|d&}| dk(r.| j!||j#d| ||d'|d(|)yt| jtd%kr7| j%|||||j'||j'| *}nG| j%|||||j'|j'||j'| | + }|ik(r|j#d| ||d,|z)y| jd3d&|i||j#d| ||d-|d(|)y| dk(r|j#d| |d.|z/yt| jtd%kr6| j)||||j'||j'| 0}nF| j)||||j'|j'||j'| | 1}|j#d| ||d2|d(|)y)4NstrT user_group)typerequiredaliasesFrYrX)rrrYchoicesr^r_listdict)rr)r)r*r+)rrr)r&r,)relementsroptions)rLr,)rrY)r&rPrQpresentabsent)rrYr) rr]r`rarerfrgrbrhstate) argument_specsupports_check_moderr]r`rarerfrgrbrhrrdrzUser group deleted: z, ID: )rrrqrr)rrr]r`rarerb) rrr]r`rarfrgrbrhzUser group is up to date: %szUser group updated: z0User group %s does not exists, nothing to delete)rrrqr)rr]r`rarerb)rr]r`rarfrgrbrhzUser group created: r@)r0zabbix_common_argument_specrrrparamsrVrrrkr rBrFrNrtrzrrrr9r)rmodulerr]r`rarerfrgrbrhr userGroupzbxrgtshostgroup_rgtstemplategroup_rgtstgfltsusergroup_existsr differences r"mainrs <<>M utl^ D>  +   +  UT:!A  UT:!A  "#>!A  UT:eR0r2  6y9h:OPMGRD QF == D|,J|,J ]]8 $F ]]8 $F}}%78!==)?@-- .KMM/2M MM' "E&!I //CI../,u2EEfc"(50=  $F ::4@<ansible_collections.community.zabbix.plugins.module_utils.baser#ansible.module_utils.compat.versionrAansible_collections.community.zabbix.plugins.module_utils.helpers communityzabbixplugins module_utilshelpersr0r rBrFrNrVrr<r@r:r"rsA@ P dM ^ .5U<XXX/BZ/Bd1Bj1Bh1B*1BhBB: DAH zFr: