VhuIddlmZmZmZeZdZdZdZddl Z ddl Z ddl Z ddl m Z ddlmZmZddlmZmZdd lmZmZd Zd Zd d dddZdddZdZdZd ZdZdZddZ dZ!dZ"dZ#dZ$dZ%e&dk(re%yy))absolute_importdivisionprint_functiona --- module: idrac_user short_description: Configure settings for user accounts version_added: "2.1.0" description: - This module allows to perform the following, - Add a new user account. - Edit a user account. - Enable or Disable a user account. extends_documentation_fragment: - dellemc.openmanage.idrac_x_auth_options options: state: type: str description: - Select C(present) to create or modify a user account. - Select C(absent) to remove a user account. choices: [present, absent] default: present user_name: type: str required: true description: Provide the I(user_name) of the account to be created, deleted or modified. user_password: type: str description: - Provide the password for the user account. The password can be changed when the user account is modified. - To ensure security, the I(user_password) must be at least eight characters long and must contain lowercase and upper-case characters, numbers, and special characters. new_user_name: type: str description: Provide the I(user_name) for the account to be modified. privilege: type: str description: - Following are the role-based privileges. - A user with C(Administrator) privilege can log in to iDRAC, and then configure iDRAC, configure users, clear logs, control and configure system, access virtual console, access virtual media, test alerts, and execute debug commands. - A user with C(Operator) privilege can log in to iDRAC, and then configure iDRAC, control and configure system, access virtual console, access virtual media, and execute debug commands. - A user with C(ReadOnly) privilege can only log in to iDRAC. - A user with C(None), no privileges assigned. - Will be ignored, if custom_privilege parameter is provided. choices: [Administrator, ReadOnly, Operator, None] custom_privilege: type: int description: - The privilege level assigned to the user. version_added: "8.1.0" ipmi_lan_privilege: type: str description: The Intelligent Platform Management Interface LAN privilege level assigned to the user. choices: [Administrator, Operator, User, No Access] ipmi_serial_privilege: type: str description: - The Intelligent Platform Management Interface Serial Port privilege level assigned to the user. - This option is only applicable for rack and tower servers. choices: [Administrator, Operator, User, No Access] enable: type: bool description: Provide the option to enable or disable a user from logging in to iDRAC. sol_enable: type: bool description: Enables Serial Over Lan (SOL) for an iDRAC user. protocol_enable: type: bool description: Enables protocol for the iDRAC user. authentication_protocol: type: str description: - This option allows to configure one of the following authentication protocol types to authenticate the iDRAC user. - Secure Hash Algorithm C(SHA). - Message Digest 5 C(MD5). - An authentication protocol is not configured if C(None) is selected. choices: [None, SHA, MD5] privacy_protocol: type: str description: - This option allows to configure one of the following privacy encryption protocols for the iDRAC user. - Data Encryption Standard C(DES). - Advanced Encryption Standard C(AES). - A privacy protocol is not configured if C(None) is selected. choices: [None, DES, AES] requirements: - "python >= 3.9.6" author: "Felix Stephen (@felixs88)" notes: - Run this module from a system that has direct access to Dell iDRAC. - This module supports C(check_mode). a2 --- - name: Configure a new iDRAC user dellemc.openmanage.idrac_user: idrac_ip: 198.162.0.1 idrac_user: idrac_user idrac_password: idrac_password ca_path: "/path/to/ca_cert.pem" state: present user_name: user_name user_password: user_password privilege: Administrator ipmi_lan_privilege: Administrator ipmi_serial_privilege: Administrator enable: true sol_enable: true protocol_enable: true authentication_protocol: SHA privacy_protocol: AES - name: Modify existing iDRAC user username and password dellemc.openmanage.idrac_user: idrac_ip: 198.162.0.1 idrac_user: idrac_user idrac_password: idrac_password ca_path: "/path/to/ca_cert.pem" state: present user_name: user_name new_user_name: new_user_name user_password: user_password - name: Delete existing iDRAC user account dellemc.openmanage.idrac_user: idrac_ip: 198.162.0.1 idrac_user: idrac_user idrac_password: idrac_password ca_path: "/path/to/ca_cert.pem" state: absent user_name: user_name a --- msg: description: Status of the iDRAC user configuration. returned: always type: str sample: "Successfully created user account details." status: description: Configures the iDRAC users attributes. returned: success type: dict sample: { "@Message.ExtendedInfo": [{ "Message": "Successfully Completed Request", "MessageArgs": [], "MessageArgs@odata.count": 0, "MessageId": "Base.1.5.Success", "RelatedProperties": [], "RelatedProperties@odata.count": 0, "Resolution": "None", "Severity": "OK" }, { "Message": "The operation successfully completed.", "MessageArgs": [], "MessageArgs@odata.count": 0, "MessageId": "IDRAC.2.1.SYS413", "RelatedProperties": [], "RelatedProperties@odata.count": 0, "Resolution": "No response action is required.", "Severity": "Informational"} ]} error_info: description: Details of the HTTP Error. returned: on HTTP error type: dict sample: { "error": { "code": "Base.1.0.GeneralError", "message": "A general error has occurred. See ExtendedInfo for more information.", "@Message.ExtendedInfo": [ { "MessageId": "GEN1234", "RelatedProperties": [], "Message": "Unable to process the request because an error occurred.", "MessageArgs": [], "Severity": "Critical", "Resolution": "Retry the operation. If the issue persists, contact your system administrator." } ] } } N)SSLError)URLError HTTPError)ConnectionErrorSSLValidationError)iDRACRedfishAPIIdracAnsibleModulez//redfish/v1/Managers/iDRAC.Embedded.1/Accounts/z1/redfish/v1/Managers/iDRAC.Embedded.1/Attributes/ii) AdministratorOperatorReadOnlyNoneDisabledEnabled)rr z/custom_privilege value should be from 0 to 511.c V|j}t|jD]7\}}|jdd}|dk(rd}|S|dk(s*t |||<9t t t|jt|jz }|S)a/ :param json_payload: json payload created for update operation :param idrac_attr: idrac user attributes case1: always skip password for difference case2: as idrac_attr returns privilege in the format of string so convert payload to string only for comparision :return: bool #r PasswordT Privilege)copydictitemssplitstrboollistset) json_payload idrac_attr copy_jsonkeyval split_keyis_change_requireds q/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/dellemc/openmanage/plugins/modules/idrac_user.pycompare_payloadr(s!!#IO))+ZSIIcN1%  "!%     # XIcN Z"$s9??+<'=JDTDTDV@W'W"XY cd\}}}}|jds|jd|jdddd }|j|jd }t t d d }|D]w} dj| } |j| |jdk(r| }tt| z}n/|j| r]|xr|d| }tt| z}y|||||fS)z This function gets the slot id and slot uri for create and modify. :param module: ansible module arguments :param idrac: idrac objects :return: user_attr, slot_uri, slot_id, empty_slot, empty_slot_uri )NNNN user_namezUser name is not valid.msgJSONDefaultIDRACT) export_format export_usetargetjob_waitziDRAC.Embedded.1)fqddzUsers.{0}#UserName) params fail_json export_scpget_idrac_local_account_attr json_datatuplerangeformatget ACCOUNT_URIr) moduleidracslot_urislot_id empty_slotempty_slot_uriresponseuser_attributesslot_numnumr+s r'get_user_accountrLs5K1Hgz> == %67fSZeijH889K9KRd8eOU1b\"H4(//4   y )V]];-G GG"SX-H ""9->3Pj2YJ(3s83N4 Hgz> IIr)c Pd|jvr|jd|jdn!tj|jd}|jd|jdtj|jd||jd|jdtj|jdtj|jd |jd |jd d }|jd )|dk(r$dj |}|jd ||<n|jddk(r dddddddddd }t |j Dcgc]\}}| |j ||fc}}}|Scc}}w)a This function creates the payload with slot id. :param module: ansible module arguments :param action: new user name is only applicable in case of update user name. :param slot_id: slot id for user slot :return: json data with slot id custom_privilege privileger+ user_passwordenableipmi_lan_privilegeipmi_serial_privilege sol_enableprotocol_enableauthentication_protocolprivacy_protocol) Users.{0}.UserNamezUsers.{0}.PasswordUsers.{0}.EnableUsers.{0}.PrivilegeUsers.{0}.IpmiLanPrivilegeUsers.{0}.IpmiSerialPrivilegeUsers.{0}.SolEnableUsers.{0}.ProtocolEnable Users.{0}.AuthenticationProtocolUsers.{0}.PrivacyProtocol new_user_nameupdaterXstateabsentrr No AccessSHAAES) rXrYrZr[r\r]r^r_r`)r8 USER_ROLESr@ACCESSr?rr) rBrEactionuser_privilege slot_payloadr+kvpayloads r' get_payloadrqs;MPVP]P]:] ()5]]#56;E>>&--XcJd;e+1-- *D*0--*H(. 6==3J(K+928--@T2U5;]]CZ5[+1::fmmL6Q+R06 6==IZ;[0\8> F_8`17?Q1R VL}}_%1f6H(//8 "(--"@ Y w 8 +.0jij6Ado/9Wa{0}rez (?<=\d)\.rz%{1})rresubr?)rprootattrr rnror#s r'convert_payload_xmlrw/s| oD DL 1ff\3* 7>>sAFF S ;;t D  r)cH|j}|d}di} } |xr||xr|d} t||d} |jr|jdd|d k\r|j t d d | i } | | fS|d kr7t | \} } tjd |j| dd} | | fS|xr|d} t||d} t | \} } t| |}|jr'|r|jdd|jd|s|jd|d k\r|j t d d | i } | | fS|d kr)tjd |j| dd} | | fS|xr |xr|xr||jd| | fS)ah This function create user account in case not exists else update it. :param module: user account module arguments :param idrac: idrac object :param slot_uri: slot uri for update :param slot_id: slot id for update :param empty_slot_id: empty slot id for create :param empty_slot_uri: empty slot uri for create :return: json rz$Unable to retrieve the user details.z"Successfully created user account.createrkChanges found to commit!Tr-changedPATCH Attributes)data ALL import_bufferr3r4z"Successfully updated user account.rbNo changes found to commit!r,z7Requested changes are already present in the user slot.zOMaximum number of users reached. Delete a user account and retry the operation.) get_server_generationrq check_mode exit_jsoninvoke_request ATTRIBUTE_URIrwtimesleep import_scpr(r9)rBrCrDrE empty_slot_idrG user_attr gen_details generationr-rHrp xml_payloadr values r'create_or_modify_accountr@s--KQJ:BCH%=+K^*X2fmHE      !;T  J  ++M7,X_I`+aH. S=-"_(;G(D %K JJrN''k%Z^'_H& S=%  h +2fgh?$7$@! \ i8     %? N   !>  ?   !Z  [  ++M7,X_I`+aH S= "_ JJrN''k%Z^'_H S=  Ch C= C^ Lno S=r)cid}}t||d}t|\}}|jr|xr||jdd||fS|jr|xr||jd||fS|js3|xr|-t j d |j |d d }||fS|jd ||fS) z remove user user account by passing empty payload details. :param module: user account module arguments. :param idrac: idrac object. :param slot_uri: user slot uri. :param slot_id: user slot id. :return: json. z"Successfully deleted user account.deleterzr{Tr|rr,rrrzThe user account is absent.)rqrwrrrrr) rBrCrDrErHr-rprr s r'remove_user_accountrnsPTZTaTa>a MM, - 9 '9:?I~~fmm\gNhjk?l  > 1^F[5[   !6  76\+r)cdddgddddiddiddddgdd dd d dgd d dgd d dd d dd d dd d dgdd dgdd d }t|d} t|t|jd5}t ||\}}}}}|jddk(rt |||||||\}} n#|jddk(rt ||||\}} jjd} |jjd} | rE| jdjd} ddg} | | vr|j| |j| r,|j| jd|j|j |jddddy#1swYyxYw#t$r9}|jt|tj|Yd}~yd}~wt$r&}|jt|dYd}~yd}~wt t"t$t&t(t*t,t.f$r%}|jt|Yd}~yd}~wwxYw)NFrrd)requiredchoicesdefaultrT)rno_log)rrrr)rrint)rtype)rrUserrfr)rgMD5r)rhDESr) rcrar+rPrOrNrRrSrQrTrUrVrW) argument_specsupports_check_mode) req_sessionrcerrorOemDellMessagez?Unable to complete application of configuration profile values.zGImport of Server Configuration Profile operation completed with errors.)r- error_infomessage)r-statusr})r- unreachabler,)r rr r8rLrrr<r@r9rrrjsonloadr RuntimeErrorr r KeyError ImportError ValueError TypeErrorr)specsrBrCrrDrErrGrHrroemoem_msg error_msgerres r'mainrs{#H0ER[\$e, $'&+t<"'4ef).>+0=op.3@r!s$f5#(&9(-v>05BX#Y).;QR E  "F%v V]] = SJZ[achJi GIx-}}W%2$rsCB ] ~' R3 l KIy? C "A N I &I,J2B"+\08-%` zFr)