VhOhdZddlmZmZmZeZdZdZddl m Z m Z ddl m Z mZmZmZmZdZ ddlmZe d Ze d Ze d Ze d ZdZdZe dZdZe dZe dZe dZ dZ!dZ"dZ#dZ$dZ%dZ&dZ'dZ(dZ)dZ*e+dk(re*y y #e$rd ZY~wxYw)!z Manage Infinibox users )absolute_importdivisionprint_functiona8 --- module: infini_user version_added: 2.9.0 short_description: Create, Delete and Modify a User on Infinibox description: - This module creates, deletes or modifies a user on Infinibox. author: David Ohlemacher (@ohlemacher) options: user_name: description: - The new user's Name. Once a user is created, the user_name may not be changed from this module. It may be changed from the UI or from infinishell. required: false type: str user_email: description: - The new user's Email address required: false type: str user_password: description: - The new user's password required: false type: str user_role: description: - The user's role required: false choices: [ "admin", "pool_admin", "read_only" ] type: str user_enabled: description: - Specify whether to enable the user type: bool required: false default: true user_pool: description: - Use with role==pool_admin. Specify the new user's pool. required: false type: str state: description: - Creates/Modifies user when present or removes when absent. - Use state 'login' to test user credentials. - Use state 'reset' to reset a user password. required: false default: present choices: [ "stat", "reset_password", "present", "absent", "login" ] type: str user_ldap_group_name: description: - Name of the LDAP user group required: false type: str user_ldap_group_dn: description: - DN of the LDAP user group required: false type: str user_ldap_group_ldap: description: - Name of the LDAP required: false type: str user_ldap_group_role: description: - Role for the LDAP user group choices: [ "admin", "pool_admin", "read_only" ] required: false type: str user_ldap_group_pools: description: - A list of existing pools managed by the LDAP user group default: [] required: false type: list elements: str extends_documentation_fragment: - infinibox z - name: Create new user infini_user: user_name: foo_user user_email: foo@example.com user_password: secret2 user_role: pool_admin user_enabled: false pool: foo_pool state: present password: secret1 system: ibox001 ) AnsibleModulemissing_required_lib) api_wrapperinfinibox_argument_spec get_systemget_usermerge_two_dictsT)APICommandFailedFcd}|jd}d|d}t|}|jj|}t |j ddkDr|j dd}|d}|S) z4 Find the ID of the LDAP user group by name Nuser_ldap_group_name users?name=&type=eq%3ALdappathresultridparamsr apigetlenget_jsonmoduleldap_id ldap_namersystem api_resultrs s/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/infinidat/infinibox/plugins/modules/infini_user.pyfind_user_ldap_group_idr#s G 45I  ? 3D  FT*J :    *+a/$$&x03, Ncd}|jd}d|d}t|}|jj|}t |j ddkDr|j dd}|d}|S) z) Find the ID of the LDAP by name Nuser_ldap_group_ldapzconfig/ldap?name=z &fields=idrrrrrrs r" find_ldap_idr's G 45I yk 4D  FT*J :    *+a/$$&x03, Nr$c|js|jj|jd|jd|jd|jd}|j |jd|jdrR|jddk(s t d |j j|jd }t||d }|S) z Create user user_name user_password user_email user_enabled)namepasswordemailenabled user_role user_pool pool_adminz+user_pool set, but role is not 'pool_admin'r-T) check_modeuserscreater update_roleAssertionErrorpoolsradd_user_to_pool_owners)rr userpoolchangeds r" create_userr?s   ||"" k(B,2MM/,J)/|)D+1==+H#% {34 == %==-=$%RSS<<##{)C#DD #D$ /G Nr$cR|jd}|jd}t|}|jd}|sd|d|}|j|d}t|}||jd||jd d d } |jj || d} t|||} |D]*} |jj| } t| | ,| S#t $r;} | jd vr#d|d| j}|j|Yd} ~ d} ~ wwxYw)z Create ldap user group rr&user_ldap_group_poolszCannot create LDAP group z. Cannot find ID for LDAP name msgr6user_ldap_group_dnuser_ldap_group_roleLdap)r-dnrroletyperdata)iz#Cannot create user_ldap_group_name : NTr4) rr' fail_jsonr rpostr status_codemessager r:rr;)rldap_group_namerr ldap_poolsrCrr rKerrr>r< pool_namer=s r"create_ldap_user_grouprUsGmm$:;O 45I6"G67J )/)::YZcYdeS! D  Fmm01 45  D" T- G FFO 4D, ||Y/d+, N " ??e #77H3;;-XC   S !"sC"" D&+1D!!D&cd}|jdd}|jdg}t|}|j}|j |j ||k7r|j |gd}|S)a" Find the current list of pool owners and add user using pool.set_owners(). set_owners() replaces the current owners with the list of new owners. So, get owners, add user, then set owners. Further, we need to know if the owners changed. Use sets of owners to compare. FT from_cache raw_valueowners) get_fieldsrsetcopyaddr set_owners)r<r=r> pool_fields pool_ownerspool_owners_setnew_pool_owners_sets r"r;r;swG//TT/BK//(B/K+&O)..0DGG$--  Nr$cd}|jdd}|jdg} |j||j|d}|S#t$rY|SwxYw)z Remove user from pool owners FTrWrZ)r[rremover_ ValueError)r<r=r>r`ras r"remove_user_from_pool_ownersrgsmG//TT/BK//(B/K 4   $ N   N s$A AAc|td|jddd}|jdd}|jd|jd j k7r!|j d|jd d}|jd |jd k7r!|j d |jd d}|jd |jd k7r!|j d |jd d}|jdr: |jd}|j j|}t|rd}|S#t$r"}|jdd|Yd}~6d}~wwxYw)z Update user NzCannot update user r)z. User not found.FTrWrHr1r0r,r/r+r2r4zCannot find pool rLrB) r9rr[rupper update_fieldr: ExceptionrMr;)rr r<r>fieldsrTr=rSs r" update_userrmst |26==3M2NN_`aaG ___ =F zz&V]];7==?? &&-- "<= zz) n == )V]]>%BC zz'fmmL99 '6==#>? }}[! I k2I<<###3D #4 .G N  I   #4YKr#!G  H H Is+E E>E99E>c^t|}|s|jdt|d}|S)z> Update ldap user group by deleting and creating the LDAP userzICannot delete LDAP user {ldap_group_name}. Cannot find ID for LDAP group.rBT)delete_ldap_user_grouprMrU)rr>s r"update_ldap_user_grouprps3$V,G hi6"G Nr$c|#|jd|jdd|j|jdy)z Reset user's password NzCannot change user r)z password. User not found.rBr*)rMrupdate_password)rr<s r"reset_user_passwordrs(sF |26==3M2NNhij78r$cH|syd}|js|j|S)z Delete a user FT)r5delete)rr<r>s r" delete_userrv0s& G    Nr$c,d}|jd}t|}|sd}|Sd|d}t|} |jj |d}|S#t $r5}|j dvrd}nd|d |}|j|Yd }~|Sd }~wwxYw) z Delete a ldap user group Frzusers/z ?approved=yesrT)iz0An error occurred deleting user_ldap_group_name rLN)rr#r rrur rOrM)rr>rQ ldap_group_idrr rSrCs r"roro=sGmm$:;O+F3M  M?- 0D  F" t$ N " ??e #GD_DUUWX[W\]C   S ! N "sA B*BBcd}|jd}d|d}t|}|jj|}t |j ddkDr|j dd}|S)z* Find the LDAP user group by name Nrrrrrrr)rrrrr r!s r"get_user_ldap_grouprzTsF!==)?@ -.o >D  FT*J :    *+a/$$&x03 Mr$c |j}|Dcgc]}|jd}}|jdd}|jdd|jdd|jdd|j|jdd||jd d|jd g|jd dd }|Scc}w) z Get user's fields r-TrWrGNr/r0rrHrolesrI) rGr/r0rrr:rHr|rI)get_owned_pools get_fieldr[rr)r<r:r= pool_namesrl field_dicts r"get_user_fieldsrbs  "E5:;T$..(;J; ___ =Fjjt$GT*::i.gg::i. 64(GR( 64( J rCN)rr r rMrrzr exit_json)rr)rr r<rrCrs r" handle_statrvs k*I!==)?@F#'MM+.    5 :!>  ?$T* i[ , "6*   #89M8Nj!Y  Z$T*  !5 6kBWFVZ 0FFvr$c|jd}|jd}d}d}|rIt|}t||}|st||}d|d}nlt |||}|rd|d}nVd|d}nO|r:t |}|st |}d |d}n.t|}|rd |d }nd |d }nd }|j||j|| y)z Handle making user present r)rFzMessage not setrz createdz updatedz update required no changeszLDAP user group z; updated by deleting and recreating with updated parametersz! update not required - no changesz8Neither user_name nor user_ldap_group_name were providedrN) rr r r?rmrzrUrprMr)rr)rr>rCr r< ldap_users r"handle_presentrs  k*I!==)?@G CF#'!&&1G)H-C!&&$7Gi[1i[(CD '/ ,V4G$%9$:(CC,V4G()=(>>yz()=(>>_`H W#.r$cx|jd}|jd}|rWt|}t||}|jd}|s d}d|d}nt||}d|d}|j ||y |r.t |}|rd|d}nd|d}|j ||y d }|j |y ) z Handle making user absent r)rFrz already absentz removedrzLDAP group user zINeither user_name nor user_ldap_group_name were provided for state absentN)rr r rvrrorM)rr)rr r<r>rCs r" handle_absentrs k*I!==)?@F#'MM+. G)O4C!&$/G)H-Cc2 (0 $%9$:(CC$%9$:/JCc2Yr$ct|}t||}|jd}|sd|d}|j|y t ||d|d}|j d|y ) z Reset user password r)zCannot change password. User rrBrz password changedTrN)r r rrMrsr)rr r<r)rCs r"handle_reset_passwordrst  F FF #D k*I -i[ CS!FD)i[ 123/r$ct|}|jd}|jd}d}||d} |jj||}j d k(rd|d }|jd | yd|d |j }|j |y#t$rd|d}|j |YqwxYw)z% Test user credentials by logging in r)r*z users/login)usernamer.rJrz failed to loginrBz successfully logged inFrz# failed to login with status code: N)r rrrNr rMrOr)rr r)r*rrKloginrCs r" handle_loginrs  F k*IMM/2M D! D" T5 Ci[ 78C0i[ CEDUDUCVWS! "i[ 01S!"sB!CCcn|jd} |dk(r t|nY|dk(r t|nH|dk(r t|n7|dk(r t |n&|dk(r t |n|j d|t|}|jy #t|}|jwxYw) z Find state and handle it statestatpresentabsentreset_passwordrz'Internal handler error. Invalid state: rBN) rrrrrrrMr logout)rrr s r" execute_staters MM' "E F?   i  6 " h  & ! & & !& ) g     #J5'!R  SF# F# s A*BB4c6|jd}|jd}|jd}|jd}|jd}|jd}|dk(r|dk(r|s|jd |dk7r|r|jd |s|sd }|j| |r|rd }|j| |r5gd}|D],} |j| } | d| d}|j| .|rbgd} | D],} |j| } | rd| d}|j| .|dk(r'|jd} | sd}|j| yyyy|dvr8|jdr|jdsd|d}|j| yyy)z Check option logic rr)r1r2rrErr3z:user_role "pool_admin" requires a user_pool to be providedrBzblp!q"&FU\^"_y2jk "=d CF 1+>?&&r$__main__N),__doc__ __future__rrrrI __metaclass__ DOCUMENTATIONEXAMPLESansible.module_utils.basicrrFansible_collections.infinidat.infinibox.plugins.module_utils.infiniboxrr r r r rinfinisdk.core.exceptionsr ImportErrorr#r'r?rUr;rgrmrprsrvrorzrrrrrrrrr__name__rr$r"rsVCB S j "K :           (    F&   8 9 9      , (<"/J6 0".*2&j: zF{MsB''B10B1