Vh(ddlmZmZmZeZddgddZdZdZdZ dd l Z dd l m Z m Z d d lmZmZmZ dd lZd Zd ZdZdZdZdZdZdZdZedk(rey y #e$rdZe j,ZY=wxYw))absolute_importdivisionprint_functionz1.1stableinterface certified)metadata_versionstatus supported_bya module: user author: - Paul Arthur (@flowerysong) - Aljaz Kosir (@aljazkosir) - Tadej Borovsak (@tadeboro) short_description: Manage Sensu users description: - Create, update, activate or deactivate Sensu user. - For more information, refer to the Sensu documentation at U(https://docs.sensu.io/sensu-go/latest/reference/rbac/#users). version_added: 1.0.0 extends_documentation_fragment: - sensu.sensu_go.requirements - sensu.sensu_go.auth - sensu.sensu_go.name requirements: - bcrypt (when managing Sensu Go 5.21.0 or newer) seealso: - module: sensu.sensu_go.user_info options: state: description: - Desired state of the user. - Users cannot actually be deleted, only deactivated. type: str choices: [ enabled, disabled ] default: enabled password: description: - Password for the user. - Required if user with a desired name does not exist yet on the backend and I(password_hash) is not set. - If both I(password) and I(password_hash) are set, I(password_hash) is ignored and calculated from the I(password) if required. type: str password_hash: description: - Bcrypt password hash for the user. - Use C(sensuctl user hash-password PASSWORD) to generate a hash. - Required if user with a desired name does not exist yet on the backend and I(password) is not set. - If both I(password) and I(password_hash) are set, I(password_hash) is ignored and calculated from the I(password) if required. - Sensu Go < 5.21.0 does not support creating/updating users using hashed passwords. Use I(password) parameter if you need to manage such Sensu Go installations. - At the moment, change detection does not work properly when using password hashes because the Sensu Go backend does not expose enough information via its API. type: str version_added: 1.8.0 groups: description: - List of groups user belongs to. type: list elements: str a - name: Create a user sensu.sensu_go.user: auth: url: http://localhost:8080 name: awesome_username password: hidden_password? groups: - dev - prod - name: Use pre-hashed password sensu.sensu_go.user: auth: url: http://localhost:8080 name: awesome_username password_hash: $5f$14$.brXRviMZpbaleSq9kjoUuwm67V/s4IziOLGHjEqxJbzPsreQAyNm - name: Deactivate a user sensu.sensu_go.user: name: awesome_username state: disabled a object: description: Object representing Sensu user. returned: success type: dict sample: disabled: false groups: - ops - dev password: USER_PASSWORD password_hash: $5f$14$.brXRviMZpbaleSq9kjoUuwm67V/s4IziOLGHjEqxJbzPsreQAyNm username: alice N) AnsibleModulemissing_required_lib) argumentserrorsutilsTFcLdtfd|jDS)N)password password_hashc36K|]\}}|vs ||fyw)N).0kv masked_keyss g/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/sensu/sensu_go/plugins/modules/user.py z-_simulate_backend_response..s%1aa{.BAs  )dictitems)payloadrs @r_simulate_backend_responsers(/K "==? c |j||ry|s|jdkr&tj||dzt ||y t r8t j|jdt j}ntjtdtj||dzt ||jd y ) NF5.21.0z /password)usernamerzutf-8bcrypt/reset_passwordasciir#rT)validate_auth_dataversionrputr HAS_BCRYPTr$hashpwencodegensaltrRequirementsErrorr decode)clientpathr#r check_modehashs rupdate_passwordr5s  84  >>H $ IIfd[0$!H3  }}X__W%=v~~?OP../CH/MNN IIfd%66!W1E9  r c|jdkrtjd|s%tj||dzt ||y)Nr"z2Sensu Go < 5.21.0 does not support password hashesr%r'T)r)r SensuErrorrr*r)r1r2r#rr3s rupdate_password_hashr8sP ~~  @    &$!22D]5   r c0t|j|}t|j|}|sG|D]}tj||dz|zd!|D]}tj||dz|z t |t |zdkDS)Nz/groups/r)set differencerr*deletelen)r1r2 old_groups new_groupsr3 to_deleteto_addgs r update_groupsrCsJ**:6I _ ' ' 3F  ;A IIfdZ/!3T : ; 8A LL !2Q!6 7 8 y>CK '! ++r c||k7}|s6|r4|rtj|||Stj||dzd|S)Nz /reinstate)rr<r*)r1r2 old_disabled new_disabledr3changeds r update_staterHsEl*G '  LL & N IIfd\14 8 Nr c|>|r dt|fStj|||dtj||fSd}d|vrt |||d|d|xs|}nd|vrt |||d|d|xs|}d|vr)t |||jdxsg|d|xs|}d|vrt|||d|d|xs|}|r|t|fit|fS|tj||fS)NTFrr#rgroupsdisabled) rrr*getr5r8rCrHr) remote_objectr1r2rr3rGs rsyncrNss 3G<< < &$(UYYvt,,,GW! D'*-wz/B    G #& D'*-w/G    7 D-++H5; H z   W D- 3WZ5H      7@    EIIfd+ ++r c tdttjddtdddgtdtdtd d   }tj|j d}t jdd|j d} t j||}0|j d!|j d|jdtj|j ddd}|j d|d<|j ddk(|d< t|||||j\}}|j!||y#tj$r%}|jt|Yd}~d}~wwxYw#tj$r%}|jt|Yd}~yd}~wwxYw)NTauthnameenabledrK)defaultchoices)no_logFliststr)typeelements)staterrrJ)supports_check_mode argument_specusers)msgrrz3Cannot create new user without a password or a hashrJr#rZ)rGobject)r rrget_specget_sensu_clientparamsrbuild_core_v2_pathrLrError fail_jsonrWget_spec_payloadrNr3 exit_json)moduler1r2rMerrGusers rmainrk s     vv .!"J/e F( ' ' f(= >F  # #D'6==3H ID% &$/  MM* % - MM/ * 2E  (( z?HG!--/GJ --0J>GJ% 64&2C2C  6- <<%SV$$%. <<%SV$$%s0#E%5/F %F8FF G3GG__main__) __future__rrrrX __metaclass__ANSIBLE_METADATA DOCUMENTATIONEXAMPLESRETURN tracebackansible.module_utils.basicr r module_utilsrrrr$r+BCRYPT_IMPORT_ERROR ImportError format_excrr5r8rCrHrNrk__name__rr rrzsA@  ! 9 v 0 J331J 0$ , 8,v2%j zFG1J.)..01sAA76A7