|
|
|
@ -39,23 +39,23 @@ options:
|
|
|
|
|
username:
|
|
|
|
|
description:
|
|
|
|
|
- Username of the user to be created if account did not exist.
|
|
|
|
|
- Required on C(state=present).
|
|
|
|
|
- Required on I(state=present).
|
|
|
|
|
password:
|
|
|
|
|
description:
|
|
|
|
|
- Password of the user to be created if account did not exist.
|
|
|
|
|
- Required on C(state=present).
|
|
|
|
|
- Required on I(state=present) if I(ldap_domain) is not set.
|
|
|
|
|
first_name:
|
|
|
|
|
description:
|
|
|
|
|
- First name of the user to be created if account did not exist.
|
|
|
|
|
- Required on C(state=present).
|
|
|
|
|
- Required on I(state=present) if I(ldap_domain) is not set.
|
|
|
|
|
last_name:
|
|
|
|
|
description:
|
|
|
|
|
- Last name of the user to be created if account did not exist.
|
|
|
|
|
- Required on C(state=present).
|
|
|
|
|
- Required on I(state=present) if I(ldap_domain) is not set.
|
|
|
|
|
email:
|
|
|
|
|
description:
|
|
|
|
|
- Email of the user to be created if account did not exist.
|
|
|
|
|
- Required on C(state=present).
|
|
|
|
|
- Required on I(state=present) if I(ldap_domain) is not set.
|
|
|
|
|
timezone:
|
|
|
|
|
description:
|
|
|
|
|
- Timezone of the user to be created if account did not exist.
|
|
|
|
@ -75,6 +75,17 @@ options:
|
|
|
|
|
description:
|
|
|
|
|
- Creates the account under the specified role name or id.
|
|
|
|
|
version_added: 2.8
|
|
|
|
|
ldap_domain:
|
|
|
|
|
description:
|
|
|
|
|
- Name of the LDAP group or OU to bind.
|
|
|
|
|
- If set, account will be linked to LDAP.
|
|
|
|
|
version_added: 2.8
|
|
|
|
|
ldap_type:
|
|
|
|
|
description:
|
|
|
|
|
- Type of the ldap name. GROUP or OU, defaults to GROUP.
|
|
|
|
|
default: 'GROUP'
|
|
|
|
|
choices: [ 'GROUP', 'OU' ]
|
|
|
|
|
version_added: 2.8
|
|
|
|
|
state:
|
|
|
|
|
description:
|
|
|
|
|
- State of the account.
|
|
|
|
@ -129,6 +140,22 @@ EXAMPLES = '''
|
|
|
|
|
name: customer_xy
|
|
|
|
|
domain: CUSTOMERS
|
|
|
|
|
state: absent
|
|
|
|
|
|
|
|
|
|
# Create a single user LDAP account in domain 'CUSTOMERS'
|
|
|
|
|
- local_action:
|
|
|
|
|
module: cs_account
|
|
|
|
|
name: customer_xy
|
|
|
|
|
username: customer_xy
|
|
|
|
|
domain: CUSTOMERS
|
|
|
|
|
ldap_domain: cn=customer_xy,cn=team_xy,ou=People,dc=domain,dc=local
|
|
|
|
|
|
|
|
|
|
# Create a LDAP account in domain 'CUSTOMERS' and bind it to a LDAP group
|
|
|
|
|
- local_action:
|
|
|
|
|
module: cs_account
|
|
|
|
|
name: team_xy
|
|
|
|
|
username: customer_xy
|
|
|
|
|
domain: CUSTOMERS
|
|
|
|
|
ldap_domain: cn=team_xy,ou=People,dc=domain,dc=local
|
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
RETURN = '''
|
|
|
|
@ -280,6 +307,21 @@ class AnsibleCloudStackAccount(AnsibleCloudStack):
|
|
|
|
|
return account
|
|
|
|
|
|
|
|
|
|
def present_account(self):
|
|
|
|
|
account = self.get_account()
|
|
|
|
|
|
|
|
|
|
if not account:
|
|
|
|
|
self.result['changed'] = True
|
|
|
|
|
|
|
|
|
|
if self.module.params.get('ldap_domain'):
|
|
|
|
|
required_params = [
|
|
|
|
|
'domain',
|
|
|
|
|
'username',
|
|
|
|
|
]
|
|
|
|
|
self.module.fail_on_missing_params(required_params=required_params)
|
|
|
|
|
|
|
|
|
|
account = self.create_ldap_account(account)
|
|
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
required_params = [
|
|
|
|
|
'email',
|
|
|
|
|
'username',
|
|
|
|
@ -289,11 +331,37 @@ class AnsibleCloudStackAccount(AnsibleCloudStack):
|
|
|
|
|
]
|
|
|
|
|
self.module.fail_on_missing_params(required_params=required_params)
|
|
|
|
|
|
|
|
|
|
account = self.get_account()
|
|
|
|
|
account = self.create_account(account)
|
|
|
|
|
|
|
|
|
|
if not account:
|
|
|
|
|
self.result['changed'] = True
|
|
|
|
|
return account
|
|
|
|
|
|
|
|
|
|
def create_ldap_account(self, account):
|
|
|
|
|
args = {
|
|
|
|
|
'account': self.module.params.get('name'),
|
|
|
|
|
'domainid': self.get_domain(key='id'),
|
|
|
|
|
'accounttype': self.get_account_type(),
|
|
|
|
|
'networkdomain': self.module.params.get('network_domain'),
|
|
|
|
|
'username': self.module.params.get('username'),
|
|
|
|
|
'timezone': self.module.params.get('timezone'),
|
|
|
|
|
'roleid': self.get_role_id()
|
|
|
|
|
}
|
|
|
|
|
if not self.module.check_mode:
|
|
|
|
|
res = self.query_api('ldapCreateAccount', **args)
|
|
|
|
|
account = res['account']
|
|
|
|
|
|
|
|
|
|
args = {
|
|
|
|
|
'account': self.module.params.get('name'),
|
|
|
|
|
'domainid': self.get_domain(key='id'),
|
|
|
|
|
'accounttype': self.get_account_type(),
|
|
|
|
|
'ldapdomain': self.module.params.get('ldap_domain'),
|
|
|
|
|
'type': self.module.params.get('ldap_type')
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
self.query_api('linkAccountToLdap', **args)
|
|
|
|
|
|
|
|
|
|
return account
|
|
|
|
|
|
|
|
|
|
def create_account(self, account):
|
|
|
|
|
args = {
|
|
|
|
|
'account': self.module.params.get('name'),
|
|
|
|
|
'domainid': self.get_domain(key='id'),
|
|
|
|
@ -310,6 +378,7 @@ class AnsibleCloudStackAccount(AnsibleCloudStack):
|
|
|
|
|
if not self.module.check_mode:
|
|
|
|
|
res = self.query_api('createAccount', **args)
|
|
|
|
|
account = res['account']
|
|
|
|
|
|
|
|
|
|
return account
|
|
|
|
|
|
|
|
|
|
def absent_account(self):
|
|
|
|
@ -351,6 +420,8 @@ def main():
|
|
|
|
|
password=dict(no_log=True),
|
|
|
|
|
timezone=dict(),
|
|
|
|
|
role=dict(),
|
|
|
|
|
ldap_domain=dict(),
|
|
|
|
|
ldap_type=dict(choices=['GROUP', 'OU'], default='GROUP'),
|
|
|
|
|
poll_async=dict(type='bool', default=True),
|
|
|
|
|
))
|
|
|
|
|
|
|
|
|
|