Merge pull request #2995 from bcoca/user_checkmode_fixes

revamped checkmode support in user module
reviewable/pr18780/r1
Brian Coca 9 years ago
commit 37952e866a

@ -296,8 +296,12 @@ class User(object):
self.ssh_file = os.path.join('.ssh', 'id_%s' % self.ssh_type) self.ssh_file = os.path.join('.ssh', 'id_%s' % self.ssh_type)
def execute_command(self, cmd, use_unsafe_shell=False, data=None): def execute_command(self, cmd, use_unsafe_shell=False, data=None, obey_checkmode=True):
return self.module.run_command(cmd, use_unsafe_shell=use_unsafe_shell, data=data) if self.module.check_mode and obey_checkmode:
self.module.debug('In check mode, would have run: "%s"' % cmd)
return (0, '','')
else:
return self.module.run_command(cmd, use_unsafe_shell=use_unsafe_shell, data=data)
def remove_user_userdel(self): def remove_user_userdel(self):
cmd = [self.module.get_bin_path('userdel', True)] cmd = [self.module.get_bin_path('userdel', True)]
@ -392,9 +396,8 @@ class User(object):
if not os.access(usermod_path, os.X_OK): if not os.access(usermod_path, os.X_OK):
return False return False
cmd = [usermod_path] cmd = [usermod_path, '--help']
cmd.append('--help') (rc, data1, data2) = self.execute_command(cmd, obey_checkmode=False)
rc, data1, data2 = self.execute_command(cmd)
helpout = data1 + data2 helpout = data1 + data2
# check if --append exists # check if --append exists
@ -484,8 +487,6 @@ class User(object):
# skip if no changes to be made # skip if no changes to be made
if len(cmd) == 1: if len(cmd) == 1:
return (None, '', '') return (None, '', '')
elif self.module.check_mode:
return (0, '', '')
cmd.append(self.name) cmd.append(self.name)
return self.execute_command(cmd) return self.execute_command(cmd)
@ -592,8 +593,6 @@ class User(object):
return (1, '', 'Failed to create %s: %s' % (ssh_dir, str(e))) return (1, '', 'Failed to create %s: %s' % (ssh_dir, str(e)))
if os.path.exists(ssh_key_file): if os.path.exists(ssh_key_file):
return (None, 'Key already exists', '') return (None, 'Key already exists', '')
if self.module.check_mode:
return (0, '', '')
cmd = [self.module.get_bin_path('ssh-keygen', True)] cmd = [self.module.get_bin_path('ssh-keygen', True)]
cmd.append('-t') cmd.append('-t')
cmd.append(self.ssh_type) cmd.append(self.ssh_type)
@ -626,7 +625,7 @@ class User(object):
cmd.append('-f') cmd.append('-f')
cmd.append(ssh_key_file) cmd.append(ssh_key_file)
return self.execute_command(cmd) return self.execute_command(cmd, obey_checkmode=False)
def get_ssh_public_key(self): def get_ssh_public_key(self):
ssh_public_key_file = '%s.pub' % self.get_ssh_key_path() ssh_public_key_file = '%s.pub' % self.get_ssh_key_path()
@ -864,8 +863,6 @@ class FreeBsdUser(User):
# modify the user if cmd will do anything # modify the user if cmd will do anything
if cmd_len != len(cmd): if cmd_len != len(cmd):
if self.module.check_mode:
return (0, '', '')
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
if rc is not None and rc != 0: if rc is not None and rc != 0:
self.module.fail_json(name=self.name, msg=err, rc=rc) self.module.fail_json(name=self.name, msg=err, rc=rc)
@ -874,8 +871,6 @@ class FreeBsdUser(User):
# we have to set the password in a second command # we have to set the password in a second command
if self.update_password == 'always' and self.password is not None and info[1] != self.password: if self.update_password == 'always' and self.password is not None and info[1] != self.password:
if self.module.check_mode:
return (0, '', '')
cmd = [ cmd = [
self.module.get_bin_path('chpass', True), self.module.get_bin_path('chpass', True),
'-p', '-p',
@ -1027,7 +1022,7 @@ class OpenBSDUser(User):
# find current login class # find current login class
user_login_class = None user_login_class = None
userinfo_cmd = [self.module.get_bin_path('userinfo', True), self.name] userinfo_cmd = [self.module.get_bin_path('userinfo', True), self.name]
(rc, out, err) = self.execute_command(userinfo_cmd) (rc, out, err) = self.execute_command(userinfo_cmd, obey_checkmode=False)
for line in out.splitlines(): for line in out.splitlines():
tokens = line.split() tokens = line.split()
@ -1048,8 +1043,6 @@ class OpenBSDUser(User):
# skip if no changes to be made # skip if no changes to be made
if len(cmd) == 1: if len(cmd) == 1:
return (None, '', '') return (None, '', '')
elif self.module.check_mode:
return (0, '', '')
cmd.append(self.name) cmd.append(self.name)
return self.execute_command(cmd) return self.execute_command(cmd)
@ -1207,8 +1200,6 @@ class NetBSDUser(User):
# skip if no changes to be made # skip if no changes to be made
if len(cmd) == 1: if len(cmd) == 1:
return (None, '', '') return (None, '', '')
elif self.module.check_mode:
return (0, '', '')
cmd.append(self.name) cmd.append(self.name)
return self.execute_command(cmd) return self.execute_command(cmd)
@ -1283,14 +1274,12 @@ class SunOS(User):
cmd.append(self.name) cmd.append(self.name)
if self.module.check_mode: (rc, out, err) = self.execute_command(cmd)
return (0, '', '') if rc is not None and rc != 0:
else: self.module.fail_json(name=self.name, msg=err, rc=rc)
(rc, out, err) = self.execute_command(cmd)
if rc is not None and rc != 0:
self.module.fail_json(name=self.name, msg=err, rc=rc)
# we have to set the password by editing the /etc/shadow file if not self.module.check_mode:
# we have to set the password by editing the /etc/shadow file
if self.password is not None: if self.password is not None:
try: try:
lines = [] lines = []
@ -1307,7 +1296,7 @@ class SunOS(User):
except Exception, err: except Exception, err:
self.module.fail_json(msg="failed to update users password: %s" % str(err)) self.module.fail_json(msg="failed to update users password: %s" % str(err))
return (rc, out, err) return (rc, out, err)
def modify_user_usermod(self): def modify_user_usermod(self):
cmd = [self.module.get_bin_path('usermod', True)] cmd = [self.module.get_bin_path('usermod', True)]
@ -1367,16 +1356,14 @@ class SunOS(User):
# modify the user if cmd will do anything # modify the user if cmd will do anything
if cmd_len != len(cmd): if cmd_len != len(cmd):
(rc, out, err) = (0, '', '') cmd.append(self.name)
if not self.module.check_mode: (rc, out, err) = self.execute_command(cmd)
cmd.append(self.name) if rc is not None and rc != 0:
(rc, out, err) = self.execute_command(cmd) self.module.fail_json(name=self.name, msg=err, rc=rc)
if rc is not None and rc != 0:
self.module.fail_json(name=self.name, msg=err, rc=rc)
else: else:
(rc, out, err) = (None, '', '') (rc, out, err) = (None, '', '')
# we have to set the password by editing the /etc/shadow file # we have to set the password by editing the /etc/shadow file
if self.update_password == 'always' and self.password is not None and info[1] != self.password: if self.update_password == 'always' and self.password is not None and info[1] != self.password:
(rc, out, err) = (0, '', '') (rc, out, err) = (0, '', '')
if not self.module.check_mode: if not self.module.check_mode:
@ -1388,7 +1375,7 @@ class SunOS(User):
lines.append(line) lines.append(line)
continue continue
fields[1] = self.password fields[1] = self.password
fields[2] = str(int(time.time() / 86400)) fields[2] = str(int(time.time() / 86400))
line = ':'.join(fields) line = ':'.join(fields)
lines.append('%s\n' % line) lines.append('%s\n' % line)
open(self.SHADOWFILE, 'w+').writelines(lines) open(self.SHADOWFILE, 'w+').writelines(lines)
@ -1436,7 +1423,7 @@ class DarwinUser(User):
def _list_user_groups(self): def _list_user_groups(self):
cmd = self._get_dscl() cmd = self._get_dscl()
cmd += [ '-search', '/Groups', 'GroupMembership', self.name ] cmd += [ '-search', '/Groups', 'GroupMembership', self.name ]
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd, obey_checkmode=False)
groups = [] groups = []
for line in out.splitlines(): for line in out.splitlines():
if line.startswith(' ') or line.startswith(')'): if line.startswith(' ') or line.startswith(')'):
@ -1448,7 +1435,7 @@ class DarwinUser(User):
'''Return user PROPERTY as given my dscl(1) read or None if not found.''' '''Return user PROPERTY as given my dscl(1) read or None if not found.'''
cmd = self._get_dscl() cmd = self._get_dscl()
cmd += [ '-read', '/Users/%s' % self.name, property ] cmd += [ '-read', '/Users/%s' % self.name, property ]
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd, obey_checkmode=False)
if rc != 0: if rc != 0:
return None return None
# from dscl(1) # from dscl(1)
@ -1471,7 +1458,7 @@ class DarwinUser(User):
'''Return the next available uid''' '''Return the next available uid'''
cmd = self._get_dscl() cmd = self._get_dscl()
cmd += ['-list', '/Users', 'UniqueID'] cmd += ['-list', '/Users', 'UniqueID']
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd, obey_checkmode=False)
if rc != 0: if rc != 0:
self.module.fail_json( self.module.fail_json(
msg="Unable to get the next available uid", msg="Unable to get the next available uid",
@ -1504,8 +1491,7 @@ class DarwinUser(User):
cmd += [ '-create', '/Users/%s' % self.name, 'Password', '*'] cmd += [ '-create', '/Users/%s' % self.name, 'Password', '*']
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json(msg='Error when changing password', self.module.fail_json(msg='Error when changing password', err=err, out=out, rc=rc)
err=err, out=out, rc=rc)
return (rc, out, err) return (rc, out, err)
def _make_group_numerical(self): def _make_group_numerical(self):
@ -1526,13 +1512,11 @@ class DarwinUser(User):
option = '-a' option = '-a'
else: else:
option = '-d' option = '-d'
cmd = [ 'dseditgroup', '-o', 'edit', option, self.name, cmd = [ 'dseditgroup', '-o', 'edit', option, self.name, '-t', 'user', group ]
'-t', 'user', group ]
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json(msg='Cannot %s user "%s" to group "%s".' self.module.fail_json(msg='Cannot %s user "%s" to group "%s".'
% (action, self.name, group), % (action, self.name, group), err=err, out=out, rc=rc)
err=err, out=out, rc=rc)
return (rc, out, err) return (rc, out, err)
def _modify_group(self): def _modify_group(self):
@ -1551,8 +1535,6 @@ class DarwinUser(User):
target = set([]) target = set([])
for remove in current - target: for remove in current - target:
if self.module.check_mode:
return (0, '', '', True)
(_rc, _err, _out) = self.__modify_group(remove, 'delete') (_rc, _err, _out) = self.__modify_group(remove, 'delete')
rc += rc rc += rc
out += _out out += _out
@ -1560,8 +1542,6 @@ class DarwinUser(User):
changed = True changed = True
for add in target - current: for add in target - current:
if self.module.check_mode:
return (0, '', '', True)
(_rc, _err, _out) = self.__modify_group(add, 'add') (_rc, _err, _out) = self.__modify_group(add, 'add')
rc += _rc rc += _rc
out += _out out += _out
@ -1579,7 +1559,7 @@ class DarwinUser(User):
# http://support.apple.com/kb/HT5017?viewlocale=en_US # http://support.apple.com/kb/HT5017?viewlocale=en_US
cmd = [ 'defaults', 'read', plist_file, 'HiddenUsersList' ] cmd = [ 'defaults', 'read', plist_file, 'HiddenUsersList' ]
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd, obey_checkmode=False)
# returned value is # returned value is
# ( # (
# "_userA", # "_userA",
@ -1598,34 +1578,25 @@ class DarwinUser(User):
if not self.name in hidden_users: if not self.name in hidden_users:
cmd = [ 'defaults', 'write', plist_file, cmd = [ 'defaults', 'write', plist_file,
'HiddenUsersList', '-array-add', self.name ] 'HiddenUsersList', '-array-add', self.name ]
if self.module.check_mode:
return 0
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json( self.module.fail_json( msg='Cannot user "%s" to hidden user list.' % self.name, err=err, out=out, rc=rc)
msg='Cannot user "%s" to hidden user list.'
% self.name, err=err, out=out, rc=rc)
return 0 return 0
else: else:
if self.name in hidden_users: if self.name in hidden_users:
del(hidden_users[hidden_users.index(self.name)]) del(hidden_users[hidden_users.index(self.name)])
cmd = [ 'defaults', 'write', plist_file, cmd = [ 'defaults', 'write', plist_file, 'HiddenUsersList', '-array' ] + hidden_users
'HiddenUsersList', '-array' ] + hidden_users
if self.module.check_mode:
return 0
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json( self.module.fail_json( msg='Cannot remove user "%s" from hidden user list.' % self.name, err=err, out=out, rc=rc)
msg='Cannot remove user "%s" from hidden user list.'
% self.name, err=err, out=out, rc=rc)
return 0 return 0
def user_exists(self): def user_exists(self):
'''Check is SELF.NAME is a known user on the system.''' '''Check is SELF.NAME is a known user on the system.'''
cmd = self._get_dscl() cmd = self._get_dscl()
cmd += [ '-list', '/Users/%s' % self.name] cmd += [ '-list', '/Users/%s' % self.name]
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd, obey_checkmode=False)
return rc == 0 return rc == 0
def remove_user(self): def remove_user(self):
@ -1637,9 +1608,7 @@ class DarwinUser(User):
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json( self.module.fail_json( msg='Cannot delete user "%s".' % self.name, err=err, out=out, rc=rc)
msg='Cannot delete user "%s".'
% self.name, err=err, out=out, rc=rc)
if self.force: if self.force:
if os.path.exists(info[5]): if os.path.exists(info[5]):
@ -1653,9 +1622,7 @@ class DarwinUser(User):
cmd += [ '-create', '/Users/%s' % self.name] cmd += [ '-create', '/Users/%s' % self.name]
(rc, err, out) = self.execute_command(cmd) (rc, err, out) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json( self.module.fail_json( msg='Cannot create user "%s".' % self.name, err=err, out=out, rc=rc)
msg='Cannot create user "%s".'
% self.name, err=err, out=out, rc=rc)
self._make_group_numerical() self._make_group_numerical()
@ -1666,20 +1633,19 @@ class DarwinUser(User):
if self.createhome: if self.createhome:
if self.home is None: if self.home is None:
self.home = '/Users/%s' % self.name self.home = '/Users/%s' % self.name
if not os.path.exists(self.home): if not self.module.check_mode:
os.makedirs(self.home) if not os.path.exists(self.home):
self.chown_homedir(int(self.uid), int(self.group), self.home) os.makedirs(self.home)
self.chown_homedir(int(self.uid), int(self.group), self.home)
for field in self.fields: for field in self.fields:
if self.__dict__.has_key(field[0]) and self.__dict__[field[0]]: if self.__dict__.has_key(field[0]) and self.__dict__[field[0]]:
cmd = self._get_dscl() cmd = self._get_dscl()
cmd += [ '-create', '/Users/%s' % self.name, cmd += [ '-create', '/Users/%s' % self.name, field[1], self.__dict__[field[0]]]
field[1], self.__dict__[field[0]]]
(rc, _err, _out) = self.execute_command(cmd) (rc, _err, _out) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json( self.module.fail_json( msg='Cannot add property "%s" to user "%s".'
msg='Cannot add property "%s" to user "%s".'
% (field[0], self.name), err=err, out=out, rc=rc) % (field[0], self.name), err=err, out=out, rc=rc)
out += _out out += _out
@ -1714,10 +1680,7 @@ class DarwinUser(User):
current = self._get_user_property(field[1]) current = self._get_user_property(field[1])
if current is None or current != self.__dict__[field[0]]: if current is None or current != self.__dict__[field[0]]:
cmd = self._get_dscl() cmd = self._get_dscl()
cmd += [ '-create', '/Users/%s' % self.name, cmd += [ '-create', '/Users/%s' % self.name, field[1], self.__dict__[field[0]]]
field[1], self.__dict__[field[0]]]
if self.module.check_mode:
return (0, '', '')
(rc, _err, _out) = self.execute_command(cmd) (rc, _err, _out) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json( self.module.fail_json(
@ -1727,8 +1690,6 @@ class DarwinUser(User):
out += _out out += _out
err += _err err += _err
if self.update_password == 'always' and self.password is not None: if self.update_password == 'always' and self.password is not None:
if self.module.check_mode:
return (0, '', '')
(rc, _err, _out) = self._change_user_password() (rc, _err, _out) = self._change_user_password()
out += _out out += _out
err += _err err += _err
@ -1880,16 +1841,12 @@ class AIX(User):
# skip if no changes to be made # skip if no changes to be made
if len(cmd) == 1: if len(cmd) == 1:
(rc, out, err) = (None, '', '') (rc, out, err) = (None, '', '')
elif self.module.check_mode:
return (0, '', '')
else: else:
cmd.append(self.name) cmd.append(self.name)
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
# set password with chpasswd # set password with chpasswd
if self.update_password == 'always' and self.password is not None and info[1] != self.password: if self.update_password == 'always' and self.password is not None and info[1] != self.password:
if self.module.check_mode:
return (0, '', '')
cmd = [] cmd = []
cmd.append(self.module.get_bin_path('chpasswd', True)) cmd.append(self.module.get_bin_path('chpasswd', True))
cmd.append('-e') cmd.append('-e')
@ -2049,8 +2006,6 @@ class HPUX(User):
# skip if no changes to be made # skip if no changes to be made
if len(cmd) == 1: if len(cmd) == 1:
return (None, '', '') return (None, '', '')
elif self.module.check_mode:
return (0, '', '')
cmd.append(self.name) cmd.append(self.name)
return self.execute_command(cmd) return self.execute_command(cmd)
@ -2128,8 +2083,11 @@ def main():
if module.check_mode: if module.check_mode:
module.exit_json(changed=True) module.exit_json(changed=True)
(rc, out, err) = user.create_user() (rc, out, err) = user.create_user()
result['system'] = user.system if module.check_mode:
result['createhome'] = user.createhome result['system'] = user.name
else:
result['system'] = user.system
result['createhome'] = user.createhome
else: else:
# modify user (note: this function is check mode aware) # modify user (note: this function is check mode aware)
(rc, out, err) = user.modify_user() (rc, out, err) = user.modify_user()

Loading…
Cancel
Save