revamped checkmode support in user module

- defaulted to commands not executing in checkmode
- added force run for info gathering (for setting changed)
- added debug for what would have been run in check mode
- added check mode for spots that made changes using system calls instead of command
- removed now redundant checkmode checks

better failure now, if i missed anything, it will misreport changed value
instead of old default of actually making the change in checkmode
pull/18777/head
Brian Coca 9 years ago committed by Matt Clay
parent 6aaee42604
commit 5aff573098

@ -295,7 +295,11 @@ class User(object):
self.ssh_file = os.path.join('.ssh', 'id_%s' % self.ssh_type) self.ssh_file = os.path.join('.ssh', 'id_%s' % self.ssh_type)
def execute_command(self, cmd, use_unsafe_shell=False, data=None): def execute_command(self, cmd, use_unsafe_shell=False, data=None, obey_checkmode=True):
if self.module.check_mode and obey_checkmode:
self.module.debug('In check mode, would have run: "%s"' % cmd)
return (0, '','')
else:
return self.module.run_command(cmd, use_unsafe_shell=use_unsafe_shell, data=data) return self.module.run_command(cmd, use_unsafe_shell=use_unsafe_shell, data=data)
def remove_user_userdel(self): def remove_user_userdel(self):
@ -391,9 +395,8 @@ class User(object):
if not os.access(usermod_path, os.X_OK): if not os.access(usermod_path, os.X_OK):
return False return False
cmd = [usermod_path] cmd = [usermod_path, '--help']
cmd.append('--help') (rc, data1, data2) = self.execute_command(cmd, obey_checkmode=False)
rc, data1, data2 = self.execute_command(cmd)
helpout = data1 + data2 helpout = data1 + data2
# check if --append exists # check if --append exists
@ -483,8 +486,6 @@ class User(object):
# skip if no changes to be made # skip if no changes to be made
if len(cmd) == 1: if len(cmd) == 1:
return (None, '', '') return (None, '', '')
elif self.module.check_mode:
return (0, '', '')
cmd.append(self.name) cmd.append(self.name)
return self.execute_command(cmd) return self.execute_command(cmd)
@ -591,8 +592,6 @@ class User(object):
return (1, '', 'Failed to create %s: %s' % (ssh_dir, str(e))) return (1, '', 'Failed to create %s: %s' % (ssh_dir, str(e)))
if os.path.exists(ssh_key_file): if os.path.exists(ssh_key_file):
return (None, 'Key already exists', '') return (None, 'Key already exists', '')
if self.module.check_mode:
return (0, '', '')
cmd = [self.module.get_bin_path('ssh-keygen', True)] cmd = [self.module.get_bin_path('ssh-keygen', True)]
cmd.append('-t') cmd.append('-t')
cmd.append(self.ssh_type) cmd.append(self.ssh_type)
@ -625,7 +624,7 @@ class User(object):
cmd.append('-f') cmd.append('-f')
cmd.append(ssh_key_file) cmd.append(ssh_key_file)
return self.execute_command(cmd) return self.execute_command(cmd, obey_checkmode=False)
def get_ssh_public_key(self): def get_ssh_public_key(self):
ssh_public_key_file = '%s.pub' % self.get_ssh_key_path() ssh_public_key_file = '%s.pub' % self.get_ssh_key_path()
@ -863,8 +862,6 @@ class FreeBsdUser(User):
# modify the user if cmd will do anything # modify the user if cmd will do anything
if cmd_len != len(cmd): if cmd_len != len(cmd):
if self.module.check_mode:
return (0, '', '')
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
if rc is not None and rc != 0: if rc is not None and rc != 0:
self.module.fail_json(name=self.name, msg=err, rc=rc) self.module.fail_json(name=self.name, msg=err, rc=rc)
@ -873,8 +870,6 @@ class FreeBsdUser(User):
# we have to set the password in a second command # we have to set the password in a second command
if self.update_password == 'always' and self.password is not None and info[1] != self.password: if self.update_password == 'always' and self.password is not None and info[1] != self.password:
if self.module.check_mode:
return (0, '', '')
cmd = [ cmd = [
self.module.get_bin_path('chpass', True), self.module.get_bin_path('chpass', True),
'-p', '-p',
@ -1026,7 +1021,7 @@ class OpenBSDUser(User):
# find current login class # find current login class
user_login_class = None user_login_class = None
userinfo_cmd = [self.module.get_bin_path('userinfo', True), self.name] userinfo_cmd = [self.module.get_bin_path('userinfo', True), self.name]
(rc, out, err) = self.execute_command(userinfo_cmd) (rc, out, err) = self.execute_command(userinfo_cmd, obey_checkmode=False)
for line in out.splitlines(): for line in out.splitlines():
tokens = line.split() tokens = line.split()
@ -1047,8 +1042,6 @@ class OpenBSDUser(User):
# skip if no changes to be made # skip if no changes to be made
if len(cmd) == 1: if len(cmd) == 1:
return (None, '', '') return (None, '', '')
elif self.module.check_mode:
return (0, '', '')
cmd.append(self.name) cmd.append(self.name)
return self.execute_command(cmd) return self.execute_command(cmd)
@ -1206,8 +1199,6 @@ class NetBSDUser(User):
# skip if no changes to be made # skip if no changes to be made
if len(cmd) == 1: if len(cmd) == 1:
return (None, '', '') return (None, '', '')
elif self.module.check_mode:
return (0, '', '')
cmd.append(self.name) cmd.append(self.name)
return self.execute_command(cmd) return self.execute_command(cmd)
@ -1282,13 +1273,11 @@ class SunOS(User):
cmd.append(self.name) cmd.append(self.name)
if self.module.check_mode:
return (0, '', '')
else:
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
if rc is not None and rc != 0: if rc is not None and rc != 0:
self.module.fail_json(name=self.name, msg=err, rc=rc) self.module.fail_json(name=self.name, msg=err, rc=rc)
if not self.module.check_mode:
# we have to set the password by editing the /etc/shadow file # we have to set the password by editing the /etc/shadow file
if self.password is not None: if self.password is not None:
try: try:
@ -1366,8 +1355,6 @@ class SunOS(User):
# modify the user if cmd will do anything # modify the user if cmd will do anything
if cmd_len != len(cmd): if cmd_len != len(cmd):
(rc, out, err) = (0, '', '')
if not self.module.check_mode:
cmd.append(self.name) cmd.append(self.name)
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
if rc is not None and rc != 0: if rc is not None and rc != 0:
@ -1435,7 +1422,7 @@ class DarwinUser(User):
def _list_user_groups(self): def _list_user_groups(self):
cmd = self._get_dscl() cmd = self._get_dscl()
cmd += [ '-search', '/Groups', 'GroupMembership', self.name ] cmd += [ '-search', '/Groups', 'GroupMembership', self.name ]
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd, obey_checkmode=False)
groups = [] groups = []
for line in out.splitlines(): for line in out.splitlines():
if line.startswith(' ') or line.startswith(')'): if line.startswith(' ') or line.startswith(')'):
@ -1447,7 +1434,7 @@ class DarwinUser(User):
'''Return user PROPERTY as given my dscl(1) read or None if not found.''' '''Return user PROPERTY as given my dscl(1) read or None if not found.'''
cmd = self._get_dscl() cmd = self._get_dscl()
cmd += [ '-read', '/Users/%s' % self.name, property ] cmd += [ '-read', '/Users/%s' % self.name, property ]
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd, obey_checkmode=False)
if rc != 0: if rc != 0:
return None return None
# from dscl(1) # from dscl(1)
@ -1470,7 +1457,7 @@ class DarwinUser(User):
'''Return the next available uid''' '''Return the next available uid'''
cmd = self._get_dscl() cmd = self._get_dscl()
cmd += ['-list', '/Users', 'UniqueID'] cmd += ['-list', '/Users', 'UniqueID']
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd, obey_checkmode=False)
if rc != 0: if rc != 0:
self.module.fail_json( self.module.fail_json(
msg="Unable to get the next available uid", msg="Unable to get the next available uid",
@ -1503,8 +1490,7 @@ class DarwinUser(User):
cmd += [ '-create', '/Users/%s' % self.name, 'Password', '*'] cmd += [ '-create', '/Users/%s' % self.name, 'Password', '*']
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json(msg='Error when changing password', self.module.fail_json(msg='Error when changing password', err=err, out=out, rc=rc)
err=err, out=out, rc=rc)
return (rc, out, err) return (rc, out, err)
def _make_group_numerical(self): def _make_group_numerical(self):
@ -1525,13 +1511,11 @@ class DarwinUser(User):
option = '-a' option = '-a'
else: else:
option = '-d' option = '-d'
cmd = [ 'dseditgroup', '-o', 'edit', option, self.name, cmd = [ 'dseditgroup', '-o', 'edit', option, self.name, '-t', 'user', group ]
'-t', 'user', group ]
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json(msg='Cannot %s user "%s" to group "%s".' self.module.fail_json(msg='Cannot %s user "%s" to group "%s".'
% (action, self.name, group), % (action, self.name, group), err=err, out=out, rc=rc)
err=err, out=out, rc=rc)
return (rc, out, err) return (rc, out, err)
def _modify_group(self): def _modify_group(self):
@ -1550,8 +1534,6 @@ class DarwinUser(User):
target = set([]) target = set([])
for remove in current - target: for remove in current - target:
if self.module.check_mode:
return (0, '', '', True)
(_rc, _err, _out) = self.__modify_group(remove, 'delete') (_rc, _err, _out) = self.__modify_group(remove, 'delete')
rc += rc rc += rc
out += _out out += _out
@ -1559,8 +1541,6 @@ class DarwinUser(User):
changed = True changed = True
for add in target - current: for add in target - current:
if self.module.check_mode:
return (0, '', '', True)
(_rc, _err, _out) = self.__modify_group(add, 'add') (_rc, _err, _out) = self.__modify_group(add, 'add')
rc += _rc rc += _rc
out += _out out += _out
@ -1578,7 +1558,7 @@ class DarwinUser(User):
# http://support.apple.com/kb/HT5017?viewlocale=en_US # http://support.apple.com/kb/HT5017?viewlocale=en_US
cmd = [ 'defaults', 'read', plist_file, 'HiddenUsersList' ] cmd = [ 'defaults', 'read', plist_file, 'HiddenUsersList' ]
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd, obey_checkmode=False)
# returned value is # returned value is
# ( # (
# "_userA", # "_userA",
@ -1597,34 +1577,25 @@ class DarwinUser(User):
if not self.name in hidden_users: if not self.name in hidden_users:
cmd = [ 'defaults', 'write', plist_file, cmd = [ 'defaults', 'write', plist_file,
'HiddenUsersList', '-array-add', self.name ] 'HiddenUsersList', '-array-add', self.name ]
if self.module.check_mode:
return 0
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json( self.module.fail_json( msg='Cannot user "%s" to hidden user list.' % self.name, err=err, out=out, rc=rc)
msg='Cannot user "%s" to hidden user list.'
% self.name, err=err, out=out, rc=rc)
return 0 return 0
else: else:
if self.name in hidden_users: if self.name in hidden_users:
del(hidden_users[hidden_users.index(self.name)]) del(hidden_users[hidden_users.index(self.name)])
cmd = [ 'defaults', 'write', plist_file, cmd = [ 'defaults', 'write', plist_file, 'HiddenUsersList', '-array' ] + hidden_users
'HiddenUsersList', '-array' ] + hidden_users
if self.module.check_mode:
return 0
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json( self.module.fail_json( msg='Cannot remove user "%s" from hidden user list.' % self.name, err=err, out=out, rc=rc)
msg='Cannot remove user "%s" from hidden user list.'
% self.name, err=err, out=out, rc=rc)
return 0 return 0
def user_exists(self): def user_exists(self):
'''Check is SELF.NAME is a known user on the system.''' '''Check is SELF.NAME is a known user on the system.'''
cmd = self._get_dscl() cmd = self._get_dscl()
cmd += [ '-list', '/Users/%s' % self.name] cmd += [ '-list', '/Users/%s' % self.name]
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd, obey_checkmode=False)
return rc == 0 return rc == 0
def remove_user(self): def remove_user(self):
@ -1636,9 +1607,7 @@ class DarwinUser(User):
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json( self.module.fail_json( msg='Cannot delete user "%s".' % self.name, err=err, out=out, rc=rc)
msg='Cannot delete user "%s".'
% self.name, err=err, out=out, rc=rc)
if self.force: if self.force:
if os.path.exists(info[5]): if os.path.exists(info[5]):
@ -1652,9 +1621,7 @@ class DarwinUser(User):
cmd += [ '-create', '/Users/%s' % self.name] cmd += [ '-create', '/Users/%s' % self.name]
(rc, err, out) = self.execute_command(cmd) (rc, err, out) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json( self.module.fail_json( msg='Cannot create user "%s".' % self.name, err=err, out=out, rc=rc)
msg='Cannot create user "%s".'
% self.name, err=err, out=out, rc=rc)
self._make_group_numerical() self._make_group_numerical()
@ -1665,6 +1632,7 @@ class DarwinUser(User):
if self.createhome: if self.createhome:
if self.home is None: if self.home is None:
self.home = '/Users/%s' % self.name self.home = '/Users/%s' % self.name
if not self.module.check_mode:
if not os.path.exists(self.home): if not os.path.exists(self.home):
os.makedirs(self.home) os.makedirs(self.home)
self.chown_homedir(int(self.uid), int(self.group), self.home) self.chown_homedir(int(self.uid), int(self.group), self.home)
@ -1673,12 +1641,10 @@ class DarwinUser(User):
if self.__dict__.has_key(field[0]) and self.__dict__[field[0]]: if self.__dict__.has_key(field[0]) and self.__dict__[field[0]]:
cmd = self._get_dscl() cmd = self._get_dscl()
cmd += [ '-create', '/Users/%s' % self.name, cmd += [ '-create', '/Users/%s' % self.name, field[1], self.__dict__[field[0]]]
field[1], self.__dict__[field[0]]]
(rc, _err, _out) = self.execute_command(cmd) (rc, _err, _out) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json( self.module.fail_json( msg='Cannot add property "%s" to user "%s".'
msg='Cannot add property "%s" to user "%s".'
% (field[0], self.name), err=err, out=out, rc=rc) % (field[0], self.name), err=err, out=out, rc=rc)
out += _out out += _out
@ -1713,10 +1679,7 @@ class DarwinUser(User):
current = self._get_user_property(field[1]) current = self._get_user_property(field[1])
if current is None or current != self.__dict__[field[0]]: if current is None or current != self.__dict__[field[0]]:
cmd = self._get_dscl() cmd = self._get_dscl()
cmd += [ '-create', '/Users/%s' % self.name, cmd += [ '-create', '/Users/%s' % self.name, field[1], self.__dict__[field[0]]]
field[1], self.__dict__[field[0]]]
if self.module.check_mode:
return (0, '', '')
(rc, _err, _out) = self.execute_command(cmd) (rc, _err, _out) = self.execute_command(cmd)
if rc != 0: if rc != 0:
self.module.fail_json( self.module.fail_json(
@ -1726,8 +1689,6 @@ class DarwinUser(User):
out += _out out += _out
err += _err err += _err
if self.update_password == 'always' and self.password is not None: if self.update_password == 'always' and self.password is not None:
if self.module.check_mode:
return (0, '', '')
(rc, _err, _out) = self._change_user_password() (rc, _err, _out) = self._change_user_password()
out += _out out += _out
err += _err err += _err
@ -1879,16 +1840,12 @@ class AIX(User):
# skip if no changes to be made # skip if no changes to be made
if len(cmd) == 1: if len(cmd) == 1:
(rc, out, err) = (None, '', '') (rc, out, err) = (None, '', '')
elif self.module.check_mode:
return (0, '', '')
else: else:
cmd.append(self.name) cmd.append(self.name)
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
# set password with chpasswd # set password with chpasswd
if self.update_password == 'always' and self.password is not None and info[1] != self.password: if self.update_password == 'always' and self.password is not None and info[1] != self.password:
if self.module.check_mode:
return (0, '', '')
cmd = [] cmd = []
cmd.append(self.module.get_bin_path('chpasswd', True)) cmd.append(self.module.get_bin_path('chpasswd', True))
cmd.append('-e') cmd.append('-e')
@ -2048,8 +2005,6 @@ class HPUX(User):
# skip if no changes to be made # skip if no changes to be made
if len(cmd) == 1: if len(cmd) == 1:
return (None, '', '') return (None, '', '')
elif self.module.check_mode:
return (0, '', '')
cmd.append(self.name) cmd.append(self.name)
return self.execute_command(cmd) return self.execute_command(cmd)
@ -2127,6 +2082,9 @@ def main():
if module.check_mode: if module.check_mode:
module.exit_json(changed=True) module.exit_json(changed=True)
(rc, out, err) = user.create_user() (rc, out, err) = user.create_user()
if module.check_mode:
result['system'] = user.name
else:
result['system'] = user.system result['system'] = user.system
result['createhome'] = user.createhome result['createhome'] = user.createhome
else: else:

Loading…
Cancel
Save