implemented account expiration as flag and not state, removed from unsupported platforms

pull/18777/head
Brian Coca 10 years ago committed by Matt Clay
parent 84f27cfa68
commit 884471a6b5

@ -84,12 +84,9 @@ options:
state: state:
required: false required: false
default: "present" default: "present"
choices: [ present, absent, expired ] choices: [ present, absent ]
description: description:
- Whether the account should exist, and whether it is expired. - Whether the account should exist or not, taking action if the state is different from what is stated.
When C(absent), removes the user account.
When C(expired), the user will not be able to login through any means.
Expired state is only implemented for Linux.
createhome: createhome:
required: false required: false
default: "yes" default: "yes"
@ -180,6 +177,13 @@ options:
version_added: "1.3" version_added: "1.3"
description: description:
- C(always) will update passwords if they differ. C(on_create) will only set the password for newly created users. - C(always) will update passwords if they differ. C(on_create) will only set the password for newly created users.
expires:
version_added: "1.9"
required: false
default: "None"
description:
- An expiry time for the user in epoch, it will be ignored on platforms that do not support this.
Currently supported on Linux and FreeBSD.
''' '''
EXAMPLES = ''' EXAMPLES = '''
@ -194,6 +198,9 @@ EXAMPLES = '''
# Create a 2048-bit SSH key for user jsmith in ~jsmith/.ssh/id_rsa # Create a 2048-bit SSH key for user jsmith in ~jsmith/.ssh/id_rsa
- user: name=jsmith generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa - user: name=jsmith generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
# added a consultant who's account you want to expire
- user: name=james18 shell=/bin/zsh groups=developers expires=1422403387
''' '''
import os import os
@ -202,6 +209,7 @@ import grp
import syslog import syslog
import platform import platform
import socket import socket
import time
try: try:
import spwd import spwd
@ -229,6 +237,7 @@ class User(object):
platform = 'Generic' platform = 'Generic'
distribution = None distribution = None
SHADOWFILE = '/etc/shadow' SHADOWFILE = '/etc/shadow'
DATE_FORMAT = '%Y-%M-%d'
def __new__(cls, *args, **kwargs): def __new__(cls, *args, **kwargs):
return load_platform_subclass(User, args, kwargs) return load_platform_subclass(User, args, kwargs)
@ -258,6 +267,14 @@ class User(object):
self.ssh_comment = module.params['ssh_key_comment'] self.ssh_comment = module.params['ssh_key_comment']
self.ssh_passphrase = module.params['ssh_key_passphrase'] self.ssh_passphrase = module.params['ssh_key_passphrase']
self.update_password = module.params['update_password'] self.update_password = module.params['update_password']
self.expires = None
if module.params['expires']:
try:
self.expires = time.gmtime(module.params['expires'])
except Exception,e:
module.fail_json("Invalid expires time %s: %s" %(self.expires, str(e)))
if module.params['ssh_key_file'] is not None: if module.params['ssh_key_file'] is not None:
self.ssh_file = module.params['ssh_key_file'] self.ssh_file = module.params['ssh_key_file']
else: else:
@ -266,6 +283,7 @@ class User(object):
# select whether we dump additional debug info through syslog # select whether we dump additional debug info through syslog
self.syslogging = False self.syslogging = False
def execute_command(self, cmd, use_unsafe_shell=False, data=None): def execute_command(self, cmd, use_unsafe_shell=False, data=None):
if self.syslogging: if self.syslogging:
syslog.openlog('ansible-%s' % os.path.basename(__file__)) syslog.openlog('ansible-%s' % os.path.basename(__file__))
@ -330,9 +348,9 @@ class User(object):
cmd.append('-s') cmd.append('-s')
cmd.append(self.shell) cmd.append(self.shell)
if self.state == 'expired': if self.expires:
cmd.append('--expiredate') cmd.append('--expiredate')
cmd.append('1') cmd.append(time.strftime(self.DATE_FORMAT, self.expires))
if self.password is not None: if self.password is not None:
cmd.append('-p') cmd.append('-p')
@ -440,9 +458,9 @@ class User(object):
cmd.append('-s') cmd.append('-s')
cmd.append(self.shell) cmd.append(self.shell)
if self.state == 'expired': if self.expires:
cmd.append('--expiredate') cmd.append('--expiredate')
cmd.append('1') cmd.append(time.strftime(self.DATE_FORMAT, self.expires))
if self.update_password == 'always' and self.password is not None and info[1] != self.password: if self.update_password == 'always' and self.password is not None and info[1] != self.password:
cmd.append('-p') cmd.append('-p')
@ -714,9 +732,10 @@ class FreeBsdUser(User):
cmd.append('-L') cmd.append('-L')
cmd.append(self.login_class) cmd.append(self.login_class)
if self.state == 'expired': if self.expires:
days =( time.mktime(self.expires) - time.time() ) / 86400
cmd.append('-e') cmd.append('-e')
cmd.append('1970-01-01') cmd.append(str(int(days)))
# system cannot be handled currently - should we error if its requested? # system cannot be handled currently - should we error if its requested?
# create the user # create the user
@ -802,9 +821,10 @@ class FreeBsdUser(User):
new_groups = groups | set(current_groups) new_groups = groups | set(current_groups)
cmd.append(','.join(new_groups)) cmd.append(','.join(new_groups))
if self.state == 'expired': if self.expires:
days = ( time.mktime(self.expires) - time.time() ) / 86400
cmd.append('-e') cmd.append('-e')
cmd.append('1970-01-01') cmd.append(str(int(days)))
# modify the user if cmd will do anything # modify the user if cmd will do anything
if cmd_len != len(cmd): if cmd_len != len(cmd):
@ -882,10 +902,6 @@ class OpenBSDUser(User):
cmd.append('-L') cmd.append('-L')
cmd.append(self.login_class) cmd.append(self.login_class)
if self.state == 'expired':
cmd.append('-e')
cmd.append('1')
if self.password is not None: if self.password is not None:
cmd.append('-p') cmd.append('-p')
cmd.append(self.password) cmd.append(self.password)
@ -980,10 +996,6 @@ class OpenBSDUser(User):
cmd.append('-L') cmd.append('-L')
cmd.append(self.login_class) cmd.append(self.login_class)
if self.state == 'expired':
cmd.append('-e')
cmd.append('1')
if self.update_password == 'always' and self.password is not None and info[1] != self.password: if self.update_password == 'always' and self.password is not None and info[1] != self.password:
cmd.append('-p') cmd.append('-p')
cmd.append(self.password) cmd.append(self.password)
@ -1057,10 +1069,6 @@ class NetBSDUser(User):
cmd.append('-L') cmd.append('-L')
cmd.append(self.login_class) cmd.append(self.login_class)
if self.state == 'expired':
cmd.append('-e')
cmd.append('1')
if self.password is not None: if self.password is not None:
cmd.append('-p') cmd.append('-p')
cmd.append(self.password) cmd.append(self.password)
@ -1143,10 +1151,6 @@ class NetBSDUser(User):
cmd.append('-L') cmd.append('-L')
cmd.append(self.login_class) cmd.append(self.login_class)
if self.state == 'expired':
cmd.append('-e')
cmd.append('1')
if self.update_password == 'always' and self.password is not None and info[1] != self.password: if self.update_password == 'always' and self.password is not None and info[1] != self.password:
cmd.append('-p') cmd.append('-p')
cmd.append(self.password) cmd.append(self.password)
@ -1224,10 +1228,6 @@ class SunOS(User):
if self.createhome: if self.createhome:
cmd.append('-m') cmd.append('-m')
if self.state == 'expired':
cmd.append('-e')
cmd.append('1/1/70')
cmd.append(self.name) cmd.append(self.name)
if self.module.check_mode: if self.module.check_mode:
@ -1312,10 +1312,6 @@ class SunOS(User):
cmd.append('-s') cmd.append('-s')
cmd.append(self.shell) cmd.append(self.shell)
if self.state == 'expired':
cmd.append('-e')
cmd.append('1/1/70')
if self.module.check_mode: if self.module.check_mode:
return (0, '', '') return (0, '', '')
else: else:
@ -1405,10 +1401,6 @@ class AIX(User):
if self.createhome: if self.createhome:
cmd.append('-m') cmd.append('-m')
if self.state == 'expired':
cmd.append('-e')
cmd.append('0101000070')
cmd.append(self.name) cmd.append(self.name)
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd)
@ -1477,10 +1469,6 @@ class AIX(User):
cmd.append('-s') cmd.append('-s')
cmd.append(self.shell) cmd.append(self.shell)
if self.state == 'expired':
cmd.append('-e')
cmd.append('0101000070')
# skip if no changes to be made # skip if no changes to be made
if len(cmd) == 1: if len(cmd) == 1:
(rc, out, err) = (None, '', '') (rc, out, err) = (None, '', '')
@ -1516,7 +1504,7 @@ def main():
} }
module = AnsibleModule( module = AnsibleModule(
argument_spec = dict( argument_spec = dict(
state=dict(default='present', choices=['present', 'absent', 'expired'], type='str'), state=dict(default='present', choices=['present', 'absent'], type='str'),
name=dict(required=True, aliases=['user'], type='str'), name=dict(required=True, aliases=['user'], type='str'),
uid=dict(default=None, type='str'), uid=dict(default=None, type='str'),
non_unique=dict(default='no', type='bool'), non_unique=dict(default='no', type='bool'),
@ -1543,7 +1531,8 @@ def main():
ssh_key_file=dict(default=None, type='str'), ssh_key_file=dict(default=None, type='str'),
ssh_key_comment=dict(default=ssh_defaults['comment'], type='str'), ssh_key_comment=dict(default=ssh_defaults['comment'], type='str'),
ssh_key_passphrase=dict(default=None, type='str'), ssh_key_passphrase=dict(default=None, type='str'),
update_password=dict(default='always',choices=['always','on_create'],type='str') update_password=dict(default='always',choices=['always','on_create'],type='str'),
expires=dict(default=None, type='float'),
), ),
supports_check_mode=True supports_check_mode=True
) )
@ -1571,10 +1560,7 @@ def main():
module.fail_json(name=user.name, msg=err, rc=rc) module.fail_json(name=user.name, msg=err, rc=rc)
result['force'] = user.force result['force'] = user.force
result['remove'] = user.remove result['remove'] = user.remove
elif user.state == 'expired' and user.platform != 'Generic': elif user.state == 'present':
module.fail_json(name=user.state,
msg='expired state not yet support for {0} platform'.format(user.platform))
elif user.state == 'present' or user.state == 'expired':
if not user.user_exists(): if not user.user_exists():
if module.check_mode: if module.check_mode:
module.exit_json(changed=True) module.exit_json(changed=True)

Loading…
Cancel
Save