@ -57,7 +57,6 @@ options:
remote system . User accounts can have more than one role
remote system . User accounts can have more than one role
configured .
configured .
required : false
required : false
default : read - only
choices : [ ' operator ' , ' read-only ' , ' super-user ' , ' unauthorized ' ]
choices : [ ' operator ' , ' read-only ' , ' super-user ' , ' unauthorized ' ]
sshkey :
sshkey :
description :
description :
@ -71,7 +70,7 @@ options:
- The C ( purge ) argument instructs the module to consider the
- The C ( purge ) argument instructs the module to consider the
users definition absolute . It will remove any previously configured
users definition absolute . It will remove any previously configured
users on the device with the exception of the current defined
users on the device with the exception of the current defined
set of users .
set of aggregate .
required : false
required : false
default : false
default : false
state :
state :
@ -113,7 +112,8 @@ EXAMPLES = """
- name : remove all user accounts except ansible
- name : remove all user accounts except ansible
junos_user :
junos_user :
name : ansible
aggregate :
- name : ansible
purge : yes
purge : yes
- name : Create list of users
- name : Create list of users
@ -147,6 +147,7 @@ from copy import deepcopy
from ansible . module_utils . basic import AnsibleModule
from ansible . module_utils . basic import AnsibleModule
from ansible . module_utils . network_common import remove_default_spec
from ansible . module_utils . network_common import remove_default_spec
from ansible . module_utils . netconf import send_request
from ansible . module_utils . junos import junos_argument_spec , check_args
from ansible . module_utils . junos import junos_argument_spec , check_args
from ansible . module_utils . junos import commit_configuration , discard_changes
from ansible . module_utils . junos import commit_configuration , discard_changes
from ansible . module_utils . junos import load_config , locked_config
from ansible . module_utils . junos import load_config , locked_config
@ -161,26 +162,46 @@ ROLES = ['operator', 'read-only', 'super-user', 'unauthorized']
USE_PERSISTENT_CONNECTION = True
USE_PERSISTENT_CONNECTION = True
def map_obj_to_ele ( want ) :
def handle_purge ( module , want ) :
want_users = [ item [ ' name ' ] for item in want ]
element = Element ( ' system ' )
element = Element ( ' system ' )
login = SubElement ( element , ' login ' , { ' replace ' : ' replace ' } )
login = SubElement ( element , ' login ' )
reply = send_request ( module , Element ( ' get-configuration ' ) , ignore_warning = False )
users = reply . xpath ( ' configuration/system/login/user/name ' )
if users :
for item in users :
name = item . text
if name not in want_users and name != ' root ' :
user = SubElement ( login , ' user ' , { ' operation ' : ' delete ' } )
SubElement ( user , ' name ' ) . text = name
if element . xpath ( ' /system/login/user/name ' ) :
return element
def map_obj_to_ele ( module , want ) :
element = Element ( ' system ' )
login = SubElement ( element , ' login ' )
for item in want :
for item in want :
if item [ ' state ' ] != ' present ' :
if item [ ' state ' ] != ' present ' :
if item [ ' name ' ] == ' root ' :
module . fail_json ( msg = " cannot delete the ' root ' account. " )
operation = ' delete '
operation = ' delete '
else :
else :
operation = ' replace '
operation = ' merg e'
user = SubElement ( login , ' user ' , { ' operation ' : operation } )
user = SubElement ( login , ' user ' , { ' operation ' : operation } )
SubElement ( user , ' name ' ) . text = item [ ' name ' ]
SubElement ( user , ' name ' ) . text = item [ ' name ' ]
if operation == ' replace ' :
if operation == ' merg e' :
if item [ ' active ' ] :
if item [ ' active ' ] :
user . set ( ' active ' , ' active ' )
user . set ( ' active ' , ' active ' )
else :
else :
user . set ( ' inactive ' , ' inactive ' )
user . set ( ' inactive ' , ' inactive ' )
if item [ ' role ' ] :
SubElement ( user , ' class ' ) . text = item [ ' role ' ]
SubElement ( user , ' class ' ) . text = item [ ' role ' ]
if item . get ( ' full_name ' ) :
if item . get ( ' full_name ' ) :
@ -262,7 +283,7 @@ def main():
element_spec = dict (
element_spec = dict (
name = dict ( ) ,
name = dict ( ) ,
full_name = dict ( ) ,
full_name = dict ( ) ,
role = dict ( choices = ROLES , default = ' unauthorized ' ),
role = dict ( choices = ROLES ),
sshkey = dict ( ) ,
sshkey = dict ( ) ,
state = dict ( choices = [ ' present ' , ' absent ' ] , default = ' present ' ) ,
state = dict ( choices = [ ' present ' , ' absent ' ] , default = ' present ' ) ,
active = dict ( type = ' bool ' , default = True )
active = dict ( type = ' bool ' , default = True )
@ -294,16 +315,16 @@ def main():
result = { ' changed ' : False , ' warnings ' : warnings }
result = { ' changed ' : False , ' warnings ' : warnings }
want = map_params_to_obj ( module )
want = map_params_to_obj ( module )
ele = map_obj_to_ele ( want)
ele = map_obj_to_ele ( module, want)
kwargs = { }
purge_request = None
if module . params [ ' purge ' ] :
if module . params [ ' purge ' ] :
kwargs [ ' action ' ] = ' replace '
purge_request = handle_purge ( module , want )
else :
kwargs [ ' action ' ] = ' merge '
with locked_config ( module ) :
with locked_config ( module ) :
diff = load_config ( module , tostring ( ele ) , warnings , * * kwargs )
if purge_request :
load_config ( module , tostring ( purge_request ) , warnings , action = ' replace ' )
diff = load_config ( module , tostring ( ele ) , warnings , action = ' merge ' )
commit = not module . check_mode
commit = not module . check_mode
if diff :
if diff :