Merge pull request #41 from billwanjohi/add_expired_state

user: add expired state

system/user.py

@@ -84,10 +84,12 @@ options:
     state:
         required: false
         default: "present"
-        choices: [ present, absent ]
+        choices: [ present, absent, expired ]
         description:
-            - Whether the account should exist.  When C(absent), removes
+            - Whether the account should exist, and whether it is expired.
-              the user account.
+              When C(absent), removes the user account.
+              When C(expired), the user will not be able to login through any means.
+              Expired state is only implemented for Linux.
     createhome:
         required: false
         default: "yes"
@@ -328,6 +330,10 @@ class User(object):
             cmd.append('-s')
             cmd.append(self.shell)
 
+        if self.state == 'expired':
+            cmd.append('--expiredate')
+            cmd.append('1')
+
         if self.password is not None:
             cmd.append('-p')
             cmd.append(self.password)
@@ -434,6 +440,10 @@ class User(object):
             cmd.append('-s')
             cmd.append(self.shell)
 
+        if self.state == 'expired':
+            cmd.append('--expiredate')
+            cmd.append('1')
+
         if self.update_password == 'always' and self.password is not None and info[1] != self.password:
             cmd.append('-p')
             cmd.append(self.password)
@@ -704,6 +714,10 @@ class FreeBsdUser(User):
             cmd.append('-L')
             cmd.append(self.login_class)
 
+        if self.state == 'expired':
+            cmd.append('-e')
+            cmd.append('1970-01-01')
+
         # system cannot be handled currently - should we error if its requested?
         # create the user
         (rc, out, err) = self.execute_command(cmd)
@@ -788,6 +802,10 @@ class FreeBsdUser(User):
                     new_groups = groups | set(current_groups)
                 cmd.append(','.join(new_groups))
 
+        if self.state == 'expired':
+            cmd.append('-e')
+            cmd.append('1970-01-01')
+
         # modify the user if cmd will do anything
         if cmd_len != len(cmd):
             (rc, out, err) = self.execute_command(cmd)
@@ -864,6 +882,10 @@ class OpenBSDUser(User):
             cmd.append('-L')
             cmd.append(self.login_class)
 
+        if self.state == 'expired':
+            cmd.append('-e')
+            cmd.append('1')
+
         if self.password is not None:
             cmd.append('-p')
             cmd.append(self.password)
@@ -958,6 +980,10 @@ class OpenBSDUser(User):
                 cmd.append('-L')
                 cmd.append(self.login_class)
 
+        if self.state == 'expired':
+            cmd.append('-e')
+            cmd.append('1')
+
         if self.update_password == 'always' and self.password is not None and info[1] != self.password:
             cmd.append('-p')
             cmd.append(self.password)
@@ -1031,6 +1057,10 @@ class NetBSDUser(User):
             cmd.append('-L')
             cmd.append(self.login_class)
 
+        if self.state == 'expired':
+            cmd.append('-e')
+            cmd.append('1')
+
         if self.password is not None:
             cmd.append('-p')
             cmd.append(self.password)
@@ -1113,6 +1143,10 @@ class NetBSDUser(User):
             cmd.append('-L')
             cmd.append(self.login_class)
 
+        if self.state == 'expired':
+            cmd.append('-e')
+            cmd.append('1')
+
         if self.update_password == 'always' and self.password is not None and info[1] != self.password:
             cmd.append('-p')
             cmd.append(self.password)
@@ -1190,6 +1224,10 @@ class SunOS(User):
         if self.createhome:
             cmd.append('-m')
 
+        if self.state == 'expired':
+            cmd.append('-e')
+            cmd.append('1/1/70')
+
         cmd.append(self.name)
 
         if self.module.check_mode:
@@ -1274,6 +1312,10 @@ class SunOS(User):
             cmd.append('-s')
             cmd.append(self.shell)
 
+        if self.state == 'expired':
+            cmd.append('-e')
+            cmd.append('1/1/70')
+
         if self.module.check_mode:
             return (0, '', '')
         else:
@@ -1363,6 +1405,10 @@ class AIX(User):
         if self.createhome:
             cmd.append('-m')
 
+        if self.state == 'expired':
+            cmd.append('-e')
+            cmd.append('0101000070')
+
         cmd.append(self.name)
         (rc, out, err) = self.execute_command(cmd)
 
@@ -1431,6 +1477,9 @@ class AIX(User):
             cmd.append('-s')
             cmd.append(self.shell)
 
+        if self.state == 'expired':
+            cmd.append('-e')
+            cmd.append('0101000070')
 
         # skip if no changes to be made
         if len(cmd) == 1:
@@ -1467,7 +1516,7 @@ def main():
     }
     module = AnsibleModule(
         argument_spec = dict(
-            state=dict(default='present', choices=['present', 'absent'], type='str'),
+            state=dict(default='present', choices=['present', 'absent', 'expired'], type='str'),
             name=dict(required=True, aliases=['user'], type='str'),
             uid=dict(default=None, type='str'),
             non_unique=dict(default='no', type='bool'),
@@ -1522,7 +1571,10 @@ def main():
                 module.fail_json(name=user.name, msg=err, rc=rc)
             result['force'] = user.force
             result['remove'] = user.remove
-    elif user.state == 'present':
+    elif user.state == 'expired' and user.platform != 'Generic':
+                module.fail_json(name=user.state,
+                        msg='expired state not yet support for {0} platform'.format(user.platform))
+    elif user.state == 'present' or user.state == 'expired':
         if not user.user_exists():
             if module.check_mode:
                 module.exit_json(changed=True)