B `(@sddlmZmZmZeZddgddZdZdZdZ dd l Z dd l m Z m Z d d lmZmZmZydd lZd Zd ZWn ek rdZe ZYnXddZddZddZddZddZddZddZedkred S))absolute_importdivisionprint_functionz1.1ZstableinterfaceZ certified)metadata_versionstatusZ supported_bya module: user author: - Paul Arthur (@flowerysong) - Aljaz Kosir (@aljazkosir) - Tadej Borovsak (@tadeboro) short_description: Manage Sensu users description: - Create, update, activate or deactivate Sensu user. - For more information, refer to the Sensu documentation at U(https://docs.sensu.io/sensu-go/latest/reference/rbac/#users). version_added: 1.0.0 extends_documentation_fragment: - sensu.sensu_go.requirements - sensu.sensu_go.auth - sensu.sensu_go.name requirements: - bcrypt (when managing Sensu Go 5.21.0 or newer) seealso: - module: sensu.sensu_go.user_info options: state: description: - Desired state of the user. - Users cannot actually be deleted, only deactivated. type: str choices: [ enabled, disabled ] default: enabled password: description: - Password for the user. - Required if user with a desired name does not exist yet on the backend and I(password_hash) is not set. - If both I(password) and I(password_hash) are set, I(password_hash) is ignored and calculated from the I(password) if required. type: str password_hash: description: - Bcrypt password hash for the user. - Use C(sensuctl user hash-password PASSWORD) to generate a hash. - Required if user with a desired name does not exist yet on the backend and I(password) is not set. - If both I(password) and I(password_hash) are set, I(password_hash) is ignored and calculated from the I(password) if required. - Sensu Go < 5.21.0 does not support creating/updating users using hashed passwords. Use I(password) parameter if you need to manage such Sensu Go installations. - At the moment, change detection does not work properly when using password hashes because the Sensu Go backend does not expose enough information via its API. type: str version_added: 1.8.0 groups: description: - List of groups user belongs to. type: list elements: str a - name: Create a user sensu.sensu_go.user: auth: url: http://localhost:8080 name: awesome_username password: hidden_password? groups: - dev - prod - name: Use pre-hashed password sensu.sensu_go.user: auth: url: http://localhost:8080 name: awesome_username password_hash: $5f$14$.brXRviMZpbaleSq9kjoUuwm67V/s4IziOLGHjEqxJbzPsreQAyNm - name: Deactivate a user sensu.sensu_go.user: name: awesome_username state: disabled a object: description: Object representing Sensu user. returned: success type: dict sample: disabled: false groups: - ops - dev password: USER_PASSWORD password_hash: $5f$14$.brXRviMZpbaleSq9kjoUuwm67V/s4IziOLGHjEqxJbzPsreQAyNm username: alice N) AnsibleModulemissing_required_lib) argumentserrorsutilsTFcsdtfdd|DS)N)password password_hashc3s"|]\}}|kr||fVqdS)N).0kv) masked_keysrf/home/dcms/DCMS/lib/python3.7/site-packages/ansible_collections/sensu/sensu_go/plugins/modules/user.py sz-_simulate_backend_response..)dictitems)payloadr)rr_simulate_backend_responsesrc Cst|||rdS|sp|jdkr:t||dt||dn6t|dt}t||dt|| ddd S) NFz5.21.0z /password)usernamer zutf-8z/reset_passwordascii)rrT) Zvalidate_auth_dataversionr putrbcryptZhashpwencodeZgensaltdecode)clientpathrr check_modehashrrrupdate_passwords  r%cCs6|jdkrtd|s2t||dt||ddS)Nz5.21.0z2Sensu Go < 5.21.0 does not support password hashesz/reset_password)rrT)rr SensuErrorr rr)r!r"rrr#rrrupdate_password_hashs  r'cCszt||}t||}|sfx"|D]}t||d|dq&Wx |D]}t||d|qJWt|t|dkS)Nz/groups/r)set differencer rdeletelen)r!r"Z old_groupsZ new_groupsr#Z to_deleteZto_addgrrr update_groupss  r-cCs8||k}|s4|r4|r"t||nt||dd|S)Nz /reinstate)r r*r)r!r"Z old_disabledZ new_disabledr#changedrrr update_states r/cCs|dkr6|rdt|fSt|||dt||fSd}d|kr`t|||d|d|p\|}n$d|krt|||d|d|p|}d|krt|||dpg|d|p|}d|krt|||d|d|p|}|r|t|ft|fS|t||fS)NTFr rrgroupsdisabled) rr rgetr%r'r-r/r) remote_objectr!r"rr#r.rrrsyncs<   r4c Cstdttddtdddgdtddtddtd d d d d }t|jd}tdd|jd}y$ts|j dkr|j t dt dWn4t jk r}z|j t|dWdd}~XYnXyt||}Wn6t jk r}z|j t|dWdd}~XYnX|dkr>|jddkr>|jddkr>|j ddt|jddd}|jd|d<|jddk|d<y(t|||||j\}}|j||dWn6t jk r}z|j t|dWdd}~XYnXdS)NTauthnameZenabledr1)defaultchoices)Zno_logFliststr)typeelements)stater rr0)Zsupports_check_modeZ argument_specZusersz5.21.0r)msg exception)r>r rz3Cannot create new user without a password or a hashr0rr=)r.object)rrr Zget_specZget_sensu_clientparamsr Zbuild_core_v2_path HAS_BCRYPTrZ fail_jsonrBCRYPT_IMPORT_ERRORr r&r:r2ErrorZget_spec_payloadr4r#Z exit_json)moduler!r"er3rr.userrrrmainsR   "" rH__main__) __future__rrrr; __metaclass__ZANSIBLE_METADATAZ DOCUMENTATIONZEXAMPLESZRETURN tracebackZansible.module_utils.basicrrZ module_utilsr r r rrBrC ImportError format_excrr%r'r-r/r4rH__name__rrrrs4< ;>