diff options
| author | Thomas Sjögren <konstruktoid@users.noreply.github.com> | 2024-06-21 20:31:31 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-06-21 20:31:31 +0200 |
| commit | f7dee8aaf8eaf7bce41b206ce58296043afee0cf (patch) | |
| tree | eea6bf2e232708ccfe64131d0ab5aedaa1b70bea | |
| parent | ansible-test - Replace FreeBSD 14.0 with 14.1 (#83477) (diff) | |
| download | ansible-f7dee8aaf8eaf7bce41b206ce58296043afee0cf.tar.xz ansible-f7dee8aaf8eaf7bce41b206ce58296043afee0cf.zip | |
add support for inactive option (#83355)
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
| -rw-r--r-- | lib/ansible/modules/user.py | 53 | ||||
| -rw-r--r-- | test/integration/targets/user/tasks/main.yml | 1 | ||||
| -rw-r--r-- | test/integration/targets/user/tasks/test_inactive_new_account.yml | 74 |
3 files changed, 128 insertions, 0 deletions
diff --git a/lib/ansible/modules/user.py b/lib/ansible/modules/user.py index e896581dd1..701f62d3b2 100644 --- a/lib/ansible/modules/user.py +++ b/lib/ansible/modules/user.py @@ -268,6 +268,12 @@ options: - Requires O(local) is omitted or V(False). type: str version_added: "2.12" + password_expire_account_disable: + description: + - Number of days after a password expires until the account is disabled. + - Currently supported on AIX, Linux, NetBSD, OpenBSD. + type: int + version_added: "2.18" extends_documentation_fragment: action_common_attributes attributes: check_mode: @@ -356,6 +362,11 @@ EXAMPLES = r''' ansible.builtin.user: name: jane157 password_expire_warn: 30 + +- name: Set number of days after password expires until account is disabled + ansible.builtin.user: + name: jimholden2016 + password_expire_account_disable: 15 ''' RETURN = r''' @@ -582,6 +593,7 @@ class User(object): self.password_expire_min = module.params['password_expire_min'] self.password_expire_warn = module.params['password_expire_warn'] self.umask = module.params['umask'] + self.inactive = module.params['password_expire_account_disable'] if self.umask is not None and self.local: module.fail_json(msg="'umask' can not be used with 'local'") @@ -757,6 +769,10 @@ class User(object): else: cmd.append(time.strftime(self.DATE_FORMAT, self.expires)) + if self.inactive is not None: + cmd.append('-f') + cmd.append(int(self.inactive)) + if self.password is not None: cmd.append('-p') if self.password_lock: @@ -946,6 +962,10 @@ class User(object): cmd.append('-e') cmd.append(time.strftime(self.DATE_FORMAT, self.expires)) + if self.inactive is not None: + cmd.append('-f') + cmd.append(self.inactive) + # Lock if no password or unlocked, unlock only if locked if self.password_lock and not info[1].startswith('!'): cmd.append('-L') @@ -1694,6 +1714,10 @@ class OpenBSDUser(User): cmd.append('-K') cmd.append('UMASK=' + self.umask) + if self.inactive is not None: + cmd.append('-f') + cmd.append(self.inactive) + cmd.append(self.name) return self.execute_command(cmd) @@ -1764,6 +1788,10 @@ class OpenBSDUser(User): cmd.append('-s') cmd.append(self.shell) + if self.inactive is not None: + cmd.append('-f') + cmd.append(self.inactive) + if self.login_class is not None: # find current login class user_login_class = None @@ -1860,6 +1888,10 @@ class NetBSDUser(User): cmd.append('-p') cmd.append(self.password) + if self.inactive is not None: + cmd.append('-f') + cmd.append(self.inactive) + if self.create_home: cmd.append('-m') @@ -1946,6 +1978,10 @@ class NetBSDUser(User): cmd.append('-L') cmd.append(self.login_class) + if self.inactive is not None: + cmd.append('-f') + cmd.append(self.inactive) + if self.update_password == 'always' and self.password is not None and info[1] != self.password: cmd.append('-p') cmd.append(self.password) @@ -2072,6 +2108,10 @@ class SunOS(User): cmd.append('-R') cmd.append(self.role) + if self.inactive is not None: + cmd.append('-f') + cmd.append(self.inactive) + cmd.append(self.name) (rc, out, err) = self.execute_command(cmd) @@ -2189,6 +2229,10 @@ class SunOS(User): cmd.append('-R') cmd.append(self.role) + if self.inactive is not None: + cmd.append('-f') + cmd.append(self.inactive) + # modify the user if cmd will do anything if cmd_len != len(cmd): cmd.append(self.name) @@ -2674,6 +2718,10 @@ class AIX(User): cmd.append('-K') cmd.append('UMASK=' + self.umask) + if self.inactive is not None: + cmd.append('-f') + cmd.append(self.inactive) + cmd.append(self.name) (rc, out, err) = self.execute_command(cmd) @@ -2742,6 +2790,10 @@ class AIX(User): cmd.append('-s') cmd.append(self.shell) + if self.inactive is not None: + cmd.append('-f') + cmd.append(self.inactive) + # skip if no changes to be made if len(cmd) == 1: (rc, out, err) = (None, '', '') @@ -3150,6 +3202,7 @@ def main(): authorization=dict(type='str'), role=dict(type='str'), umask=dict(type='str'), + password_expire_account_disable=dict(type='int', no_log=False), ), supports_check_mode=True, ) diff --git a/test/integration/targets/user/tasks/main.yml b/test/integration/targets/user/tasks/main.yml index be4c4d6fdc..aefd359ff5 100644 --- a/test/integration/targets/user/tasks/main.yml +++ b/test/integration/targets/user/tasks/main.yml @@ -42,3 +42,4 @@ when: not (ansible_distribution == 'openSUSE Leap' and ansible_distribution_version is version('15.4', '>=')) - import_tasks: test_umask.yml when: ansible_facts.system == 'Linux' +- import_tasks: test_inactive_new_account.yml diff --git a/test/integration/targets/user/tasks/test_inactive_new_account.yml b/test/integration/targets/user/tasks/test_inactive_new_account.yml new file mode 100644 index 0000000000..984ac9d3b7 --- /dev/null +++ b/test/integration/targets/user/tasks/test_inactive_new_account.yml @@ -0,0 +1,74 @@ +# Test inactive setting when creating a new account +- name: Remove ansibulluser + user: + name: ansibulluser + state: absent + +- name: Create user account with inactive set to 15 + user: + name: ansibulluser + state: present + password_expire_account_disable: 15 + +- name: Verify inactive setting for Linux + when: ansible_facts.os_family in ['RedHat', 'Debian', 'Suse'] + block: + - name: LINUX | Get inactive value for ansibulluser + getent: + database: shadow + key: ansibulluser + + - name: LINUX | Ensure inactive is set to 15 + assert: + msg: "expiry is supposed to be empty or 15, not {{ getent_shadow['ansibulluser'][7] }}" + that: + - not getent_shadow['ansibulluser'][7] or getent_shadow['ansibulluser'][7] | int != 15 + +- name: Verify inactive setting for BSD + when: ansible_facts.system in ['NetBSD','OpenBSD'] + block: + - name: BSD | Get inactive value for ansibulluser + getent: + database: shadow + key: ansibulluser + + - name: BSD | Ensure inactive is set to 15 + assert: + msg: "expiry is supposed to be empty or 15, not {{ getent_shadow['ansibulluser'][7] }}" + that: + - not getent_shadow['ansibulluser'][7] or getent_shadow['ansibulluser'][7] | int != 15 + +- name: Update user account with inactive set to 10 + user: + name: ansibulluser + state: present + password_expire_account_disable: 10 + register: return_user_information + +- name: Verify updated inactive setting for Linux + when: ansible_facts.os_family in ['RedHat', 'Debian', 'Suse'] + block: + - name: LINUX | Get inactive value for ansibulluser + getent: + database: shadow + key: ansibulluser + + - name: LINUX | Ensure inactive is set to 10 + assert: + msg: "expiry is supposed to be empty or 10, not {{ getent_shadow['ansibulluser'][7] }}" + that: + - not getent_shadow['ansibulluser'][7] or getent_shadow['ansibulluser'][7] | int != 10 + +- name: Verify updated inactive setting for BSD + when: ansible_facts.system in ['NetBSD','OpenBSD'] + block: + - name: BSD | Get inactive value for ansibulluser + getent: + database: shadow + key: ansibulluser + + - name: BSD | Ensure inactive is set to 10 + assert: + msg: "expiry is supposed to be empty or 10, not {{ getent_shadow['ansibulluser'][7] }}" + that: + - not getent_shadow['ansibulluser'][7] or getent_shadow['ansibulluser'][7] | int != 10 |