diff options
| author | skupfer <sebastian.kupfer@gmail.com> | 2024-08-01 18:04:59 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-01 18:04:59 +0200 |
| commit | 20465ba11ab1879f5a8de6b56aec5cd99ff4037a (patch) | |
| tree | 380dba25e582bb25b8689dafa7b2252d548df62d /lib | |
| parent | add error handling when parsing values in ini files (#82718) (diff) | |
| download | ansible-20465ba11ab1879f5a8de6b56aec5cd99ff4037a.tar.xz ansible-20465ba11ab1879f5a8de6b56aec5cd99ff4037a.zip | |
Add UID and GID min/max keys (#81770)
Fixes: #72183
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ansible/modules/group.py | 70 | ||||
| -rw-r--r-- | lib/ansible/modules/user.py | 83 |
2 files changed, 151 insertions, 2 deletions
diff --git a/lib/ansible/modules/group.py b/lib/ansible/modules/group.py index a838db4a5c..716e7e0a51 100644 --- a/lib/ansible/modules/group.py +++ b/lib/ansible/modules/group.py @@ -62,6 +62,22 @@ options: type: bool default: no version_added: "2.8" + gid_min: + description: + - Sets the GID_MIN value for group creation. + - Overwrites /etc/login.defs default value. + - Currently supported on Linux. Does nothing when used with other platforms. + - Requires O(local) is omitted or V(False). + type: int + version_added: "2.18" + gid_max: + description: + - Sets the GID_MAX value for group creation. + - Overwrites /etc/login.defs default value. + - Currently supported on Linux. Does nothing when used with other platforms. + - Requires O(local) is omitted or V(False). + type: int + version_added: "2.18" extends_documentation_fragment: action_common_attributes attributes: check_mode: @@ -151,6 +167,14 @@ class Group(object): self.system = module.params['system'] self.local = module.params['local'] self.non_unique = module.params['non_unique'] + self.gid_min = module.params['gid_min'] + self.gid_max = module.params['gid_max'] + + if self.local: + if self.gid_min is not None: + module.fail_json(msg="'gid_min' can not be used with 'local'") + if self.gid_max is not None: + module.fail_json(msg="'gid_max' can not be used with 'local'") def execute_command(self, cmd): return self.module.run_command(cmd) @@ -184,6 +208,12 @@ class Group(object): cmd.append('-o') elif key == 'system' and kwargs[key] is True: cmd.append('-r') + if self.gid_min is not None: + cmd.append('-K') + cmd.append('GID_MIN=' + str(self.gid_min)) + if self.gid_max is not None: + cmd.append('-K') + cmd.append('GID_MAX=' + str(self.gid_max)) cmd.append(self.name) return self.execute_command(cmd) @@ -292,6 +322,12 @@ class SunOS(Group): cmd.append(str(kwargs[key])) if self.non_unique: cmd.append('-o') + if self.gid_min is not None: + cmd.append('-K') + cmd.append('GID_MIN=' + str(self.gid_min)) + if self.gid_max is not None: + cmd.append('-K') + cmd.append('GID_MAX=' + str(self.gid_max)) cmd.append(self.name) return self.execute_command(cmd) @@ -323,6 +359,12 @@ class AIX(Group): cmd.append('id=' + str(kwargs[key])) elif key == 'system' and kwargs[key] is True: cmd.append('-a') + if self.gid_min is not None: + cmd.append('-K') + cmd.append('GID_MIN=' + str(self.gid_min)) + if self.gid_max is not None: + cmd.append('-K') + cmd.append('GID_MAX=' + str(self.gid_max)) cmd.append(self.name) return self.execute_command(cmd) @@ -368,6 +410,12 @@ class FreeBsdGroup(Group): cmd.append(str(self.gid)) if self.non_unique: cmd.append('-o') + if self.gid_min is not None: + cmd.append('-K') + cmd.append('GID_MIN=' + str(self.gid_min)) + if self.gid_max is not None: + cmd.append('-K') + cmd.append('GID_MAX=' + str(self.gid_max)) return self.execute_command(cmd) def group_mod(self, **kwargs): @@ -492,6 +540,12 @@ class OpenBsdGroup(Group): cmd.append(str(self.gid)) if self.non_unique: cmd.append('-o') + if self.gid_min is not None: + cmd.append('-K') + cmd.append('GID_MIN=' + str(self.gid_min)) + if self.gid_max is not None: + cmd.append('-K') + cmd.append('GID_MAX=' + str(self.gid_max)) cmd.append(self.name) return self.execute_command(cmd) @@ -538,6 +592,12 @@ class NetBsdGroup(Group): cmd.append(str(self.gid)) if self.non_unique: cmd.append('-o') + if self.gid_min is not None: + cmd.append('-K') + cmd.append('GID_MIN=' + str(self.gid_min)) + if self.gid_max is not None: + cmd.append('-K') + cmd.append('GID_MAX=' + str(self.gid_max)) cmd.append(self.name) return self.execute_command(cmd) @@ -578,6 +638,14 @@ class BusyBoxGroup(Group): if self.system: cmd.append('-S') + if self.gid_min is not None: + cmd.append('-K') + cmd.append('GID_MIN=' + str(self.gid_min)) + + if self.gid_max is not None: + cmd.append('-K') + cmd.append('GID_MAX=' + str(self.gid_max)) + cmd.append(self.name) return self.execute_command(cmd) @@ -626,6 +694,8 @@ def main(): system=dict(type='bool', default=False), local=dict(type='bool', default=False), non_unique=dict(type='bool', default=False), + gid_min=dict(type='int'), + gid_max=dict(type='int'), ), supports_check_mode=True, required_if=[ diff --git a/lib/ansible/modules/user.py b/lib/ansible/modules/user.py index 8cf27b37b2..a9fd393925 100644 --- a/lib/ansible/modules/user.py +++ b/lib/ansible/modules/user.py @@ -275,6 +275,23 @@ options: - Currently supported on AIX, Linux, NetBSD, OpenBSD. type: int version_added: "2.18" + uid_min: + description: + - Sets the UID_MIN value for user creation. + - Overwrites /etc/login.defs default value. + - Currently supported on Linux. Does nothing when used with other platforms. + - Requires O(local) is omitted or V(False). + type: int + version_added: "2.18" + uid_max: + description: + - Sets the UID_MAX value for user creation. + - Overwrites /etc/login.defs default value. + - Currently supported on Linux. Does nothing when used with other platforms. + - Requires O(local) is omitted or V(False). + type: int + version_added: "2.18" + extends_documentation_fragment: action_common_attributes attributes: check_mode: @@ -595,9 +612,16 @@ class User(object): self.password_expire_warn = module.params['password_expire_warn'] self.umask = module.params['umask'] self.inactive = module.params['password_expire_account_disable'] + self.uid_min = module.params['uid_min'] + self.uid_max = module.params['uid_max'] - if self.umask is not None and self.local: - module.fail_json(msg="'umask' can not be used with 'local'") + if self.local: + if self.umask is not None: + module.fail_json(msg="'umask' can not be used with 'local'") + if self.uid_min is not None: + module.fail_json(msg="'uid_min' can not be used with 'local'") + if self.uid_max is not None: + module.fail_json(msg="'uid_max' can not be used with 'local'") if module.params['groups'] is not None: self.groups = ','.join(module.params['groups']) @@ -798,6 +822,14 @@ class User(object): if self.system: cmd.append('-r') + if self.uid_min is not None: + cmd.append('-K') + cmd.append('UID_MIN=' + str(self.uid_min)) + + if self.uid_max is not None: + cmd.append('-K') + cmd.append('UID_MAX=' + str(self.uid_max)) + cmd.append(self.name) (rc, out, err) = self.execute_command(cmd) if not self.local or rc != 0: @@ -1465,6 +1497,14 @@ class FreeBsdUser(User): else: cmd.append(str(calendar.timegm(self.expires))) + if self.uid_min is not None: + cmd.append('-K') + cmd.append('UID_MIN=' + str(self.uid_min)) + + if self.uid_max is not None: + cmd.append('-K') + cmd.append('UID_MAX=' + str(self.uid_max)) + # system cannot be handled currently - should we error if its requested? # create the user (rc, out, err) = self.execute_command(cmd) @@ -1718,6 +1758,13 @@ class OpenBSDUser(User): if self.inactive is not None: cmd.append('-f') cmd.append(self.inactive) + if self.uid_min is not None: + cmd.append('-K') + cmd.append('UID_MIN=' + str(self.uid_min)) + + if self.uid_max is not None: + cmd.append('-K') + cmd.append('UID_MAX=' + str(self.uid_max)) cmd.append(self.name) return self.execute_command(cmd) @@ -1904,6 +1951,14 @@ class NetBSDUser(User): cmd.append('-K') cmd.append('UMASK=' + self.umask) + if self.uid_min is not None: + cmd.append('-K') + cmd.append('UID_MIN=' + str(self.uid_min)) + + if self.uid_max is not None: + cmd.append('-K') + cmd.append('UID_MAX=' + str(self.uid_max)) + cmd.append(self.name) return self.execute_command(cmd) @@ -2112,6 +2167,13 @@ class SunOS(User): if self.inactive is not None: cmd.append('-f') cmd.append(self.inactive) + if self.uid_min is not None: + cmd.append('-K') + cmd.append('UID_MIN=' + str(self.uid_min)) + + if self.uid_max is not None: + cmd.append('-K') + cmd.append('UID_MAX=' + str(self.uid_max)) cmd.append(self.name) @@ -2722,6 +2784,13 @@ class AIX(User): if self.inactive is not None: cmd.append('-f') cmd.append(self.inactive) + if self.uid_min is not None: + cmd.append('-K') + cmd.append('UID_MIN=' + str(self.uid_min)) + + if self.uid_max is not None: + cmd.append('-K') + cmd.append('UID_MAX=' + str(self.uid_max)) cmd.append(self.name) (rc, out, err) = self.execute_command(cmd) @@ -3059,6 +3128,14 @@ class BusyBox(User): if self.system: cmd.append('-S') + if self.uid_min is not None: + cmd.append('-K') + cmd.append('UID_MIN=' + str(self.uid_min)) + + if self.uid_max is not None: + cmd.append('-K') + cmd.append('UID_MAX=' + str(self.uid_max)) + cmd.append(self.name) rc, out, err = self.execute_command(cmd) @@ -3204,6 +3281,8 @@ def main(): role=dict(type='str'), umask=dict(type='str'), password_expire_account_disable=dict(type='int', no_log=False), + uid_min=dict(type='int'), + uid_max=dict(type='int'), ), supports_check_mode=True, ) |