awx_collection/plugins/modules/tower_user.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182

#!/usr/bin/python
# coding: utf-8 -*-

# (c) 2020, John Westcott IV <john.westcott.iv@redhat.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

from __future__ import absolute_import, division, print_function
__metaclass__ = type


ANSIBLE_METADATA = {'metadata_version': '1.1',
                    'status': ['preview'],
                    'supported_by': 'community'}


DOCUMENTATION = '''
---
module: tower_user
author: "John Westcott IV (@john-westcott-iv)"
version_added: "2.3"
short_description: create, update, or destroy Ansible Tower users.
description:
    - Create, update, or destroy Ansible Tower users. See
      U(https://www.ansible.com/tower) for an overview.
options:
    username:
      description:
        - Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.
      required: True
      type: str
    first_name:
      description:
        - First name of the user.
      required: False
      type: str
    last_name:
      description:
        - Last name of the user.
      required: False
      type: str
    email:
      description:
        - Email address of the user.
      required: False
      type: str
    is_superuser:
      description:
        - Designates that this user has all permissions without explicitly assigning them.
      required: False
      type: bool
      default: False
      aliases: ['superuser']
    is_system_auditor:
      description:
        - User is a system wide auditor.
      required: False
      type: bool
      default: False
      aliases: ['auditor']
    password:
      description:
        - Write-only field used to change the password.
      required: False
      type: str
    state:
      description:
        - Desired state of the resource.
      choices: ["present", "absent"]
      default: "present"
      type: str
    tower_oauthtoken:
      description:
        - The Tower OAuth token to use.
      required: False
      type: str
      version_added: "3.7"
extends_documentation_fragment: awx.awx.auth
'''


EXAMPLES = '''
- name: Add tower user
  tower_user:
    username: jdoe
    password: foobarbaz
    email: jdoe@example.org
    first_name: John
    last_name: Doe
    state: present
    tower_config_file: "~/tower_cli.cfg"

- name: Add tower user as a system administrator
  tower_user:
    username: jdoe
    password: foobarbaz
    email: jdoe@example.org
    superuser: yes
    state: present
    tower_config_file: "~/tower_cli.cfg"

- name: Add tower user as a system auditor
  tower_user:
    username: jdoe
    password: foobarbaz
    email: jdoe@example.org
    auditor: yes
    state: present
    tower_config_file: "~/tower_cli.cfg"

- name: Delete tower user
  tower_user:
    username: jdoe
    email: jdoe@example.org
    state: absent
    tower_config_file: "~/tower_cli.cfg"
'''

from ..module_utils.tower_api import TowerModule


def main():
    # Any additional arguments that are not fields of the item can be added here
    argument_spec = dict(
        username=dict(required=True, type='str'),
        first_name=dict(required=False, type='str'),
        last_name=dict(required=False, type='str'),
        email=dict(required=False, type='str'),
        is_superuser=dict(required=False, type='bool', default=False, aliases=['superuser']),
        is_system_auditor=dict(required=False, type='bool', default=False, aliases=['auditor']),
        password=dict(required=False, type='str', no_log=True),
        state=dict(choices=['present', 'absent'], default='present'),
    )

    # Create a module for ourselves
    module = TowerModule(argument_spec=argument_spec, supports_check_mode=True)

    # Extract our parameters
    username = module.params.get('username')
    first_name = module.params.get('first_name')
    last_name = module.params.get('last_name')
    email = module.params.get('email')
    is_superuser = module.params.get('is_superuser')
    is_system_auditor = module.params.get('is_system_auditor')
    password = module.params.get('password')
    state = module.params.get('state')

    # Attempt to look up the related items the user specified (these will fail the module if not found)

    # Attempt to look up an existing item based on the provided data
    existing_item = module.get_one('users', **{
        'data': {
            'username': username,
        }
    })

    # Create the data that gets sent for create and update
    new_fields = {}
    if username:
        new_fields['username'] = username
    if first_name:
        new_fields['first_name'] = first_name
    if last_name:
        new_fields['last_name'] = last_name
    if email:
        new_fields['email'] = email
    if is_superuser:
        new_fields['is_superuser'] = is_superuser
    if is_system_auditor:
        new_fields['is_system_auditor'] = is_system_auditor
    if password:
        new_fields['password'] = password

    if state == 'absent':
        # If the state was absent we can let the module delete it if needed, the module will handle exiting from this
        module.delete_if_needed(existing_item)
    elif state == 'present':
        # If the state was present and we can let the module build or update the existing item, this will return on its own
        module.create_or_update_if_needed(existing_item, new_fields, endpoint='users', item_type='user')


if __name__ == '__main__':
    main()