Add module cpm_user to read, create, edit and delete users on WTI devices (#44512)

* Add WTI OOB and PDU Device status, control and configuration module

* removed accidental file inclusions

* removed accidental file

* Add module cpm_user to read, create, edit and delete users on WTI devices

* changed user_name required to true

* fixed whitespace and argument spec problems

* fixed dict issues

* fixed use_proxy inconsistency
fixed whitespace warnings

* struggling with AnsibleError removal

* remove reference to ansible.errors

* changed EXAMPLES to reflect live unit
This commit is contained in:
Ken Partridge 2018-08-30 12:51:44 -07:00 committed by Sam Doran
parent c9adfdf68b
commit 77b4b2cdc9
2 changed files with 342 additions and 0 deletions

View file

@ -0,0 +1,342 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# (C) 2018 Red Hat Inc.
# Copyright (C) 2018 Western Telematic Inc.
#
# GNU General Public License v3.0+
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
# Module to execute CPM User Commands on WTI OOB and PDU devices.
# CPM remote_management
#
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {
'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'
}
DOCUMENTATION = """
---
module: cpm_user
version_added: "2.7"
author: "Western Telematic Inc. (@wtinetworkgear)"
short_description: Get various status and parameters from WTI OOB and PDU devices
description:
- "Get/Add/Edit Delete Users from WTI OOB and PDU devices"
options:
cpm_action:
description:
- This is the Action to send the module.
required: true
choices: [ "getuser", "adduser", "edituser", "deleteuser" ]
cpm_url:
description:
- This is the URL of the WTI device to send the module.
required: true
cpm_username:
description:
- This is the Basic Authentication Username of the WTI device to send the module.
required: true
cpm_password:
description:
- This is the Basic Authentication Password of the WTI device to send the module.
required: true
use_https:
description:
- Designates to use an https connection or http connection.
required: false
type: bool
default: true
validate_certs:
description:
- If false, SSL certificates will not be validated. This should only be used
- on personally controlled sites using self-signed certificates.
required: false
type: bool
default: true
use_proxy:
description: Flag to control if the lookup will observe HTTP proxy environment variables when present.
required: false
type: bool
default: false
user_name:
description:
- This is the User Name that needs to be create/modified/deleted
required: true
user_pass:
description:
- This is the User Password that needs to be create/modified/deleted
- If the user is being Created this parameter is required
required: false
user_accesslevel:
description:
- This is the access level that needs to be create/modified/deleted
- 0 View, 1 User, 2 SuperUser, 3 Adminstrator
required: false
choices: [ 0, 1, 2, 3 ]
user_accessssh:
description:
- If the user has access to the WTI device via SSH
- 0 No , 1 Yes
required: false
choices: [ 0, 1 ]
user_accessserial:
description:
- If the user has access to the WTI device via Serial ports
- 0 No , 1 Yes
required: false
choices: [ 0, 1 ]
user_accessweb:
description:
- If the user has access to the WTI device via Web
- 0 No , 1 Yes
required: false
choices: [ 0, 1 ]
user_accessapi:
description:
- If the user has access to the WTI device via RESTful APIs
- 0 No , 1 Yes
required: false
choices: [ 0, 1 ]
user_accessmonitor:
description:
- If the user has ability to monitor connection sessions
- 0 No , 1 Yes
required: false
choices: [ 0, 1 ]
user_accessoutbound:
description:
- If the user has ability to initiate Outbound connection
- 0 No , 1 Yes
required: false
choices: [ 0, 1 ]
user_portaccess:
description:
- If AccessLevel is lower than Administrator, which ports the user has access
required: false
user_plugaccess:
description:
- If AccessLevel is lower than Administrator, which plugs the user has access
required: false
user_groupaccess:
description:
- If AccessLevel is lower than Administrator, which Groups the user has access
required: false
user_callbackphone:
description:
- This is the Call Back phone number used for POTS modem connections
required: false
"""
EXAMPLES = """
# Get User Parameters
- name: Get the User Parameters for the given user of a WTI device
cpm_user:
cpm_action: "getuser"
cpm_url: "rest.wti.com"
cpm_username: "restuser"
cpm_password: "restfuluserpass12"
use_https: true
validate_certs: true
user_name: "usernumberone"
# Create User
- name: Create a User on a given WTI device
cpm_user:
cpm_action: "adduser"
cpm_url: "rest.wti.com"
cpm_username: "restuser"
cpm_password: "restfuluserpass12"
use_https: true
validate_certs: false
user_name: "usernumberone"
user_pass: "complicatedpassword"
user_accesslevel: 2
user_accessssh: 1
user_accessserial: 1
user_accessweb: 0
user_accessapi: 1
user_accessmonitor: 0
user_accessoutbound: 0
user_portaccess: "10011111"
user_plugaccess: "00000111"
user_groupaccess: "00000000"
# Edit User
- name: Edit a User on a given WTI device
cpm_user:
cpm_action: "edituser"
cpm_url: "rest.wti.com"
cpm_username: "restuser"
cpm_password: "restfuluserpass12"
use_https: true
validate_certs: false
user_name: "usernumberone"
user_pass: "newpasswordcomplicatedpassword"
# Delete User
- name: Delete a User from a given WTI device
cpm_user:
cpm_action: "deleteuser"
cpm_url: "rest.wti.com"
cpm_username: "restuser"
cpm_password: "restfuluserpass12"
use_https: true
validate_certs: true
user_name: "usernumberone"
"""
RETURN = """
data:
description: The output JSON returned from the commands sent
returned: always
type: str
"""
import base64
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_text, to_bytes, to_native
from ansible.module_utils.six.moves.urllib.error import HTTPError, URLError
from ansible.module_utils.urls import open_url, ConnectionError, SSLValidationError
def assemble_json(cpmmodule):
json_load = ""
json_load = '{"users":'
json_load = json_load + '{"username": "' + cpmmodule.params["user_name"] + '"'
# for Adding there must be a password present
if cpmmodule.params["user_pass"] is not None and (len(cpmmodule.params["user_pass"]) > 0):
json_load = json_load + ',"newpasswd": "' + cpmmodule.params["user_pass"] + '"'
if cpmmodule.params["user_accesslevel"] is not None:
json_load = json_load + ',"accesslevel": ' + str(cpmmodule.params["user_accesslevel"]) + ''
if cpmmodule.params["user_portaccess"] is not None:
json_load = json_load + ',"portaccess": ' + cpmmodule.params["user_portaccess"] + ''
if cpmmodule.params["user_plugaccess"] is not None:
json_load = json_load + ',"plugaccess": ' + cpmmodule.params["user_plugaccess"] + ''
if cpmmodule.params["user_groupaccess"] is not None:
json_load = json_load + ',"groupaccess": ' + cpmmodule.params["user_groupaccess"] + ''
if cpmmodule.params["user_accessserial"] is not None:
json_load = json_load + ',"accessserial": ' + str(cpmmodule.params["user_accessserial"]) + ''
if cpmmodule.params["user_accessssh"] is not None:
json_load = json_load + ',"accessssh": ' + str(cpmmodule.params["user_accessssh"]) + ''
if cpmmodule.params["user_accessweb"] is not None:
json_load = json_load + ',"accessweb": ' + str(cpmmodule.params["user_accessweb"]) + ''
if cpmmodule.params["user_accessoutbound"] is not None:
json_load = json_load + ',"accessoutbound": ' + str(cpmmodule.params["user_accessoutbound"]) + ''
if cpmmodule.params["user_accessapi"] is not None:
json_load = json_load + ',"accessapi": ' + str(cpmmodule.params["user_accessapi"]) + ''
if cpmmodule.params["user_accessmonitor"] is not None:
json_load = json_load + ',"accessmonitor": ' + str(cpmmodule.params["user_accessmonitor"]) + ''
if cpmmodule.params["user_callbackphone"] is not None:
json_load = json_load + ',"callbackphone": "' + cpmmodule.params["user_callbackphone"] + '"'
json_load = json_load + '}'
json_load = json_load + '}'
return json_load
def run_module():
module_args = dict(
cpm_action=dict(choices=['getuser', 'adduser', 'edituser', 'deleteuser'], required=True),
cpm_url=dict(type='str', required=True),
cpm_username=dict(type='str', required=True),
cpm_password=dict(type='str', required=True, no_log=True),
user_name=dict(type='str', required=True),
user_pass=dict(type='str', required=False, default=None, no_log=True),
user_accesslevel=dict(type='int', required=False, default=None, choices=[0, 1, 2, 3]),
user_accessssh=dict(type='int', required=False, default=None, choices=[0, 1]),
user_accessserial=dict(type='int', required=False, default=None, choices=[0, 1]),
user_accessweb=dict(type='int', required=False, default=None, choices=[0, 1]),
user_accessapi=dict(type='int', required=False, default=None, choices=[0, 1]),
user_accessmonitor=dict(type='int', required=False, default=None, choices=[0, 1]),
user_accessoutbound=dict(type='int', required=False, default=None, choices=[0, 1]),
user_portaccess=dict(type='str', required=False, default=None),
user_plugaccess=dict(type='str', required=False, default=None),
user_groupaccess=dict(type='str', required=False, default=None),
user_callbackphone=dict(type='str', required=False, default=None),
use_https=dict(type='bool', default=True),
validate_certs=dict(type='bool', default=True),
use_proxy=dict(type='bool', default=False)
)
result = dict(
changed=False,
data=''
)
module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
if module.check_mode:
return result
auth = to_text(base64.b64encode(to_bytes('{0}:{1}'.format(module.params['cpm_username'], module.params['cpm_password']),
errors='surrogate_or_strict')))
if module.params['use_https'] is True:
protocol = "https://"
else:
protocol = "http://"
payload = None
if (module.params['cpm_action'] == 'getuser'):
fullurl = ("%s%s/api/v2/config/users?username=%s" % (protocol, module.params['cpm_url'], module.params['user_name']))
method = 'GET'
elif (module.params['cpm_action'] == 'adduser'):
if module.params["user_pass"] is None or (len(module.params["user_pass"]) == 0):
module.fail_json(msg='user_pass not defined.', **result)
payload = assemble_json(module)
fullurl = ("%s%s/api/v2/config/users" % (protocol, module.params['cpm_url']))
method = 'POST'
elif (module.params['cpm_action'] == 'edituser'):
payload = assemble_json(module)
fullurl = ("%s%s/api/v2/config/users" % (protocol, module.params['cpm_url']))
method = 'PUT'
elif (module.params['cpm_action'] == 'deleteuser'):
fullurl = ("%s%s/api/v2/config/users?username=%s" % (protocol, module.params['cpm_url'], module.params['user_name']))
method = 'DELETE'
try:
response = open_url(fullurl, data=payload, method=method, validate_certs=module.params['validate_certs'], use_proxy=module.params['use_proxy'],
headers={'Content-Type': 'application/json', 'Authorization': "Basic %s" % auth})
if (method != 'GET'):
result['changed'] = True
except HTTPError as e:
fail_json = dict(msg='Received HTTP error for {0} : {1}'.format(fullurl, to_native(e)), changed=False)
module.fail_json(**fail_json)
except URLError as e:
fail_json = dict(msg='Failed lookup url for {0} : {1}'.format(fullurl, to_native(e)), changed=False)
module.fail_json(**fail_json)
except SSLValidationError as e:
fail_json = dict(msg='Error validating the server''s certificate for {0} : {1}'.format(fullurl, to_native(e)), changed=False)
module.fail_json(**fail_json)
except ConnectionError as e:
fail_json = dict(msg='Error connecting to for {0} : {1}'.format(fullurl, to_native(e)), changed=False)
module.fail_json(**fail_json)
result['data'] = to_text(response.read())
module.exit_json(**result)
def main():
run_module()
if __name__ == '__main__':
main()