win_user: Clean up parameter handling and $result hash (#21375)
* win_user: Clean up parameter handling and $result hash Changes include: - Use of Get-AnsibleParam and parameter types/validateset - Removed parameter validation - Replace $result PSObject with normal hash * Revert to original formatting * Parameter "groups" is a list
This commit is contained in:
parent
36e6c7973d
commit
78c300412d
1 changed files with 32 additions and 66 deletions
|
@ -51,56 +51,28 @@ function Clear-UserFlag($user, $flag) {
|
|||
|
||||
$params = Parse-Args $args;
|
||||
|
||||
$result = New-Object psobject @{
|
||||
$result = @{
|
||||
changed = $false
|
||||
};
|
||||
|
||||
$username = Get-Attr $params "name" -failifempty $true
|
||||
$fullname = Get-Attr $params "fullname"
|
||||
$description = Get-Attr $params "description"
|
||||
$password = Get-Attr $params "password"
|
||||
$username = Get-AnsibleParam -obj $params -name "name" -type "str" -failifempty $true
|
||||
$fullname = Get-AnsibleParam -obj $params -name "fullname" -type "str"
|
||||
$description = Get-AnsibleParam -obj $params -name "description" -type "str"
|
||||
$password = Get-AnsibleParam -obj $params -name "password" -type "str"
|
||||
$state = Get-AnsibleParam -obj $params -name "state" -type "str" -default "present" -validateset "present","absent","query"
|
||||
$update_password = Get-AnsibleParam -obj $params -name "update_password" -type "str" -default "always" -validateset "always","on_create"
|
||||
$password_expired = Get-AnsibleParam -obj $params -name "password_expired" -type "bool"
|
||||
$password_never_expires = Get-AnsibleParam -obj $params -name "password_never_expires" -type "bool"
|
||||
$user_cannot_change_password = Get-AnsibleParam -obj $params -name "user_cannot_change_password" -type "bool"
|
||||
$account_disabled = Get-AnsibleParam -obj $params -name "account_disabled" -type "bool"
|
||||
$account_locked = Get-AnsibleParam -obj $params -name "account_locked" -type "bool"
|
||||
$groups = Get-AnsibleParam -obj $params -name "groups"
|
||||
$groups_action = Get-AnsibleParam -obj $params -name "groups_action" -type "str" -default "replace" -validateset "add","remove","replace"
|
||||
|
||||
$state = Get-Attr $params "state" "present"
|
||||
$state = $state.ToString().ToLower()
|
||||
If (($state -ne 'present') -and ($state -ne 'absent') -and ($state -ne 'query')) {
|
||||
Fail-Json $result "state is '$state'; must be 'present', 'absent' or 'query'"
|
||||
If ($account_locked -ne $null -and $account_locked) {
|
||||
Fail-Json $result "account_locked must be set to 'no' if provided"
|
||||
}
|
||||
|
||||
$update_password = Get-Attr $params "update_password" "always"
|
||||
$update_password = $update_password.ToString().ToLower()
|
||||
If (($update_password -ne 'always') -and ($update_password -ne 'on_create')) {
|
||||
Fail-Json $result "update_password is '$update_password'; must be 'always' or 'on_create'"
|
||||
}
|
||||
|
||||
$password_expired = Get-Attr $params "password_expired" $null
|
||||
If ($password_expired -ne $null) {
|
||||
$password_expired = $password_expired | ConvertTo-Bool
|
||||
}
|
||||
|
||||
$password_never_expires = Get-Attr $params "password_never_expires" $null
|
||||
If ($password_never_expires -ne $null) {
|
||||
$password_never_expires = $password_never_expires | ConvertTo-Bool
|
||||
}
|
||||
|
||||
$user_cannot_change_password = Get-Attr $params "user_cannot_change_password" $null
|
||||
If ($user_cannot_change_password -ne $null) {
|
||||
$user_cannot_change_password = $user_cannot_change_password | ConvertTo-Bool
|
||||
}
|
||||
|
||||
$account_disabled = Get-Attr $params "account_disabled" $null
|
||||
If ($account_disabled -ne $null) {
|
||||
$account_disabled = $account_disabled | ConvertTo-Bool
|
||||
}
|
||||
|
||||
$account_locked = Get-Attr $params "account_locked" $null
|
||||
If ($account_locked -ne $null) {
|
||||
$account_locked = $account_locked | ConvertTo-Bool
|
||||
if ($account_locked) {
|
||||
Fail-Json $result "account_locked must be set to 'no' if provided"
|
||||
}
|
||||
}
|
||||
|
||||
$groups = Get-Attr $params "groups" $null
|
||||
If ($groups -ne $null) {
|
||||
If ($groups -is [System.String]) {
|
||||
[string[]]$groups = $groups.Split(",")
|
||||
|
@ -114,12 +86,6 @@ If ($groups -ne $null) {
|
|||
}
|
||||
}
|
||||
|
||||
$groups_action = Get-Attr $params "groups_action" "replace"
|
||||
$groups_action = $groups_action.ToString().ToLower()
|
||||
If (($groups_action -ne 'replace') -and ($groups_action -ne 'add') -and ($groups_action -ne 'remove')) {
|
||||
Fail-Json $result "groups_action is '$groups_action'; must be 'replace', 'add' or 'remove'"
|
||||
}
|
||||
|
||||
$user_obj = Get-User $username
|
||||
|
||||
If ($state -eq 'present') {
|
||||
|
@ -246,31 +212,31 @@ ElseIf ($state -eq 'absent') {
|
|||
try {
|
||||
If ($user_obj -and $user_obj -is [System.DirectoryServices.DirectoryEntry]) {
|
||||
$user_obj.RefreshCache()
|
||||
Set-Attr $result "name" $user_obj.Name[0]
|
||||
Set-Attr $result "fullname" $user_obj.FullName[0]
|
||||
Set-Attr $result "path" $user_obj.Path
|
||||
Set-Attr $result "description" $user_obj.Description[0]
|
||||
Set-Attr $result "password_expired" ($user_obj.PasswordExpired | ConvertTo-Bool)
|
||||
Set-Attr $result "password_never_expires" (Get-UserFlag $user_obj $ADS_UF_DONT_EXPIRE_PASSWD)
|
||||
Set-Attr $result "user_cannot_change_password" (Get-UserFlag $user_obj $ADS_UF_PASSWD_CANT_CHANGE)
|
||||
Set-Attr $result "account_disabled" $user_obj.AccountDisabled
|
||||
Set-Attr $result "account_locked" $user_obj.IsAccountLocked
|
||||
Set-Attr $result "sid" (New-Object System.Security.Principal.SecurityIdentifier($user_obj.ObjectSid.Value, 0)).Value
|
||||
$result.name = $user_obj.Name[0]
|
||||
$result.fullname = $user_obj.FullName[0]
|
||||
$result.path = $user_obj.Path
|
||||
$result.description = $user_obj.Description[0]
|
||||
$result.password_expired = ($user_obj.PasswordExpired | ConvertTo-Bool)
|
||||
$result.password_never_expires = (Get-UserFlag $user_obj $ADS_UF_DONT_EXPIRE_PASSWD)
|
||||
$result.user_cannot_change_password = (Get-UserFlag $user_obj $ADS_UF_PASSWD_CANT_CHANGE)
|
||||
$result.account_disabled = $user_obj.AccountDisabled
|
||||
$result.account_locked = $user_obj.IsAccountLocked
|
||||
$result.sid = (New-Object System.Security.Principal.SecurityIdentifier($user_obj.ObjectSid.Value, 0)).Value
|
||||
$user_groups = @()
|
||||
ForEach ($grp in $user_obj.Groups()) {
|
||||
$group_result = New-Object psobject @{
|
||||
$group_result = @{
|
||||
name = $grp.GetType().InvokeMember("Name", "GetProperty", $null, $grp, $null)
|
||||
path = $grp.GetType().InvokeMember("ADsPath", "GetProperty", $null, $grp, $null)
|
||||
}
|
||||
$user_groups += $group_result;
|
||||
}
|
||||
Set-Attr $result "groups" $user_groups
|
||||
Set-Attr $result "state" "present"
|
||||
$result.groups = $user_groups
|
||||
$result.state = "present"
|
||||
}
|
||||
Else {
|
||||
Set-Attr $result "name" $username
|
||||
Set-Attr $result "msg" "User '$username' was not found"
|
||||
Set-Attr $result "state" "absent"
|
||||
$result.name = $username
|
||||
$result.msg = "User '$username' was not found"
|
||||
$result.state = "absent"
|
||||
}
|
||||
}
|
||||
catch {
|
||||
|
|
Loading…
Reference in a new issue