summaryrefslogtreecommitdiff
path: root/lib/ansible/modules/user.py
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ansible/modules/user.py')
-rw-r--r--lib/ansible/modules/user.py71
1 files changed, 71 insertions, 0 deletions
diff --git a/lib/ansible/modules/user.py b/lib/ansible/modules/user.py
index 4abc74dc58..5e43d05191 100644
--- a/lib/ansible/modules/user.py
+++ b/lib/ansible/modules/user.py
@@ -238,6 +238,19 @@ options:
- Currently supported on Illumos/Solaris.
type: str
version_added: "2.8"
+ password_expire_max:
+ description:
+ - Maximum number of days between password change.
+ - Supported on Linux only.
+ type: int
+ version_added: "2.11"
+ password_expire_min:
+ description:
+ - Minimum number of days between password change.
+ - Supported on Linux only.
+ type: int
+ version_added: "2.11"
+
notes:
- There are specific requirements per platform on user management utilities. However
they generally come pre-installed with the system and Ansible will require they
@@ -299,6 +312,16 @@ EXAMPLES = r'''
ansible.builtin.user:
name: james18
expires: -1
+
+- name: Set maximum expiration date for password
+ user:
+ name: ram19
+ password_expire_max: 10
+
+- name: Set minimum expiration date for password
+ user:
+ name: pushkar15
+ password_expire_min: 5
'''
RETURN = r'''
@@ -400,6 +423,16 @@ uid:
returned: When I(uid) is passed to the module
type: int
sample: 1044
+password_expire_max:
+ description: Maximum number of days during which a password is valid.
+ returned: When user exists
+ type: int
+ sample: 20
+password_expire_min:
+ description: Minimum number of days between password change
+ returned: When user exists
+ type: int
+ sample: 20
'''
@@ -494,6 +527,8 @@ class User(object):
self.profile = module.params['profile']
self.authorization = module.params['authorization']
self.role = module.params['role']
+ self.password_expire_max = module.params['password_expire_max']
+ self.password_expire_min = module.params['password_expire_min']
if module.params['groups'] is not None:
self.groups = ','.join(module.params['groups'])
@@ -989,6 +1024,30 @@ class User(object):
info[1] = self.user_password()[0]
return info
+ def set_password_expire_max(self):
+ command_name = 'chage'
+ cmd = [self.module.get_bin_path(command_name, True)]
+ cmd.append('-M')
+ cmd.append(self.password_expire_max)
+ cmd.append(self.name)
+ if self.password_expire_max == spwd.getspnam(self.name).sp_max:
+ self.module.exit_json(changed=False)
+ else:
+ self.execute_command(cmd)
+ self.module.exit_json(changed=True)
+
+ def set_password_expire_min(self):
+ command_name = 'chage'
+ cmd = [self.module.get_bin_path(command_name, True)]
+ cmd.append('-m')
+ cmd.append(self.password_expire_min)
+ cmd.append(self.name)
+ if self.password_expire_min == spwd.getspnam(self.name).sp_min:
+ self.module.exit_json(changed=False)
+ else:
+ self.execute_command(cmd)
+ self.module.exit_json(changed=True)
+
def user_password(self):
passwd = ''
expires = ''
@@ -2957,6 +3016,8 @@ def main():
shell=dict(type='str'),
password=dict(type='str', no_log=True),
login_class=dict(type='str'),
+ password_expire_max=dict(type='int', no_log=False),
+ password_expire_min=dict(type='int', no_log=False),
# following options are specific to macOS
hidden=dict(type='bool'),
# following options are specific to selinux
@@ -3096,6 +3157,16 @@ def main():
result['ssh_key_file'] = user.get_ssh_key_path()
result['ssh_public_key'] = user.get_ssh_public_key()
+ # deal with password expire max
+ if user.password_expire_max:
+ if user.user_exists():
+ (rc, out, err) = user.set_password_expire_max()
+
+ # deal with password expire min
+ if user.password_expire_min:
+ if user.user_exists():
+ (rc, out, err) = user.set_password_expire_min()
+
module.exit_json(**result)