From 4344607d7d105e264a0edce19f63041158ae9cc7 Mon Sep 17 00:00:00 2001 From: pushkarkumar15 <61772513+pushkarkumar15@users.noreply.github.com> Date: Wed, 10 Feb 2021 03:11:15 +0530 Subject: user - add password expiration parameters (#69531) * Add integration test Co-authored-by: Sam Doran --- lib/ansible/modules/user.py | 71 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) (limited to 'lib/ansible/modules/user.py') diff --git a/lib/ansible/modules/user.py b/lib/ansible/modules/user.py index 4abc74dc58..5e43d05191 100644 --- a/lib/ansible/modules/user.py +++ b/lib/ansible/modules/user.py @@ -238,6 +238,19 @@ options: - Currently supported on Illumos/Solaris. type: str version_added: "2.8" + password_expire_max: + description: + - Maximum number of days between password change. + - Supported on Linux only. + type: int + version_added: "2.11" + password_expire_min: + description: + - Minimum number of days between password change. + - Supported on Linux only. + type: int + version_added: "2.11" + notes: - There are specific requirements per platform on user management utilities. However they generally come pre-installed with the system and Ansible will require they @@ -299,6 +312,16 @@ EXAMPLES = r''' ansible.builtin.user: name: james18 expires: -1 + +- name: Set maximum expiration date for password + user: + name: ram19 + password_expire_max: 10 + +- name: Set minimum expiration date for password + user: + name: pushkar15 + password_expire_min: 5 ''' RETURN = r''' @@ -400,6 +423,16 @@ uid: returned: When I(uid) is passed to the module type: int sample: 1044 +password_expire_max: + description: Maximum number of days during which a password is valid. + returned: When user exists + type: int + sample: 20 +password_expire_min: + description: Minimum number of days between password change + returned: When user exists + type: int + sample: 20 ''' @@ -494,6 +527,8 @@ class User(object): self.profile = module.params['profile'] self.authorization = module.params['authorization'] self.role = module.params['role'] + self.password_expire_max = module.params['password_expire_max'] + self.password_expire_min = module.params['password_expire_min'] if module.params['groups'] is not None: self.groups = ','.join(module.params['groups']) @@ -989,6 +1024,30 @@ class User(object): info[1] = self.user_password()[0] return info + def set_password_expire_max(self): + command_name = 'chage' + cmd = [self.module.get_bin_path(command_name, True)] + cmd.append('-M') + cmd.append(self.password_expire_max) + cmd.append(self.name) + if self.password_expire_max == spwd.getspnam(self.name).sp_max: + self.module.exit_json(changed=False) + else: + self.execute_command(cmd) + self.module.exit_json(changed=True) + + def set_password_expire_min(self): + command_name = 'chage' + cmd = [self.module.get_bin_path(command_name, True)] + cmd.append('-m') + cmd.append(self.password_expire_min) + cmd.append(self.name) + if self.password_expire_min == spwd.getspnam(self.name).sp_min: + self.module.exit_json(changed=False) + else: + self.execute_command(cmd) + self.module.exit_json(changed=True) + def user_password(self): passwd = '' expires = '' @@ -2957,6 +3016,8 @@ def main(): shell=dict(type='str'), password=dict(type='str', no_log=True), login_class=dict(type='str'), + password_expire_max=dict(type='int', no_log=False), + password_expire_min=dict(type='int', no_log=False), # following options are specific to macOS hidden=dict(type='bool'), # following options are specific to selinux @@ -3096,6 +3157,16 @@ def main(): result['ssh_key_file'] = user.get_ssh_key_path() result['ssh_public_key'] = user.get_ssh_public_key() + # deal with password expire max + if user.password_expire_max: + if user.user_exists(): + (rc, out, err) = user.set_password_expire_max() + + # deal with password expire min + if user.password_expire_min: + if user.user_exists(): + (rc, out, err) = user.set_password_expire_min() + module.exit_json(**result) -- cgit v1.2.1