diff --git a/molecule/users/converge.yml b/molecule/system_access_users/converge.yml similarity index 87% rename from molecule/users/converge.yml rename to molecule/system_access_users/converge.yml index 5fe68a94..9d6fd60c 100644 --- a/molecule/users/converge.yml +++ b/molecule/system_access_users/converge.yml @@ -9,13 +9,13 @@ # Test User minimum requirements - name: "Test User 1: Test minimum requirements User Creation" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_1 password: test_password_1 # Test User minimum requirements disabled - name: "Test User 2: Test disabled User Creation" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_2 password: test_password_2 full_name: "Test User 2: Test disabled User Creation" @@ -23,14 +23,14 @@ # Test User with Full Name - name: "Test User 3: Test User Creation with Full Name" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_3 password: test_password_3 full_name: "Test User 3: Test User Creation with Full Name" # Test User with E-Mail - name: "Test User 4: Test User Creation with E-Mail" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_4 password: test_password_4 email: test_user_4@test.ch @@ -38,7 +38,7 @@ # Test User with Comment - name: "Test User 5: Test User Creation with Comment" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_5 password: test_password_5 comment: Test User 5 Comment @@ -46,7 +46,7 @@ # Test User with Preferred landing page - name: "Test User 6: Test User Creation with Preferred landing page" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_6 password: test_password_6 landing_page: /ui/ipsec/sessions @@ -54,7 +54,7 @@ # Test User with nologin shell - name: "Test User 7: Test User Creation with nologin shell" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_7 password: test_password_7 shell: /sbin/nologin @@ -62,7 +62,7 @@ # Test User with csh shell - name: "Test User 8: Test User Creation with csh shell" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_8 password: test_password_8 shell: /bin/csh @@ -70,7 +70,7 @@ # Test User with sh shell - name: "Test User 9: Test User Creation with sh shell" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_9 password: test_password_9 shell: /bin/sh @@ -78,7 +78,7 @@ # Test User with tcsh shell - name: "Test User 10: Test User Creation with tcsh shell" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_10 password: test_password_10 shell: /bin/tcsh @@ -86,7 +86,7 @@ # Test User with Expiration date - name: "Test User 11: Test User Creation with Expiration date" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_11 password: test_password_11 expires: 02/27/2024 @@ -94,7 +94,7 @@ # Test User with group as string - name: "Test User 12: Test User Creation with group as string" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_12 password: test_password_12 full_name: "Test User 12: Test User Creation with group as string" @@ -102,7 +102,7 @@ # Test User with group as list - name: "Test User 13: Test User Creation with group as list" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_13 password: test_password_13 full_name: "Test User 13: Test User Creation with group as list" @@ -111,7 +111,7 @@ # Test User with not existing group as list - name: "Test User 14: Test User Creation with not existing group as list" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_14 password: test_password_14 full_name: "Test User 14: Test User Creation with not existing group as list" @@ -129,7 +129,7 @@ # Test User with empty otp_seed - name: "Test User 15: Test User Creation with empty otp_seed" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_15 password: test_password_15 otp_seed: "" @@ -137,7 +137,7 @@ # Test User with otp_seed - name: "Test User 16: Test User Creation with otp_seed" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_16 password: test_password_16 otp_seed: test_seed @@ -145,7 +145,7 @@ # Test User with empty authorizedkeys - name: "Test User 17: Test User Creation with empty authorizedkeys" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_17 password: test_password_17 authorizedkeys: "" @@ -153,7 +153,7 @@ # Test User with authorizedkeys - name: "Test User 18: Test User Creation with authorizedkeys" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_18 password: test_password_18 authorizedkeys: test_authorized_key @@ -161,7 +161,7 @@ # Test User with api_keys - name: "Test User 19: Test User Creation with api_keys" - puzzle.opnsense.users: + puzzle.opnsense.system_access_users: username: test_user_19 password: test_password_19 apikeys: "" diff --git a/molecule/users/molecule.yml b/molecule/system_access_users/molecule.yml similarity index 97% rename from molecule/users/molecule.yml rename to molecule/system_access_users/molecule.yml index 1c4824ba..02a2410c 100644 --- a/molecule/users/molecule.yml +++ b/molecule/system_access_users/molecule.yml @@ -1,6 +1,6 @@ --- scenario: - name: users + name: system_access_users test_sequence: # - dependency not relevant unless we have requirements - destroy diff --git a/molecule/users/verify.yml b/molecule/system_access_users/verify.yml similarity index 100% rename from molecule/users/verify.yml rename to molecule/system_access_users/verify.yml diff --git a/plugins/module_utils/module_index.py b/plugins/module_utils/module_index.py index 7b62180e..d8db3835 100644 --- a/plugins/module_utils/module_index.py +++ b/plugins/module_utils/module_index.py @@ -97,7 +97,7 @@ }, }, }, - "users": { + "system_access_users": { "users": "system/user", "uid": "system/nextuid", "gid": "system/nextgid", @@ -185,7 +185,7 @@ }, }, }, - "users": { + "system_access_users": { "users": "system/user", "uid": "system/nextuid", "gid": "system/nextgid", @@ -273,7 +273,7 @@ }, }, }, - "users": { + "system_access_users": { "users": "system/user", "uid": "system/nextuid", "gid": "system/nextgid", diff --git a/plugins/module_utils/users_utils.py b/plugins/module_utils/users_utils.py index d6c07ab1..b0a3c2d0 100644 --- a/plugins/module_utils/users_utils.py +++ b/plugins/module_utils/users_utils.py @@ -587,7 +587,7 @@ class UserSet(OPNsenseModuleConfig): _users: List[User] def __init__(self, path: str = "/conf/config.xml"): - super().__init__(module_name="users", path=path) + super().__init__(module_name="system_access_users", path=path) self._users = self._load_users() self._groups = self._load_groups() diff --git a/plugins/modules/system_access_users.py b/plugins/modules/system_access_users.py index 378bfe77..d0e96e45 100644 --- a/plugins/modules/system_access_users.py +++ b/plugins/modules/system_access_users.py @@ -5,7 +5,7 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) -"""User module: Read, write, edit operations for OPNsense Users """ +"""system_access_users module: Read, write, edit operations for OPNsense Users """ __metaclass__ = type diff --git a/plugins/modules/users.py b/plugins/modules/users.py deleted file mode 100644 index 52bb30cd..00000000 --- a/plugins/modules/users.py +++ /dev/null @@ -1,247 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- - -# Copyright: (c) 2024, Puzzle ITC, Kilian Soltermann -# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) - - -"""User module: Read, write, edit operations for OPNsense Users """ - -__metaclass__ = type - -# https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_documenting.html -# fmt: off - -DOCUMENTATION = r''' ---- -module: users -short_description: Manage OPNsense users -description: - - This module allows you to manage users on an OPNsense firewall. -author: - - Kilian Soltermann (@killuuuhh) -version_added: "1.0.0" -options: - username: - description: - - The username of the OPNsense user. - required: true - type: str - password: - description: - - The password of the OPNsense user. - required: true - type: str - disabled: - description: - - Indicates whether the user account should be disabled. - required: false - default: false - type: bool - full_name: - description: - - The full name of the OPNsense user. - required: false - type: str - email: - description: - - The email address of the OPNsense user. - required: false - type: str - comment: - description: - - Additional comments or notes for the OPNsense user. - required: false - type: str - landing_page: - description: - - The landing page for the OPNsense user. - required: false - type: str - shell: - description: - - The shell for the OPNsense user. - required: false - type: str - expires: - description: - - The expiration date for the OPNsense user account. - required: false - type: str - groups: - description: - - A list of groups the OPNsense user belongs to. - required: false - type: list - elements: str - apikeys: - description: - - A list of apikeys for an OPNsense User. Generates new apikey if "" is provided. - required: false - type: list - elements: str - otp_seed: - description: - - The otp_seed of a OPNsense user. - required: false - type: str - authorizedkeys: - description: - - The authorizedkeys of a OPNsense user. - required: false - type: str - scope: - description: - - The scope of the OPNsense user. - required: false - type: str - uid: - description: - - The UID of the OPNsense user. - required: false - type: str - state: - description: - - The desired state of the OPNsense user. - required: false - choices: - - present - - absent - default: present - type: str -''' - -EXAMPLES = r''' -- name: Add OPNsense user - opnsense_user: - username: johndoe - password: secret - full_name: John Doe - email: johndoe@example.com - groups: - - admins - state: present - register: result - -- name: Remove OPNsense user - opnsense_user: - username: johndoe - state: absent - register: result -''' - -RETURN = ''' -opnsense_configure_output: - description: A List of the executed OPNsense configure function along with their respective stdout, stderr and rc - returned: always - type: list - sample: - - function: "system_cron_configure" - params: [] - rc: 0 - stderr: "" - stderr_lines: [] - stdout: "" - stdout_lines: [] - - function: "filter_configure" - params: [] - rc: 0 - stderr: "" - stderr_lines: [] - stdout: "" - stdout_lines: [] -''' -# fmt: on -from typing import Optional - -from ansible.module_utils.basic import AnsibleModule - -from ansible_collections.puzzle.opnsense.plugins.module_utils.users_utils import User, UserSet - - -ANSIBLE_MANAGED: str = "[ ANSIBLE ]" - - -def main(): - module_args = { - "username": { - "type": "str", - "required": True, - }, - "password": {"type": "str", "required": True, "no_log": True}, - "disabled": {"type": "bool", "default": False}, - "full_name": {"type": "str", "required": False}, - "email": {"type": "str", "required": False}, - "comment": {"type": "str", "required": False}, - "landing_page": {"type": "str", "required": False}, - "shell": {"type": "str", "required": False}, - "expires": {"type": "str", "required": False}, - "otp_seed": {"type": "str", "required": False}, - "authorizedkeys": {"type": "str", "required": False, "no_log": True}, - "groups": {"type": "list", "required": False, "elements": "str"}, - "apikeys": {"type": "list", "required": False, "elements": "str", "no_log": True}, - "scope": {"type": "str", "required": False}, - "uid": {"type": "str", "required": False}, - "state": { - "type": "str", - "default": "present", - "choices": ["present", "absent"], - }, - } - - module: AnsibleModule = AnsibleModule( - argument_spec=module_args, - supports_check_mode=True, - ) - - # https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html - # https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_documenting.html#return-block - result = { - "changed": False, - "invocation": module.params, - "diff": None, - } - # make description ansible-managed - description: Optional[str] = module.params["full_name"] - - if description and ANSIBLE_MANAGED not in description: - description = f"{ANSIBLE_MANAGED} - {description}" - else: - description = ANSIBLE_MANAGED - - module.params["full_name"] = description - - ansible_user: User = User.from_ansible_module_params(module.params) - - ansible_user_state: str = module.params.get("state") - - with UserSet() as user_set: - if ansible_user_state == "present": - user_set.add_or_update(ansible_user) - elif ansible_user_state == "absent": - user_set.delete(ansible_user) - - if user_set.changed: - result["diff"] = user_set.diff - result["changed"] = True - - if user_set.changed and not module.check_mode: - user_set.save() - result["opnsense_configure_output"] = user_set.apply_settings() - - if ansible_user.apikeys: - result["apikeys"] = [] - for new_generated_api_key in ansible_user.apikeys: - result["apikeys"].append(new_generated_api_key["key"]) - - for cmd_result in result["opnsense_configure_output"]: - if cmd_result["rc"] != 0: - module.fail_json( - msg="Apply of the OPNsense settings failed", - details=cmd_result, - ) - module.exit_json(**result) - - -if __name__ == "__main__": - main() diff --git a/tests/unit/plugins/module_utils/test_users_utils.py b/tests/unit/plugins/module_utils/test_users_utils.py index ca7d8f82..764e803e 100644 --- a/tests/unit/plugins/module_utils/test_users_utils.py +++ b/tests/unit/plugins/module_utils/test_users_utils.py @@ -24,7 +24,7 @@ # Test version map for OPNsense versions and modules TEST_VERSION_MAP = { "OPNsense Test": { - "users": { + "system_access_users": { "users": "system/user", "uid": "system/nextuid", "gid": "system/nextgid",