2
# -*- coding: utf-8 -*-
4
# (c) 2013, Nimbis Services, Inc.
6
# This file is part of Ansible
8
# Ansible is free software: you can redistribute it and/or modify
9
# it under the terms of the GNU General Public License as published by
10
# the Free Software Foundation, either version 3 of the License, or
11
# (at your option) any later version.
13
# Ansible is distributed in the hope that it will be useful,
14
# but WITHOUT ANY WARRANTY; without even the implied warranty of
15
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
# GNU General Public License for more details.
18
# You should have received a copy of the GNU General Public License
19
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
24
short_description: manage user files for basic authentication
26
- Add and remove username/password entries in a password file using htpasswd.
27
- This is used by web servers such as Apache and Nginx for basic authentication.
31
aliases: [ dest, destfile ]
33
- Path to the file that contains the usernames and passwords
38
- User name to add or remove
42
- Password associated with user.
43
- Must be specified if user does not exist yet
46
default: "apr_md5_crypt"
48
- 'Encryption scheme to be used. One of: "apr_md5_crypt", "des_crypt", "ldap_sha1" or "plaintext"'
51
choices: [ present, absent ]
54
- Whether the user entry should be present or not
57
choices: [ "yes", "no" ]
60
- Used with C(state=present). If specified, the file will be created
61
if it does not already exist. If set to "no", will fail if the
64
- "This module depends on the I(passlib) Python library, which needs to be installed on all target systems."
65
- "On Debian, Ubuntu, or Fedora: install I(python-passlib)."
66
- "On RHEL or CentOS: Enable EPEL, then install I(python-passlib)."
67
requires: [ passlib>=1.6 ]
68
author: Lorin Hochstein
72
# Add a user to a password file and ensure permissions are set
73
- htpasswd: path=/etc/nginx/passwdfile name=janedoe password=9s36?;fyNp owner=root group=www-data mode=0640
74
# Remove a user from a password file
75
- htpasswd: path=/etc/apache2/passwdfile name=foobar state=absent
80
from distutils.version import StrictVersion
83
from passlib.apache import HtpasswdFile
86
passlib_installed = False
88
passlib_installed = True
91
def create_missing_directories(dest):
92
destpath = os.path.dirname(dest)
93
if not os.path.exists(destpath):
97
def present(dest, username, password, crypt_scheme, create, check_mode):
98
""" Ensures user is present
100
Returns (msg, changed) """
101
if not os.path.exists(dest):
103
raise ValueError('Destination %s does not exist' % dest)
105
return ("Create %s" % dest, True)
106
create_missing_directories(dest)
107
if StrictVersion(passlib.__version__) >= StrictVersion('1.6'):
108
ht = HtpasswdFile(dest, new=True, default_scheme=crypt_scheme)
110
ht = HtpasswdFile(dest, autoload=False, default=crypt_scheme)
111
if getattr(ht, 'set_password', None):
112
ht.set_password(username, password)
114
ht.update(username, password)
116
return ("Created %s and added %s" % (dest, username), True)
118
if StrictVersion(passlib.__version__) >= StrictVersion('1.6'):
119
ht = HtpasswdFile(dest, new=False, default_scheme=crypt_scheme)
121
ht = HtpasswdFile(dest, default=crypt_scheme)
124
if getattr(ht, 'check_password', None):
125
found = ht.check_password(username, password)
127
found = ht.verify(username, password)
130
return ("%s already present" % username, False)
133
if getattr(ht, 'set_password', None):
134
ht.set_password(username, password)
136
ht.update(username, password)
138
return ("Add/update %s" % username, True)
141
def absent(dest, username, check_mode):
142
""" Ensures user is absent
144
Returns (msg, changed) """
145
if not os.path.exists(dest):
146
raise ValueError("%s does not exists" % dest)
148
if StrictVersion(passlib.__version__) >= StrictVersion('1.6'):
149
ht = HtpasswdFile(dest, new=False)
151
ht = HtpasswdFile(dest)
153
if username not in ht.users():
154
return ("%s not present" % username, False)
159
return ("Remove %s" % username, True)
162
def check_file_attrs(module, changed, message):
164
file_args = module.load_file_common_arguments(module.params)
165
if module.set_file_attributes_if_different(file_args, False):
170
message += "ownership, perms or SE linux context changed"
172
return message, changed
177
path=dict(required=True, aliases=["dest", "destfile"]),
178
name=dict(required=True, aliases=["username"]),
179
password=dict(required=False, default=None),
180
crypt_scheme=dict(required=False, default=None),
181
state=dict(required=False, default="present"),
182
create=dict(type='bool', default='yes'),
185
module = AnsibleModule(argument_spec=arg_spec,
186
add_file_common_args=True,
187
supports_check_mode=True)
189
path = module.params['path']
190
username = module.params['name']
191
password = module.params['password']
192
crypt_scheme = module.params['crypt_scheme']
193
state = module.params['state']
194
create = module.params['create']
195
check_mode = module.check_mode
197
if not passlib_installed:
198
module.fail_json(msg="This module requires the passlib Python library")
201
if state == 'present':
202
(msg, changed) = present(path, username, password, crypt_scheme, create, check_mode)
203
elif state == 'absent':
204
(msg, changed) = absent(path, username, check_mode)
206
module.fail_json(msg="Invalid state: %s" % state)
208
check_file_attrs(module, changed, msg)
209
module.exit_json(msg=msg, changed=changed)
211
module.fail_json(msg=str(e))
214
# this is magic, see lib/ansible/module_common.py
215
#<<INCLUDE_ANSIBLE_MODULE_COMMON>>
217
if __name__ == '__main__':