1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2021, Simon Dodsley (simon@purestorage.com)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {
"metadata_version": "1.1",
"status": ["preview"],
"supported_by": "community",
}
DOCUMENTATION = r"""
---
module: purefb_admin
version_added: '1.8.0'
short_description: Configure Pure Storage FlashBlade Global Admin settings
description:
- Set global admin settings for the FlashBlade
author:
- Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com>
options:
max_login:
description:
- Maximum number of failed logins before account is locked
type: int
min_password:
description:
- Minimum user password length
- Range between 1 and 100
default: 1
type: int
lockout:
description:
- Account lockout duration, in seconds, after max_login exceeded
- Range between 1 second and 90 days (7776000 seconds)
type: int
extends_documentation_fragment:
- purestorage.flashblade.purestorage.fb
"""
EXAMPLES = r"""
- name: Set global login parameters
purestorage.flashblade.purefb_admin:
max_login: 5
min_password: 10
lockout: 300
fb_url: 10.10.10.2
api_token: T-55a68eb5-c785-4720-a2ca-8b03903bf641
"""
RETURN = r"""
"""
HAS_PURESTORAGE = True
try:
from pypureclient.flashblade import AdminSetting
except ImportError:
HAS_PURESTORAGE = False
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.purestorage.flashblade.plugins.module_utils.purefb import (
get_system,
purefb_argument_spec,
)
MIN_API_VERSION = "2.3"
def main():
argument_spec = purefb_argument_spec()
argument_spec.update(
dict(
max_login=dict(type="int"),
min_password=dict(type="int", default=1, no_log=False),
lockout=dict(type="int"),
)
)
module = AnsibleModule(argument_spec, supports_check_mode=True)
if not HAS_PURESTORAGE:
module.fail_json(msg="py-pure-client sdk is required for this module")
if module.params["lockout"] and not 1 <= module.params["lockout"] <= 7776000:
module.fail_json(msg="Lockout must be between 1 and 7776000 seconds")
if not 1 <= module.params["min_password"] <= 100:
module.fail_json(msg="Minimum password length must be between 1 and 100")
blade = get_system(module)
api_version = list(blade.get_versions().items)
changed = False
if MIN_API_VERSION in api_version:
current_settings = list(blade.get_admins_settings().items)[0]
lockout = getattr(current_settings, "lockout_duration", None)
max_login = getattr(current_settings, "max_login_attempts", None)
min_password = getattr(current_settings, "min_password_length", 1)
if min_password != module.params["min_password"]:
changed = True
min_password = module.params["min_password"]
if lockout and lockout != module.params["lockout"] * 1000:
changed = True
lockout = module.params["lockout"] * 1000
elif not lockout and module.params["lockout"]:
changed = True
lockout = module.params["lockout"] * 1000
if max_login and max_login != module.params["max_login"]:
changed = True
max_login = module.params["max_login"]
elif not max_login and module.params["max_login"]:
changed = True
max_login = module.params["max_login"]
if changed and not module.check_mode:
admin = AdminSetting(
min_password_length=min_password,
max_login_attempts=max_login,
lockout_duration=lockout,
)
res = blade.patch_admins_settings(admin_setting=admin)
if res.status_code != 200:
module.fail_json(
msg="Failed to change Global Admin settings. Error: {0}".format(
res.errors[0].message
)
)
else:
module.fail_json(msg="Purity version does not support Global Admin settings")
module.exit_json(changed=changed)
if __name__ == "__main__":
main()
|
