ansible-role-elasticsearch/library/elasticsearch_user.py

#!/usr/bin/python

from ansible.module_utils.basic import *
from ansible.module_utils.elasticsearch_api import *

class ElasticsearchUser:
    def __init__(self, api_url, api_user, api_password, name, password, roles):
        self.api = ElasticsearchApi(
            api_url,
            api_user,
            api_password
        )
        self.api_url  = api_url
        self.name     = name
        self.password = password
        self.roles    = roles
        self.exist    = False
        self.data     = {}

    def get_data(self):
        status_code, data = self.api.get('_security/user/{}'.format(self.name))
        if status_code == 200:
            self.exist = True
            self.data  = data[self.name]

    def roles_have_changed(self):
        for role in self.roles:
            if role not in self.data['roles']:
                return True

        for role in self.data['roles']:
            if role not in self.roles:
                return True

        return False

    def password_has_changed(self):
        api = ElasticsearchApi(
            self.api_url,
            self.name,
            self.password
        )
        status_code, _ = api.get('_cluster/health')
        if status_code == 401:
            return True

        return False

    def has_changed(self):
        if self.roles_have_changed():
            return True

        if self.password_has_changed():
            return True

        return False

    def create(self):
        self.api.put(
            '_security/user/{}'.format(self.name),
            {
                'password': self.password,
                'roles': self.roles
            }
        )

    def delete(self):
        self.api.delete('_security/user/{}'.format(self.name))

        
def main():
    fields = {
        'name':         { 'type': 'str', 'required': True },
        'password':     { 'type': 'str', 'required': True, 'no_log': True },
        'roles':        { 'type': 'list', 'default': [] },
        'api_url':      { 'type': 'str', 'default': 'http://127.0.0.1:9200' },
        'api_user':     { 'type': 'str', 'default': None },
        'api_password': { 'type': 'str', 'default': None, 'no_log': True },
        'state':        { 'type': 'str', 'default': 'present', 'choice': ['present', 'absent'] },
    }
    module = AnsibleModule(argument_spec=fields)
    changed = False

    user = ElasticsearchUser(
        module.params['api_url'],
        module.params['api_user'],
        module.params['api_password'],
        module.params['name'],
        module.params['password'],
        module.params['roles'],
    )
    user.get_data()

    if module.params['state'] == 'present':
        if not user.exist or user.has_changed():
            user.create()
            changed = True
    else:
        if user.exist:
            user.delete()
            changed = True

    module.exit_json(changed=changed)

if __name__ == '__main__':
    main()
feat: manage users 2023-09-29 13:54:34 +00:00			`#!/usr/bin/python`

			`from ansible.module_utils.basic import *`
			`from ansible.module_utils.elasticsearch_api import *`

			`class ElasticsearchUser:`
			`def __init__(self, api_url, api_user, api_password, name, password, roles):`
			`self.api = ElasticsearchApi(`
			`api_url,`
			`api_user,`
			`api_password`
			`)`
			`self.api_url = api_url`
			`self.name = name`
			`self.password = password`
			`self.roles = roles`
			`self.exist = False`
			`self.data = {}`

			`def get_data(self):`
			`status_code, data = self.api.get('_security/user/{}'.format(self.name))`
			`if status_code == 200:`
			`self.exist = True`
			`self.data = data[self.name]`

			`def roles_have_changed(self):`
			`for role in self.roles:`
			`if role not in self.data['roles']:`
			`return True`

			`for role in self.data['roles']:`
			`if role not in self.roles:`
			`return True`

			`return False`

			`def password_has_changed(self):`
			`api = ElasticsearchApi(`
			`self.api_url,`
			`self.name,`
			`self.password`
			`)`
			`status_code, _ = api.get('_cluster/health')`
			`if status_code == 401:`
			`return True`

			`return False`

			`def has_changed(self):`
			`if self.roles_have_changed():`
			`return True`

			`if self.password_has_changed():`
			`return True`

			`return False`

			`def create(self):`
			`self.api.put(`
			`'_security/user/{}'.format(self.name),`
			`{`
			`'password': self.password,`
			`'roles': self.roles`
			`}`
			`)`

			`def delete(self):`
			`self.api.delete('_security/user/{}'.format(self.name))`


			`def main():`
			`fields = {`
			`'name': { 'type': 'str', 'required': True },`
			`'password': { 'type': 'str', 'required': True, 'no_log': True },`
			`'roles': { 'type': 'list', 'default': [] },`
			`'api_url': { 'type': 'str', 'default': 'http://127.0.0.1:9200' },`
			`'api_user': { 'type': 'str', 'default': None },`
			`'api_password': { 'type': 'str', 'default': None, 'no_log': True },`
			`'state': { 'type': 'str', 'default': 'present', 'choice': ['present', 'absent'] },`
			`}`
			`module = AnsibleModule(argument_spec=fields)`
			`changed = False`

			`user = ElasticsearchUser(`
			`module.params['api_url'],`
			`module.params['api_user'],`
			`module.params['api_password'],`
			`module.params['name'],`
			`module.params['password'],`
			`module.params['roles'],`
			`)`
			`user.get_data()`

			`if module.params['state'] == 'present':`
			`if not user.exist or user.has_changed():`
			`user.create()`
			`changed = True`
			`else:`
			`if user.exist:`
			`user.delete()`
			`changed = True`

			`module.exit_json(changed=changed)`

			`if __name__ == '__main__':`
			`main()`