fix: change password for builtin users

2023-10-17 09:47:10 +02:00 · 2023-10-17 09:47:10 +02:00 · 0ab1bd2023
commit 0ab1bd2023
parent f1ba54d2ad
4 changed files with 61 additions and 6 deletions
--- a/library/elasticsearch_user.py
+++ b/library/elasticsearch_user.py
@ -17,6 +17,21 @@ class ElasticsearchUser:
        self.exist    = False
        self.data     = {}

+    def is_builtin(self):
+        users = [
+            'apm_system',
+            'beats_system',
+            'elastic',
+            'kibana',
+            'kibana_system',
+            'logstash_system',
+            'remote_monitoring_user'
+        ]
+        if self.name in users:
+            return True
+
+        return False
+
    def get_data(self):
        status_code, data = self.api.get('_security/user/{}'.format(self.name))
        if status_code == 200:
@ -64,6 +79,14 @@ class ElasticsearchUser:
            }
        )

+    def change_password(self):
+        self.api.post(
+            '_security/user/{}/_password'.format(self.name),
+            {
+                'password': self.password
+            }
+        )
+
    def delete(self):
        self.api.delete('_security/user/{}'.format(self.name))

@ -91,14 +114,19 @@ def main():
    )
    user.get_data()

-    if module.params['state'] == 'present':
-        if not user.exist or user.has_changed():
-            user.create()
+    if user.is_builtin():
+        if user.password_has_changed():
+            user.change_password()
            changed = True
    else:
-        if user.exist:
-            user.delete()
-            changed = True
+        if module.params['state'] == 'present':
+            if not user.exist or user.has_changed():
+                user.create()
+                changed = True
+        else:
+            if user.exist:
+                user.delete()
+                changed = True

    module.exit_json(changed=changed)