Skip to content

Commit

Permalink
Expose password_profile options in azure_rm_aduser (#1376)
Browse files Browse the repository at this point in the history 
* Normalize 'password' vs 'password_profile' variable and option names
* Add options for 'force password change on next logon'
  • Loading branch information
@pluto00987
pluto00987 committed Apr 29, 2024
1 parent 9220106 commit 905cedf
Showing 1 changed file with 37 additions and 17 deletions.
54 changes: 37 additions & 17 deletions plugins/modules/azure_rm_aduser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,11 +70,24 @@
- The mail alias for the user.
- Used when either creating or updating a user account.
type: str
password_profile:
password:
description:
- The password for the user.
- Used when either creating or updating a user account.
type: str
aliases:
- password_profile
password_force_change:
description:
- Whether or not the user will be forced to change their password at next logon.
- If unspecified, Azure defaults this to true for new users.
- Used when either creating or updating a user account.
type: bool
password_force_change_mfa:
description:
- Identical behavior to password_force_change except multi-factor authentication (MFA) must be performed prior to changing the password.
- Used when either creating or updating a user account.
type: bool
usage_location:
description:
- A two letter country code, ISO standard 3166.
Expand Down Expand Up @@ -146,7 +159,7 @@
state: "present"
account_enabled: "True"
display_name: "Test_{{ user_principal_name }}_Display_Name"
password_profile: "password"
password: "password"
mail_nickname: "Test_{{ user_principal_name }}_mail_nickname"
on_premises_immutable_id: "{{ object_id }}"
given_name: "First"
Expand Down Expand Up @@ -259,7 +272,9 @@ def __init__(self):
odata_filter=dict(type='str'),
account_enabled=dict(type='bool'),
display_name=dict(type='str'),
password_profile=dict(type='str', no_log=True),
password=dict(type='str', no_log=True, aliases=['password_profile']),
password_force_change=dict(type='bool', no_log=False),
password_force_change_mfa=dict(type='bool', no_log=False),
mail_nickname=dict(type='str'),
on_premises_immutable_id=dict(type='str', aliases=['immutable_id']),
usage_location=dict(type='str'),
Expand All @@ -279,7 +294,9 @@ def __init__(self):
self.odata_filter = None
self.account_enabled = None
self.display_name = None
self.password_profile = None
self.password = None
self.password_force_change = None
self.password_force_change_mfa = None
self.mail_nickname = None
self.on_premises_immutable_id = None
self.usage_location = None
Expand Down Expand Up @@ -327,12 +344,11 @@ def exec_module(self, **kwargs):

if ad_user: # Update, changed

password = None

if self.password_profile:
password = PasswordProfile(
password=self.password_profile,
)
password_profile = PasswordProfile(
password=self.password,
force_change_password_next_sign_in=self.password_force_change,
force_change_password_next_sign_in_with_mfa=self.password_force_change_mfa
)

should_update = False
if self.on_premises_immutable_id and ad_user.on_premises_immutable_id != self.on_premises_immutable_id:
Expand All @@ -349,7 +365,11 @@ def exec_module(self, **kwargs):
should_update = True
if should_update or self.display_name and ad_user.display_name != self.display_name:
should_update = True
if should_update or password:
if should_update or self.password is not None:
should_update = True
if should_update or self.password_force_change is not None:
should_update = True
if should_update or self.password_force_change_mfa is not None:
should_update = True
if should_update or self.user_principal_name and ad_user.user_principal_name != self.user_principal_name:
should_update = True
Expand All @@ -362,7 +382,7 @@ def exec_module(self, **kwargs):
self.on_premises_extension_attributes_to_dict(ad_user.on_premises_extension_attributes) != self.on_premises_extension_attributes):
should_update = True
if should_update:
asyncio.get_event_loop().run_until_complete(self.update_user(ad_user, password, extension_attributes))
asyncio.get_event_loop().run_until_complete(self.update_user(ad_user, password_profile, extension_attributes))

self.results['changed'] = True

Expand Down Expand Up @@ -453,7 +473,7 @@ def to_dict(self, object):
on_premises_extension_attributes=self.on_premises_extension_attributes_to_dict(object.on_premises_extension_attributes)
)

async def update_user(self, ad_user, password, extension_attributes):
async def update_user(self, ad_user, password_profile, extension_attributes):
request_body = User(
on_premises_immutable_id=self.on_premises_immutable_id,
usage_location=self.usage_location,
Expand All @@ -462,7 +482,7 @@ async def update_user(self, ad_user, password, extension_attributes):
user_type=self.user_type,
account_enabled=self.account_enabled,
display_name=self.display_name,
password_profile=password,
password_profile=password_profile,
user_principal_name=self.user_principal_name,
mail_nickname=self.mail_nickname,
company_name=self.company_name,
Expand All @@ -471,13 +491,13 @@ async def update_user(self, ad_user, password, extension_attributes):
return await self._client.users.by_user_id(ad_user.id).patch(body=request_body)

async def create_user(self, extension_attributes):
password = PasswordProfile(
password=self.password_profile
password_profile = PasswordProfile(
password=self.password
)
request_body = User(
account_enabled=self.account_enabled,
display_name=self.display_name,
password_profile=password,
password_profile=password_profile,
user_principal_name=self.user_principal_name,
mail_nickname=self.mail_nickname,
on_premises_immutable_id=self.on_premises_immutable_id,
Expand Down

0 comments on commit 905cedf

Please sign in to comment.