diff --git a/apps/accounts/automations/change_secret/host/aix/main.yml b/apps/accounts/automations/change_secret/host/aix/main.yml index fa8d0f54f..761a9c2c1 100644 --- a/apps/accounts/automations/change_secret/host/aix/main.yml +++ b/apps/accounts/automations/change_secret/host/aix/main.yml @@ -35,6 +35,17 @@ - user_info.failed - params.groups + - name: "Set {{ account.username }} sudo setting" + ansible.builtin.lineinfile: + dest: /etc/sudoers + state: present + regexp: "^{{ account.username }} ALL=" + line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}" + validate: visudo -cf %s + when: + - user_info.failed or params.modify_sudo + - params.sudo + - name: "Change {{ account.username }} password" ansible.builtin.user: name: "{{ account.username }}" @@ -59,17 +70,6 @@ exclusive: "{{ ssh_params.exclusive }}" when: account.secret_type == "ssh_key" - - name: "Set {{ account.username }} sudo setting" - ansible.builtin.lineinfile: - dest: /etc/sudoers - state: present - regexp: "^{{ account.username }} ALL=" - line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}" - validate: visudo -cf %s - when: - - user_info.failed - - params.sudo - - name: Refresh connection ansible.builtin.meta: reset_connection diff --git a/apps/accounts/automations/change_secret/host/aix/manifest.yml b/apps/accounts/automations/change_secret/host/aix/manifest.yml index a3df14a4d..145a4bf26 100644 --- a/apps/accounts/automations/change_secret/host/aix/manifest.yml +++ b/apps/accounts/automations/change_secret/host/aix/manifest.yml @@ -5,6 +5,12 @@ type: - AIX method: change_secret params: + - name: modify_sudo + type: bool + label: "{{ 'Modify sudo label' | trans }}" + default: False + help_text: "{{ 'Modify params sudo help text' | trans }}" + - name: sudo type: str label: 'Sudo' @@ -34,6 +40,11 @@ i18n: ja: 'Ansible user モジュールを使用してアカウントのパスワード変更 (DES)' en: 'Using Ansible module user to change account secret (DES)' + Modify params sudo help text: + zh: '如果用户存在,可以修改sudo权限' + ja: 'ユーザーが存在する場合、sudo権限を変更できます' + en: 'If the user exists, sudo permissions can be modified' + Params sudo help text: zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig' ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig' @@ -49,6 +60,11 @@ i18n: ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)' en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)' + Modify sudo label: + zh: '修改 sudo 权限' + ja: 'sudo 権限を変更' + en: 'Modify sudo' + Params home label: zh: '家目录' ja: 'ホームディレクトリ' diff --git a/apps/accounts/automations/change_secret/host/posix/main.yml b/apps/accounts/automations/change_secret/host/posix/main.yml index a77347f00..d166de81f 100644 --- a/apps/accounts/automations/change_secret/host/posix/main.yml +++ b/apps/accounts/automations/change_secret/host/posix/main.yml @@ -35,6 +35,17 @@ - user_info.failed - params.groups + - name: "Set {{ account.username }} sudo setting" + ansible.builtin.lineinfile: + dest: /etc/sudoers + state: present + regexp: "^{{ account.username }} ALL=" + line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}" + validate: visudo -cf %s + when: + - user_info.failed or params.modify_sudo + - params.sudo + - name: "Change {{ account.username }} password" ansible.builtin.user: name: "{{ account.username }}" @@ -59,17 +70,6 @@ exclusive: "{{ ssh_params.exclusive }}" when: account.secret_type == "ssh_key" - - name: "Set {{ account.username }} sudo setting" - ansible.builtin.lineinfile: - dest: /etc/sudoers - state: present - regexp: "^{{ account.username }} ALL=" - line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}" - validate: visudo -cf %s - when: - - user_info.failed - - params.sudo - - name: Refresh connection ansible.builtin.meta: reset_connection diff --git a/apps/accounts/automations/change_secret/host/posix/manifest.yml b/apps/accounts/automations/change_secret/host/posix/manifest.yml index 43d1ca5fd..9ab86cdb9 100644 --- a/apps/accounts/automations/change_secret/host/posix/manifest.yml +++ b/apps/accounts/automations/change_secret/host/posix/manifest.yml @@ -6,6 +6,12 @@ type: - linux method: change_secret params: + - name: modify_sudo + type: bool + label: "{{ 'Modify sudo label' | trans }}" + default: False + help_text: "{{ 'Modify params sudo help text' | trans }}" + - name: sudo type: str label: 'Sudo' @@ -36,6 +42,11 @@ i18n: ja: 'Ansible user モジュールを使用して アカウントのパスワード変更 (SHA512)' en: 'Using Ansible module user to change account secret (SHA512)' + Modify params sudo help text: + zh: '如果用户存在,可以修改sudo权限' + ja: 'ユーザーが存在する場合、sudo権限を変更できます' + en: 'If the user exists, sudo permissions can be modified' + Params sudo help text: zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig' ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig' @@ -51,6 +62,11 @@ i18n: ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)' en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)' + Modify sudo label: + zh: '修改 sudo 权限' + ja: 'sudo 権限を変更' + en: 'Modify sudo' + Params home label: zh: '家目录' ja: 'ホームディレクトリ' diff --git a/apps/accounts/automations/push_account/host/aix/main.yml b/apps/accounts/automations/push_account/host/aix/main.yml index 5f76f79a8..8c03c07f3 100644 --- a/apps/accounts/automations/push_account/host/aix/main.yml +++ b/apps/accounts/automations/push_account/host/aix/main.yml @@ -35,6 +35,17 @@ - user_info.failed - params.groups + - name: "Set {{ account.username }} sudo setting" + ansible.builtin.lineinfile: + dest: /etc/sudoers + state: present + regexp: "^{{ account.username }} ALL=" + line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}" + validate: visudo -cf %s + when: + - user_info.failed or params.modify_sudo + - params.sudo + - name: "Change {{ account.username }} password" ansible.builtin.user: name: "{{ account.username }}" @@ -59,17 +70,6 @@ exclusive: "{{ ssh_params.exclusive }}" when: account.secret_type == "ssh_key" - - name: "Set {{ account.username }} sudo setting" - ansible.builtin.lineinfile: - dest: /etc/sudoers - state: present - regexp: "^{{ account.username }} ALL=" - line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}" - validate: visudo -cf %s - when: - - user_info.failed - - params.sudo - - name: Refresh connection ansible.builtin.meta: reset_connection diff --git a/apps/accounts/automations/push_account/host/aix/manifest.yml b/apps/accounts/automations/push_account/host/aix/manifest.yml index ee62d7020..f00a7435d 100644 --- a/apps/accounts/automations/push_account/host/aix/manifest.yml +++ b/apps/accounts/automations/push_account/host/aix/manifest.yml @@ -5,6 +5,12 @@ type: - AIX method: push_account params: + - name: modify_sudo + type: bool + label: "{{ 'Modify sudo label' | trans }}" + default: False + help_text: "{{ 'Modify params sudo help text' | trans }}" + - name: sudo type: str label: 'Sudo' @@ -34,6 +40,11 @@ i18n: ja: 'Ansible user モジュールを使用して Aix アカウントをプッシュする (DES)' en: 'Using Ansible module user to push account (DES)' + Modify params sudo help text: + zh: '如果用户存在,可以修改sudo权限' + ja: 'ユーザーが存在する場合、sudo権限を変更できます' + en: 'If the user exists, sudo permissions can be modified' + Params sudo help text: zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig' ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig' @@ -49,6 +60,11 @@ i18n: ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)' en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)' + Modify sudo label: + zh: '修改 sudo 权限' + ja: 'sudo 権限を変更' + en: 'Modify sudo' + Params home label: zh: '家目录' ja: 'ホームディレクトリ' diff --git a/apps/accounts/automations/push_account/host/posix/main.yml b/apps/accounts/automations/push_account/host/posix/main.yml index f5cb53144..8bc433f5a 100644 --- a/apps/accounts/automations/push_account/host/posix/main.yml +++ b/apps/accounts/automations/push_account/host/posix/main.yml @@ -35,6 +35,17 @@ - user_info.failed - params.groups + - name: "Set {{ account.username }} sudo setting" + ansible.builtin.lineinfile: + dest: /etc/sudoers + state: present + regexp: "^{{ account.username }} ALL=" + line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}" + validate: visudo -cf %s + when: + - user_info.failed or params.modify_sudo + - params.sudo + - name: "Change {{ account.username }} password" ansible.builtin.user: name: "{{ account.username }}" @@ -59,17 +70,6 @@ exclusive: "{{ ssh_params.exclusive }}" when: account.secret_type == "ssh_key" - - name: "Set {{ account.username }} sudo setting" - ansible.builtin.lineinfile: - dest: /etc/sudoers - state: present - regexp: "^{{ account.username }} ALL=" - line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}" - validate: visudo -cf %s - when: - - user_info.failed - - params.sudo - - name: Refresh connection ansible.builtin.meta: reset_connection diff --git a/apps/accounts/automations/push_account/host/posix/manifest.yml b/apps/accounts/automations/push_account/host/posix/manifest.yml index 32964f1d6..86342b48a 100644 --- a/apps/accounts/automations/push_account/host/posix/manifest.yml +++ b/apps/accounts/automations/push_account/host/posix/manifest.yml @@ -6,6 +6,12 @@ type: - linux method: push_account params: + - name: modify_sudo + type: bool + label: "{{ 'Modify sudo label' | trans }}" + default: False + help_text: "{{ 'Modify params sudo help text' | trans }}" + - name: sudo type: str label: 'Sudo' @@ -36,6 +42,11 @@ i18n: ja: 'Ansible user モジュールを使用してアカウントをプッシュする (sha512)' en: 'Using Ansible module user to push account (sha512)' + Modify params sudo help text: + zh: '如果用户存在,可以修改sudo权限' + ja: 'ユーザーが存在する場合、sudo権限を変更できます' + en: 'If the user exists, sudo permissions can be modified' + Params sudo help text: zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig' ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig' @@ -51,6 +62,11 @@ i18n: ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)' en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)' + Modify sudo label: + zh: '修改 sudo 权限' + ja: 'sudo 権限を変更' + en: 'Modify sudo' + Params home label: zh: '家目录' ja: 'ホームディレクトリ' diff --git a/apps/assets/automations/base/manager.py b/apps/assets/automations/base/manager.py index 740980040..eeb427506 100644 --- a/apps/assets/automations/base/manager.py +++ b/apps/assets/automations/base/manager.py @@ -113,11 +113,7 @@ class BasePlaybookManager: if not data: data = automation_params.get(method_id, {}) params = serializer(data).data - return { - field_name: automation_params.get(field_name, '') - if not params[field_name] else params[field_name] - for field_name in params - } + return params @property def platform_automation_methods(self):