diff --git a/apps/accounts/automations/change_secret/host/aix/manifest.yml b/apps/accounts/automations/change_secret/host/aix/manifest.yml index e84a9b42b..a3df14a4d 100644 --- a/apps/accounts/automations/change_secret/host/aix/manifest.yml +++ b/apps/accounts/automations/change_secret/host/aix/manifest.yml @@ -4,9 +4,58 @@ category: host type: - AIX method: change_secret +params: + - name: sudo + type: str + label: 'Sudo' + default: '/bin/whoami' + help_text: "{{ 'Params sudo help text' | trans }}" + + - name: shell + type: str + label: 'Shell' + default: '/bin/bash' + + - name: home + type: str + label: "{{ 'Params home label' | trans }}" + default: '' + help_text: "{{ 'Params home help text' | trans }}" + + - name: groups + type: str + label: "{{ 'Params groups label' | trans }}" + default: '' + help_text: "{{ 'Params groups help text' | trans }}" i18n: AIX account change secret: - zh: 使用 Ansible 模块 user 执行账号改密 (DES) - ja: Ansible user モジュールを使用してアカウントのパスワード変更 (DES) - en: Using Ansible module user to change account secret (DES) + zh: '使用 Ansible 模块 user 执行账号改密 (DES)' + ja: 'Ansible user モジュールを使用してアカウントのパスワード変更 (DES)' + en: 'Using Ansible module user to change account secret (DES)' + + Params sudo help text: + zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig' + ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig' + en: 'Use commas to separate multiple commands, such as: /bin/whoami,/sbin/ifconfig' + + Params home help text: + zh: '默认家目录 /home/{账号用户名}' + ja: 'デフォルトのホームディレクトリ /home/{アカウントユーザ名}' + en: 'Default home directory /home/{account username}' + + Params groups help text: + zh: '请输入用户组,多个用户组使用逗号分隔(需填写已存在的用户组)' + ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)' + en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)' + + Params home label: + zh: '家目录' + ja: 'ホームディレクトリ' + en: 'Home' + + Params groups label: + zh: '用户组' + ja: 'グループ' + en: 'Groups' + diff --git a/apps/accounts/automations/change_secret/host/posix/main.yml b/apps/accounts/automations/change_secret/host/posix/main.yml index 80f0aa01c..325ad644d 100644 --- a/apps/accounts/automations/change_secret/host/posix/main.yml +++ b/apps/accounts/automations/change_secret/host/posix/main.yml @@ -4,6 +4,26 @@ - name: Test privileged account ansible.builtin.ping: + - name: Check user + ansible.builtin.user: + name: "{{ account.username }}" + shell: "{{ params.shell }}" + home: "{{ params.home | default('/home/' + account.username, true) }}" + groups: "{{ params.groups }}" + expires: -1 + state: present + + - name: "Add {{ account.username }} group" + ansible.builtin.group: + name: "{{ account.username }}" + state: present + + - name: Add user groups + ansible.builtin.user: + name: "{{ account.username }}" + groups: "{{ params.groups }}" + when: params.groups + - name: Change password ansible.builtin.user: name: "{{ account.username }}" @@ -33,6 +53,16 @@ exclusive: "{{ ssh_params.exclusive }}" when: account.secret_type == "ssh_key" + - name: Set sudo setting + ansible.builtin.lineinfile: + dest: /etc/sudoers + state: present + regexp: "^{{ account.username }} ALL=" + line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}" + validate: visudo -cf %s + when: + - params.sudo + - name: Refresh connection ansible.builtin.meta: reset_connection diff --git a/apps/accounts/automations/change_secret/host/posix/manifest.yml b/apps/accounts/automations/change_secret/host/posix/manifest.yml index 6aa1bba10..43d1ca5fd 100644 --- a/apps/accounts/automations/change_secret/host/posix/manifest.yml +++ b/apps/accounts/automations/change_secret/host/posix/manifest.yml @@ -5,9 +5,59 @@ type: - unix - linux method: change_secret +params: + - name: sudo + type: str + label: 'Sudo' + default: '/bin/whoami' + help_text: "{{ 'Params sudo help text' | trans }}" + + - name: shell + type: str + label: 'Shell' + default: '/bin/bash' + help_text: '' + + - name: home + type: str + label: "{{ 'Params home label' | trans }}" + default: '' + help_text: "{{ 'Params home help text' | trans }}" + + - name: groups + type: str + label: "{{ 'Params groups label' | trans }}" + default: '' + help_text: "{{ 'Params groups help text' | trans }}" i18n: Posix account change secret: - zh: 使用 Ansible 模块 user 执行账号改密 (SHA512) - ja: Ansible user モジュールを使用して アカウントのパスワード変更 (SHA512) - en: Using Ansible module user to change account secret (SHA512) + zh: '使用 Ansible 模块 user 执行账号改密 (SHA512)' + ja: 'Ansible user モジュールを使用して アカウントのパスワード変更 (SHA512)' + en: 'Using Ansible module user to change account secret (SHA512)' + + Params sudo help text: + zh: '使用逗号分隔多个命令,如: /bin/whoami,/sbin/ifconfig' + ja: 'コンマで区切って複数のコマンドを入力してください。例: /bin/whoami,/sbin/ifconfig' + en: 'Use commas to separate multiple commands, such as: /bin/whoami,/sbin/ifconfig' + + Params home help text: + zh: '默认家目录 /home/{账号用户名}' + ja: 'デフォルトのホームディレクトリ /home/{アカウントユーザ名}' + en: 'Default home directory /home/{account username}' + + Params groups help text: + zh: '请输入用户组,多个用户组使用逗号分隔(需填写已存在的用户组)' + ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)' + en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)' + + Params home label: + zh: '家目录' + ja: 'ホームディレクトリ' + en: 'Home' + + Params groups label: + zh: '用户组' + ja: 'グループ' + en: 'Groups' + diff --git a/apps/accounts/automations/change_secret/host/windows/main.yml b/apps/accounts/automations/change_secret/host/windows/main.yml index 86ea7a81f..a97166fef 100644 --- a/apps/accounts/automations/change_secret/host/windows/main.yml +++ b/apps/accounts/automations/change_secret/host/windows/main.yml @@ -8,17 +8,13 @@ # debug: # msg: "Username: {{ account.username }}, Password: {{ account.secret }}" - - - name: Get groups of a Windows user - ansible.windows.win_user: - name: "{{ jms_account.username }}" - register: user_info - - name: Change password ansible.windows.win_user: + fullname: "{{ account.username}}" name: "{{ account.username }}" password: "{{ account.secret }}" - groups: "{{ user_info.groups[0].name }}" + password_never_expires: yes + groups: "{{ params.groups }}" groups_action: add update_password: always ignore_errors: true diff --git a/apps/accounts/automations/change_secret/host/windows/manifest.yml b/apps/accounts/automations/change_secret/host/windows/manifest.yml index 4480a9ecf..884168974 100644 --- a/apps/accounts/automations/change_secret/host/windows/manifest.yml +++ b/apps/accounts/automations/change_secret/host/windows/manifest.yml @@ -5,9 +5,22 @@ method: change_secret category: host type: - windows +params: + - name: groups + type: str + label: '用户组' + default: 'Users,Remote Desktop Users' + help_text: "{{ 'Params groups help text' | trans }}" + i18n: Windows account change secret: - zh: 使用 Ansible 模块 win_user 执行 Windows 账号改密 - ja: Ansible win_user モジュールを使用して Windows アカウントのパスワード変更 - en: Using Ansible module win_user to change Windows account secret + zh: '使用 Ansible 模块 win_user 执行 Windows 账号改密' + ja: 'Ansible win_user モジュールを使用して Windows アカウントのパスワード変更' + en: 'Using Ansible module win_user to change Windows account secret' + + Params groups help text: + zh: '请输入用户组,多个用户组使用逗号分隔(需填写已存在的用户组)' + ja: 'グループを入力してください。複数のグループはコンマで区切ってください(既存のグループを入力してください)' + en: 'Please enter the group. Multiple groups are separated by commas (please enter the existing group)' + diff --git a/apps/accounts/serializers/automations/change_secret.py b/apps/accounts/serializers/automations/change_secret.py index 94a7dc428..3c6e11205 100644 --- a/apps/accounts/serializers/automations/change_secret.py +++ b/apps/accounts/serializers/automations/change_secret.py @@ -50,7 +50,7 @@ class ChangeSecretAutomationSerializer(AuthValidateMixin, BaseAutomationSerializ read_only_fields = BaseAutomationSerializer.Meta.read_only_fields fields = BaseAutomationSerializer.Meta.fields + read_only_fields + [ 'secret_type', 'secret_strategy', 'secret', 'password_rules', - 'ssh_key_change_strategy', 'passphrase', 'recipients', + 'ssh_key_change_strategy', 'passphrase', 'recipients', 'params' ] extra_kwargs = {**BaseAutomationSerializer.Meta.extra_kwargs, **{ 'accounts': {'required': True}, diff --git a/apps/accounts/serializers/automations/push_account.py b/apps/accounts/serializers/automations/push_account.py index 1d7bb3d36..baf1994a4 100644 --- a/apps/accounts/serializers/automations/push_account.py +++ b/apps/accounts/serializers/automations/push_account.py @@ -10,7 +10,7 @@ class PushAccountAutomationSerializer(ChangeSecretAutomationSerializer): class Meta(ChangeSecretAutomationSerializer.Meta): model = PushAccountAutomation - fields = ['params'] + [ + fields = [ n for n in ChangeSecretAutomationSerializer.Meta.fields if n not in ['recipients'] ]