#!/usr/bin/python
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = '''
---
module: oracle_user
short_description: Adds or removes a user from a Oracle database
description:
- Adds or removes a user from a Oracle database.
options:
authentication_type:
description:
- Authentication type of the user(default password)
required: false
type: str
choices: ['external', 'global', 'no_authentication', 'password']
default_tablespace:
description:
- The default tablespace for the user
- If not provided, the default is used
required: false
type: str
oracle_home:
description:
- Define the directory into which all Oracle software is installed.
- Define ORACLE_HOME environment variable if set.
type: str
state:
description:
- The database user state.
default: present
choices: [absent, present]
type: str
update_password:
default: always
choices: [always, on_create]
description:
- C(always) will always update passwords and cause the module to return changed.
- C(on_create) will only set the password for newly created users.
type: str
temporary_tablespace:
description:
- The default temporary tablespace for the user
- If not provided, the default is used
required: false
type: str
name:
description:
- The name of the user to add or remove.
required: true
aliases: [user]
type: str
password:
description:
- The password to use for the user.
type: str
aliases: [pass]
requirements:
- "oracledb"
'''
EXAMPLES = '''
- name: Create default tablespace user with name 'jms' and password '123456'.
oracle_user:
hostname: "remote server"
login_database: "helowin"
login_user: "system"
login_password: "123456"
name: "jms"
password: "123456"
- name: Delete user with name 'jms'.
oracle_user:
hostname: "remote server"
login_database: "helowin"
login_user: "system"
login_password: "123456"
name: "jms"
state: "absent"
'''
RETURN = '''
name:
description: The name of the user to add or remove.
returned: success
type: str
'''
from ansible.module_utils.basic import AnsibleModule
from ops.ansible.modules_utils.oracle_common import (
OracleClient, oracle_common_argument_spec
)
def user_find(oracle_client, username):
user = None
username = username.upper()
user_find_sql = "select username, " \
" authentication_type, " \
" default_tablespace, " \
" temporary_tablespace " \
"from dba_users where username='%s'" % username
rtn, err = oracle_client.execute(user_find_sql)
if isinstance(rtn, dict):
user = rtn
return user
def user_add(
module, oracle_client, username, password, auth_type,
default_tablespace, temporary_tablespace
):
username = username.upper()
extend_sql = None
user = user_find(oracle_client, username)
auth_type = auth_type.lower()
identified_suffix_map = {
'external': 'identified externally ',
'global': 'identified globally ',
'password': 'identified by "%s" ',
}
if user:
user_sql = "alter user %s " % username
user_sql += identified_suffix_map.get(auth_type, 'no authentication ') % password
if default_tablespace and default_tablespace.lower() != user['default_tablespace'].lower():
user_sql += 'default tablespace %s quota unlimited on %s ' % (default_tablespace, default_tablespace)
if temporary_tablespace and temporary_tablespace.lower() != user['temporary_tablespace'].lower():
user_sql += 'temporary tablespace %s ' % temporary_tablespace
else:
user_sql = "create user %s " % username
user_sql += identified_suffix_map.get(auth_type, 'no authentication ') % password
if default_tablespace:
user_sql += 'default tablespace %s quota unlimited on %s ' % (default_tablespace, default_tablespace)
if temporary_tablespace:
user_sql += 'temporary tablespace %s ' % temporary_tablespace
extend_sql = 'grant connect to %s' % username
rtn, err = oracle_client.execute(user_sql)
if err:
module.fail_json(msg='Cannot add/edit user %s: %s' % (username, err), changed=False)
else:
if extend_sql:
oracle_client.execute(extend_sql)
module.exit_json(msg='User %s has been created.' % username, changed=True, name=username)
def user_remove(module, oracle_client, username):
user = user_find(oracle_client, username)
if user:
rtn, err = oracle_client.execute('drop user %s cascade' % username)
if err:
module.fail_json(msg='Cannot drop user %s: %s' % (username, err), changed=False)
else:
module.exit_json(msg='User %s dropped.' % username, changed=True, name=username)
else:
module.exit_json(msg="User %s doesn't exist." % username, changed=False, name=username)
# =========================================
# Module execution.
#
def main():
argument_spec = oracle_common_argument_spec()
argument_spec.update(
authentication_type=dict(
type='str', required=False,
choices=['external', 'global', 'no_authentication', 'password']
),
default_tablespace=dict(required=False, aliases=['db']),
name=dict(required=True, aliases=['user']),
password=dict(aliases=['pass'], no_log=True),
state=dict(type='str', default='present', choices=['absent', 'present']),
update_password=dict(default="always", choices=["always", "on_create"], no_log=False),
temporary_tablespace=dict(type='str', default=None),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
authentication_type = module.params['authentication_type'] or 'password'
default_tablespace = module.params['default_tablespace']
user = module.params['name']
password = module.params['password']
state = module.params['state']
update_password = module.params['update_password']
temporary_tablespace = module.params['temporary_tablespace']
oracle_client = OracleClient(module)
if state == 'present':
if password is None and update_password == 'always':
module.fail_json(
msg='password parameter required when adding a user unless update_password is set to on_create'
)
user_add(
module, oracle_client, username=user, password=password,
auth_type=authentication_type, default_tablespace=default_tablespace,
temporary_tablespace=temporary_tablespace
)
elif state == 'absent':
user_remove(oracle_client)
module.exit_json(changed=True, user=user)
if __name__ == '__main__':
main()