Skip to content

Commit

Permalink
Expose password_profile options in azure_rm_aduser
Browse files Browse the repository at this point in the history 
* Normalize 'password' vs 'password_profile' variable and option names
* Add options for 'force password change on next logon'
  • Loading branch information
@pluto00987
pluto00987 committed Dec 13, 2023
1 parent 38e9861 commit 9128957
Showing 1 changed file with 39 additions and 17 deletions.
56 changes: 39 additions & 17 deletions plugins/modules/azure_rm_aduser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,11 +70,24 @@
- The mail alias for the user.
- Used when either creating or updating a user account.
type: str
password_profile:
password:
description:
- The password for the user.
- Used when either creating or updating a user account.
type: str
aliases:
- password_profile
password_force_change:
description:
- Whether or not the user will be forced to change their password at next logon.
- Note: If unspecified, Azure defaults this to true for new users.
- Used when either creating or updating a user account.
type: bool
password_force_change_mfa:
description:
- Identical behavior to password_force_change except multi-factor authentication (MFA) must be performed prior to changing the password.
- Used when either creating or updating a user account.
type: bool
usage_location:
description:
- A two letter country code, ISO standard 3166.
Expand Down Expand Up @@ -127,7 +140,7 @@
state: "present"
account_enabled: "True"
display_name: "Test_{{ user_principal_name }}_Display_Name"
password_profile: "password"
password: "password"
mail_nickname: "Test_{{ user_principal_name }}_mail_nickname"
on_premises_immutable_id: "{{ object_id }}"
given_name: "First"
Expand Down Expand Up @@ -217,7 +230,9 @@ def __init__(self):
odata_filter=dict(type='str'),
account_enabled=dict(type='bool'),
display_name=dict(type='str'),
password_profile=dict(type='str', no_log=True),
password=dict(type='str', no_log=True, aliases=['password_profile']),
password_force_change=dict(type='bool', no_log=False),
password_force_change_mfa=dict(type='bool', no_log=False),
mail_nickname=dict(type='str'),
on_premises_immutable_id=dict(type='str', aliases=['immutable_id']),
usage_location=dict(type='str'),
Expand All @@ -235,7 +250,9 @@ def __init__(self):
self.odata_filter = None
self.account_enabled = None
self.display_name = None
self.password_profile = None
self.password = None
self.password_force_change = None
self.password_force_change_mfa = None
self.mail_nickname = None
self.on_premises_immutable_id = None
self.usage_location = None
Expand Down Expand Up @@ -274,12 +291,11 @@ def exec_module(self, **kwargs):

if ad_user: # Update, changed

password = None

if self.password_profile:
password = PasswordProfile(
password=self.password_profile,
)
password_profile = PasswordProfile(
password=self.password,
force_change_password_next_sign_in=self.password_force_change,
force_change_password_next_sign_in_with_mfa=self.password_force_change_mfa
)

should_update = False

Expand All @@ -297,15 +313,19 @@ def exec_module(self, **kwargs):
should_update = True
if should_update or self.display_name and ad_user.display_name != self.display_name:
should_update = True
if should_update or password:
if should_update or self.password is not None:
should_update = True
if should_update or self.password_force_change is not None:
should_update = True
if should_update or self.password_force_change_mfa is not None:
should_update = True
if should_update or self.user_principal_name and ad_user.user_principal_name != self.user_principal_name:
should_update = True
if should_update or self.mail_nickname and ad_user.mail_nickname != self.mail_nickname:
should_update = True

if should_update:
asyncio.get_event_loop().run_until_complete(self.update_user(ad_user, password))
asyncio.get_event_loop().run_until_complete(self.update_user(ad_user, password_profile))

self.results['changed'] = True

Expand Down Expand Up @@ -384,7 +404,7 @@ def to_dict(self, object):
user_type=object.user_type
)

async def update_user(self, ad_user, password):
async def update_user(self, ad_user, password_profile):
request_body = User(
on_premises_immutable_id=self.on_premises_immutable_id,
usage_location=self.usage_location,
Expand All @@ -393,20 +413,22 @@ async def update_user(self, ad_user, password):
user_type=self.user_type,
account_enabled=self.account_enabled,
display_name=self.display_name,
password_profile=password,
password_profile=password_profile,
user_principal_name=self.user_principal_name,
mail_nickname=self.mail_nickname
)
return await self._client.users.by_user_id(ad_user.id).patch(body=request_body)

async def create_user(self):
password = PasswordProfile(
password=self.password_profile
password_profile = PasswordProfile(
password=self.password,
force_change_password_next_sign_in=self.password_force_change,
force_change_password_next_sign_in_with_mfa=self.password_force_change_mfa
)
request_body = User(
account_enabled=self.account_enabled,
display_name=self.display_name,
password_profile=password,
password_profile=password_profile,
user_principal_name=self.user_principal_name,
mail_nickname=self.mail_nickname,
on_premises_immutable_id=self.on_premises_immutable_id,
Expand Down

0 comments on commit 9128957

Please sign in to comment.