-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathaem_password.py
166 lines (141 loc) · 5.79 KB
/
aem_password.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Copyright: (c) 2019, Lean Delivery Team <[email protected]>
# Copyright: (c) 2016, Paul Markham <https://github.com/pmarkham>
# GNU General Public License v3.0+ (see COPYING or
# https://www.gnu.org/licenses/gpl-3.0.txt)
# Change password for a user.
# Note: you must supply both the old and new passwords for this to work
from ansible.module_utils.basic import *
import requests
DOCUMENTATION = '''
---
module: aem_password
short_description: Change Adobe CQ Password
description:
- Change Adobe CQ Password
author: Paul Markham, Lean Delivery Team
notes:
- This is mostly used to change the Admin password from the default of 'admin'.
options:
id:
description:
- The user ID
required: true
old_password:
description:
- Old password.
required: true
new_password:
description:
- New password
required: true
host:
description:
- Host name where Adobe CQ is running
required: true
port:
description:
- Port number that Adobe CQ is listening on
required: true
ignore_err:
description:
- Return ok if neither the old nor new passwords are valid for the user.
required: false
'''
EXAMPLES = '''
# Change admin password from default
- aem_password:
id: admin
old_password: admin
new_password: S3cr3t
host: "http://localhost"
port: 4502
'''
# --------------------------------------------------------------------------------
# AEMPassword class.
# --------------------------------------------------------------------------------
class AEMPassword(object):
def __init__(self, module):
self.module = module
self.id = self.module.params['id']
self.new_password = self.module.params['new_password']
self.old_password_list = self.module.params['old_password']
self.ignore_err = self.module.params['ignore_err']
self.host = str(self.module.params['host'])
self.port = str(self.module.params['port'])
self.url = self.host + ':' + self.port
self.changed = False
self.msg = []
self.id_initial = self.id[0]
self.get_user_info()
# --------------------------------------------------------------------------------
# Look up user info.
# --------------------------------------------------------------------------------
def get_user_info(self):
# check if new password is already valid
self.msg.append('checking new password')
r = requests.get(self.url + '/bin/querybuilder.json?path=/home/users&1_property=rep:authorizableId&'
'1_property.value=%s&p.limit=-1' % self.id, auth=(self.id, self.new_password))
if r.status_code == 200 and len(r.json()['hits']):
self.msg.append("password doesn't need to be changed")
self.exit_status()
# check if any of the old passwords are valid
old_password_valid = False
for password in self.old_password_list:
self.msg.append('checking password "%s"' % password)
r = requests.get(self.url + '/bin/querybuilder.json?path=/home/users&1_property=rep:authorizableId&'
'1_property.value=%s&p.limit=-1' % self.id, auth=(self.id, password))
if r.status_code == 200 and len(r.json()['hits']):
old_password_valid = True
self.old_password = password
break
if not old_password_valid:
if self.ignore_err:
self.msg.append('Ignoring that neither old nor new passwords are valid')
self.exit_status()
self.module.fail_json(msg='Neither old nor new passwords are valid')
# --------------------------------------------------------------------------------
# Set new password
# --------------------------------------------------------------------------------
def set_password(self):
if not self.module.check_mode:
fields = [
('plain', self.new_password),
('verify', self.new_password),
('old', self.old_password),
]
r = requests.post(self.url + '/crx/explorer/ui/setpassword.jsp',
auth=(self.id, self.old_password), data=fields)
if r.status_code != 200:
self.module.fail_json(msg='failed to change password: %s - %s' % (r.status_code, r.text))
self.changed = True
self.msg.append('password changed')
# --------------------------------------------------------------------------------
# Return status and msg to Ansible.
# --------------------------------------------------------------------------------
def exit_status(self):
msg = ','.join(self.msg)
self.module.exit_json(changed=self.changed, msg=msg)
# --------------------------------------------------------------------------------
# Mainline.
# --------------------------------------------------------------------------------
def main():
module = AnsibleModule(
argument_spec=dict(
id=dict(required=True),
new_password=dict(required=True, no_log=True),
old_password=dict(required=True, type='list', no_log=True),
host=dict(required=True),
port=dict(required=True, type='int'),
ignore_err=dict(default=False, type='bool'),
),
supports_check_mode=True
)
password = AEMPassword(module)
password.set_password()
password.exit_status()
# --------------------------------------------------------------------------------
# Ansible boiler plate code.
# --------------------------------------------------------------------------------
main()