win_domain_user allow to update generic attributes (#34558)

* win_domain_user allow to update generic attributes Signed-off-by: Marko Koehne <marko@mkoehne.de> * win_domain_user.py fixed indentation Signed-off-by: Marko Koehne <marko@mkoehne.de> * win_domain_user.py attributes add version_added Signed-off-by: Marko Koehne <marko@mkoehne.de> * win_domain_user.p1 removed attributes from result Signed-off-by: Marko Koehne <marko@mkoehne.de> * moved run_change outside of if statement
2018-01-07 23:43:34 +01:00 · 2018-01-07 23:43:34 +01:00 · b5579f55cc
parent 76586cfd0b
commit b5579f55cc
2 changed files with 53 additions and 1 deletions
--- a/lib/ansible/modules/windows/win_domain_user.ps1
+++ b/lib/ansible/modules/windows/win_domain_user.ps1
@ -64,6 +64,9 @@ $user_info = @{
    Country = Get-AnsibleParam -obj $params -name "country" -type "str"
 }

+# Additional attributes
+$attributes = Get-AnsibleParam -obj $params -name "attributes"
+
 # Parameter validation
 If ($account_locked -ne $null -and $account_locked) {
    Fail-Json $result "account_locked must be set to 'no' if provided"
@ -164,6 +167,46 @@ If ($state -eq 'present') {
            }
        }

+        # Set additional attributes
+        $set_args = @{}
+        $run_change = $false
+        if ($attributes -ne $null) {
+            $add_attributes = @{}
+            $replace_attributes = @{}
+            foreach ($attribute in $attributes.GetEnumerator()) {
+                $attribute_name = $attribute.Name
+                $attribute_value = $attribute.Value
+
+                $valid_property = [bool]($user_obj.PSobject.Properties.name -eq $attribute_name)
+                if ($valid_property) {
+                    $existing_value = $user_obj.$attribute_name
+                    if ($existing_value -cne $attribute_value) {
+                        $replace_attributes.$attribute_name = $attribute_value
+                    }                
+                } else {
+                    $add_attributes.$attribute_name = $attribute_value
+                }
+            }
+            if ($add_attributes.Count -gt 0) {
+                $set_args.Add = $add_attributes
+                $run_change = $true
+            }
+            if ($replace_attributes.Count -gt 0) {
+                $set_args.Replace = $replace_attributes
+                $run_change = $true
+            }
+        }
+
+        if ($run_change) {
+            try {
+                $user_obj = $user_obj | Set-ADUser -WhatIf:$check_mode -PassThru @set_args
+            } catch {
+                Fail-Json $result "failed to change user $($username): $($_.Exception.Message)"
+            }
+            $result.changed = $true
+        }
+
+
        # Configure group assignment
        If ($groups -ne $null) {
            $group_list = $groups
@ -277,4 +320,4 @@ catch {
    Fail-Json $result $_.Exception.Message
 }

-Exit-Json $result
+Exit-Json $result
--- a/lib/ansible/modules/windows/win_domain_user.py
+++ b/lib/ansible/modules/windows/win_domain_user.py
@ -148,6 +148,13 @@ options:
        if you specify a path on an existing user, the user's path will not
        be updated - you must delete (e.g., state=absent) the user and
        then re-add the user with the appropriate path.
+  attributes:
+    description:
+      - A dict of custom LDAP attributes to set on the user.
+      - This can be used to set custom attributes that are not exposed as module
+        parameters, e.g. C(telephoneNumber).
+      - See the examples on how to format this parameter.
+    version_added: "2.5"
 notes:
  - Works with Windows 2012R2 and newer.
  - If running on a server that is not a Domain Controller, credential
@ -175,6 +182,8 @@ EXAMPLES = r'''
    state_province: IN
    postal_code: 12345
    country: US
+    attributes:
+      telephoneNumber: 555-123456

 - name: Ensure user bob is present in OU ou=test,dc=domain,dc=local
  win_domain_user: