diff --git a/plugins/modules/ipa_pwpolicy.py b/plugins/modules/ipa_pwpolicy.py index 68cbdbfaa8e..57ce804b424 100644 --- a/plugins/modules/ipa_pwpolicy.py +++ b/plugins/modules/ipa_pwpolicy.py @@ -34,47 +34,47 @@ type: str maxpwdlife: description: Maximum password lifetime (in days). - type: str + type: int minpwdlife: description: Minimum password lifetime (in hours). - type: str + type: int historylength: description: - Number of previous passwords that are remembered. - Users cannot reuse remembered passwords. - type: str + type: int minclasses: description: Minimum number of character classes. - type: str + type: int minlength: description: Minimum password length. - type: str + type: int priority: description: - Priority of the policy. - High number means lower priority. - Required when C(cn) is not the global policy. - type: str + type: int maxfailcount: description: Maximum number of consecutive failures before lockout. - type: str + type: int failinterval: description: Period (in seconds) after which the number of failed login attempts is reset. - type: str + type: int lockouttime: description: Period (in seconds) for which users are locked out. - type: str + type: int gracelimit: description: Maximum number of ldap logins after password expiration. - type: str + type: int version_added: 8.2.0 maxrepeat: description: Maximum number of same consecutive characters. - type: str + type: int version_added: 8.2.0 maxsequence: description: The max. length of monotonic character sequences (abcd). - type: str + type: int version_added: 8.2.0 dictcheck: description: Check if the password is a dictionary word. @@ -92,14 +92,14 @@ EXAMPLES = r''' - name: Modify the global password policy community.general.ipa_pwpolicy: - maxpwdlife: '90' - minpwdlife: '1' - historylength: '8' - minclasses: '3' - minlength: '16' - maxfailcount: '6' - failinterval: '60' - lockouttime: '600' + maxpwdlife: 90 + minpwdlife: 1 + historylength: 8 + minclasses: 3 + minlength: 16 + maxfailcount: 6 + failinterval: 60 + lockouttime: 600 ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret @@ -108,18 +108,18 @@ community.general.ipa_pwpolicy: group: admins state: present - maxpwdlife: '60' - minpwdlife: '24' - historylength: '16' - minclasses: '4' - priority: '10' - minlength: '6' - maxfailcount: '4' - failinterval: '600' - lockouttime: '1200' - gracelimit: '3' - maxrepeat: '3' - maxsequence: '3' + maxpwdlife: 60 + minpwdlife: 24 + historylength: 16 + minclasses: 4 + priority: 10 + minlength: 6 + maxfailcount: 4 + failinterval: 600 + lockouttime: 1200 + gracelimit: 3 + maxrepeat: 3 + maxsequence: 3 dictcheck: True usercheck: True ipa_host: ipa.example.com @@ -188,20 +188,20 @@ def get_pwpolicy_dict(maxpwdlife=None, minpwdlife=None, historylength=None, minc lockouttime=None, gracelimit=None, maxrepeat=None, maxsequence=None, dictcheck=None, usercheck=None): pwpolicy = {} pwpolicy_options = { - 'krbmaxpwdlife': maxpwdlife, - 'krbminpwdlife': minpwdlife, - 'krbpwdhistorylength': historylength, - 'krbpwdmindiffchars': minclasses, - 'krbpwdminlength': minlength, - 'cospriority': priority, - 'krbpwdmaxfailure': maxfailcount, - 'krbpwdfailurecountinterval': failinterval, - 'krbpwdlockoutduration': lockouttime, - 'passwordgracelimit': gracelimit, - 'ipapwdmaxrepeat': maxrepeat, - 'ipapwdmaxsequence': maxsequence, - 'ipapwddictcheck': str(dictcheck), - 'ipapwdusercheck': str(usercheck), + 'krbmaxpwdlife': str(maxpwdlife), + 'krbminpwdlife': str(minpwdlife), + 'krbpwdhistorylength': str(historylength), + 'krbpwdmindiffchars': str(minclasses), + 'krbpwdminlength': str(minlength), + 'cospriority': str(priority), + 'krbpwdmaxfailure': str(maxfailcount), + 'krbpwdfailurecountinterval': str(failinterval), + 'krbpwdlockoutduration': str(lockouttime), + 'passwordgracelimit': str(gracelimit), + 'ipapwdmaxrepeat': str(maxrepeat), + 'ipapwdmaxsequence': str(maxsequence), + 'ipapwddictcheck': bool(dictcheck), + 'ipapwdusercheck': bool(usercheck), } for option, value in pwpolicy_options.items(): @@ -261,18 +261,18 @@ def main(): argument_spec = ipa_argument_spec() argument_spec.update(group=dict(type='str', aliases=['name']), state=dict(type='str', default='present', choices=['present', 'absent']), - maxpwdlife=dict(type='str'), - minpwdlife=dict(type='str'), - historylength=dict(type='str'), - minclasses=dict(type='str'), - minlength=dict(type='str'), - priority=dict(type='str'), - maxfailcount=dict(type='str'), - failinterval=dict(type='str'), - lockouttime=dict(type='str'), - gracelimit=dict(type='str'), - maxrepeat=dict(type='str'), - maxsequence=dict(type='str'), + maxpwdlife=dict(type='int'), + minpwdlife=dict(type='int'), + historylength=dict(type='int'), + minclasses=dict(type='int'), + minlength=dict(type='int'), + priority=dict(type='int'), + maxfailcount=dict(type='int'), + failinterval=dict(type='int'), + lockouttime=dict(type='int'), + gracelimit=dict(type='int'), + maxrepeat=dict(type='int'), + maxsequence=dict(type='int'), dictcheck=dict(type='bool'), usercheck=dict(type='bool')) diff --git a/tests/unit/plugins/modules/test_ipa_pwpolicy.py b/tests/unit/plugins/modules/test_ipa_pwpolicy.py index 087ad454c7a..2d607bf2dc7 100644 --- a/tests/unit/plugins/modules/test_ipa_pwpolicy.py +++ b/tests/unit/plugins/modules/test_ipa_pwpolicy.py @@ -92,18 +92,18 @@ def test_add(self): module_args = { 'group': 'admins', 'state': 'present', - 'priority': '10', - 'maxpwdlife': '90', - 'minpwdlife': '1', - 'historylength': '8', - 'minclasses': '3', - 'minlength': '16', - 'maxfailcount': '6', - 'failinterval': '60', - 'lockouttime': '600', - 'gracelimit': '3', - 'maxrepeat': '3', - 'maxsequence': '3', + 'priority': 10, + 'maxpwdlife': 90, + 'minpwdlife': 1, + 'historylength': 8, + 'minclasses': 3, + 'minlength': 16, + 'maxfailcount': 6, + 'failinterval': 60, + 'lockouttime': 600, + 'gracelimit': 3, + 'maxrepeat': 3, + 'maxsequence': 3, 'dictcheck': True, 'usercheck': True } @@ -147,18 +147,18 @@ def test_aliases(self): module_args = { 'name': 'admins', 'state': 'present', - 'priority': '10', - 'maxpwdlife': '90', - 'minpwdlife': '1', - 'historylength': '8', - 'minclasses': '3', - 'minlength': '16', - 'maxfailcount': '6', - 'failinterval': '60', - 'lockouttime': '600', - 'gracelimit': '3', - 'maxrepeat': '3', - 'maxsequence': '3', + 'priority': 10, + 'maxpwdlife': 90, + 'minpwdlife': 1, + 'historylength': 8, + 'minclasses': 3, + 'minlength': 16, + 'maxfailcount': 6, + 'failinterval': 60, + 'lockouttime': 600, + 'gracelimit': 3, + 'maxrepeat': 3, + 'maxsequence': 3, 'dictcheck': True, 'usercheck': True } @@ -202,18 +202,18 @@ def test_mod_different_args(self): module_args = { 'group': 'sysops', 'state': 'present', - 'priority': '10', - 'maxpwdlife': '60', - 'minpwdlife': '24', - 'historylength': '8', - 'minclasses': '3', - 'minlength': '12', - 'maxfailcount': '8', - 'failinterval': '60', - 'lockouttime': '600', - 'gracelimit': '3', - 'maxrepeat': '3', - 'maxsequence': '3', + 'priority': 10, + 'maxpwdlife': 60, + 'minpwdlife': 24, + 'historylength': 8, + 'minclasses': 3, + 'minlength': 12, + 'maxfailcount': 8, + 'failinterval': 60, + 'lockouttime': 600, + 'gracelimit': 3, + 'maxrepeat': 3, + 'maxsequence': 3, 'dictcheck': True, 'usercheck': True } @@ -275,18 +275,18 @@ def test_mod_missing_args(self): module_args = { 'group': 'sysops', 'state': 'present', - 'priority': '10', - 'maxpwdlife': '90', - 'minpwdlife': '1', - 'historylength': '8', - 'minclasses': '3', - 'minlength': '16', - 'maxfailcount': '6', - 'failinterval': '60', - 'lockouttime': '600', - 'gracelimit': '3', - 'maxrepeat': '3', - 'maxsequence': '3', + 'priority': 10, + 'maxpwdlife': 90, + 'minpwdlife': 1, + 'historylength': 8, + 'minclasses': 3, + 'minlength': 16, + 'maxfailcount': 6, + 'failinterval': 60, + 'lockouttime': 600, + 'gracelimit': 3, + 'maxrepeat': 3, + 'maxsequence': 3, 'dictcheck': True, 'usercheck': True } @@ -340,11 +340,11 @@ def test_del(self): 'group': 'sysops', 'state': 'absent', # other arguments are ignored when state is `absent` - 'priority': '10', - 'maxpwdlife': '90', - 'historylength': '8', - 'minlength': '16', - 'maxfailcount': '6' + 'priority': 10, + 'maxpwdlife': 90, + 'historylength': 8, + 'minlength': 16, + 'maxfailcount': 6 } return_value = { 'cn': ['sysops'], @@ -379,18 +379,18 @@ def test_no_change(self): module_args = { 'group': 'admins', 'state': 'present', - 'priority': '10', - 'maxpwdlife': '90', - 'minpwdlife': '1', - 'historylength': '8', - 'minclasses': '3', - 'minlength': '16', - 'maxfailcount': '6', - 'failinterval': '60', - 'lockouttime': '600', - 'gracelimit': '3', - 'maxrepeat': '3', - 'maxsequence': '3', + 'priority': 10, + 'maxpwdlife': 90, + 'minpwdlife': 1, + 'historylength': 8, + 'minclasses': 3, + 'minlength': 16, + 'maxfailcount': 6, + 'failinterval': 60, + 'lockouttime': 600, + 'gracelimit': 3, + 'maxrepeat': 3, + 'maxsequence': 3, 'dictcheck': True, 'usercheck': True } @@ -433,11 +433,11 @@ def test_del_no_change(self): 'group': 'sysops', 'state': 'absent', # other arguments are ignored when state is `absent` - 'priority': '10', - 'maxpwdlife': '90', - 'historylength': '8', - 'minlength': '16', - 'maxfailcount': '6' + 'priority': 10, + 'maxpwdlife': 90, + 'historylength': 8, + 'minlength': 16, + 'maxfailcount': 6 } return_value = {} mock_calls = [ @@ -457,17 +457,17 @@ def test_del_no_change(self): def test_global(self): """Modify the global policy""" module_args = { - 'maxpwdlife': '60', - 'minpwdlife': '24', - 'historylength': '8', - 'minclasses': '3', - 'minlength': '12', - 'maxfailcount': '8', - 'failinterval': '60', - 'lockouttime': '600', - 'gracelimit': '3', - 'maxrepeat': '3', - 'maxsequence': '3', + 'maxpwdlife': 60, + 'minpwdlife': 24, + 'historylength': 8, + 'minclasses': 3, + 'minlength': 12, + 'maxfailcount': 8, + 'failinterval': 60, + 'lockouttime': 600, + 'gracelimit': 3, + 'maxrepeat': 3, + 'maxsequence': 3, 'dictcheck': True, 'usercheck': True } @@ -524,17 +524,17 @@ def test_global(self): def test_global_no_change(self): """Global policy already matches the given arguments. No change needed""" module_args = { - 'maxpwdlife': '90', - 'minpwdlife': '1', - 'historylength': '8', - 'minclasses': '3', - 'minlength': '16', - 'maxfailcount': '6', - 'failinterval': '60', - 'lockouttime': '600', - 'gracelimit': '3', - 'maxrepeat': '3', - 'maxsequence': '3', + 'maxpwdlife': 90, + 'minpwdlife': 1, + 'historylength': 8, + 'minclasses': 3, + 'minlength': 16, + 'maxfailcount': 6, + 'failinterval': 60, + 'lockouttime': 600, + 'gracelimit': 3, + 'maxrepeat': 3, + 'maxsequence': 3, 'dictcheck': True, 'usercheck': True } @@ -576,18 +576,18 @@ def test_check_add(self): '_ansible_check_mode': True, 'group': 'admins', 'state': 'present', - 'priority': '10', - 'maxpwdlife': '90', - 'minpwdlife': '1', - 'historylength': '8', - 'minclasses': '3', - 'minlength': '16', - 'maxfailcount': '6', - 'failinterval': '60', - 'lockouttime': '600', - 'gracelimit': '3', - 'maxrepeat': '3', - 'maxsequence': '3', + 'priority': 10, + 'maxpwdlife': 90, + 'minpwdlife': 1, + 'historylength': 8, + 'minclasses': 3, + 'minlength': 16, + 'maxfailcount': 6, + 'failinterval': 60, + 'lockouttime': 600, + 'gracelimit': 3, + 'maxrepeat': 3, + 'maxsequence': 3, 'dictcheck': True, 'usercheck': True } @@ -612,18 +612,18 @@ def test_check_mod(self): '_ansible_check_mode': True, 'group': 'sysops', 'state': 'present', - 'priority': '10', - 'maxpwdlife': '60', - 'minpwdlife': '24', - 'historylength': '8', - 'minclasses': '3', - 'minlength': '12', - 'maxfailcount': '8', - 'failinterval': '60', - 'lockouttime': '600', - 'gracelimit': '3', - 'maxrepeat': '3', - 'maxsequence': '3', + 'priority': 10, + 'maxpwdlife': 60, + 'minpwdlife': 24, + 'historylength': 8, + 'minclasses': 3, + 'minlength': 12, + 'maxfailcount': 8, + 'failinterval': 60, + 'lockouttime': 600, + 'gracelimit': 3, + 'maxrepeat': 3, + 'maxsequence': 3, 'dictcheck': True, 'usercheck': True }