"""Statefully manage Splunk users.Usage-----This state is used to ensure presence of users in splunk... code-block:: yaml ensure example test user 1: splunk.present: - name: 'Example TestUser1' - email: example@domain.com"""def__virtual__():if"splunk.list_users"in__salt__:return"splunk"return(False,"splunk module could not be loaded")
[docs]defpresent(email,profile="splunk",**kwargs):""" Ensure a user is present .. code-block:: yaml ensure example test user 1: splunk.user_present: - realname: 'Example TestUser1' - name: 'exampleuser' - email: 'example@domain.com' - roles: ['user'] The following parameters are required: email This is the email of the user in splunk """name=kwargs.get("name")ret={"name":name,"changes":{},"result":None,"comment":""}target=__salt__["splunk.get_user"](email,profile=profile,user_details=True)ifnottarget:if__opts__["test"]:ret["comment"]=f"User {name} will be created"returnret# create the userresult=__salt__["splunk.create_user"](email,profile=profile,**kwargs)ifresult:ret["changes"].setdefault("old",None)ret["changes"].setdefault("new",f"User {name} exists")ret["result"]=Trueelse:ret["result"]=Falseret["comment"]=f"Failed to create {name}"returnretelse:ret["comment"]=f"User {name} set to be updated."if__opts__["test"]:ret["result"]=Nonereturnret# found a user... updatingresult=__salt__["splunk.update_user"](email,profile,**kwargs)ifisinstance(result,bool)andresult:# no updateret["result"]=Noneret["comment"]="No changes"else:diff={}forfieldin["name","realname","roles","defaultApp","tz","capabilities",]:iffield=="roles":diff["roles"]=list(set(target.get(field,[])).symmetric_difference(set(result.get(field,[]))))eliftarget.get(field)!=result.get(field):diff[field]=result.get(field)newvalues=resultret["result"]=Trueret["changes"]["diff"]=diffret["changes"]["old"]=targetret["changes"]["new"]=newvaluesreturnret
[docs]defabsent(email,profile="splunk",**kwargs):""" Ensure a splunk user is absent .. code-block:: yaml ensure example test user 1: splunk.absent: - email: 'example@domain.com' - name: 'exampleuser' The following parameters are required: email This is the email of the user in splunk name This is the splunk username used to identify the user. """user_identity=kwargs.get("name")ret={"name":user_identity,"changes":{},"result":None,"comment":f"User {user_identity} is absent.",}target=__salt__["splunk.get_user"](email,profile=profile)ifnottarget:ret["comment"]=f"User {user_identity} does not exist"ret["result"]=Truereturnretif__opts__["test"]:ret["comment"]=f"User {user_identity} is all set to be deleted"ret["result"]=Nonereturnretresult=__salt__["splunk.delete_user"](email,profile=profile)ifresult:ret["comment"]=f"Deleted user {user_identity}"ret["changes"].setdefault("old",f"User {user_identity} exists")ret["changes"].setdefault("new",f"User {user_identity} deleted")ret["result"]=Trueelse:ret["comment"]=f"Failed to delete {user_identity}"ret["result"]=Falsereturnret