Zabbix user provider

Author: DEFERME Bert

lib/puppet/provider/zabbix_user/ruby.rb

@@ -0,0 +1,173 @@
+# frozen_string_literal: true
+
+require_relative '../zabbix'
+Puppet::Type.type(:zabbix_user).provide(:ruby, parent: Puppet::Provider::Zabbix) do
+  confine feature: :zabbixapi
+
+  def initialize(value = {})
+    super(value)
+    @property_flush = {}
+  end
+
+  def get_id(username)
+    zbx.users.get_raw(filter: { username: username }, output: 'userid')[0]['userid']
+  end
+
+  def get_user_by_name(username)
+    api_user = zbx.users.get_raw(filter: { username: username }, selectUsrgrps: 'extend')
+    if api_user.empty?
+      nil
+    else
+      {
+        username: api_user[0]['username'],
+        firstname: api_user[0]['name'],
+        surname: api_user[0]['surname'],
+        autologin: api_user[0]['autologin'],
+        role: zbx.roles.get_raw(filter: { roleid: api_user[0]['roleid'] })[0]['name'],
+        usrgrps: api_user[0]['usrgrps'].map { |h| h['name'] }.compact,
+      }
+    end
+  end
+
+  def user
+    @user ||= get_user_by_name(resource[:username])
+    @user
+  end
+
+  attr_writer :user
+
+  def username
+    user[:username]
+  end
+
+  def username=(value)
+    @property_flush[:username] = value
+  end
+
+  def passwd
+    nil
+  end
+
+  def passwd=(value)
+    @property_flush[:passwd] = value
+  end
+
+  def firstname
+    user[:firstname]
+  end
+
+  def firstname=(value)
+    @property_flush[:name] = value
+  end
+
+  def surname
+    user[:surname]
+  end
+
+  def surname=(value)
+    @property_flush[:surname] = value
+  end
+
+  def autologin
+    user[:autologin]
+  end
+
+  def autologin=(int)
+    @property_flush[:autologin] = int
+  end
+
+  def role
+    user[:role]
+  end
+
+  def role=(value)
+    @property_flush[:role] = value
+  end
+
+  def usrgrps
+    user[:usrgrps]
+  end
+
+  def usrgrps=(array)
+    @property_flush[:usrgrps] = array
+  end
+
+  def flush
+    if @property_flush[:ensure] == :absent
+      delete_user
+      return
+    end
+
+    return if @property_flush.empty?
+
+    update_user
+  end
+
+  def update_user
+    # Get roleid if needs updating
+    unless @property_flush[:role].nil?
+      @property_flush[:roleid] = zbx.roles.get_id(name: @property_flush[:role])
+      @property_flush.delete(:role)
+    end
+    # Get usrgrpids if need updating
+    unless @property_flush[:usrgrps].nil?
+      usrgrp_ids = zbx.usergroups.get_raw(filter: { name: @property_flush[:usrgrps] }, output: 'usrgrpid')
+      @property_flush[:usrgrps] = usrgrp_ids
+    end
+    zbx.query(
+      method: 'user.update',
+      params: {
+        userid: get_id(@resource[:username]),
+      }.merge(@property_flush)
+    )
+  end
+
+  def delete_user
+    zbx.users.delete(get_id(@resource[:username]))
+  end
+
+  def check_password
+    protocol = api_config['default']['apache_use_ssl'] == 'true' ? 'https' : 'http'
+    begin
+      zbx_check = ZabbixApi.connect(
+        url: "#{protocol}://#{api_config['default']['zabbix_url']}/api_jsonrpc.php",
+        user: @resource[:username],
+        password: @resource[:passwd],
+        http_user: @resource[:username],
+        http_password: @resource[:passwd],
+        ignore_version: true
+      )
+    rescue ZabbixApi::ApiError
+      ret = false
+    else
+      ret = true
+      zbx_check.query(method: 'user.logout', params: {})
+    end
+    ret
+  end
+
+  def create
+    # Get role id
+    roleid = zbx.roles.get_id(name: @resource[:role])
+    # Get usrgrp ids
+    usrgrps = @resource[:usrgrps].empty? ? {} : zbx.usergroups.get_raw(filter: { name: @resource[:usrgrps] }, output: 'usrgrpid')
+
+    zbx.users.create(
+      username: @resource[:username],
+      name: @resource[:firstname],
+      surname: @resource[:surname],
+      autologin: @resource[:autologin].nil? ? 0 : @resource[:autologin],
+      roleid: roleid,
+      usrgrps: usrgrps,
+      passwd: @resource[:passwd]
+    )
+  end
+
+  def exists?
+    user
+  end
+
+  def destroy
+    @property_flush[:ensure] = :absent
+  end
+end

lib/puppet/type/zabbix_user.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+Puppet::Type.newtype(:zabbix_user) do
+  @doc = %q("Manage zabbix users
+
+      zabbix_user{ 'username':
+        ensure     => present,
+        firstname  => 'firstname',
+        surname    => 'surname',
+        passwd     => Sensitive(password),
+        autologin  => 0,
+        role       => 'Admin role',
+        usrgrps    => [ 'Group1' ],
+      }")
+
+  ensurable do
+    defaultvalues
+    defaultto :present
+  end
+
+  newparam(:username, namevar: true) do
+    desc 'user name'
+    validate do |value|
+      raise ArgumentError, 'username must be a string' unless value.is_a?(String)
+    end
+  end
+
+  newproperty(:firstname) do
+    desc 'user firstname'
+    validate do |value|
+      raise ArgumentError, 'firstname must be a string' unless value.is_a?(String)
+    end
+  end
+
+  newproperty(:surname) do
+    desc 'user surname'
+    validate do |value|
+      raise ArgumentError, 'surname must be a string' unless value.is_a?(String)
+    end
+  end
+
+  newproperty(:passwd) do
+    desc 'user password'
+    def insync?(_is)
+      provider.check_password
+    end
+  end
+
+  newproperty(:autologin, boolean: true) do
+    desc 'Whether auto login is enabled or disabled.'
+    newvalues(true, false)
+    defaultto false
+
+    munge do |value|
+      value ? 1 : 0
+    end
+  end
+
+  newproperty(:role) do
+    desc 'user role'
+    defaultto 'User role'
+    validate do |value|
+      raise ArgumentError, 'User role must be a string' unless value.nil? || value.is_a?(String)
+    end
+  end
+
+  newproperty(:usrgrps, array_matching: :all) do
+    desc 'user groups'
+    defaultto []
+    def insync?(is)
+      is.sort == should.sort
+    end
+  end
+
+  def set_sensitive_parameters(sensitive_parameters) # rubocop:disable Naming/AccessorMethodName
+    parameter(:passwd).sensitive = true if parameter(:passwd)
+    super(sensitive_parameters)
+  end
+
+  validate do
+    required_properties = %i[firstname surname usrgrps]
+    required_properties.each do |property|
+      raise ArgumentError, "You must provide a #{property}" if self[:ensure] == :present && self[property].nil?
+    end
+  end
+
+  autorequire(:file) { '/etc/zabbix/api.conf' }
+end