| Server IP : 85.214.239.14 / Your IP : 3.137.186.26 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /lib/python3/dist-packages/ansible_collections/lowlydba/sqlserver/plugins/modules/ |
Upload File : |
#!powershell
# -*- coding: utf-8 -*-
# (c) 2022, John McCall (@lowlydba)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#AnsibleRequires -CSharpUtil Ansible.Basic
#AnsibleRequires -PowerShell ansible_collections.lowlydba.sqlserver.plugins.module_utils._SqlServerUtils
#Requires -Modules @{ ModuleName="dbatools"; ModuleVersion="1.1.112" }
$ErrorActionPreference = "Stop"
$spec = @{
supports_check_mode = $true
options = @{
new_name = @{type = 'str'; required = $false; }
password = @{type = 'str'; required = $false; no_log = $true }
enabled = @{type = 'bool'; required = $false; default = $true }
password_must_change = @{type = 'bool'; required = $false }
password_policy_enforced = @{type = 'bool'; required = $false }
password_expiration_enabled = @{type = 'bool'; required = $false }
}
}
$module = [Ansible.Basic.AnsibleModule]::Create($args, $spec, @(Get-LowlyDbaSqlServerAuthSpec))
$sqlInstance, $sqlCredential = Get-SqlCredential -Module $module
$newName = $module.Params.new_name
if ($null -ne $module.Params.password) {
$secPassword = ConvertTo-SecureString -String $module.Params.password -AsPlainText -Force
}
$enabled = $module.Params.enabled
[nullable[bool]]$passwordMustChange = $module.Params.password_must_change
[nullable[bool]]$passwordExpirationEnabled = $module.Params.password_expiration_enabled
[nullable[bool]]$passwordPolicyEnforced = $module.Params.password_policy_enforced
$checkMode = $module.CheckMode
$module.Result.changed = $false
try {
$sa = Get-DbaLogin -SqlInstance $SqlInstance -SqlCredential $sqlCredential -EnableException | Where-Object ID -eq 1
$setLoginSplat = @{ }
if ($null -ne $newName) {
$setLoginSplat.Add("NewName", $newName)
if ($sa.Name -ne $newName) {
$changed = $true
}
}
if ($null -ne $passwordExpirationEnabled) {
if ($sa.PasswordExpirationEnabled -ne $passwordExpirationEnabled) {
$changed = $true
}
if ($passwordExpirationEnabled -eq $true) {
$setLoginSplat.add("PasswordExpirationEnabled", $true)
}
}
if ($null -ne $passwordPolicyEnforced) {
if ($sa.PasswordPolicyEnforced -ne $passwordPolicyEnforced) {
$changed = $true
}
if ($passwordPolicyEnforced -eq $true) {
$setLoginSplat.add("PasswordPolicyEnforced", $true)
}
}
if ($true -eq $passwordMustChange) {
if ($sa.PasswordMustChange -ne $passwordMustChange) {
$changed = $true
}
if ($passwordMustChange -eq $true) {
$setLoginSplat.add("PasswordMustChange", $true)
}
}
if ($null -ne $secPassword) {
$setLoginSplat.add("SecurePassword", $secPassword)
}
if ($enabled -eq $false) {
$disabled = $true
$setLoginSplat.add("Disable", $true)
}
else {
$disabled = $false
$setLoginSplat.add("Enable", $true)
}
# Check for changes
if (($changed -eq $true) -or ($disabled -ne $sa.IsDisabled) -or ($secPassword)) {
$output = $sa | Set-DbaLogin @setLoginSplat -WhatIf:$checkMode -EnableException
$module.Result.changed = $true
}
else {
$output = $sa
}
if ($null -ne $output) {
$resultData = ConvertTo-SerializableObject -InputObject $output
$module.Result.data = $resultData
}
$module.exitJson()
}
catch {
$module.FailJson("Configuring 'sa' login failed: $($_.Exception.Message)", $_)
}