wazuh-ansible-4.8.1/roles/wazuh/ansible-wazuh-manager/files/create_user.py

import logging
import sys
import json
import random
import string
import argparse
import os

# Set framework path
sys.path.append("/var/ossec/framework")

try:
    from wazuh.security import (
        create_user,
        get_users,
        get_roles,
        set_user_role,
        update_user,
    )
except Exception as e:
    logging.error("No module 'wazuh' found.")
    sys.exit(1)


def db_users():
    users_result = get_users()
    return {user["username"]: user["id"] for user in users_result.affected_items}


def db_roles():
    roles_result = get_roles()
    return {role["name"]: role["id"] for role in roles_result.affected_items}


if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='add_user script')
    parser.add_argument('--username', action="store", dest="username")
    parser.add_argument('--password', action="store", dest="password")
    results = parser.parse_args()

    username = results.username
    password = results.password

    initial_users = db_users()
    if username not in initial_users:
        # create a new user
        create_user(username=username, password=password)
        users = db_users()
        uid = users[username]
        roles = db_roles()
        rid = roles["administrator"]
        set_user_role(
            user_id=[
                str(uid),
            ],
            role_ids=[
                str(rid),
            ],
        )
    else:
        # modify an existing user ("wazuh" or "wazuh-wui")
        uid = initial_users[username]
        update_user(
            user_id=[
                str(uid),
            ],
            password=password,
        )
    # set a random password for all other users
    for name, id in initial_users.items():
        if name != username:
            specials = "@$!%*?&-_"
            random_pass = "".join(
                [
                    random.choice(string.ascii_uppercase),
                    random.choice(string.ascii_lowercase),
                    random.choice(string.digits),
                    random.choice(specials),
                ] +
                random.choices(
                    string.ascii_uppercase
                    + string.ascii_lowercase
                    + string.digits
                    + specials,
                    k=14,
                )
            )
            update_user(
                user_id=[
                    str(id),
                ],
                password=random_pass,
            )