cyberark_user - Module for CyberArk User Management using PAS Web Services SDK
New in version 2.4.
Synopsis
- CyberArk User Management using PAS Web Services SDK. It currently supports the following actions Get User Details, Add User, Update User, Delete User.
Options
parameter | required | default | choices | comments |
---|---|---|---|---|
change_password_on_the_next_logon | no | no |
| Whether or not the user must change their password in their next logon. Valid values = true/false. |
cyberark_session | yes | Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see cyberark_authentication module for an example of cyberark_session. | ||
disabled | no | no |
| Whether or not the user will be disabled. Valid values = true/false. |
email | no | The user email address. | ||
expiry_date | no | The date and time when the user account will expire and become disabled. | ||
first_name | no | The user first name. | ||
group_name | no | The name of the group the user will be added to. | ||
initial_password | no | The password that the new user will use to log on the first time. This password must meet the password policy requirements. this parameter is required when state is present -- Add User. | ||
last_name | no | The user last name. | ||
location | no | The Vault Location for the user. | ||
new_password | no | The user updated password. Make sure that this password meets the password policy requirements. | ||
state | no | present |
| Specifies the state needed for the user present for create user, absent for delete user. |
user_type_name | no | EPVUser | The type of user. | |
username | yes | The name of the user who will be queried (for details), added, updated or deleted. |
Examples
- name: Logon to CyberArk Vault using PAS Web Services SDK cyberark_authentication: api_base_url: "https://components.cyberark.local" use_shared_logon_authentication: true - name: Create user & immediately add it to a group cyberark_user: username: "username" initial_password: "password" user_type_name: "EPVUser" change_password_on_the_next_logon: false group_name: "GroupOfUsers" state: present cyberark_session: "{{ cyberark_session }}" - name: Make sure user is present and reset user credential if present cyberark_user: username: "Username" new_password: "password" disabled: false state: present cyberark_session: "{{ cyberark_session }}" - name: Logoff from CyberArk Vault cyberark_authentication: state: absent cyberark_session: "{{ cyberark_session }}"
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
name | description | returned | type | sample |
---|---|---|---|---|
changed | Whether there was a change done. | always | bool | |
cyberark_user | Dictionary containing result properties. | always | dict | {'result': {'type': 'dict', 'description': 'user properties when state is present', 'returned': 'success'}} |
status_code | Result HTTP Status code | success | int | 200 |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/cyberark_user_module.html