aci_aaa_user - Manage AAA users (aaa:User)
New in version 2.5.
Synopsis
- Manage AAA users on Cisco ACI fabrics.
Requirements
The below requirements are needed on the host that executes this module.
- python-dateutil
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| aaa_password | The password of the locally-authenticated user. | |
| aaa_password_lifetime | The lifetime of the locally-authenticated user password. | |
| aaa_password_update_required |
| Whether this account needs password update. |
| aaa_user | The name of the locally-authenticated user user to add. aliases: name, user | |
| certificate_name | Default: C(private_key) basename | The X.509 certificate name attached to the APIC AAA user used for signature-based authentication. It defaults to the private_key basename, without extension.aliases: cert_name |
| clear_password_history |
| Whether to clear the password history of a locally-authenticated user. |
| description | Description for the AAA user. aliases: descr | |
| The email address of the locally-authenticated user. | ||
| enabled |
| The status of the locally-authenticated user account. |
| expiration | The expiration date of the locally-authenticated user account. | |
| expires |
| Whether to enable an expiration date for the locally-authenticated user account. |
| first_name | The first name of the locally-authenticated user. | |
| host required | IP Address or hostname of APIC resolvable by Ansible control host. aliases: hostname | |
| last_name | The last name of the locally-authenticated user. | |
| output_level |
| Influence the output of this ACI module. normal means the standard output, incl. current dictinfo means informational output, incl. previous, proposed and sent dictsdebug means debugging output, incl. filter_string, method, response, status and url information |
| password required | The password to use for authentication. | |
| phone | The phone number of the locally-authenticated user. | |
| port | Default: 443 (for https) and 80 (for http) | Port number to be used for REST connection. |
| private_key | PEM formatted file that contains your private key to be used for signature-based authentication. The name of the key (without extension) is used as the certificate name in ACI, unless certificate_name is specified.aliases: cert_key | |
| state |
| Use present or absent for adding or removing.Use query for listing an object or multiple objects. |
| timeout | Default: 30 | The socket level timeout in seconds. |
| use_proxy |
| If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts. |
| use_ssl |
| If no, an HTTP connection will be used instead of the default HTTPS connection. |
| username required | Default: admin | The username to use for authentication. aliases: user |
| validate_certs |
| If no, SSL certificates will not be validated.This should only set to no used on personally controlled sites using self-signed certificates. |
Notes
Note
- This module is not idempotent when
aaa_passwordis being used (even if that password was already set identically). This appears to be an inconsistency wrt. the idempotent nature of the APIC REST API. The vendor has been informed. More information in the ACI documentation. - More information about the internal APIC class aaa:User from the APIC Management Information Model reference.
- By default, if an environment variable
<protocol>_proxyis set on the target host, requests will be sent through that proxy. This behaviour can be overridden by setting a variable for this task (see setting the environment), or by using theuse_proxyoption. - HTTP redirects can redirect from HTTP to HTTPS so you should be sure that your proxy environment for both protocols is correct.
Examples
- name: Add a user
aci_aaa_user:
host: apic
username: admin
password: SomeSecretPassword
aaa_user: dag
aaa_password: AnotherSecretPassword
expiration: never
expires: no
email: [email protected]
phone: 1-234-555-678
first_name: Dag
last_name: Wieers
state: present
- name: Remove a user
aci_aaa_user:
host: apic
username: admin
password: SomeSecretPassword
aaa_user: dag
state: absent
- name: Query a user
aci_aaa_user:
host: apic
username: admin
password: SomeSecretPassword
aaa_user: dag
state: query
- name: Query all users
aci_aaa_user:
host: apic
username: admin
password: SomeSecretPassword
state: query
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| current list | success | The existing configuration from the APIC after the module has finished Sample: [{'fvTenant': {'attributes': {'dn': 'uni/tn-production', 'ownerKey': '', 'name': 'production', 'descr': 'Production environment', 'nameAlias': '', 'ownerTag': ''}}}] |
| error dict | failure | The error information as returned from the APIC Sample: {'text': 'unknown managed object class foo', 'code': '122'} |
| filter_string string | failure or debug | The filter string used for the request Sample: ?rsp-prop-include=config-only |
| method string | failure or debug | The HTTP method used for the request to the APIC Sample: POST |
| previous list | info | The original configuration from the APIC before the module has started Sample: [{'fvTenant': {'attributes': {'dn': 'uni/tn-production', 'ownerKey': '', 'name': 'production', 'descr': 'Production', 'nameAlias': '', 'ownerTag': ''}}}] |
| proposed dict | info | The assembled configuration from the user-provided parameters Sample: {'fvTenant': {'attributes': {'name': 'production', 'descr': 'Production environment'}}} |
| raw string | parse error | The raw output returned by the APIC REST API (xml or json) Sample: <?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata> |
| response string | failure or debug | The HTTP response from the APIC Sample: OK (30 bytes) |
| sent list | info | The actual/minimal configuration pushed to the APIC Sample: {'fvTenant': {'attributes': {'descr': 'Production environment'}}} |
| status int | failure or debug | The HTTP status from the APIC Sample: 200 |
| url string | failure or debug | The HTTP url used for the request to the APIC Sample: https://10.11.12.13/api/mo/uni/tn-production.json |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Author
- Dag Wieers (@dagwieers)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.5/modules/aci_aaa_user_module.html