├── LICENSE ├── README.md ├── library └── cyberark_credential.py ├── meta └── main.yml └── tests ├── inventory ├── test-addtogroup.yml ├── test-authentication.yml ├── test-createuser.yml ├── test-cyberarkcredential.yml ├── test-deleteuser.yml └── test-resetcredentials.yml /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 enunez-cyberark 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | cyberark_modules 2 | ================ 3 | 4 | Role to add CyberArk modules -- If not available from ansible core, or to get the latest. 5 | 6 | Requirements 7 | ------------ 8 | 9 | - CyberArk Privileged Account Security Web Services SDK. 10 | - CyberArk AIM Central Credential Provider 11 | 12 | Role Variables 13 | -------------- 14 | 15 | None. 16 | 17 | Provided Modules 18 | ---------------- 19 | 20 | - **cyberark_authentication**: Module for CyberArk Vault Authentication using Privileged Account Security Web Services SDK 21 | - **cyberark_user**: Module for CyberArk User Management using Privileged Account Security Web Services SDK 22 | - **cyberark_credential**: Module for CyberArk credential retrieval using Cyberark Central Credential Provider. 23 | 24 | **NOTE**: For access to the cyberark_credential functionality, the **library/cyberark_credential.py** file will need to be added to the Ansible modules directory of the Ansible server. 25 | 26 | 27 | Example Playbook 28 | ---------------- 29 | 30 | 1) Example playbook showing the use of cyberark_authentication module for logon and logoff without using shared logon authentication. 31 | 32 | ```yaml 33 | --- 34 | - hosts: localhost 35 | 36 | roles: 37 | 38 | - role: cyberark.modules 39 | 40 | tasks: 41 | 42 | - name: Logon to CyberArk Vault using PAS Web Services SDK 43 | cyberark_authentication: 44 | api_base_url: "https://components.cyberark.local" 45 | validate_certs: no 46 | username: "testuser" 47 | password: "Cyberark1" 48 | 49 | 50 | - name: Debug message 51 | debug: 52 | var: cyberark_session 53 | 54 | 55 | - name: Logoff from CyberArk Vault 56 | cyberark_authentication: 57 | state: absent 58 | cyberark_session: "{{ cyberark_session }}" 59 | 60 | - name: Debug message 61 | debug: var=cyberark_session 62 | ``` 63 | 64 | 65 | 2) Example playbook showing the use of cyberark_user module to create a user. 66 | ```yaml 67 | --- 68 | - hosts: localhost 69 | 70 | roles: 71 | 72 | - role: cyberark.modules 73 | 74 | tasks: 75 | 76 | - name: Logon to CyberArk Vault using PAS Web Services SDK 77 | cyberark_authentication: 78 | api_base_url: "https://components.cyberark.local" 79 | validate_certs: false 80 | use_shared_logon_authentication: true 81 | 82 | - name: Debug message 83 | debug: 84 | var: cyberark_session 85 | 86 | - name: Create User 87 | cyberark_user: 88 | username: "testuser2" 89 | initial_password: "Cyberark1" 90 | user_type_name: "EPVUser" 91 | change_password_on_the_next_logon: false 92 | group_name: "TestGroup" 93 | state: present 94 | cyberark_session: "{{ cyberark_session }}" 95 | register: cyberarkaction 96 | 97 | - debug: msg="{{cyberarkaction.cyberark_user.result}}" 98 | when: cyberarkaction.status_code == 201 99 | 100 | - name: Logoff from CyberArk Vault 101 | cyberark_authentication: 102 | state: absent 103 | cyberark_session: "{{ cyberark_session }}" 104 | 105 | - name: Debug message 106 | debug: var=cyberark_session 107 | ``` 108 | 109 | 110 | 3) Example playbook showing the use of cyberark_user module to reset's a user credential. 111 | ```yaml 112 | --- 113 | - hosts: localhost 114 | 115 | roles: 116 | 117 | - role: cyberark.modules 118 | 119 | tasks: 120 | 121 | - name: Logon to CyberArk Vault using PAS Web Services SDK 122 | cyberark_authentication: 123 | api_base_url: "https://components.cyberark.local" 124 | validate_certs: false 125 | use_shared_logon_authentication: true 126 | 127 | - name: Debug message 128 | debug: 129 | var: cyberark_session 130 | 131 | - name: Reset user credential 132 | cyberark_user: 133 | username: "testuser2" 134 | new_password: "Cyberark123" 135 | disabled: false 136 | state: present 137 | cyberark_session: "{{ cyberark_session }}" 138 | register: cyberarkaction 139 | 140 | - debug: msg="{{cyberarkaction.cyberark_user.result}}" 141 | when: cyberarkaction.status_code == 200 142 | 143 | - name: Logoff from CyberArk Vault 144 | cyberark_authentication: 145 | state: absent 146 | cyberark_session: "{{ cyberark_session }}" 147 | 148 | - name: Debug message 149 | debug: var=cyberark_session 150 | ``` 151 | 152 | 153 | 4) Example playbook showing the use of cyberark_user module to add user to a group (only during creation). 154 | ```yaml 155 | --- 156 | - hosts: localhost 157 | 158 | roles: 159 | 160 | - role: cyberark.modules 161 | 162 | tasks: 163 | 164 | - name: Logon to CyberArk Vault using PAS Web Services SDK 165 | cyberark_authentication: 166 | api_base_url: "https://components.cyberark.local" 167 | validate_certs: false 168 | use_shared_logon_authentication: true 169 | 170 | - name: Debug message 171 | debug: 172 | var: cyberark_session 173 | 174 | - name: Add user to group 175 | cyberark_user: 176 | username: "testuser2" 177 | initial_password: "Cyberark1" 178 | group_name: "TestGroup" 179 | state: present 180 | cyberark_session: "{{ cyberark_session }}" 181 | register: cyberarkaction 182 | 183 | - debug: msg="{{cyberarkaction}}" 184 | 185 | - name: Logoff from CyberArk Vault 186 | cyberark_authentication: 187 | state: absent 188 | cyberark_session: "{{ cyberark_session }}" 189 | 190 | - name: Debug message 191 | debug: var=cyberark_session 192 | ``` 193 | 194 | 195 | 5) Example playbook showing the use of cyberark_user module to delete a user. 196 | ```yaml 197 | --- 198 | - hosts: localhost 199 | 200 | roles: 201 | 202 | - role: cyberark.modules 203 | 204 | tasks: 205 | 206 | - name: Logon to CyberArk Vault using PAS Web Services SDK 207 | cyberark_authentication: 208 | api_base_url: "https://components.cyberark.local" 209 | validate_certs: false 210 | use_shared_logon_authentication: true 211 | 212 | - name: Debug message 213 | debug: 214 | var: cyberark_session 215 | 216 | - name: Remove User 217 | cyberark_user: 218 | username: "testuser2" 219 | state: absent 220 | cyberark_session: "{{ cyberark_session }}" 221 | register: cyberarkaction 222 | 223 | - debug: msg="{{cyberarkaction}}" 224 | 225 | - name: Logoff from CyberArk Vault 226 | cyberark_authentication: 227 | state: absent 228 | cyberark_session: "{{ cyberark_session }}" 229 | 230 | - name: Debug message 231 | debug: var=cyberark_session 232 | ``` 233 | 234 | 235 | 6) Example of a basic playbook showing the minimum needed to use the cyberark_credential module for retrieval of credentials using the Central Credential Provider. 236 | ```yaml 237 | --- 238 | - hosts: localhost 239 | 240 | tasks: 241 | 242 | - name: credential retrieval basic 243 | cyberark_credential: 244 | api_base_url: "http://10.10.0.1" 245 | app_id: "TestID" 246 | query: "Safe=test;UserName=admin" 247 | register: {{ result }} 248 | no_log: true 249 | 250 | 251 | - name: Debug message 252 | debug: 253 | var: {{ result }} 254 | ``` 255 | 256 | 257 | 7) Example of a more advanced playbook outlining the use of all of the parameters available when using the cyberark_credential module for retrieval of credentials using the Central Credential Provider. 258 | ```yaml 259 | --- 260 | - hosts: localhost 261 | 262 | tasks: 263 | 264 | - name: credential retrieval advanced 265 | cyberark_credential: 266 | api_base_url: "https://components.cyberark.local" 267 | validate_certs: yes 268 | client_cert: /etc/pki/ca-trust/source/client.pem 269 | client_key: /etc/pki/ca-trust/source/priv-key.pem 270 | app_id: "TestID" 271 | query: "Safe=test;UserName=admin" 272 | connection_timeout: 60 273 | query_format: Exact 274 | fail_request_on_password_change: True 275 | reason: "requesting credential for Ansible deployment" 276 | register: {{ result }} 277 | no_log: true 278 | 279 | 280 | - name: Debug message 281 | debug: 282 | var: {{ result }} 283 | ``` 284 | 285 | License 286 | ------- 287 | 288 | MIT 289 | 290 | Author Information 291 | ------------------ 292 | 293 | - Cyberark Business Developement Technical Team (BizDevTech@cyberark.com) 294 | -------------------------------------------------------------------------------- /library/cyberark_credential.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Copyright: (c) 2017, Ansible Project 3 | # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 4 | 5 | from __future__ import absolute_import, division, print_function 6 | __metaclass__ = type 7 | 8 | ANSIBLE_METADATA = {'metadata_version': '1.1', 9 | 'status': ['preview'], 10 | 'supported_by': 'community'} 11 | 12 | DOCUMENTATION = ''' 13 | --- 14 | module: cyberark_credential 15 | short_description: Module for retrieval of CyberArk vaulted credential using PAS Web Services SDK through the Central Credential Provider 16 | author: Edward Nunez @ CyberArk BizDev (@enunez-cyberark, @cyberark-bizdev, @erasmix @JimmyJamCABD) 17 | version_added: 2.4 18 | description: 19 | - Creates a URI for retrieving a credential from a password object stored in the Cyberark Vault. The request uses the Privileged 20 | Account Security Web Services SDK through the Central Credential Provider by requesting access with an Application ID. 21 | 22 | 23 | options: 24 | api_base_url: 25 | type: string 26 | required: 'Yes' 27 | description: 28 | - A string containing the base URL of the server hosting the Central Credential Provider 29 | validate_certs: 30 | type: bool 31 | required: 'No' 32 | default: 'No' 33 | description: 34 | - If C(false), SSL certificate chain will not be validated. This should only 35 | set to C(true) if you have a root CA certificate installed on each node. 36 | app_id: 37 | type: string 38 | required: 'Yes' 39 | description: 40 | - A string containing the Application ID authorized for retrieving the credential 41 | query: 42 | type: string 43 | required: 'Yes' 44 | description: 45 | - A string containing details of the object being queried 46 | parameters: 47 | Safe= 48 | Folder= 49 | Object= 50 | UserName= 51 | Address=
52 | Database= 53 | PolicyID= 54 | connection_timeout: 55 | type: integer 56 | required: 'No' 57 | default: '30' 58 | description: 59 | - An integer value of the allowed time before the request returns failed 60 | query_format: 61 | type: choice 62 | required: 'No' 63 | default: 'Exact' 64 | description: 65 | - The format for which your Query will be received by the CCP 66 | parameters: 67 | Exact 68 | Regexp 69 | fail_request_on_password_change: 70 | type: bool 71 | required: 'No' 72 | default: 'False' 73 | description: 74 | - A boolean parameter for completing the request in the middle of a password change of the requested credential 75 | client_cert: 76 | type: string 77 | required: 'No' 78 | description: 79 | - A string containing the file location and name of the client certificate used for authentication 80 | client_key: 81 | type: string 82 | required: 'No' 83 | description: 84 | - A string containing the file location and name of the private key of the client certificate used for authentication 85 | reason: 86 | type: string 87 | required: 'Only if the Policy managing the object requires it' 88 | description: 89 | - Reason for requesting credential if required by policy 90 | ''' 91 | 92 | EXAMPLES = ''' 93 | - name: credential retrieval basic 94 | cyberark_credential: 95 | api_base_url: "http://10.10.0.1" 96 | app_id: "TestID" 97 | query: "Safe=test;UserName=admin" 98 | register: {{ result }} 99 | 100 | result: 101 | { api_base_url }"/AIMWebService/api/Accounts?AppId="{ app_id }"&Query="{ query } 102 | 103 | 104 | - name: credential retrieval advanced 105 | cyberark_credential: 106 | api_base_url: "https://components.cyberark.local" 107 | validate_certs: yes 108 | client_cert: /etc/pki/ca-trust/source/client.pem 109 | client_key: /etc/pki/ca-trust/source/priv-key.pem 110 | app_id: "TestID" 111 | query: "Safe=test;UserName=admin" 112 | connection_timeout: 60 113 | query_format: Exact 114 | fail_request_on_password_change: True 115 | reason: "requesting credential for Ansible deployment" 116 | register: {{ result }} 117 | 118 | result: 119 | { api_base_url }"/AIMWebService/api/Accounts?AppId="{ app_id }"&Query="{ query }"&ConnectionTimeout="{ connection_timeout }"&QueryFormat="{ query_format }"&FailRequestOnPasswordChange="{ fail_request_on_password_change } 120 | ''' 121 | 122 | RETURN = ''' 123 | "{{}}": { 124 | "changed": false, 125 | "failed": false, 126 | "result": { 127 | "Address": "string" 128 | description: The target address of the credential being queried 129 | type: string 130 | returned: if required 131 | "Content": "string" 132 | description: The password for the object being queried 133 | type: string 134 | returned: always 135 | "CreationMethod": "string" 136 | description: This is how the object was created in the Vault 137 | type: string 138 | returned: always 139 | "DeviceType": "string" 140 | description: An internal File Category for more granular management of Platforms 141 | type: string 142 | returned: always 143 | "Folder": "string" 144 | description: The folder within the Safe where the credential is stored 145 | type: string 146 | returned: always 147 | "Name": "string" 148 | description: The Cyberark unique object ID of the credential being queried 149 | type: string 150 | returned: always 151 | "PasswordChangeInProcess": "bool" 152 | description: If the password has a change flag placed by the CPM 153 | type: bool 154 | returned: always 155 | "PolicyID": "string" 156 | description: Whether or not SSL certificates should be validated. 157 | type: string 158 | returned: if assigned to a policy 159 | "Safe": "string" 160 | description: The safe where the queried credential is stored 161 | type: string 162 | returned: always 163 | "Username": "string" 164 | description: The username of the credential being queried 165 | type: string 166 | returned: if required 167 | "LogonDomain": "string" 168 | description: The Address friendly name resolved by the CPM 169 | type: string 170 | returned: if populated 171 | "CPMDisabled": "string" 172 | description: A description of why this vaulted credential is not being managed by the CPM 173 | type: string 174 | returned: if CPM management is disabled and a reason is given 175 | }, 176 | "status_code": 200 177 | } 178 | } 179 | ''' 180 | 181 | from ansible.module_utils._text import to_text 182 | from ansible.module_utils.basic import AnsibleModule 183 | from ansible.module_utils.urls import open_url 184 | from ansible.module_utils.six.moves.urllib.error import HTTPError 185 | import json 186 | import urllib 187 | try: 188 | import httplib 189 | except ImportError: 190 | # Python 3 191 | import http.client as httplib 192 | 193 | 194 | def retrieveCredential(module): 195 | 196 | # Getting parameters from module 197 | 198 | api_base_url = module.params["api_base_url"] 199 | validate_certs = module.params["validate_certs"] 200 | app_id = module.params["app_id"] 201 | query = module.params["query"] 202 | connection_timeout = module.params["connection_timeout"] 203 | query_format = module.params["query_format"] 204 | fail_request_on_password_change = module.params["fail_request_on_password_change"] 205 | client_cert = None 206 | client_key = None 207 | 208 | if "client_cert" in module.params: 209 | client_cert = module.params["client_cert"] 210 | if "client_key" in module.params: 211 | client_key = module.params["client_key"] 212 | 213 | end_point = "/AIMWebService/api/Accounts?AppId=%s&Query=%s&ConnectionTimeout=%s&QueryFormat=%s&FailRequestOnPasswordChange=%s" % (urllib.quote(app_id), urllib.quote(query), connection_timeout, query_format, fail_request_on_password_change) 214 | 215 | if "reason" in module.params and module.params["reason"] != None: 216 | reason = urllib.quote(module.params["reason"]) 217 | end_point = end_point + "&reason=%s" % reason 218 | 219 | result = None 220 | response = None 221 | 222 | try: 223 | 224 | response = open_url( 225 | api_base_url + end_point, 226 | method="GET", 227 | validate_certs=validate_certs, 228 | client_cert=client_cert, 229 | client_key=client_key) 230 | 231 | except (HTTPError, httplib.HTTPException) as http_exception: 232 | 233 | module.fail_json( 234 | msg=("Error while retrieving credential." 235 | "Please validate parameters provided, and permissions for the application and provider in CyberArk." 236 | "\n*** end_point=%s%s\n ==> %s" % (api_base_url, end_point, to_text(http_exception))), 237 | status_code=http_exception.code) 238 | 239 | except Exception as unknown_exception: 240 | 241 | module.fail_json( 242 | msg=("Unknown error while retrieving credential." 243 | "\n*** end_point=%s%s\n%s" % (api_base_url, end_point, to_text(unknown_exception))), 244 | status_code=-1) 245 | 246 | if response.getcode() == 200: # Success 247 | 248 | # Result token from REST Api uses a different key based 249 | try: 250 | result = json.loads(response.read()) 251 | except Exception as e: 252 | module.fail_json( 253 | msg="Error obtain cyberark credential result from http body\n%s" % (to_text(e)), 254 | status_code=-1) 255 | 256 | return (result, response.getcode()) 257 | 258 | else: 259 | module.fail_json( 260 | msg="error in end_point=>" + 261 | end_point) 262 | 263 | def main(): 264 | 265 | fields = { 266 | "api_base_url": {"required": True, "type": "str"}, 267 | "app_id": {"required": True, "type": "str"}, 268 | "query": {"required": True, "type": "str"}, 269 | "reason": {"required": False, "type": "str"}, 270 | "connection_timeout": {"required": False, "type": "int", "default": 30}, 271 | "query_format": {"required": False, "type": "str", "choices": ["Exact", "Regexp"], "default": "Exact"}, 272 | "fail_request_on_password_change": {"required": False, "type": "bool", "default": False}, 273 | "validate_certs": {"type": "bool", 274 | "default": True}, 275 | "client_cert": {"type": "str", "required": False}, 276 | "client_key": {"type": "str", "required": False}, 277 | "state": {"type": "str", 278 | "choices": ["present"], 279 | "default": "present"}, 280 | } 281 | 282 | module = AnsibleModule( 283 | argument_spec=fields, 284 | supports_check_mode=True) 285 | 286 | (result, status_code) = retrieveCredential(module) 287 | 288 | module.exit_json( 289 | changed=False, 290 | result=result, 291 | status_code=status_code) 292 | 293 | 294 | if __name__ == '__main__': 295 | main() 296 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: Business Development Technical Team 3 | description: CyberArk Ansible Modules for Authentication, User Management, and Credential Retrieval using AIM Central Credential Provider's REST API. 4 | company: CyberArk 5 | 6 | license: MIT 7 | 8 | min_ansible_version: 2.2 9 | 10 | platforms: 11 | - name: OpenBSD 12 | versions: 13 | - all 14 | - name: Fedora 15 | versions: 16 | - all 17 | - name: MacOSX 18 | versions: 19 | - all 20 | - name: GenericBSD 21 | versions: 22 | - all 23 | - name: GenericLinux 24 | versions: 25 | - all 26 | - name: Ubuntu 27 | versions: 28 | - all 29 | - name: Debian 30 | versions: 31 | - all 32 | - name: EL 33 | versions: 34 | - all 35 | - name: opensuse 36 | versions: 37 | - all 38 | - name: SLES 39 | versions: 40 | - all 41 | - name: Solaris 42 | versions: 43 | - all 44 | 45 | galaxy_tags: 46 | - identity 47 | - password 48 | - privileged 49 | - vault 50 | - cyberark 51 | - AIM 52 | 53 | dependencies: [] 54 | -------------------------------------------------------------------------------- /tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | -------------------------------------------------------------------------------- /tests/test-addtogroup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | 4 | roles: 5 | 6 | - role: cyberark-bizdev.modules 7 | 8 | tasks: 9 | 10 | - name: Logon to CyberArk Vault using PAS Web Services SDK 11 | cyberark_authentication: 12 | api_base_url: "https://components.cyberark.local" 13 | validate_certs: false 14 | use_shared_logon_authentication: true 15 | 16 | - name: Debug message 17 | debug: 18 | var: cyberark_session 19 | 20 | - name: Add user to group 21 | cyberark_user: 22 | username: "testuser2" 23 | group_name: "Auditors" 24 | state: present 25 | cyberark_session: "{{ cyberark_session }}" 26 | register: cyberarkaction 27 | 28 | - debug: msg="{{cyberarkaction}}" 29 | 30 | - name: Logoff from CyberArk Vault 31 | cyberark_authentication: 32 | state: absent 33 | cyberark_session: "{{ cyberark_session }}" 34 | 35 | - name: Debug message 36 | debug: var=cyberark_session 37 | -------------------------------------------------------------------------------- /tests/test-authentication.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | 4 | roles: 5 | 6 | - role: cyberark-bizdev.modules 7 | 8 | tasks: 9 | 10 | - name: Logon to CyberArk Vault using PAS Web Services SDK 11 | cyberark_authentication: 12 | api_base_url: "https://components.cyberark.local" 13 | validate_certs: no 14 | username: "testuser" 15 | password: "Cyberark1" 16 | 17 | 18 | - name: Debug message 19 | debug: 20 | var: cyberark_session 21 | 22 | 23 | - name: Logoff from CyberArk Vault 24 | cyberark_authentication: 25 | state: absent 26 | cyberark_session: "{{ cyberark_session }}" 27 | 28 | - name: Debug message 29 | debug: var=cyberark_session 30 | 31 | -------------------------------------------------------------------------------- /tests/test-createuser.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | 4 | roles: 5 | 6 | - role: cyberark-bizdev.modules 7 | 8 | tasks: 9 | 10 | - name: Logon to CyberArk Vault using PAS Web Services SDK 11 | cyberark_authentication: 12 | api_base_url: "https://components.cyberark.local" 13 | validate_certs: false 14 | use_shared_logon_authentication: true 15 | 16 | - name: Debug message 17 | debug: 18 | var: cyberark_session 19 | 20 | - name: Create User 21 | cyberark_user: 22 | username: "testuser2" 23 | initial_password: "Cyberark1" 24 | user_type_name: "EPVUser" 25 | change_password_on_the_next_logon: false 26 | group_name: "TestGroup" 27 | state: present 28 | cyberark_session: "{{ cyberark_session }}" 29 | register: cyberarkaction 30 | 31 | - debug: msg="{{cyberarkaction.cyberark_user.result}}" 32 | when: cyberarkaction.status_code == 201 33 | 34 | - name: Logoff from CyberArk Vault 35 | cyberark_authentication: 36 | state: absent 37 | cyberark_session: "{{ cyberark_session }}" 38 | 39 | - name: Debug message 40 | debug: var=cyberark_session 41 | -------------------------------------------------------------------------------- /tests/test-cyberarkcredential.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | 4 | tasks: 5 | 6 | - name: credential retrieval 7 | cyberark_credential: 8 | api_base_url: "https://components.cyberark.local" 9 | validate_certs: no 10 | client_cert: /root/Certs/ansible_client.pem 11 | client_key: /root/Certs/ansible_priv.pem 12 | app_id: "app_ansible" 13 | query: "safe=CyberArk_Passwords;folder=root;object=AdminPass" 14 | connection_timeout: 60 15 | query_format: Exact 16 | fail_request_on_password_change: True 17 | reason: "Testing Ansible Playbook" 18 | register: {{ result }} 19 | 20 | - name: Debug message 21 | debug: 22 | var: {{ result }} 23 | -------------------------------------------------------------------------------- /tests/test-deleteuser.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | 4 | roles: 5 | 6 | - role: cyberark-bizdev.modules 7 | 8 | tasks: 9 | 10 | - name: Logon to CyberArk Vault using PAS Web Services SDK 11 | cyberark_authentication: 12 | api_base_url: "https://components.cyberark.local" 13 | validate_certs: false 14 | use_shared_logon_authentication: true 15 | 16 | - name: Debug message 17 | debug: 18 | var: cyberark_session 19 | 20 | - name: Remove User 21 | cyberark_user: 22 | username: "testuser2" 23 | state: absent 24 | cyberark_session: "{{ cyberark_session }}" 25 | register: cyberarkaction 26 | 27 | - debug: msg="{{cyberarkaction}}" 28 | 29 | - name: Logoff from CyberArk Vault 30 | cyberark_authentication: 31 | state: absent 32 | cyberark_session: "{{ cyberark_session }}" 33 | 34 | - name: Debug message 35 | debug: var=cyberark_session -------------------------------------------------------------------------------- /tests/test-resetcredentials.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | 4 | roles: 5 | 6 | - role: cyberark-bizdev.modules 7 | 8 | tasks: 9 | 10 | - name: Logon to CyberArk Vault using PAS Web Services SDK 11 | cyberark_authentication: 12 | api_base_url: "https://components.cyberark.local" 13 | validate_certs: false 14 | use_shared_logon_authentication: true 15 | 16 | - name: Debug message 17 | debug: 18 | var: cyberark_session 19 | 20 | - name: Reset user credential 21 | cyberark_user: 22 | username: "testuser2" 23 | new_password: "Cyberark123" 24 | disabled: false 25 | state: present 26 | cyberark_session: "{{ cyberark_session }}" 27 | register: cyberarkaction 28 | 29 | - debug: msg="{{cyberarkaction.cyberark_user.result}}" 30 | when: cyberarkaction.status_code == 200 31 | 32 | - name: Logoff from CyberArk Vault 33 | cyberark_authentication: 34 | state: absent 35 | cyberark_session: "{{ cyberark_session }}" 36 | 37 | - name: Debug message 38 | debug: var=cyberark_session --------------------------------------------------------------------------------