cyberark.modules
CyberArk Modules
This is a set of roles to add CyberArk modules, particularly if they are not available from Ansible core, or to get the latest versions.
Requirements
- CyberArk Privileged Account Security Web Services SDK
- CyberArk AIM Central Credential Provider
Role Variables
There are no additional variables.
Provided Modules
- cyberark_authentication: Used for authenticating to the CyberArk Vault with the Privileged Account Security Web Services SDK.
- cyberark_user: For managing users in CyberArk using the Privileged Account Security Web Services SDK.
- cyberark_credential: To retrieve credentials using the CyberArk Central Credential Provider.
NOTE: To use the cyberark_credential functionality, you need to place the library/cyberark_credential.py file in the Ansible modules directory on the Ansible server.
Example Playbooks
1. Logon and Logoff without Shared Logon Authentication
---
- hosts: localhost
roles:
- role: cyberark.modules
tasks:
- name: Logon to CyberArk Vault
cyberark_authentication:
api_base_url: "https://components.cyberark.local"
validate_certs: no
username: "testuser"
password: "Cyberark1"
- name: Show debug message
debug:
var: cyberark_session
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
- name: Show debug message
debug:
var: cyberark_session
2. Create a User
---
- hosts: localhost
roles:
- role: cyberark.modules
tasks:
- name: Logon to CyberArk Vault
cyberark_authentication:
api_base_url: "https://components.cyberark.local"
validate_certs: false
use_shared_logon_authentication: true
- name: Show debug message
debug:
var: cyberark_session
- name: Create User
cyberark_user:
username: "testuser2"
initial_password: "Cyberark1"
user_type_name: "EPVUser"
change_password_on_the_next_logon: false
group_name: "TestGroup"
state: present
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- debug: msg="{{cyberarkaction.cyberark_user.result}}"
when: cyberarkaction.status_code == 201
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
- name: Show debug message
debug:
var: cyberark_session
3. Reset a User's Credentials
---
- hosts: localhost
roles:
- role: cyberark.modules
tasks:
- name: Logon to CyberArk Vault
cyberark_authentication:
api_base_url: "https://components.cyberark.local"
validate_certs: false
use_shared_logon_authentication: true
- name: Show debug message
debug:
var: cyberark_session
- name: Reset user credential
cyberark_user:
username: "testuser2"
new_password: "Cyberark123"
disabled: false
state: present
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- debug: msg="{{cyberarkaction.cyberark_user.result}}"
when: cyberarkaction.status_code == 200
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
- name: Show debug message
debug:
var: cyberark_session
4. Add User to a Group (During Creation)
---
- hosts: localhost
roles:
- role: cyberark.modules
tasks:
- name: Logon to CyberArk Vault
cyberark_authentication:
api_base_url: "https://components.cyberark.local"
validate_certs: false
use_shared_logon_authentication: true
- name: Show debug message
debug:
var: cyberark_session
- name: Add user to group
cyberark_user:
username: "testuser2"
initial_password: "Cyberark1"
group_name: "TestGroup"
state: present
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- debug: msg="{{cyberarkaction}}"
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
- name: Show debug message
debug:
var: cyberark_session
5. Delete a User
---
- hosts: localhost
roles:
- role: cyberark.modules
tasks:
- name: Logon to CyberArk Vault
cyberark_authentication:
api_base_url: "https://components.cyberark.local"
validate_certs: false
use_shared_logon_authentication: true
- name: Show debug message
debug:
var: cyberark_session
- name: Remove User
cyberark_user:
username: "testuser2"
state: absent
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- debug: msg="{{cyberarkaction}}"
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
- name: Show debug message
debug:
var: cyberark_session
6. Basic Credential Retrieval
---
- hosts: localhost
tasks:
- name: Basic credential retrieval
cyberark_credential:
api_base_url: "http://10.10.0.1"
app_id: "TestID"
query: "Safe=test;UserName=admin"
register: result
no_log: true
- name: Show debug message
debug:
var: result
7. Advanced Credential Retrieval
---
- hosts: localhost
tasks:
- name: Advanced credential retrieval
cyberark_credential:
api_base_url: "https://components.cyberark.local"
validate_certs: yes
client_cert: /etc/pki/ca-trust/source/client.pem
client_key: /etc/pki/ca-trust/source/priv-key.pem
app_id: "TestID"
query: "Safe=test;UserName=admin"
connection_timeout: 60
query_format: Exact
fail_request_on_password_change: True
reason: "requesting credential for Ansible deployment"
register: result
no_log: true
- name: Show debug message
debug:
var: result
License
This project is licensed under the MIT License.
Author Information
- CyberArk Business Development Technical Team (BizDevTech@cyberark.com)
Informazioni sul progetto
CyberArk Ansible Modules for Authentication, User Management, and Credential Retrieval using AIM Central Credential Provider's REST API.
Installa
ansible-galaxy install cyberark.modulesLicenza
mit
Download
2.4k
Proprietario
CyberArk, the undisputed leader in Privileged Account Security, secures secrets used by machines and users to protect traditional and cloud-native apps.