Skip to content

Instantly share code, notes, and snippets.

@cyberark-bizdev

cyberark-bizdev/account_changepolicy.yml

Last active September 24, 2019 11:50
Show Gist options
  • Save cyberark-bizdev/649eff9a0e53fab941fe33bd4b594019 to your computer and use it in GitHub Desktop.
Save cyberark-bizdev/649eff9a0e53fab941fe33bd4b594019 to your computer and use it in GitHub Desktop.
Download ZIP
PlayBooks for AnsibleFest 2019
Raw
account_changepolicy.yml
---
- hosts: localhost
collections:
- cyberark.pas
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: '{{ cyberark_rest_baseurl }}'
validate_certs: no
username: '{{ cyberark_rest_username }}'
password: '{{ cyberark_rest_password }}'
- name: Account - Change Policy
cyberark_account:
identified_by: "{{ account_identified_by }}"
safe: "Test"
address: "{{ account_address }}"
username: "{{ account_username }}"
platform_id: "{{ account_newpolicy }}"
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Raw
deprovision_unix_user.yml
---
- hosts: all
serial: 1
collections:
- cyberark.pas
tasks:
- name: Remove user 'cyberark-admin'
user:
name: "{{ unix_user_name }}"
state: absent
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: '{{ cyberark_rest_baseurl }}'
validate_certs: no
username: '{{ cyberark_rest_username }}'
password: '{{ cyberark_rest_password }}'
- name: Removing CyberArk Account
cyberark_account:
identified_by: "address,username"
safe: Test
username: cyberark-admin
address: "{{ inventory_hostname }}"
state: absent
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Raw
deprovision_user.yml
---
- hosts: localhost
collections:
- cyberark.pas
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: '{{ cyberark_rest_baseurl }}'
validate_certs: no
username: '{{ cyberark_rest_username }}'
password: '{{ cyberark_rest_password }}'
- name: Removing a CyberArk User
cyberark_user:
username: "{{ cyberark_user }}"
state: absent
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Raw
enabledisable_user.yml
---
- hosts: localhost
collections:
- cyberark.pas
tasks:
- name: Logon to CyberArk Vault
cyberark_authentication:
api_base_url: '{{ cyberark_rest_baseurl }}'
validate_certs: no
username: '{{ cyberark_rest_username }}'
password: '{{ cyberark_rest_password }}'
- name: Enabling a CyberArk User
cyberark_user:
username: "{{ cyberark_user }}"
disabled: false
state: present
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
when: user_action == "enable"
- name: Disabling a CyberArk User
cyberark_user:
username: "{{ cyberark_user }}"
disabled: true
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
when: user_action == "disable"
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Raw
provision_unix_user.yml
---
- hosts: all
serial: 1
collections:
- cyberark.pas
vars:
# created with:
# python -c 'import crypt; print crypt.crypt("Cyberark1", "$1$SomeSalt$")'
password: $1$SomeSalt$Z9LfiPOMVNz0hYK4rO1UI1
tasks:
- name: Add the user 'cyberark-admin' with a specific uid and a primary group of 'admin'
user:
name: "{{ unix_user_name }}"
comment: "{{ comment }}"
uid: 1040
group: cyberark
password: "{{ password }}"
update_password: on_create
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: '{{ cyberark_rest_baseurl }}'
validate_certs: no
username: '{{ cyberark_rest_username }}'
password: '{{ cyberark_rest_password }}'
- name: Creating a CyberArk User, setting a simple password but forcing a password change at next logon
cyberark_account:
identified_by: "address,username"
safe: Test
username: "{{ unix_user_name }}"
address: "{{ inventory_hostname }}"
platform_id: UnixSSH
secret: "Cyberark1"
platform_account_properties:
OwnerName: "{{ owner_name }}"
secret_management:
automatic_management_enabled: true
management_action: change_immediately
perform_management_action: on_create
state: present
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Raw
provision_user.yml
---
- hosts: localhost
collections:
- cyberark.pas
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: '{{ cyberark_rest_baseurl }}'
validate_certs: no
username: '{{ cyberark_rest_username }}'
password: '{{ cyberark_rest_password }}'
- name: Creating a CyberArk User, setting a simple password but forcing a password change at next logon
cyberark_user:
username: "{{ cyberark_user }}"
first_name: "{{ first_name }}"
last_name: "{{ last_name }}"
email: "{{ email }}"
initial_password: "{{ initial_password }}"
user_type_name: "EPVUser"
group_name: "{{ cyberark_group }}"
disabled: false
state: present
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Raw
reset_user_password.yml
---
- hosts: localhost
collections:
- cyberark.pas
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: '{{ cyberark_rest_baseurl }}'
validate_certs: no
username: '{{ cyberark_rest_username }}'
password: '{{ cyberark_rest_password }}'
- name: Enabling a CyberArk User and forcing a password change at next logon
cyberark_user:
username: "{{ cyberark_user }}"
disabled: false
new_password: "{{ new_password }}"
state: present
change_password_on_the_next_logon: true
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Raw
rotate_account_credential.yml
---
- hosts: localhost
collections:
- cyberark.pas
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: '{{ cyberark_rest_baseurl }}'
validate_certs: no
username: '{{ cyberark_rest_username }}'
password: '{{ cyberark_rest_password }}'
- name: Reset Credential Immediately
cyberark_account:
identified_by: "{{ account_identified_by }}"
safe: Test
username: "{{ account_username }}"
address: "{{ account_address }}"
secret_management:
automatic_management_enabled: true
management_action: change_immediately
perform_management_action: always
state: present
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Raw
test.yml
- hosts: localhost
collections:
- cyberark.pas
tasks:
- name: Logon to CyberArk Vault
cyberark_authentication:
api_base_url: '{{ cyberark_rest_baseurl }}'
validate_certs: no
username: '{{ cyberark_rest_username }}'
password: '{{ cyberark_rest_password }}'
- name: Debug message
debug:
var: cyberark_session
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment