Role to add CyberArk modules -- If not available from ansible core, or to get the latest.
- CyberArk Privileged Account Security Web Services SDK.
- CyberArk AIM Central Credential Provider
None.
- cyberark_authentication: Module for CyberArk Vault Authentication using Privileged Account Security Web Services SDK
- cyberark_user: Module for CyberArk User Management using Privileged Account Security Web Services SDK
- cyberark_credential: Module for CyberArk credential retrieval using Cyberark Central Credential Provider.
NOTE: For access to the cyberark_credential functionality, the library/cyberark_credential.py file will need to be added to the Ansible modules directory of the Ansible server.
- Example playbook showing the use of cyberark_authentication module for logon and logoff without using shared logon authentication.
---
- hosts: localhost
roles:
- role: cyberark.modules
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "https://components.cyberark.local"
validate_certs: no
username: "testuser"
password: "Cyberark1"
- name: Debug message
debug:
var: cyberark_session
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
- name: Debug message
debug: var=cyberark_session
- Example playbook showing the use of cyberark_user module to create a user.
---
- hosts: localhost
roles:
- role: cyberark.modules
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "https://components.cyberark.local"
validate_certs: false
use_shared_logon_authentication: true
- name: Debug message
debug:
var: cyberark_session
- name: Create User
cyberark_user:
username: "testuser2"
initial_password: "Cyberark1"
user_type_name: "EPVUser"
change_password_on_the_next_logon: false
group_name: "TestGroup"
state: present
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- debug: msg="{{cyberarkaction.cyberark_user.result}}"
when: cyberarkaction.status_code == 201
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
- name: Debug message
debug: var=cyberark_session
- Example playbook showing the use of cyberark_user module to reset's a user credential.
---
- hosts: localhost
roles:
- role: cyberark.modules
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "https://components.cyberark.local"
validate_certs: false
use_shared_logon_authentication: true
- name: Debug message
debug:
var: cyberark_session
- name: Reset user credential
cyberark_user:
username: "testuser2"
new_password: "Cyberark123"
disabled: false
state: present
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- debug: msg="{{cyberarkaction.cyberark_user.result}}"
when: cyberarkaction.status_code == 200
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
- name: Debug message
debug: var=cyberark_session
- Example playbook showing the use of cyberark_user module to add user to a group (only during creation).
---
- hosts: localhost
roles:
- role: cyberark.modules
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "https://components.cyberark.local"
validate_certs: false
use_shared_logon_authentication: true
- name: Debug message
debug:
var: cyberark_session
- name: Add user to group
cyberark_user:
username: "testuser2"
initial_password: "Cyberark1"
group_name: "TestGroup"
state: present
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- debug: msg="{{cyberarkaction}}"
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
- name: Debug message
debug: var=cyberark_session
- Example playbook showing the use of cyberark_user module to delete a user.
---
- hosts: localhost
roles:
- role: cyberark.modules
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "https://components.cyberark.local"
validate_certs: false
use_shared_logon_authentication: true
- name: Debug message
debug:
var: cyberark_session
- name: Remove User
cyberark_user:
username: "testuser2"
state: absent
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- debug: msg="{{cyberarkaction}}"
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
- name: Debug message
debug: var=cyberark_session
- Example of a basic playbook showing the minimum needed to use the cyberark_credential module for retrieval of credentials using the Central Credential Provider.
---
- hosts: localhost
tasks:
- name: credential retrieval basic
cyberark_credential:
api_base_url: "http://10.10.0.1"
app_id: "TestID"
query: "Safe=test;UserName=admin"
register: {{ result }}
no_log: true
- name: Debug message
debug:
var: {{ result }}
- Example of a more advanced playbook outlining the use of all of the parameters available when using the cyberark_credential module for retrieval of credentials using the Central Credential Provider.
---
- hosts: localhost
tasks:
- name: credential retrieval advanced
cyberark_credential:
api_base_url: "https://components.cyberark.local"
validate_certs: yes
client_cert: /etc/pki/ca-trust/source/client.pem
client_key: /etc/pki/ca-trust/source/priv-key.pem
app_id: "TestID"
query: "Safe=test;UserName=admin"
connection_timeout: 60
query_format: Exact
fail_request_on_password_change: True
reason: "requesting credential for Ansible deployment"
register: {{ result }}
no_log: true
- name: Debug message
debug:
var: {{ result }}
MIT
- Cyberark Business Developement Technical Team ([email protected])