Try Spotterimplements rest api for AAA Authentication configuration
| "added in version" 2.4.0 of arubanetworks.aos_switch"
Authors: Sanju Sadanandan (@hpe)
preview | supported by community
Install with ansible-galaxy collection install arubanetworks.aos_switch:==1.7.0
collections:
- name: arubanetworks.aos_switch
version: 1.7.0This implements rest apis which can be used to configure authentication
- name: aaa authentication login privilege-mode
arubaoss_aaa_authentication:
command: config_authentication
- name: aaa authentication console login tacacs
arubaoss_aaa_authentication:
command: config_authentication_console
primary_method: PAM_TACACS
secondary_method: SAM_LOCAL
- name: aaa authentication ssh login tacacs
arubaoss_aaa_authentication:
command: config_authentication_ssh
primary_method: PAM_TACACS
secondary_method: SAM_LOCAL
- name: Create Authentication local user plaintext password
arubaoss_aaa_authentication:
command: config_authentication_local_user
group_name: "Level-15"
local_user_name: "ARUBA"
password_type: "PET_PLAIN_TEXT"
user_password: "ArubaR0Cks!"
- name: Create Authentication local user sha256
arubaoss_aaa_authentication:
command: config_authentication_local_user
group_name: "super"
local_user_name: "ARUBA"
password_type: "PET_SHA256"
user_password: "1c6976e5b5410115bde308bd4dee15dfb167a9c873fc4bb8a81f6f2ab478a918"
- name: Create Authentication local user2
arubaoss_aaa_authentication:
command: config_authentication_local_user
group_name: "super"
local_user_name: "user2"
password_type: "PET_SHA1"
user_password: "d033e22ae348aeb5660fc2140aec35850c4da997"
- name: update Authentication local user min_pwd_len, aging_period
arubaoss_aaa_authentication:
command: config_authentication_local_user
local_user_name: "user1"
min_pwd_len: 10
aging_period: 20
- name: Delete Authentication local user
arubaoss_aaa_authentication:
command: config_authentication_local_user
local_user_name: "user1"
config: "delete"
host:
description: 'Specifies the DNS host name or address for connecting to the remote
device over the specified transport. The value of host is used as the destination
address for the transport.
'
type: str
port:
description: 'Specifies the port to use when building the connection to the remote
device.
'
type: int
command:
choices:
- config_authentication
- config_authentication_console
- config_authentication_ssh
- config_authentication_local_user
default: config_authentication
description: Function name calls according to configuration required. config_authentication
- To enable/disable privilaged mode, Specify that switch respects the authentication
server's privilege level. config_authentication_console - Configure authentication
mechanism used to control access to the switch console. config_authentication_ssh
- Configure authentication mechanism used to control SSH access to the switch. config_authentication_local_user
- Create or remove a local user account.
required: false
timeout:
description: 'Specifies the timeout in seconds for communicating with the network
device for either connecting or sending commands. If the timeout is exceeded before
the operation is completed, the module will error.
'
type: int
use_ssl:
description: 'Configures use SSL (HTTPS) for access to the remote device.
'
type: bool
password:
description: 'Specifies the password to use to authenticate the connection to the
remote device. This value is used to authenticate the SSH session. If the value
is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD
will be used instead.
'
type: str
provider:
description: A dict object containing connection details.
suboptions:
api_version:
default: None
description: 'Configures (force) API version (vX.Y) for acces to the remote device.
'
type: str
host:
description: 'Specifies the DNS host name or address for connecting to the remote
device over the specified transport. The value of host is used as the destination
address for the transport.
'
type: str
password:
description: 'Specifies the password to use to authenticate the connection to
the remote device. This value is used to authenticate the SSH session. If the
value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD
will be used instead.
'
type: str
port:
description: 'Specifies the port to use when building the connection to the remote
device.
'
type: int
ssh_keyfile:
description: 'Specifies the SSH key to use to authenticate the connection to the
remote device. This value is the path to the key used to authenticate the SSH
session. If the value is not specified in the task, the value of environment
variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
'
type: path
timeout:
description: 'Specifies the timeout in seconds for communicating with the network
device for either connecting or sending commands. If the timeout is exceeded
before the operation is completed, the module will error.
'
type: int
transport:
default: aossapi
description: 'Configures the transport (aossapi or network_cli) mode.
'
type: str
use_proxy:
default: false
description: 'Configures use (Local) Proxy for access to the remote device.
'
type: bool
use_ssl:
description: 'Configures use SSL (HTTPS) for access to the remote device.
'
type: bool
username:
description: 'Configures the username to use to authenticate the connection to
the remote device. This value is used to authenticate the SSH session. If the
value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME
will be used instead.
'
type: str
validate_certs:
default: false
description: 'Configures validation of certification for access to the remote
device.
'
type: bool
type: dict
username:
description: 'Configures the username to use to authenticate the connection to the
remote device. This value is used to authenticate the SSH session. If the value
is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME
will be used instead.
'
type: str
group_name:
description: Specify the group for a username. Used with config_authentication_local_user
command.
type: str
api_version:
default: None
description: 'Configures (force) API version (vX.Y) for acces to the remote device.
'
type: str
min_pwd_len:
default: 8
description: Configures the minimum password length for a user. Used with config_authentication_local_user
command.
type: int <1-64>
ssh_keyfile:
description: 'Specifies the SSH key to use to authenticate the connection to the remote
device. This value is the path to the key used to authenticate the SSH session.
If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE
will be used instead.
'
type: path
aging_period:
default: 0
description: Configures the password aging time for a user. Used with config_authentication_local_user
command.
type: int
password_type:
choices:
- PET_SHA1
- PET_PLAIN_TEXT
- PET_SHA256
default: PET_SHA1
description: Specify the password type. Used with config_authentication_local_user
command.
required: false
user_password:
description: Specify the password. Used with config_authentication_local_user command.
type: str
primary_method:
choices:
- PAM_LOCAL
- PAM_TACACS
default: PAM_LOCAL
description: The primary authentication method, used with config_authentication_console
and config_authentication_ssh command.
required: false
validate_certs:
default: false
description: 'Configures validation of certification for access to the remote device.
'
type: bool
local_user_name:
description: Create or remove a local user account. Used with config_authentication_local_user
command.
required: false
type: str
secondary_method:
choices:
- SAM_NONE
- SAM_LOCAL
default: SAM_NONE
description: The secondary authentication method, used with config_authentication_console
and config_authentication_ssh command.
required: false