Try SpotterManage Splunk user accounts
| "added in version" 0.9.0 of cdillc.splunk"
Authors: Lowell C. Alleman <lowell.alleman@cdillc.com>
Install with ansible-galaxy collection install cdillc.splunk:==0.26.1
collections:
- name: cdillc.splunk
version: 0.26.1Create, delete, and update local Splunk user accounts with Ansible.
This module uses the Python Splunk SDK and requires access to the splunkd administrative port.
Authentication can be handled via either I(username) and I(password) or via I(token).
tz:
aliases:
- timezone
default: null
description:
- Timezone associated with the Splunk user.
required: false
email:
default: null
description:
- Email address associated with the Splunk user.
required: false
roles:
default:
- user
description:
- List of roles associated with the Splunk user.
- By default this will override any users existing role membership. Use I(append_roles=true)
to change this behavior to be additive.
elements: str
required: true
type: list
state:
choices:
- present
- absent
- list
default: present
description:
- Ensure the user is either present or absent; or list the contents of the user's
configuration.
- With C(present), existing users are updated in place. See notes regarding specific
handling of the I(roles), I(splunk_pass), and I(force_change_pass).
required: false
token:
default: null
description:
- Token to use when authentication has already taken place.
- The C(token) can be specified instead of I(username) and I(password).
- This module returns an output named I(token) that can be used for subsequent splunkd
calls to the same splunkd endpoint.
required: false
password:
default: null
description:
- The password for username/password authentication to Splunkd.
- Must be provided if I(username) is provided.
required: false
realname:
aliases:
- fullname
- comment
default: null
description:
- The full name (comment) of the user account.
required: false
username:
default: null
description:
- Splunk username for username/password authentication to Splunkd.
- When provided, I(password) must also be specified.
required: false
defaultapp:
aliases:
- defaultApp
default: null
description:
- The default Splunk application the user sees when they login to Splunk Web.
required: false
splunk_home:
default: null
description:
- Path to Splunk installation.
- This is used if the splunk-sdk is not installed for all users.
required: false
splunk_pass:
default: null
description:
- Password for the Splunk user account being created or modified.
- See the notes regarding changing passwords under the I(update_password) option.
- This option is required when C(state=present).
required: false
splunk_user:
aliases:
- name
default: null
description:
- Name of the user to create, modify or delete.
required: true
splunkd_uri:
aliases:
- uri
default: https://localhost:8089
description:
- The Splunkd endpoint of the Splunk server to configure.
- Defaults to the local server and default splunkd port.
required: false
append_roles:
default: false
description:
- When true, the specified I(roles) will be appended to the user's existing roles.
required: false
type: bool
update_password:
default: false
description:
- Replace the existing password with the one specified in I(password).
- When I(true) this module will always report changed since there is no way to determine
if the new password is different than the currently assigned password.
required: false
type: bool
force_change_pass:
default: null
description:
- Force user to change password. This field is set when the user is first created
or when I(update_password=true).
required: false
type: bool
update_force_change_pass:
default: false
description:
- Use in combination with I(force_change_pass) to force an update to an existing user.
- Whenever this is set to I(true) the module will always report as changed. The Splunk
REST api does not allow the C(force-change-pass) to be read.
required: false
type: bool
content:
contains:
capabilities:
description: A list of effectively Splunk capabilities for the user
elements: str
sample:
- search
- install_apps
- '...'
type: list
defaultApp:
type: str
email:
type: str
locked-out:
sample: '0'
type: str
relname:
description: Real user name
type: str
restart_background_jobs:
type: str
roles:
description: Splunk roles assigned to user.
sample:
- user
- power
search_assistant:
sample: compact
type: str
search_auto_format:
sample: '0'
type: str
search_line_numbers:
sample: '0'
type: str
search_syntax_highlighting:
sample: light
type: str
search_use_advanced_editor:
sample: '1'
type: str
theme:
sample: enterprise
type: str
tz:
description: Time zone
type: str
description: User attributes as returned by Splunk. A few highlights have provided
below for quick reference.
returned: when user is listed, created, or updated. Upon deletion this is shown
too, but subsequent invocations of I(state=absent) will return an empty dictionary.
type: dict
endpoint:
description: URL used to edit the user object
returned: always
type: str
result:
description:
- The overall result of the module run.
- Options include C(created), C(updated), C(deleted), or C(unchanged).
returned: always
sample: updated
type: str
token:
description:
- The Splunk auth token created used for the REST API calls.
- This value can be passed into I(token) of a subsequent REST-based operation.
returned: always
type: str
updated_attrs:
description: A list of attributes that were set.
type: list