Try SpotterLocal User Policy configuration for Cisco Intersight
Authors: David Soper (@dsoper2)
preview | supported by community
Install with ansible-galaxy collection install cisco.intersight:==2.0.8
collections:
- name: cisco.intersight
version: 2.0.8Local User Policy configuration for Cisco Intersight.
Used to configure local users on endpoint devices.
For more information see L(Cisco Intersight,https://intersight.com/apidocs).
- name: Configure Local User policy
intersight_local_user_policy:
api_private_key: "{{ api_private_key }}"
api_key_id: "{{ api_key_id }}"
name: guest-admin
tags:
- Key: username
Value: guest
description: User named guest with admin role
local_users:
- username: guest
role: admin
password: vault_guest_password
- username: reader
role: readonly
password: vault_reader_password
- name: Delete Local User policy
intersight_local_user_policy:
api_private_key: "{{ api_private_key }}"
api_key_id: "{{ api_key_id }}"
name: guest-admin
state: absent
name:
description:
- The name assigned to the Local User Policy.
- The name must be between 1 and 62 alphanumeric characters, allowing special characters
:-_.
required: true
type: str
tags:
description:
- List of tags in Key:<user-defined key> Value:<user-defined value> format.
elements: dict
type: list
purge:
default: false
description:
- The purge argument instructs the module to consider the resource definition absolute.
- If true, any previously configured usernames will be removed from the policy with
the exception of the `admin` user which cannot be deleted.
type: bool
state:
choices:
- present
- absent
default: present
description:
- If C(present), will verify the resource is present and will create if needed.
- If C(absent), will verify the resource is absent and will delete if needed.
type: str
api_uri:
default: https://intersight.com/api/v1
description:
- URI used to access the Intersight API.
- If not set, the value of the INTERSIGHT_API_URI environment variable is used.
type: str
use_proxy:
default: true
description:
- If C(no), it will not use a proxy, even if one is defined in an environment variable
on the target hosts.
type: bool
api_key_id:
description:
- Public API Key ID associated with the private key.
- If not set, the value of the INTERSIGHT_API_KEY_ID environment variable is used.
required: true
type: str
description:
aliases:
- descr
description:
- The user-defined description of the Local User policy.
- Description can contain letters(a-z, A-Z), numbers(0-9), hyphen(-), period(.), colon(:),
or an underscore(_).
type: str
local_users:
description:
- List of local users on the endpoint.
- An admin user already exists on the endpoint.
- Add the admin user here only if you want to change the password, or enable or disable
the user.
- To add admin user, provide a username as 'admin', select the admin user role, and
then proceed.
elements: dict
suboptions:
enable:
default: true
description:
- Enable or disable the user.
type: bool
password:
description:
- Valid login password of the user.
required: true
type: str
role:
choices:
- admin
- readonly
- user
description:
- Roles associated with the user on the endpoint.
required: true
type: str
username:
description:
- Name of the user created on the endpoint.
required: true
type: str
type: list
organization:
default: default
description:
- The name of the Organization this resource is assigned to.
- Profiles and Policies that are created within a Custom Organization are applicable
only to devices in the same Organization.
type: str
validate_certs:
default: true
description:
- Boolean control for verifying the api_uri TLS certificate
type: bool
api_private_key:
description:
- Filename (absolute path) or string of PEM formatted private key data to be used
for Intersight API authentication.
- If a string is used, Ansible vault should be used to encrypt string data.
- Ex. ansible-vault encrypt_string --vault-id tme@/Users/dsoper/Documents/vault_password_file
'-----BEGIN EC PRIVATE KEY-----
- ' <your private key data>'
- ' -----END EC PRIVATE KEY-----'''
- If not set, the value of the INTERSIGHT_API_PRIVATE_KEY environment variable is
used.
required: true
type: path
password_history:
default: 5
description:
- Specifies number of times a password cannot repeat when changed (value between 0
and 5).
- Entering 0 disables this option.
type: int
always_update_password:
default: false
description:
- Since passwords are not returned by the API and are encrypted on the endpoint, this
option will instruct the module when to change the password.
- If true, the password for each user will always be updated in the policy.
- If false, the password will be updated only if the user is created.
type: bool
enable_password_expiry:
default: false
description:
- Enables password expiry on the endpoint.
type: bool
enforce_strong_password:
default: true
description:
- If true, enables a strong password policy.
- Strong password requirements:.
- A. The password must have a minimum of 8 and a maximum of 20 characters.
- B. The password must not contain the User's Name.
- C. The password must contain characters from three of the following four categories.
- 1) English uppercase characters (A through Z).
- 2) English lowercase characters (a through z).
- 3) Base 10 digits (0 through 9).
- 4) Non-alphabetic characters (! , @, '#', $, %, ^, &, *, -, _, +, =).
type: bool
api_repsonse:
description: The API response output returned by the specified resource.
returned: always
sample:
api_response:
Description: User named guest with admin role
EndPointUserRoles:
- ChangePassword: true
Enabled: true
type: dict