Try SpotterManage user accounts and user attributes on a BIG-IP
| "added in version" 1.0.0 of f5networks.f5_modules"
Authors: Tim Rupp (@caphrim007), Wojciech Wypior (@wojtek0806)
Install with ansible-galaxy collection install f5networks.f5_modules:==1.28.0
collections:
- name: f5networks.f5_modules
version: 1.28.0Manage user accounts and user attributes on a BIG-IP system. Typically this module operates only on REST API users and not CLI users. When specifying C(root), you may only change the password. Your other parameters are ignored in this case. Changing the C(root) password is not an idempotent operation. Therefore, it changes the password every time this module attempts to change it.
- name: Add the user 'johnd' as an admin
bigip_user:
username_credential: johnd
password_credential: password
full_name: John Doe
partition_access:
- all:admin
update_password: on_create
state: present
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Change the user "johnd's" role and shell
bigip_user:
username_credential: johnd
partition_access:
- NewPartition:manager
shell: tmsh
state: present
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Make the user 'johnd' an admin and set to advanced shell
bigip_user:
name: johnd
partition_access:
- all:admin
shell: bash
state: present
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Remove the user 'johnd'
bigip_user:
name: johnd
state: absent
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Update password
bigip_user:
state: present
username_credential: johnd
password_credential: newsupersecretpassword
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
# Note that the second time this task runs, it would fail because
# The password has been changed. Therefore, it is recommended that
# you either,
#
# * Put this in its own playbook that you run when you need to
# * Put this task in a `block`
# * Include `ignore_errors` on this task
- name: Change the Admin password
bigip_user:
state: present
username_credential: admin
password_credential: NewSecretPassword
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
- name: Change the root user's password
bigip_user:
username_credential: root
password_credential: secret
state: present
provider:
server: lb.mydomain.com
user: admin
password: secret
delegate_to: localhost
shell:
choices:
- bash
- none
- tmsh
description:
- Optionally set the users shell.
type: str
state:
choices:
- present
- absent
default: present
description:
- Whether the account should exist or not, taking action if the state is different
from what is stated.
type: str
provider:
description:
- A dict object containing connection details.
suboptions:
auth_provider:
description:
- Configures the auth provider for to obtain authentication tokens from the remote
device.
- This option is really used when working with BIG-IQ devices.
type: str
no_f5_teem:
default: false
description:
- If C(yes), TEEM telemetry data is not sent to F5.
- You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
- Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
type: bool
password:
aliases:
- pass
- pwd
description:
- The password for the user account used to connect to the BIG-IP or the BIG-IQ.
- You may omit this option by setting the environment variable C(F5_PASSWORD).
required: true
type: str
server:
description:
- The BIG-IP host or the BIG-IQ host.
- You may omit this option by setting the environment variable C(F5_SERVER).
required: true
type: str
server_port:
default: 443
description:
- The BIG-IP server port.
- You may omit this option by setting the environment variable C(F5_SERVER_PORT).
type: int
timeout:
description:
- Specifies the timeout in seconds for communicating with the network device for
either connecting or sending commands. If the timeout is exceeded before the
operation is completed, the module will error.
type: int
transport:
choices:
- rest
default: rest
description:
- Configures the transport connection to use when connecting to the remote device.
type: str
user:
description:
- The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
privileges on the device.
- You may omit this option by setting the environment variable C(F5_USER).
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates are not validated. Use this only on personally controlled
sites using self-signed certificates.
- You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
type: bool
type: dict
version_added: 1.0.0
version_added_collection: f5networks.f5_modules
full_name:
description:
- Full name of the user.
type: str
partition:
default: Common
description:
- Device partition to manage resources on.
type: str
update_password:
choices:
- always
- on_create
default: always
description:
- C(always) allows the user to update passwords. C(on_create) only sets the password
for newly created users.
- When C(username_credential) is C(root), this value is forced to C(always).
type: str
partition_access:
description:
- Specifies the administrative partition to which the user has access. C(partition_access)
is required when creating a new account, and should be in the form "partition:role".
- Valid roles include C(acceleration-policy-editor), C(admin), C(application-editor),
C(auditor), C(certificate-manager), C(guest), C(irule-manager), C(manager), C(no-access),
C(operator), C(resource-admin), C(user-manager), C(web-application-security-administrator),
and C(web-application-security-editor).
- The partition portion the of tuple should be an existing partition or the value
'all'.
elements: str
type: list
password_credential:
description:
- Set the user's password to this unencrypted value. C(password_credential) is required
when creating a new account.
type: str
username_credential:
aliases:
- name
description:
- Name of the user to create, remove, or modify.
- The C(root) user may not be removed.
required: true
type: str
full_name:
description: Full name of the user.
returned: changed and success
sample: John Doe
type: str
partition_access:
description:
- List of strings containing the user's roles and to which partitions they are applied.
They are specified in the form "partition:role".
returned: changed and success
sample:
- all:admin
type: list
shell:
description: The shell assigned to the user account.
returned: changed and success
sample: tmsh
type: str