Try SpotterManage Sensu AD authentication provider
| "added in version" 1.10.0 of sensu.sensu_go"
Authors: Aljaz Kosir (@aljazkosir), Manca Bizjak (@mancabizjak), Miha Dolinar (@mdolin), Tadej Borovsak (@tadeboro)
stableinterface | supported by certified
Install with ansible-galaxy collection install sensu.sensu_go:==1.14.0
collections:
- name: sensu.sensu_go
version: 1.14.0Create, update or delete a Sensu Go AD authentication provider.
For more information, refer to the Sensu Go documentation at U(https://docs.sensu.io/sensu-go/latest/operations/control-access/ad-auth/).
- name: Create a AD auth provider
sensu.sensu_go.ad_auth_provider:
name: activedirectory
servers:
- host: 127.0.0.1
group_search:
base_dn: dc=acme,dc=org
user_search:
base_dn: dc=acme,dc=org
- name: Delete a AD auth provider
sensu.sensu_go.ad_auth_provider:
name: activedirectory
state: absent
auth:
description:
- Authentication parameters. Can define each of them with ENV as well.
suboptions:
api_key:
description:
- The API key that should be used when authenticating. If this is not set, the
value of the SENSU_API_KEY environment variable will be checked.
- This replaces I(auth.user) and I(auth.password) parameters.
- For more information about the API key, refer to the official Sensu documentation
at U(https://docs.sensu.io/sensu-go/latest/guides/use-apikey-feature/).
type: str
version_added: 1.3.0
version_added_collection: sensu.sensu_go
ca_path:
description:
- Path to the CA bundle that should be used to validate the backend certificate.
- If this parameter is not set, module will use the CA bundle that python is using.
- It is also possible to set this parameter via the I(SENSU_CA_PATH) environment
variable.
type: path
version_added: 1.5.0
version_added_collection: sensu.sensu_go
password:
default: P@ssw0rd!
description:
- The Sensu user's password. If this is not set the value of the SENSU_PASSWORD
environment variable will be checked.
- This parameter is ignored if the I(auth.api_key) parameter is set.
type: str
url:
default: http://localhost:8080
description:
- Location of the Sensu backend API. If this is not set the value of the SENSU_URL
environment variable will be checked.
type: str
user:
default: admin
description:
- The username to use for connecting to the Sensu API. If this is not set the
value of the SENSU_USER environment variable will be checked.
- This parameter is ignored if the I(auth.api_key) parameter is set.
type: str
verify:
default: true
description:
- Flag that controls the certificate validation.
- If you are using self-signed certificates, you can set this parameter to C(false).
- ONLY USE THIS PARAMETER IN DEVELOPMENT SCENARIOS! In you use self-signed certificates
in production, see the I(auth.ca_path) parameter.
- It is also possible to set this parameter via the I(SENSU_VERIFY) environment
variable.
type: bool
version_added: 1.5.0
version_added_collection: sensu.sensu_go
type: dict
name:
description:
- The Sensu resource's name. This name (in combination with the namespace where applicable)
uniquely identifies the resource that Ansible operates on.
- If the resource with selected name already exists, Ansible module will update it
to match the specification in the task.
- Consult the I(name) metadata attribute specification in the upstream docs on U(https://docs.sensu.io/sensu-go/latest/reference/)
for more details about valid names and other restrictions.
required: true
type: str
state:
choices:
- present
- absent
default: present
description:
- Target state of the Sensu object.
type: str
servers:
description:
- An array of AD servers for your directory.
elements: dict
suboptions:
binding:
description:
- The AD account that performs user and group lookups.
- If your sever supports anonymous binding, you can omit the user_dn or password
attributes to query the directory without credentials.
suboptions:
password:
description:
- Password for the user_dn account.
- If your sever supports anonymous binding, you can omit this attribute.
required: true
type: str
user_dn:
description:
- The AD account that performs user and group lookups.
- If your sever supports anonymous binding, you can omit this attribute.
required: true
type: str
type: dict
client_cert_file:
description:
- Path to the certificate that should be sent to the server if requested.
type: str
client_key_file:
description:
- Path to the key file associated with the client_cert_file.
- Required if I(client_cert_file) is present.
type: str
default_upn_domain:
description:
- Enables UPN authentication when set. The default UPN suffix that will be appended
to the username when a domain is not specified during login (for example, user
becomes user@defaultdomain.xyz).
type: str
group_search:
description:
- Search configuration for groups.
suboptions:
attribute:
default: member
description:
- Used for comparing result entries.
type: str
base_dn:
description:
- Which part of the directory tree to search.
required: true
type: str
name_attribute:
default: cn
description:
- Represents the attribute to use as the entry name.
type: str
object_class:
default: group
description:
- Identifies the class of objects returned in the search result.
type: str
type: dict
host:
description:
- AD server IP address.
required: true
type: str
include_nested_groups:
description:
- If true, the group search includes any nested groups a user is a member of.
If false, the group search includes only the top-level groups a user is a member
of.
type: bool
insecure:
default: false
description:
- Skips SSL certificate verification when set to true.
type: bool
port:
description:
- AD server port.
type: int
security:
choices:
- insecure
- tls
- starttls
default: tls
description:
- Encryption type to be used for the connection to the AD server.
type: str
trusted_ca_file:
description:
- Path to an alternative CA bundle file.
type: str
user_search:
description:
- Search configuration for users.
suboptions:
attribute:
default: sAMAccountName
description:
- Used for comparing result entries.
type: str
base_dn:
description:
- Which part of the directory tree to search.
required: true
type: str
name_attribute:
default: displayName
description:
- Represents the attribute to use as the entry name.
type: str
object_class:
default: person
description:
- Identifies the class of objects returned in the search result.
type: str
type: dict
type: list
groups_prefix:
description:
- The prefix added to all AD groups.
type: str
username_prefix:
description:
- The prefix added to all AD usernames.
type: str
object:
description: Object representing Sensu AD authentication provider.
returned: success
sample:
groups_prefix: AD
metadata:
name: activedirectory
servers:
binding:
user_dn: cn=binder,dc=acme,dc=org
client_cert_file: /path/to/ssl/cert.pem
client_key_file: /path/to/ssl/key.pem
default_upn_domain: example.org
group_search:
attribute: member
base_dn: dc=acme,dc=org
name_attribute': cn
object_class: group
host: 127.0.0.1
insecure: 'False'
port: '636'
security: tls
trusted_ca_file: /path/to/trusted-certificate-authorities.pem
user_search:
attribute: sAMAccountName
base_dn: dc=acme,dc=org
name_attribute: displayName
object_class: person
username_prefix: AD
type: dict