Try SpotterManage Sensu users
| "added in version" 1.0.0 of sensu.sensu_go"
Authors: Paul Arthur (@flowerysong), Aljaz Kosir (@aljazkosir), Tadej Borovsak (@tadeboro)
stableinterface | supported by certified
Install with ansible-galaxy collection install sensu.sensu_go:==1.14.0
collections:
- name: sensu.sensu_go
version: 1.14.0Create, update, activate or deactivate Sensu user.
For more information, refer to the Sensu documentation at U(https://docs.sensu.io/sensu-go/latest/reference/rbac/#users).
- name: Create a user
sensu.sensu_go.user:
auth:
url: http://localhost:8080
name: awesome_username
password: hidden_password?
groups:
- dev
- prod
- name: Use pre-hashed password
sensu.sensu_go.user:
auth:
url: http://localhost:8080
name: awesome_username
password_hash: $5f$14$.brXRviMZpbaleSq9kjoUuwm67V/s4IziOLGHjEqxJbzPsreQAyNm
- name: Deactivate a user
sensu.sensu_go.user:
name: awesome_username
state: disabled
auth:
description:
- Authentication parameters. Can define each of them with ENV as well.
suboptions:
api_key:
description:
- The API key that should be used when authenticating. If this is not set, the
value of the SENSU_API_KEY environment variable will be checked.
- This replaces I(auth.user) and I(auth.password) parameters.
- For more information about the API key, refer to the official Sensu documentation
at U(https://docs.sensu.io/sensu-go/latest/guides/use-apikey-feature/).
type: str
version_added: 1.3.0
version_added_collection: sensu.sensu_go
ca_path:
description:
- Path to the CA bundle that should be used to validate the backend certificate.
- If this parameter is not set, module will use the CA bundle that python is using.
- It is also possible to set this parameter via the I(SENSU_CA_PATH) environment
variable.
type: path
version_added: 1.5.0
version_added_collection: sensu.sensu_go
password:
default: P@ssw0rd!
description:
- The Sensu user's password. If this is not set the value of the SENSU_PASSWORD
environment variable will be checked.
- This parameter is ignored if the I(auth.api_key) parameter is set.
type: str
url:
default: http://localhost:8080
description:
- Location of the Sensu backend API. If this is not set the value of the SENSU_URL
environment variable will be checked.
type: str
user:
default: admin
description:
- The username to use for connecting to the Sensu API. If this is not set the
value of the SENSU_USER environment variable will be checked.
- This parameter is ignored if the I(auth.api_key) parameter is set.
type: str
verify:
default: true
description:
- Flag that controls the certificate validation.
- If you are using self-signed certificates, you can set this parameter to C(false).
- ONLY USE THIS PARAMETER IN DEVELOPMENT SCENARIOS! In you use self-signed certificates
in production, see the I(auth.ca_path) parameter.
- It is also possible to set this parameter via the I(SENSU_VERIFY) environment
variable.
type: bool
version_added: 1.5.0
version_added_collection: sensu.sensu_go
type: dict
name:
description:
- The Sensu resource's name. This name (in combination with the namespace where applicable)
uniquely identifies the resource that Ansible operates on.
- If the resource with selected name already exists, Ansible module will update it
to match the specification in the task.
- Consult the I(name) metadata attribute specification in the upstream docs on U(https://docs.sensu.io/sensu-go/latest/reference/)
for more details about valid names and other restrictions.
required: true
type: str
state:
choices:
- enabled
- disabled
default: enabled
description:
- Desired state of the user.
- Users cannot actually be deleted, only deactivated.
type: str
groups:
description:
- List of groups user belongs to.
elements: str
type: list
password:
description:
- Password for the user.
- Required if user with a desired name does not exist yet on the backend and I(password_hash)
is not set.
- If both I(password) and I(password_hash) are set, I(password_hash) is ignored and
calculated from the I(password) if required.
type: str
password_hash:
description:
- Bcrypt password hash for the user.
- Use C(sensuctl user hash-password PASSWORD) to generate a hash.
- Required if user with a desired name does not exist yet on the backend and I(password)
is not set.
- If both I(password) and I(password_hash) are set, I(password_hash) is ignored and
calculated from the I(password) if required.
- Sensu Go < 5.21.0 does not support creating/updating users using hashed passwords.
Use I(password) parameter if you need to manage such Sensu Go installations.
- At the moment, change detection does not work properly when using password hashes
because the Sensu Go backend does not expose enough information via its API.
type: str
version_added: 1.8.0
version_added_collection: sensu.sensu_go
object:
description: Object representing Sensu user.
returned: success
sample:
disabled: false
groups:
- ops
- dev
password: USER_PASSWORD
password_hash: $5f$14$.brXRviMZpbaleSq9kjoUuwm67V/s4IziOLGHjEqxJbzPsreQAyNm
username: alice
type: dict