Vh%1ddlmZmZmZeZddgddZdZdZdZ dd l m Z dd l m Z dd lmZdd lmZdd lmZddlZdZdZedk(reyy))absolute_importdivisionprint_functionz1.1preview certified)metadata_versionstatus supported_bya --- module: cyberark_authentication short_description: CyberArk Authentication using PAS Web Services SDK. author: - Edward Nunez (@enunez-cyberark) - Cyberark Bizdev (@cyberark-bizdev) version_added: '1.0.0' description: - Authenticates to CyberArk Vault using Privileged Account Security Web Services SDK and creates a session fact that can be used by other modules. It returns an Ansible fact called I(cyberark_session). Every module can use this fact as C(cyberark_session) parameter. options: state: default: present choices: [present, absent] description: - Specifies if an authentication logon/logoff and a cyberark_session should be added/removed. type: str username: description: - The name of the user who will logon to the Vault. type: str password: description: - The password of the user. type: str new_password: description: - The new password of the user. This parameter is optional, and enables you to change a password. type: str api_base_url: description: - A string containing the base URL of the server hosting CyberArk's Privileged Account Security Web Services SDK. type: str validate_certs: type: bool default: 'true' description: - If C(false), SSL certificates will not be validated. This should only set to C(false) used on personally controlled sites using self-signed certificates. use_ldap_authentication: type: bool default: 'false' description: - Whether or not LDAP will be used. use_windows_authentication: type: bool default: 'false' description: - Whether or not Windows will be used. use_cyberark_authentication: type: bool default: 'false' description: - Whether or not LDAP will be used. use_radius_authentication: type: bool default: 'false' description: - Whether or not users will be authenticated via a RADIUS server. Valid values are true/false. connection_number: type: int description: - To support multiple connections for same user specify - different value for this parameter. concurrentSession: type: bool default: false description: - Whether or not to allow concurrent sessions for the same user. cyberark_session: description: - Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session. type: dict timeout: description: - Allows you set a timeout for when your authenticating to Cyberark default: 10 type: int a9 - name: Logon - use_shared_logon_authentication cyberark_authentication: api_base_url: "{{ web_services_base_url }}" use_shared_logon_authentication: true - name: Logon - Not use_shared_logon_authentication cyberark_authentication: api_base_url: "{{ web_services_base_url }}" username: "{{ password_object.password }}" password: "{{ password_object.passprops.username }}" use_shared_logon_authentication: false - name: Logoff from CyberArk Vault cyberark_authentication: state: absent cyberark_session: "{{ cyberark_session }}" a cyberark_session: description: Authentication facts. returned: success type: complex contains: api_base_url: description: - Base URL for API calls. Returned in the cyberark_session, so it can be used in subsequent calls. type: str returned: always token: description: - The token that identifies the session, encoded in BASE 64. type: str returned: always use_shared_logon_authentication: description: - Whether or not Shared Logon Authentication was used to establish the session. type: bool returned: always validate_certs: description: Whether or not SSL certificates should be validated. type: bool returned: always )to_text) AnsibleModule)open_url) HTTPError) HTTPExceptionNc |jd}|jd}|jd}|jd}|jd}|jd}|jd}|jd}|jd } |jd } |jd } |jd } |jd } |jr|d}ddd}d}| dk(r>|rd}n|rd}n |rd}nd} d}||d}|| r||d<| rd|d <tj|}n| d}| d}| d|d<d}d}d}d} t ||zd|||| }|jd&k(rX| dk(r )msgr% status_codez=Unknown error while performing authentication. *** end_point= zError obtaining token %s)r'payloadr%r()r!rrzerror in end_point=>)r'r%)params check_modejsondumpsr rr fail_jsonr code Exceptiongetcodestrloadsread)modulerrrrr use_radiususe_ldap use_windows use_cyberarkrrrrr%r, end_point payload_dictresultchangedresponsehttp_exceptionunknown_exceptionr!es x/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/cyberark/pas/plugins/modules/cyberark_authentication.pyprocessAuthenticationrFs3==0L]]#34N}}Z(H}}Z(H==0L:;J}}67H-- <=K==!>?L MM' "E}}%78 &9:mmI&G\5 +<G G  I ?I L@I%-(C  # *6L ' 04L, -**\* (7 )*:;#3G#< 5 FGH"  9 $)  DS I E DJJx}}78"#"$0&4%F')"-F!1!1!344 3i?QK } %   Y(? A &++      G4E,FH     6   3wqzB## " ! s<9G(,II /H I %II  J!I??Jc"ddidddddiddddddddd ddd ddd ddd ddd dd idd d gd d ddidd d d}gdddgddgddgddgg}dd dgfdd dgfg}ddgg}t||||d}t|\}}}|j|||y)Ntyper5booltrue)rHdefaultT)rHno_logF)rKrHintrabsent)rHchoicesrKdict )rrrrrrrrrrconnection_numberrrr)rrrrrrrrrrrrr) argument_specmutually_exclusive required_ifrequired_togethersupports_check_mode)r@ ansible_factsr()r rF exit_json)fieldsrTrUrVr8r@r?r(s rEmainr[Hs* #)f=UO"d3!&$716%G27&H/4f#E38&'I).?$e_!8,  $V,!51%F4 %n5 %~6 "N3 +,  )n-. (/01K %j12 -+ F&;6%B"Wfk WF T__main__) __future__rrrrH __metaclass__ANSIBLE_METADATA DOCUMENTATIONEXAMPLESRETURNansible.module_utils._textr ansible.module_utils.basicr ansible.module_utils.urlsr +ansible.module_utils.six.moves.urllib.errorr*ansible.module_utils.six.moves.http_clientrr/rFr[__name__r\rErksx CB k X t & :/4.AD cRL9Ux zFr\