VhjddlmZmZmZeZddgddZdZdZdZ dd l Z dd l m Z dd l mZdd lmZdd lmZddlmZddlmZdd lZdZdZdZdZdZdZdZdZ e!dk(re y y ))absolute_importdivisionprint_functionz1.1preview certified)metadata_versionstatus supported_bya --- module: cyberark_user short_description: CyberArk User Management using PAS Web Services SDK. author: - Edward Nunez (@enunez-cyberark) - Cyberark Bizdev (@cyberark-bizdev) - Erasmo Acosta (@erasmix) - James Stutes (@jimmyjamcabd) version_added: '1.0.0' description: - CyberArk User Management using PAS Web Services SDK, It currently supports the following actions Get User Details, Add User, Update User, Delete User. options: username: description: - The name of the user who will be queried (for details), added, updated or deleted. type: str required: true state: description: - Specifies the state needed for the user present for create user, absent for delete user. type: str choices: [ absent, present ] default: present logging_level: description: - Parameter used to define the level of troubleshooting output to the C(logging_file) value. required: false choices: [NOTSET, DEBUG, INFO] default: NOTSET type: str logging_file: description: - Setting the log file name and location for troubleshooting logs. required: false default: /tmp/ansible_cyberark.log type: str cyberark_session: description: - Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see M(cyberark.pas.cyberark_authentication) module for an example of cyberark_session. type: dict required: true initial_password: description: - The password that the new user will use to log on the first time. - This password must meet the password policy requirements. - This parameter is required when state is present -- Add User. type: str new_password: description: - The user updated password. Make sure that this password meets the password policy requirements. type: str email: description: - The user email address. type: str first_name: description: - The user first name. type: str last_name: description: - The user last name. type: str change_password_on_the_next_logon: description: - Whether or not the user must change their password in their next logon. type: bool default: false domain_name: description: - The name of the user domain. type: str member_type: description: - The type of member. type: str expiry_date: description: - The date and time when the user account will expire and become disabled. type: str user_type_name: description: - The type of user. - The parameter defaults to C(EPVUser). type: str disabled: description: - Whether or not the user will be disabled. type: bool default: false location: description: - The Vault Location for the user. type: str group_name: description: - The name of the group the user will be added to. - Causes an additional lookup in cyberark - Will be ignored if vault_id is used - Will cause a failure if group is missing or more than one group with that name exists type: str timeout: description: - How long to wait for the server to send data before giving up type: float default: 10 vault_id: description: - The ID of the user group to add the user to - Prefered over group_name type: int authorization: description: - A list of authorization options for this user. - Options can include AddSafes and AuditUsers - The default provides backwards compatability with older versions of the collection type: list elements: str default: - AddSafes - AuditUsers a9 - name: Logon to CyberArk Vault using PAS Web Services SDK cyberark_authentication: api_base_url: https://components.cyberark.local use_shared_logon_authentication: true - name: Create user & immediately add it to a group cyberark_user: username: username initial_password: password user_type_name: EPVUser change_password_on_the_next_logon: false group_name: GroupOfUser state: present cyberark_session: '{{ cyberark_session }}' - name: Make sure user is present and reset user credential if present cyberark_user: username: Username new_password: password disabled: false state: present cyberark_session: '{{ cyberark_session }}' - name: Logoff from CyberArk Vault cyberark_authentication: state: absent cyberark_session: '{{ cyberark_session }}' a changed: description: Whether there was a change done. type: bool returned: always cyberark_user: description: Dictionary containing result properties. returned: always type: complex contains: result: description: user properties when state is present type: dict returned: success status_code: description: Result HTTP Status code returned: success type: int sample: 200 N) AnsibleModule)to_text) http_client) HTTPError)open_url)quotecddj|jd|jdS)Nz{baseurl}/{endpoint}/)baseurlendpoint)formatrstriplstrip) api_base_url end_points n/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/cyberark/pas/plugins/modules/cyberark_user.py construct_urlrs0 ! ( (1D1DS1IT]TdTdehTi ( jjc |jd}|jd}|d}|d}i}dj|}t||}d|dd d } t|d |||jd  } dt j | j i}d|| jfS#ttjf$rZ} | jdk(rdd| jfcYd} ~ S|jd|dt| || jYd} ~ yd} ~ wt$r-} |jd|dt| |dYd} ~ yd} ~ wwxYw)Nusernamecyberark_sessionrvalidate_certs msgr- status_codez;Unknown error while performing user_details. *** end_point= )paramsrrrjsonloadsreadgetcoderhttplib HTTPExceptioncode fail_jsonr Exception) modulerrrr r.rurlr-responsehttp_exceptionunknown_exceptions r user_detailsrEs}}}Z(H}}%78#N3L%&67NFNUU`hUiI  i 0C+)'2<G '  )MM),  DJJx}}78vx//122 w,, -   # %4!4!45 5    GN35  *//       124     s1AB((EDE$-D E"#E  Ec t |jd}|jd}|d}|d}i}i}d|ddd} |d k(rNd } ||d <d t|jjvr9|jd *|jd |d <n|dk(rdj|} d|jvr!|jd|jd|d<d|jvr!|jd|jd|d<d|jvr!|jd|jd|d<d|jvr!|jd|jd|d<d|jvr!|jd|jd|d<d|jvr!|jd|jd|d<d|jvr3|jd$|jd|d<|jd|d<d |jvr!|jd |jd |d!<d"|jvr!|jd"|jd"|d#<|jj d$d|jd$|d%<t j d&|zd'ztj|jzt j d(tj|t j d)tj||dk(rd|jvs|jdgt jd*d+} gd,} | D]F} t j d-| | |vs| |vs#|| || k7s/t j d.| d/} Hnd/} | rt jd0t| } t||| tj|||jd12}d3tj|ji}d/||jfSd+|d:fS#tt j"f$r8}|j%d4|d5t'||| |j(6Yd}~yd}~wt*$r.}|j%d7|d8t'||| d96Yd}~yd}~wwxYw);Nrrrr r$r%r&r'POSTzPasswordVault/api/UsersUserNameinitial_passwordInitialPasswordPUTr!r" new_password NewPasswordemailEmail first_name FirstName last_nameLastName!change_password_on_the_next_logonChangePasswordOnTheNextLogon expiry_date ExpiryDateuser_type_name UserTypeNameuserTypedisabledDisabledlocationLocation authorizationvaultAuthorizationz HTTPMethod = z module.params = zExisting Info: %sz payload => %sz Verifying if needs to be updatedF) rOrQrSrUrWrYr\r^rYr`z#### field_name : %szChanging value for %sTz%Proceeding to either update or creater*r,r-datar r*r.z]Error while performing user_add_or_update.Please validate parameters provided. *** end_point=r0r2payloadr-r3zAUnknown error while performing user_add_or_update. *** end_point=r4r5)r6listkeysrgetloggingdebugr7dumpsinforrr8r9r:rr;r<r>r r=r?)r@ HTTPMethod existing_inforrrr r.rdr-rproceedupdateable_fields field_namerArBrCrDs ruser_add_or_updaterrs}}Z(H}}%78#N3L%&67NFG*)'2<GV- &  $v}}'9'9';"< < 01=)/7I)JG% & u RYYdlYm &6==+H+T!'~!> &--FMM'$:$F!==1v}}$|)D)P%}}\: fmm# k(B(N$mmK8  ,v}}< MM= > J28-- /3 ./ %&-- *F*R & m <  FMM) MM* + 7"(--0@"A$mm,<= V]]"v}}Z'@'L$mmJ7 V]]"v}}Z'@'L$mmJ7  }}$/;(. o(F$% MM*$'::TZZ =VV MM%tzz-'@A MM/4::g#67Ufmm+v}}^/L/T 78  , J MM0* =g%-/J'=+DD 5zB  <=L)4(  !ZZ(- i0 H 8==? ;rirjrr;r<r r=r?)r@rrrr rAr-rBusersuser_iduserrCexception_textrDs rresolve_username_to_idr{s}}Z(H}}%78#N3L%&67N  &R&Y&Ydl&Y&m nC*)'2<G *  )MM),   8==?+'N {DJ8+?"4jG$$*kow*x$z  {  98WM w,, -   0N $&++     G-. 0    s+AC"7CE 3/D'' E 3#EE c ||jd}|d}|d}i}t|}|d|dfSdj|}d|dd d }t||} t |d |||jd  } dii}d|| j fS#t tjf$rd} t| } | jdk(rd| vrdii}d|| jfcYd} ~ S|jd|d| || jYd} ~ yd} ~ wt$r-} |jd|dt| |dYd} ~ yd} ~ wwxYw)Nrrr Fz&PasswordVault/api/Users/{pvaultuserid}) pvaultuseridr$r%r&r'DELETEr*r+r.Tr/ ITATS003EzVError while performing user_delete.Please validate parameters provided. *** end_point=r0r1z:Unknown error while performing user_delete. *** end_point=r4r5) r6r{rrrr:rr;r<r r=r>r?) r@rrr r. vault_user_idrr-rArBrCrzrDs r user_deleters}}%78#N3L%&67NF*62Mvt$$9AA}A]I+)'2<G  i 0C,  )MM),  Bfh..011 w,, - 0   # %+*G^F6>#6#67 7    N,  *//       124     s03B D;#0DD;$D D;#D66D;c |jd}|jd}|d}|d}d|ddd}t|d jt| } t |d |||jd  }t j |j}d} |dD](} | d|k(s | | d} |jd|z*tjd|| | S#ttjf$r;} |jd|d|dt| i|| jYd} ~ yd} ~ wt $r1} |jd|d|dt| i|dYd} ~ yd} ~ wwxYw)N group_namerrr r$r%r&r'z1/PasswordVault/api/UserGroups?search={pgroupname} pgroupnamer)r*r+value groupNameruz;Found more than one group matching %s. Use vault_id insteadrvzResolved group_name %s to ID %szError while looking up group z. *** end_point=r0rcz%Unknown error while looking up group r4r5)r6rrrrr7r8r9r>rirjrr;r<r r=r?) r@rrrr r-rArBgroupsgroup_idgrouprCrDs rresolve_group_name_to_idr8s|,J}}%78#N3L%&67N*)'2<G  &Y&`&`lqr|l}&`&~ C'  )MM),  HMMO,G_ yE[!Z/#$T{H$$*gku*v$x  y  7XN w,, - 3 7 9&++     3(9 : <    s+AC#+7C##E/<1D22 E/>'E**E/c |jd}|jd}|jd}|jddn|jd}|dk(r|jdnd}|jd}|d }|d }i} d |d d d} |r1|s/t|}|"|jdj|dj|} ||d} |r|| d<t || } t | d| t j| ||jd}dii} d| |jfS#ttjf$r}t|}t j|jj}|j dk(r-d|vs|j#dddk(rd d|j fcYd}~S|jd!| d"|| | |j |jj#Yd}~yd}~wt$$r.}|jd$| d%t|| | d&'Yd}~yd}~wwxYw)(Nrrvault_id member_typeVaultdomain domain_namerrr r$r%r&r'z]Unable to find a user group named {pgroupname}, please create that before adding a user to itrrvz0/PasswordVault/api/UserGroups/{pvaultid}/Members)pvaultid)memberId memberType domainNamerGr*rar.Ti ITATS262E ErrorCode PASWS213EFz\Error while performing user_add_to_group.Please validate parameters provided. *** end_point=r0)r2rdr-r3rBz@Unknown error while performing user_add_to_group. *** end_point=r4r5rc)r6rr>rrrr7rkr:rr;r<r r8r9decoder=rhr?)r@rrrrrrrr r.r-rrdrArBrCrzexception_bodyrDs ruser_add_to_grouprms }}Z(H|,J}}Z(H == ' /  ]]= ) 3>2I&-- .tK}}%78#N3L%&67NF*)'2<G(+F3     "A"H"HT^"H"_  `CKKU]K^I$;?G +   i 0C0  G$)MM),  Bfh..011 w,, - 0N$7$7$9$@$@$BC   # %;.+HNL^L^_jlnLos~L~4!4!45 5    N,  *//',,.557       124    s3&AD..IA2H9I?AH I$H;;Icttd5idtdddtddddgd tdd gd d tdd dtdddtdddtdddtddtddtddtdddtddtddtdddtddtdd td!d"tdd#tdd$td%d&d'td(ddd)d*g+,}|jd 1tj|jd |jd -tj d.|jd}|jd}|jd }|dk(rYt |\}}}|d/k(rt|d0|d1\}}}n|d2k(rt|d3d\}}}||*t|\}}} |xs|}n|dk(rt|\}}}|j4y)6NrstrT)typerequiredstatepresentabsent)rdefaultchoices logging_levelNOTSET)rDEBUGINFO logging_filez/tmp/ansible_cyberark.log)rrrdictrI)rno_logrLrN)rrPrRrTboolFrVrXr[r]rrintrrr*float r_rfAddSafes AuditUsers)relementsrr) argument_spec)filenamelevelzStarting ModulererKr.r/rG)changed cyberark_userr3) r rr6ri basicConfigrlrErrrr exit_json) r@rrrrr.r3 group_change no_resultno_status_codes rmainrs  ut4 E9x>ST H6Q 52MN  "v= "uT: 56 E" ' & /3.N %(  U+ vu5! "u%# $'% &u%' (%() *%(+ ,gr2- .FUUU_amTno/ F8}}_%1]]>2&--:X  LL"# MM' "E|,J}}Z(H )5f)=&&+ # .@vh/. *WfkC -?PT-U *Wfk  !X%98I&8Q 5\9n-G ( )4V)<&&+ WF Tr__main__)" __future__rrrr __metaclass__ANSIBLE_METADATA DOCUMENTATIONEXAMPLESRETURNr7ansible.module_utils.basicr ansible.module_utils._textr ansible.module_utils.six.movesr r;+ansible.module_utils.six.moves.urllib.errorransible.module_utils.urlsr+ansible.module_utils.six.moves.urllib.parserrirrErrr{rrrr__name__rrrrsCB k F P < * 4.AA.=k; |\+~5 pD N2 j[ |?UD zFr