Skip to content

Instantly share code, notes, and snippets.

@JimmyJamTQBD

JimmyJamTQBD/deprovision_account.yml

Last active September 19, 2019 14:46
Show Gist options
  • Save JimmyJamTQBD/5627a42cfd1910b60099d55f35659c6f to your computer and use it in GitHub Desktop.
Save JimmyJamTQBD/5627a42cfd1910b60099d55f35659c6f to your computer and use it in GitHub Desktop.
Download ZIP
Playbooks for Support Event
Raw
deprovision_account.yml
---
- hosts: localhost
collections:
- cyberark.bizdev
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "http://components.cyberark.local"
validate_certs: no
username: "ansibleuser"
password: "Cyberark1"
- name: Debug message
debug:
var: cyberark_session
- name: Account
cyberark_account:
logging_level: DEBUG
identified_by: "address,username"
safe: "Test"
address: "cyberarkdemo.com"
username: "cyberark-administrator"
state: absent
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
- name: Debug message
debug: var=cyberark_session
Raw
deprovision_unix_user.yml
---
- hosts: all
collections:
- cyberark.bizdev
tasks:
- name: Add the user 'cyberark-admin' with a specific uid and a primary group of 'admin'
user:
name: cyberark-admin
comment: CyberArk Administrator
uid: 1040
group: cyberark
state: absent
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "http://components.cyberark.local"
validate_certs: no
username: "ansibleuser"
password: "Cyberark1"
- name: Creating a CyberArk User, setting a simple password but forcing a password change at next logon
cyberark_account:
identified_by: "address,username"
safe: Test
username: cyberark-admin
address: "{{ inventory_hostname }}"
state: absent
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Raw
deprovision_user.yml
---
- hosts: localhost
collections:
- cyberark.bizdev
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "http://components.cyberark.local"
validate_certs: no
username: "ansibleuser"
password: "Cyberark1"
- name: Debug message
debug:
var: cyberark_session
- name: Removing a CyberArk User
cyberark_user:
username: "ansibleuser"
state: absent
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
- name: Debug message
debug: var=cyberark_session
Raw
disable_user.yml
---
- hosts: localhost
collections:
- cyberark.bizdev
vars:
machine:
username: '{{ ansible_user }}'
password: '{{ ansible_password }}'
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "http://components.cyberark.local"
validate_certs: no
username: "{{ ansible_user }}"
password: "{{ ansible_pass }}"
- name: Disabling a CyberArk User
cyberark_user:
username: "ansibleuser"
disabled: true
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Raw
enable_user.yml
---
- hosts: localhost
collections:
- cyberark.bizdev
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "http://components.cyberark.local"
validate_certs: no
username: "bizdev"
password: "1q2w3e4r!Q@W#E$R"
- name: Enabling a CyberArk User and forcing a password change at next logon
cyberark_user:
username: "ansibleuser"
disabled: false
state: present
# change_password_on_the_next_logon: true
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Raw
provision_account.yml
---
- hosts: localhost
collections:
- cyberark.bizdev
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "http://components.cyberark.local"
validate_certs: no
username: "ansibleuser"
password: "Cyberark1"
- name: Account
cyberark_account:
identified_by: "address,username"
safe: "Test"
address: "cyberarkdemo.com"
username: "cyberark-administrator"
platform_id: WinDomain
secret: "CyberarkFirst"
platform_account_properties:
LogonDomain: "CyberArk"
OwnerName: "Edward Nunez"
Port: 8080
secret_management:
automatic_management_enabled: true
management_action: "reconcile"
state: present
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Raw
provision_unix_user.yml
---
- hosts: all
collections:
- cyberark.bizdev
vars:
# created with:
# python -c 'import crypt; print crypt.crypt("Cyberark1", "$1$SomeSalt$")'
password: $1$SomeSalt$Z9LfiPOMVNz0hYK4rO1UI1
tasks:
- name: Add the user 'cyberark-admin' with a specific uid and a primary group of 'admin'
user:
name: cyberark-admin
comment: CyberArk Administrator
uid: 1040
group: cyberark
password: "{{ password }}"
update_password: on_create
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "http://components.cyberark.local"
validate_certs: no
username: "ansibleuser"
password: "Cyberark1"
- name: Creating a CyberArk User, setting a simple password but forcing a password change at next logon
cyberark_account:
identified_by: "address,username"
safe: Test
username: cyberark-admin
address: "{{ inventory_hostname }}"
platform_id: UnixSSH
secret: "Cyberark1"
platform_account_properties:
OwnerName: "Edward Nunez"
secret_management:
automatic_management_enabled: true
management_action: change_immediately
state: present
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Raw
provision_user.yml
---
- hosts: localhost
collections:
- cyberark.bizdev
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "http://components.cyberark.local"
validate_certs: no
username: "administrator"
password: "Cyberark1"
- name: Creating a CyberArk User, setting a simple password but forcing a password change at next logon
cyberark_user:
username: "ansibleuser"
first_name: "Edward"
last_name: "Nunez"
email: "edwardnunez@demo.com"
initial_password: "Cyberark1"
user_type_name: "EPVUser"
group_name: "Vault Admins"
disabled: false
state: present
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Raw
reset_user_password.yml
---
- hosts: localhost
collections:
- cyberark.bizdev
tasks:
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "http://components.cyberark.local"
validate_certs: no
username: "ansibleuser"
password: "Cyberark1"
- name: Enabling a CyberArk User and forcing a password change at next logon
cyberark_user:
username: "ansibleuser"
disabled: false
new_password: Cyberark1
state: present
change_password_on_the_next_logon: true
cyberark_session: "{{ cyberark_session }}"
register: cyberarkaction
- name: Debug message
debug:
var: cyberarkaction
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment