Note
This plugin is part of the cyberark.pas collection (version 1.0.7).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install cyberark.pas.
To use it in a playbook, specify: cyberark.pas.cyberark_user.
New in version 2.4: of cyberark.pas
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| change_password_on_the_next_logon boolean |
| Whether or not the user must change their password in their next logon. |
| cyberark_session dictionary / required | Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see M(cyberark_authentication) module for an example of cyberark_session. | |
| disabled boolean |
| Whether or not the user will be disabled. |
| email string | The user email address. | |
| expiry_date string | The date and time when the user account will expire and become disabled. | |
| first_name string | The user first name. | |
| group_name string | The name of the group the user will be added to. | |
| initial_password string | The password that the new user will use to log on the first time. This password must meet the password policy requirements. This parameter is required when state is present -- Add User. | |
| last_name string | The user last name. | |
| location string | The Vault Location for the user. | |
| logging_file string | Default: "/tmp/ansible_cyberark.log" | Setting the log file name and location for troubleshooting logs. |
| logging_level string / required |
| Parameter used to define the level of troubleshooting output to the logging_file value. |
| new_password string | The user updated password. Make sure that this password meets the password policy requirements. | |
| state string |
| Specifies the state needed for the user present for create user, absent for delete user. |
| user_type_name string | The type of user. The parameter defaults to EPVUser. | |
| username string / required | The name of the user who will be queried (for details), added, updated or deleted. |
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: https://components.cyberark.local
use_shared_logon_authentication: yes
- name: Create user & immediately add it to a group
cyberark_user:
username: username
initial_password: password
user_type_name: EPVUser
change_password_on_the_next_logon: no
group_name: GroupOfUser
state: present
cyberark_session: '{{ cyberark_session }}'
- name: Make sure user is present and reset user credential if present
cyberark_user:
username: Username
new_password: password
disabled: no
state: present
cyberark_session: '{{ cyberark_session }}'
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: '{{ cyberark_session }}'
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
| changed boolean | always | Whether there was a change done. | |
| cyberark_user complex | always | Dictionary containing result properties. | |
| result dictionary | success | user properties when state is present | |
| status_code integer | success | Result HTTP Status code Sample: 200 | |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/cyberark/pas/cyberark_user_module.html