thalesgroup.ciphertrust.usermgmt_users_save module – Create and manage users in CipherTrust Manager
Note
This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).
To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust
.
To use it in a playbook, specify: thalesgroup.ciphertrust.usermgmt_users_save
.
New in thalesgroup.ciphertrust 1.0.0
Synopsis
This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with user management API
Parameters
Parameter |
Comments |
---|---|
List of login authentication methods allowed to the user. Default value - [“password”] i.e. Password Authentication is allowed by default. Setting it to empty, i.e [], means no authentication method is allowed to the user. If both enable_cert_auth and allowed_auth_methods are provided in the request, enable_cert_auth is ignored. |
|
A schema-less object, which can be used by applications to store information about the resource. app_metadata is typically used by applications to store information which the end-users are not themselves allowed to change, like group membership or security roles. |
|
The domain where user needs to be authenticated. This is the domain where user is created. Defaults to the root domain. required only for changew op_type, not mandatory though |
|
The Distinguished Name of the user in certificate |
|
CM user ID of the user that needs to be patched. Only required if the op_type is patch |
|
This attribute is required to create a user, but is not included in user resource responses. Can be the name of a connection or “local_account” for a local user, defaults to “local_account”. |
|
E-mail of the user |
|
Deprecated Use allowed_auth_methods instead. If both enable_cert_auth and allowed_auth_methods are provided in the request, enable_cert_auth is ignored. Enable certificate based authentication flag. If set to true, the user will be able to login using certificate. Choices:
|
|
Set it to 0 to unlock a locked user account. |
|
This flag can be used to create the user in a non-root domain where user management is allowed. Choices:
|
|
this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) holds IP/FQDN of the server, username, password, and port |
|
admin password of CM |
|
CM Server IP or FQDN |
|
Port on which CM server is listening Default: |
|
internal or private IP of the CM Server, if different from the server_ip |
|
admin username of CM |
|
if SSL verification is required Choices:
|
|
Flags for controlling user’s login behavior. |
|
If true, user is not allowed to login from Web UI. Default - false Choices:
|
|
Full name of the user. |
|
the new password mandatory for changepw op_type |
|
Operation to be performed Choices:
|
|
The password used to secure the users account. Allowed passwords are defined by the password policy. Password is optional when “certificate_subject_dn” is set and “user_certificate” is in allowed_auth_methods.In all other cases, password is required It is not included in user resource responses. |
|
Password change required flag. If set to true, user will be required to change their password on next successful login. Choices:
|
|
The user_id is the ID of an existing root domain user. This field is used only when adding an existing root domain user to a different domain. |
|
A schema-less object, which can be used by applications to store information about the resource. user_metadata is typically used by applications to store information about the resource which the end-users are allowed to modify, such as user preferences. |
|
The login name of the user. This is the identifier used to login. This attribute is required to create a user, but is omitted when getting or listing user resources. It cannot be updated. This attribute may also be used (instead of the user_id) when adding an existing root domain user to a different domain. Mandatory for create operation |
Examples
- name: "Create new user"
thalesgroup.ciphertrust.usermgmt_users_save:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: "create"
username: "john.doe"
password: "oldPassword12!"
email: "john.doe@example.com"
name: "John Doe"
- name: "Update user info"
thalesgroup.ciphertrust.usermgmt_users_save:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: "patch"
cm_user_id: "local|UUID"
username: "john.doe"
email: "aj@example.com"
name: "New Name"
- name: "Change user password"
thalesgroup.ciphertrust.usermgmt_users_save:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: "changepw"
username: "john.doe"
password: "oldPassword12!"
new_password: "newPassword12!"
- name: "Update self"
thalesgroup.ciphertrust.usermgmt_users_save:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: "patch_self"
name: "CM Admin"