Axil76 patch 1 #65
Open
Axil76 patch 1 #65
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
infamousjoeg
requested changes
Jan 19, 2024
Member
infamousjoeg
left a comment
infamousjoeg
left a comment
There was a problem hiding this comment.
Reviewed adding linked accounts to cyberark_account and adding cyberark_safe for safe creation. This is amazing!
My one request would be to update the README.md to include the linked accounts and cyberark_safe definition.
infamousjoeg
requested changes
Feb 1, 2024
Member
infamousjoeg
left a comment
infamousjoeg
left a comment
There was a problem hiding this comment.
Along with the previous request for changes on the README.md, creating and linking from README.md to a cyberark_safe.md file located in docs/ is also needed for Ansible Galaxy documentation. Finally, these requested changes should round out the PR and it'll be ready to merge.
Comment on lines
+33
to
+202
| options: | ||
| state: | ||
| description: | ||
| - Assert the desired state of the safe C(present) to create or | ||
| update and safe object. Set to C(absent) for deletion of an | ||
| account object. | ||
| required: true | ||
| default: present | ||
| choices: [present, absent] | ||
| type: str | ||
| logging_level: | ||
| description: | ||
| - Parameter used to define the level of troubleshooting output to | ||
| the C(logging_file) value. | ||
| required: true | ||
| choices: [NOTSET, DEBUG, INFO] | ||
| type: str | ||
| logging_file: | ||
| description: | ||
| - Setting the log file name and location for troubleshooting logs. | ||
| required: false | ||
| default: /tmp/ansible_cyberark.log | ||
| type: str | ||
| api_base_url: | ||
| description: | ||
| - A string containing the base URL of the server hosting CyberArk's | ||
| Privileged Account Security Web Services SDK. | ||
| - Example U(https://<IIS_Server_Ip>/PasswordVault/api/) | ||
| required: true | ||
| type: str | ||
| validate_certs: | ||
| description: | ||
| - If C(false), SSL certificate chain will not be validated. This | ||
| should only set to C(true) if you have a root CA certificate | ||
| installed on each node. | ||
| required: false | ||
| default: true | ||
| type: bool | ||
| cyberark_session: | ||
| description: | ||
| - Dictionary set by a CyberArk authentication containing the | ||
| different values to perform actions on a logged-on CyberArk | ||
| session, please see M(cyberark_authentication) module for an | ||
| example of cyberark_session. | ||
| required: true | ||
| type: dict | ||
| identified_by: | ||
| description: | ||
| - When an API call is made to Get Accounts, often times the default | ||
| parameters passed will identify more than one account. This | ||
| parameter is used to confidently identify a single account when | ||
| the default query can return multiple results. | ||
| required: false | ||
| default: username,address,platform_id | ||
| type: str | ||
| safe: | ||
| description: | ||
| - The safe in the Vault where the privileged account is to be | ||
| located. | ||
| required: true | ||
| type: str | ||
| platform_id: | ||
| description: | ||
| - The PolicyID of the Platform that is to be managing the account | ||
| required: false | ||
| type: str | ||
| address: | ||
| description: | ||
| - The address of the endpoint where the privileged account is | ||
| located. | ||
| required: false | ||
| type: str | ||
| name: | ||
| description: | ||
| - The ObjectID of the account | ||
| required: false | ||
| type: str | ||
| secret_type: | ||
| description: | ||
| - The value that identifies what type of account it will be. | ||
| required: false | ||
| default: password | ||
| choices: [password, key] | ||
| type: str | ||
| secret: | ||
| description: | ||
| - The initial password for the creation of the account | ||
| required: false | ||
| type: str | ||
| new_secret: | ||
| description: | ||
| - The new secret/password to be stored in CyberArk Vault. | ||
| type: str | ||
| username: | ||
| description: | ||
| - The username associated with the account. | ||
| required: false | ||
| type: str | ||
| secret_management: | ||
| description: | ||
| - Set of parameters associated with the management of the | ||
| credential. | ||
| required: false | ||
| type: dict | ||
| suboptions: | ||
| automatic_management_enabled: | ||
| description: | ||
| - Parameter that indicates whether the CPM will manage | ||
| the password or not. | ||
| default: False | ||
| type: bool | ||
| manual_management_reason: | ||
| description: | ||
| - String value indicating why the CPM will NOT manage | ||
| the password. | ||
| type: str | ||
| management_action: | ||
| description: | ||
| - CPM action flag to be placed on the account object | ||
| for credential rotation. | ||
| choices: [change, change_immediately, reconcile] | ||
| type: str | ||
| new_secret: | ||
| description: | ||
| - The actual password value that will be assigned for | ||
| the CPM action to be taken. | ||
| type: str | ||
| perform_management_action: | ||
| description: | ||
| - C(always) will perform the management action in | ||
| every action. | ||
| - C(on_create) will only perform the management action | ||
| right after the account is created. | ||
| choices: [always, on_create] | ||
| default: always | ||
| type: str | ||
| remote_machines_access: | ||
| description: | ||
| - Set of parameters for defining PSM endpoint access targets. | ||
| required: false | ||
| type: dict | ||
| suboptions: | ||
| remote_machines: | ||
| description: | ||
| - List of targets allowed for this account. | ||
| type: str | ||
| access_restricted_to_remote_machines: | ||
| description: | ||
| - Whether or not to restrict access only to specified | ||
| remote machines. | ||
| type: bool | ||
| platform_account_properties: | ||
| description: | ||
| - Object containing key-value pairs to associate with the account, | ||
| as defined by the account platform. These properties are | ||
| validated against the mandatory and optional properties of the | ||
| specified platform's definition. Optional properties that do not | ||
| exist on the account will not be returned here. Internal | ||
| properties are not returned. | ||
| required: false | ||
| type: dict | ||
| suboptions: | ||
| KEY: | ||
| description: | ||
| - Freeform key value associated to the mandatory or | ||
| optional property assigned to the specified | ||
| Platform's definition. | ||
| aliases: [Port, ExtrPass1Name, database] | ||
| type: str | ||
| """ |
Member
There was a problem hiding this comment.
This options section is used by Ansible's documentation. This should reflect values for cyberark_safe but currently reflect values for cyberark_account. Please update these to match what the available options for cyberark_safe are.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Desired Outcome
This method enables a user to associate a linked account to an existing source account. The linked account can be a Reconcile account, Logon account, or other type of linked account that is defined in the platform configuration
Implemented Changes
Modifying the code to add a parameter to insert account information