DigDeo Syspass Ansible Lookup
Project description
dd-ansible-syspass
DISCLAIMER:
This module has been heavily inspired by https://github.com/ansible/ansible/blob/devel/lib/ansible/plugins/lookup/password.py for password generation and term handling and thus is under GPL.
lookup: syspass
author: Gousseaud Gaëtan <gousseaud.gaetan.pro@gmail.com>, Pierre-Henry Muller <pierre-henry.muller@digdeo.fr>
short_description: get syspass user password and syspass API client
description:
- This lookup returns the contents from Syspass database, a user's password more specificly. Other functions are also implemented for further use.
ansible_version: ansible 2.6.2 with mitogen
python_version: 2.7.9
syspass_version: 3.0 Beta (300.18082701)
params:
- term: the account name (required and must be unique)
- login: login given to created account
- category: category given to created account
- customer: client given to created account
- state: like in Ansible absent to remove the password, present in default to create (Optional)
- pass_length: generated password length (Optional)
- chars: type of chars used in generated (Optional)
- url: url given to created account (Optional)
- notes: notes given to created account (Optional)
- private: is this password private for users who have access or public for all users in acl (default false)
- privategroup: is private only for users in same group (default false)
- expirationDate: expiration date given to created account (Optional) and not tested (no entry in webui)
notes:
-
Account is only created if exact name has no match.
-
A different field passed to an already existing account wont modify it.
-
Utility of tokenPass: https://github.com/nuxsmin/sysPass/issues/994#issuecomment-409050974
-
Rudimentary list of API accesses (Deprecated): https://github.com/nuxsmin/sysPass/blob/d0056d74a8a2845fb3841b02f4af5eac3e4975ed/lib/SP/Services/Api/ApiService.php#L175
-
Usage of ansible vars: https://github.com/ansible/ansible/issues/33738#issuecomment-350819222
syspass function list: SyspassClient: Account: -AccountSearch -AccountViewpass -AccountCreate -AccountDelete -AccountView Category: -CategorySearch -CategoryCreate -CategoryDelete Client: -ClientSearch -ClientCreate -ClientDelete Tag: -TagCreate -TagSearch -TagDelete UserGroup: - UserGroupCreate - UserGroupSearch - UserGroupDelete Others: -Backup
IN HOST VARS
syspass_API_URL: http://syspass-server.net/api.php
syspass_API_KEY: 'API_KEY' #Found in Users & Accesses -> API AUTHORIZATION -> User token
syspass_API_ACC_TOKPWD: Password for API_KEY for Account create / view / delete password account permission in API
syspass_default_length: number of chars in password
IN PLAYBOOK
NOTE: Default values are handled
USAGE 1
- name: Minimum declaration to get / create password
local_action: debug msg="{{ lookup('syspass', 'Server 1 test account', login=test, category='MySQL', customer='Customer 1') }}"
- name: All details for password declaration
local_action: debug msg="{{ lookup('syspass', 'Server 1 test account', login=test, category='MySQL', customer='Customer 1',
url='https://exemp.le', notes='Additionnal infos', private=True, privategroupe=True) }}"
- name: Minimum declaration to delete password
local_action: debug msg="{{ lookup('syspass', 'Server 1 test account', state=absent) }}"
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for digdeo-syspass-ansible-lookup-0.1rc3.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 27449251e8a0c769fef1a19675dd1374b232d3e084ee2e8878f096299cac8cc1 |
|
MD5 | a9603a35280e9954736cdd23d8c36050 |
|
BLAKE2b-256 | 186f9216d75e94654ddc80696f4123161ea4587fde2a7b350a53e3c7827ef16b |