diff options
Diffstat (limited to 'ansible_collections/cyberark/pas/docs')
| -rw-r--r-- | ansible_collections/cyberark/pas/docs/aimprovider.md | 91 | ||||
| -rw-r--r-- | ansible_collections/cyberark/pas/docs/cyberark_account.md | 278 | ||||
| -rw-r--r-- | ansible_collections/cyberark/pas/docs/cyberark_authentication.md | 104 | ||||
| -rw-r--r-- | ansible_collections/cyberark/pas/docs/cyberark_credential.md | 127 | ||||
| -rw-r--r-- | ansible_collections/cyberark/pas/docs/cyberark_user.md | 163 | ||||
| -rw-r--r-- | ansible_collections/cyberark/pas/docs/images/cyberark_logo.jpg | bin | 0 -> 35012 bytes | |||
| -rw-r--r-- | ansible_collections/cyberark/pas/docs/images/full-cyberark-logo.jpg | bin | 0 -> 11822 bytes | |||
| -rw-r--r-- | ansible_collections/cyberark/pas/docs/images/platform_account_properties.JPG | bin | 0 -> 49928 bytes |
8 files changed, 763 insertions, 0 deletions
diff --git a/ansible_collections/cyberark/pas/docs/aimprovider.md b/ansible_collections/cyberark/pas/docs/aimprovider.md new file mode 100644 index 00000000..e3986353 --- /dev/null +++ b/ansible_collections/cyberark/pas/docs/aimprovider.md @@ -0,0 +1,91 @@ +cyberark.pas.aimprovider +==================== + +Role to install/uninstall CyberArk's AIM Credential Provider. + +Requirements +------------ + +- CyberArk Privileged Account Security Web Services SDK. +- `cyberark.pas` Collection from Ansible Galaxy or Automation Hub + +Role Variables +-------------- +``` +# CyberArk's Privileged Account Security Web Services SDK api base URL (example: https://components.cyberark.local) +rest_api_url: "" + +# Whether to validate certificates for REST api calls. If false, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. +validate_certs: true + +# Zip file with distribution of AIM Provider (example: /tmp/binaries/RHELinux x64-Rls-v9.8.zip); this file is located in the Ansible server, and it will be copied to the Ansible nodes. It should point to the current version of AIM distribution to be used when delivering to the nodes in a central folder within the Ansible server. +zip_file_name: "" + +# Folder name within the ZIP file that will be used. By default, it's taken from zip file name, for example: "RHELinux x64" +folder_name: '{{zip_file_name.split("/")[-1].split("-Rls")[0]}}' + +# CyberArk location for App Provider user to be created +app_provider_user_location: "\\Applications" + +# CyberArk Vault Address +vault_address: "" + +# Whether to use shared logon authentication. If true, it will use the "Shared Logon Authentication" as described in the CyberArk's document "Privileged Account Security Web Services SDK Implementation Guide" +use_shared_logon_authentication: false + +# State - can be "present"/"absent" for install/uninstall. +state: "present" +``` + + +Additionally: +- **app_provider_user_group**: The name of the group the Provider user will be added to. + +Dependencies +------------ + +None. + + +Example Playbook +---------------- + +1) Install CyberArk AIM Provider. + +``` +--- +- hosts: all + + roles: + + - role: cyberark.pas.aimprovider + api_base_url: "https://components.cyberark.local" + validate_certs: false + zip_file_name: "/tmp/binaries/RHELinux x64-Rls-v9.8.zip" + vault_address: "10.0.1.10" + use_shared_logon_authentication: true +``` + +2) Uninstall CyberArk AIM Provider. +``` +--- +- hosts: all + + roles: + + - role: cyberark.pas.aimprovider + api_base_url: "https://components.cyberark.local" + use_shared_logon_authentication: true + state: "absent" + validate_certs: false +``` + +License +------- + +MIT + +Author Information +------------------ + +- Edward Nunez (edward.nunez@cyberark.com) diff --git a/ansible_collections/cyberark/pas/docs/cyberark_account.md b/ansible_collections/cyberark/pas/docs/cyberark_account.md new file mode 100644 index 00000000..d35e4806 --- /dev/null +++ b/ansible_collections/cyberark/pas/docs/cyberark_account.md @@ -0,0 +1,278 @@ +# cyberark_account + +Allows for adding, deleting, modifying a privileged credential within the Cyberark Vault. The request uses the Privileged Account Security Web Services SDK.<br> + +The ability to modify consists of the following: + +* Password (see secret_management) +* Safe +* Platform +* Address +* Object Name +* Username +* Platform Account Properties + * These are the parameters listed in the Platform under `UI & Workflows -> Properties` and are unique to each Platform (see image below) +* Remote Machines Access + + + +### secret_management +The `secret_management` dictionary provides the capability to set a CPM password rotation flag on an existing account. + +The available options are as follows:<br> + +`automatic_management_enabled`: bool<br> +`manual_management_reason`: This is a string value that populates the Reason field is you have set an account to not be managed by the CPM. This value is only necessary if `automatic_management_enabled` is set to false.<br> +`management_action`: This value indicates what type CPM management flag will be placed on the account +* change - <br> +* change_immediately - <br> +* reconcile - <br> + +`new_secret`: This parameter is available to set the value of the new password<br> +`perform_secret_management`: This parameter was allows the option to place a CPM management flag on an account upon creation of an account object. +* always - All `secret_management` actions will follow the table below at all times. +* on_create - Will place a CPM management flag according to the table below ONLY on creation of an account object. + +#### Secret Management Action Table +| management_action | new_secret | Action | +| :---------: | :----: | :----- | +| change | populated | change password to set value at next scheduled rotation | +| change | NULL | rotate password at next scheduled rotation | +| change_immediately | populated | change immediately to the set value | +| change_immediately | NULL | rotate immediately | +| reconcile | populated | reconcile immediately NOT to set value | +| reconcile | NULL | reconcile immediately | +| NULL | populated | set value in Vault ONLY | + + +### identified_by +This property allows for the module to confidently identify the account object needing to be identified. If multiple accounts are returned from the modules initial `Get Accounts` it will use the value(s) set in the `identified_by` parameter to direct which account is selected from the list. + +**EXAMPLE:** +``` +-Playbook Parameters- + +cyberark_account: + identified_by: "address,username,platform_id" + safe: "testSafe" + address: "dev.local" + username: "admin" + platform_id: WinDomain + + -This is the query sent to CyberArk Web SDK: +/api/Accounts?filter=safeName eq testSafe&search= admin dev.local + +**This could return multiple accounts in the testSafe** + +RETURNED: +account1 + username: administrator + address: cyberark.dev.local + safe: testSafe + policyID: WinDomain + +account2 + username: admin + address: dev.local + safe: testSafe + policyID: WinDomain +``` +With the `identified_by` parameter set the `cyberark_account` module will select the account2 object becauses the values of the `address`, `username` and `platform_id` parameters are identical matches to the values of account2 properties. + +#### Limitations +**Idempotency** - All actions taken in the module adhere to the Ansible idempotency guidelines _except_ for password change. If you have the playbook set to modify a password it will send a password change request every time the playbook is run, even if you are defining the next password value and it is the same password that is set in other runs.<br> +**Remote Machines Access** - When modifying the values in the `remote_machines_access` dictionary be mindful of the `platform_id` value. Remote Machines Access values are stored at the Vault database level and not stored as File Categories. It is a function that is only available with the `WinDomain` platform and if you attempt to assign these values to another platform it will cause errors in the PSM functionality. + + +#### Available Fields +``` +options: + state: + description: + - Assert the desired state of the account C(present) to creat or update and account object. Set to C(absent) for deletion of an account object + required: true + default: present + choices: [present, absent] + type: str + logging_level: + description: + - Parameter used to define the level of troubleshooting output to the C(logging_file) value + required: true + choices: [NOTSET, DEBUG, INFO] + type: str + logging_file: + description: + - Setting the log file name and location for troubleshooting logs + required: false + default: /tmp/ansible_cyberark.log + type: str + api_base_url: + description: + - A string containing the base URL of the server hosting CyberArk's Privileged Account Security Web Services SDK + - Example: U(https://<IIS_Server_Ip>/PasswordVault/api/) + required: true + type: str + validate_certs: + description: + - If C(false), SSL certificate chain will not be validated. This should only set to C(true) if you have a root CA certificate installed on each node. + required: false + default: true + type: bool + cyberark_session: + description: + - Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see M(cyberark_authentication) module for an example of cyberark_session. + required: true + type: dict + identified_by: + description: + - When an API call is made to Get Accounts, often times the default parameters passed will identify more than one account. This parameter is used to confidently identify a single account when the default query can return multiple results. + required: false + default: username,address,platform_id + type: str + safe: + description: + - The safe in the Vault where the privileged account is to be located + required: true + type: str + platform_id: + description: + - The PolicyID of the Platform that is to be managing the account + required: false + type: str + address: + description: + - The adress of the endpoint where the privileged account is located + required: false + type: str + name: + description: + - The ObjectID of the account + required: false + type: str + secret_type: + description: + - The value that identifies what type of account it will be. + required: false + default: password + choices: [password, key] + type: str + secret: + description: + - The initial password for the creation of the account + required: false + type: str + username: + description: + - The username associated with the account + required: false + type: str + secret_management + description: + - Set of parameters associated with the management of the credential + required: false + suboptions: + automatic_management_enabled: + description: + - Parameter that indicates whether the CPM will manage the password or not + default: True + type: bool + manual_management_reason: + description: + - String value indicating why the CPM will NOT manage the password + type: str + management_action: + description: + - CPM action flag to be placed on the account object for credential rotation + choices: [change, change_immediately, reconcile] + type: str + new_secret: + description: + - The actual password value that will be assigned for the CPM action to be taken + type: str + perform_management_action: + description: + - C(always) will perform the management action in every action + - C(on_create) will only perform the management action right after the account is created + choices: [always, on_create] + default: always + type: str + remote_machines_access: + description: + - Set of parameters for defining PSM endpoint access targets + required: false + type: dict + suboptions: + remote_machines: + description: + - List of targets allowed for this account + type: str + access_restricted_to_remote_machines: + description: + - Whether or not to restrict access only to specified remote machines + type: bool + platform_account_properties: + description: + - Object containing key-value pairs to associate with the account, as defined by the account platform. These properties are validated against the mandatory and optional properties of the specified platform's definition. Optional properties that do not exist on the account will not be returned here. Internal properties are not returned. + required: false + type: dict + suboptions: + KEY: + description: + - Freeform key value associated to the mandatory or optional property assigned to the specified Platform's definition. + aliases: [Port, ExtrPass1Name, database] + type: str +``` + +## Example Playbooks + + +```yaml + tasks: + + - name: Logon to CyberArk Vault using PAS Web Services SDK + cyberark.pas.cyberark_authentication: + api_base_url: "http://components.cyberark.local" + validate_certs: no + username: "bizdev" + password: "Cyberark1" + + - name: Creating an Account using the PAS WebServices SDK + cyberark.pas.cyberark_account: + logging_level: DEBUG + identified_by: "address,username" + safe: "Test" + address: "cyberark.local" + username: "administrator-x" + platform_id: WinServerLocal + secret: "@N&Ibl3!" + platform_account_properties: + LogonDomain: "cyberark" + OwnerName: "ansible_user" + secret_management: + automatic_management_enabled: true + state: present + cyberark_session: "{{ cyberark_session }}" + register: cyberarkaction + + - name: Rotate credential via reconcile and providing the password to be changed to + cyberark.pas.cyberark_account: + identified_by: "address,username" + safe: "Domain_Admins" + address: "prod.cyberark.local" + username: "admin" + platform_id: WinDomain + platform_account_properties: + LogonDomain: "PROD" + secret_management: + new_secret: "Ama123ah12@#!Xaamdjbdkl@#112" + management_action: "reconcile" + automatic_management_enabled: true + state: present + cyberark_session: "{{ cyberark_session }}" + register: reconcileaccount + + - name: Logoff from CyberArk Vault + cyberark.pas.cyberark_authentication: + state: absent + cyberark_session: "{{ cyberark_session }}" +``` diff --git a/ansible_collections/cyberark/pas/docs/cyberark_authentication.md b/ansible_collections/cyberark/pas/docs/cyberark_authentication.md new file mode 100644 index 00000000..57a46630 --- /dev/null +++ b/ansible_collections/cyberark/pas/docs/cyberark_authentication.md @@ -0,0 +1,104 @@ +# cyberark_authentication + + +Authenticates to CyberArk Vault using Privileged Account Security Web Services SDK and creates a session fact that can be used by other modules. It returns an Ansible fact called `cyberark_session`. Every module can use this fact as `cyberark_session` parameter. + + +#### Available Fields +``` +options: + state: + default: present + choices: [present, absent] + description: + - Specifies if an authentication logon/logoff and a cyberark_session should be added/removed. + username: + description: + - The name of the user who will logon to the Vault. + password: + description: + - The password of the user. + new_password: + description: + - The new password of the user. This parameter is optional, and enables you to change a password. + api_base_url: + description: + - A string containing the base URL of the server hosting CyberArk's Privileged Account Security Web Services SDK. + validate_certs: + type: bool + default: 'yes' + description: + - If C(false), SSL certificates will not be validated. This should only + set to C(false) used on personally controlled sites using self-signed + certificates. + use_shared_logon_authentication: + type: bool + default: 'no' + description: + - Whether or not Shared Logon Authentication will be used. + use_radius_authentication: + type: bool + default: 'no' + description: + - Whether or not users will be authenticated via a RADIUS server. Valid values are true/false. + cyberark_session: + description: + - Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session. + timeout: + type: int + default: 10 + description: + - Allows you set a timeout for when your authenticating to Cyberark +``` +## Example Playbooks + +**Shared Logon Authentication.**<br/> +Shared authentication is based on a user credential file that is stored in the PVWA web server. During shared authentication, only the user defined in the credential file can log on to the PVWA, but multiple users can use the logon token. + +This type of authentication requires the playbook to manage the users as the Vault can't identify which specific user performs each action. + +Multiple concurrent connections can be created using the same token, without affecting each other. + +The shared user is defined in a user credential file, whose location is specified in the WSCredentialFile parameter, in the appsettings section of the PVWAweb.config file: + +```xml +<add key="WSCredentialFile" value="C:\CyberArk\Password Vault Web Access\CredFiles\WSUser.ini"/> +``` +> Make sure that this user can access the PVWA interface.<br/> +> Make sure the user only has the permissions in the Vault that they require. + +It is recommended to secure connections between Ansible and the REST Web Services when using Shared Logon Authentication, using Client Authentication. + +In addition to SSL, use Client Authentication to authenticate Ansible using a client certificate. + +[Configuring client authentication via certificates](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SDK/Configuring%20Client%20Authentication%20via%20Client%20Certificates.htm) + +```yaml +- name: Logon to CyberArk Vault using PAS Web Services SDK - use_shared_logon_authentication + cyberark_authentication: + api_base_url: "{{ web_services_base_url }}" + use_shared_logon_authentication: yes +``` + +**CyberArk Authentication**<br/> +This method authenticates a user to the Vault and returns a token that can be used in subsequent web services calls. In addition, this method allows you to set a new password. + +Users can authenticate using **CyberArk**, **LDAP** or **RADIUS** authentication. + +```yaml +- name: Logon to CyberArk Vault using PAS Web Services SDK - Not use_shared_logon_authentication + cyberark_authentication: + api_base_url: "{{ web_services_base_url }}" + username: "{{ password_object.password }}" + password: "{{ password_object.passprops.username }}" + use_shared_logon_authentication: no +``` +**Logoff**<br/> +This method logs off the user and removes the Vault session. + +```yaml +- name: Logoff from CyberArk Vault + cyberark_authentication: + state: absent + cyberark_session: "{{ cyberark_session }} +``` diff --git a/ansible_collections/cyberark/pas/docs/cyberark_credential.md b/ansible_collections/cyberark/pas/docs/cyberark_credential.md new file mode 100644 index 00000000..b7b960cb --- /dev/null +++ b/ansible_collections/cyberark/pas/docs/cyberark_credential.md @@ -0,0 +1,127 @@ +# cyberark_credential + +Creates a URI for retrieving a credential from a password object stored in the Cyberark Vault. The request uses the Privileged Account Security Web Services SDK through the Central Credential Provider by requesting access with an Application ID. + +**Requirements:** +- CyberArk AAM Central Credential Provider +- ApplicationID with the following permissions on the safe containing the credential being requested: + - List Accounts + - Retrieve Accounts +> **NOTE:** The CCP's Provider user (Prov_hostaname) needs to have the following permissions on the safe containing the credential being requested: +>> List Accounts<br> +>> Retrieve Accounts<br> +>> View Safe Members<br> + +## Query +This field is semicolon delimited value that is the exact syntax that goes in the URI<br> +If you use the `object` parameter then there is no need to use any other parameter as the ObjectID is a unique value.<br> +**Example:** +``` + query: "Safe=test;UserName=admin" + OR + query: "Object=OperatingSystem-administrator-dev.local" +``` + +## Available Fields + +``` +options: + api_base_url: + description: + - A string containing the base URL of the server hosting the Central Credential Provider + required: true + type: string + validate_certs: + description: + - If C(false), SSL certificate chain will not be validated. This should only set to C(true) if you have a root CA certificate installed on each node. + type: bool + required: false + default: false + type: bool + app_id: + description: + - A string containing the Application ID authorized for retrieving the credential + required: true + type: string + query: + description: + - A string containing details of the object being queried + required: true + parameters: + Safe=<safe name> + Folder=<folder name within safe> + Object=<object name> + UserName=<username of object> + Address=<address listed for object> + Database=<optional file category for database objects> + PolicyID=<platform id managing object> + connection_timeout: + description: + - An integer value of the allowed time before the request returns failed + required: false + default: '30' + type: integer + query_format: + description: + - The format for which your Query will be received by the CCP + required: false + default: 'Exact' + choices: [Exact, Regexp] + type: choice + fail_request_on_password_change: + description: + - A boolean parameter for completing the request in the middle of a password change of the requested credential + required: false + default: false + type: bool + client_cert: + description: + - A string containing the file location and name of the client certificate used for authentication + required: false + type: string + client_key: + description: + - A string containing the file location and name of the private key of the client certificate used for authentication + required: false + type: string + reason: + description: + - Reason for requesting credential if required by policy + required: false + type: string +``` + + + +## Example Playbooks + +```yaml +- name: credential retrieval basic + cyberark_credential: + api_base_url: "http://10.10.0.1" + app_id: "TestID" + query: "Safe=test;UserName=admin" + register: result + + result: + { api_base_url }"/AIMWebService/api/Accounts?AppId="{ app_id }"&Query="{ query } + + +- name: credential retrieval advanced + cyberark_credential: + api_base_url: "https://components.cyberark.local" + validate_certs: yes + client_cert: /etc/pki/ca-trust/source/client.pem + client_key: /etc/pki/ca-trust/source/priv-key.pem + app_id: "TestID" + query: "Safe=test;UserName=admin" + connection_timeout: 60 + query_format: Exact + fail_request_on_password_change: True + reason: "requesting credential for Ansible deployment" + register: result + + result: + { api_base_url }"/AIMWebService/api/Accounts?AppId="{ app_id }"&Query="{ query }"&ConnectionTimeout="{ connection_timeout }"&QueryFormat="{ query_format }"&FailRequestOnPasswordChange="{ fail_request_on_password_change } + +``` diff --git a/ansible_collections/cyberark/pas/docs/cyberark_user.md b/ansible_collections/cyberark/pas/docs/cyberark_user.md new file mode 100644 index 00000000..b1bfa1bc --- /dev/null +++ b/ansible_collections/cyberark/pas/docs/cyberark_user.md @@ -0,0 +1,163 @@ +# cyberark_user + +This module allows admins to Add, Delete, and Modify CyberArk Vault Users. The ability to modify consists of the following: + +* Enable User<br> +* Disable User<br> +* Add/Remove Group<br> +* Set New Password<br> +* Force "change password at next login"<br> +* Modify User Information Fields<br> + * Email<br> + * First Name<br> + * Last Name<br> + * Expiry Date<br> + * User Type<br> + * Location<br> + +#### Limitations +**Idempotency** - All actions taken in the playbook adhere to the Ansible idempotency guidelines _except_ for password change. If you have the playbook set to modify a password it will "modify" the password every time the playbook is run, even if it is the same password.<br> +**Group Creation** - If the value for `group_name` does not exist in the Vault it will not create that group, the user action that was expected will fail. + +#### Available Fields + +``` +options: + username: + description: + - The name of the user who will be queried (for details), added, updated or deleted. + type: str + required: True + state: + description: + - Specifies the state needed for the user present for create user, absent for delete user. + type: str + choices: [ absent, present ] + default: present + cyberark_session: + description: + - Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, + please see M(cyberark_authentication) module for an example of cyberark_session. + type: dict + required: True + initial_password: + description: + - The password that the new user will use to log on the first time. + - This password must meet the password policy requirements. + - This parameter is required when state is present -- Add User. + type: str + new_password: + description: + - The user updated password. Make sure that this password meets the password policy requirements. + type: str + email: + description: + - The user email address. + type: str + first_name: + description: + - The user first name. + type: str + last_name: + description: + - The user last name. + type: str + change_password_on_the_next_logon: + description: + - Whether or not the user must change their password in their next logon. + type: bool + default: no + expiry_date: + description: + - The date and time when the user account will expire and become disabled. + type: str + user_type_name: + description: + - The type of user. + - The parameter defaults to C(EPVUser). + type: str + disabled: + description: + - Whether or not the user will be disabled. + type: bool + default: no + location: + description: + - The Vault Location for the user. + type: str + group_name: + description: + - The name of the group the user will be added to. + type: str +``` +## Example Playbooks + +This playbook will check if username `admin` exists, if it does not, it will provision the user in the Vault, add it to the `Auditors` group and set the account to be changed at first logon. + +```yaml +- name: Logon to CyberArk Vault using PAS Web Services SDK + cyberark_authentication: + api_base_url: https://components.cyberark.local + use_shared_logon_authentication: yes + +- name: Create user, add to Group + cyberark_user: + username: admin + first_name: "Cyber" + last_name: "Admin" + email: "cyber.admin@ansibledev.com" + initial_password: PA$$Word123 + user_type_name: EPVUser + change_password_on_the_next_logon: yes + group_name: Auditors + state: present + cyberark_session: '{{ cyberark_session }}' + register: cyberarkaction + +- name: Logoff from CyberArk Vault + cyberark_authentication: + state: absent + cyberark_session: '{{ cyberark_session }}' +``` + +This playbook will identify the user and delete it from the CyberArk Vault based on the `state: absent` parameter. + +```yaml +- name: Logon to CyberArk Vault using PAS Web Services SDK - use_shared_logon_authentication + cyberark_authentication: + api_base_url: "{{ web_services_base_url }}" + use_shared_logon_authentication: yes + +- name: Removing a CyberArk User + cyberark_user: + username: "ansibleuser" + state: absent + cyberark_session: "{{ cyberark_session }}" + register: cyberarkaction + +- name: Logoff from CyberArk Vault + cyberark_authentication: + state: absent + cyberark_session: "{{ cyberark_session }}" +``` +This playbook is an example of disabling a user based on the `disabled: true` value with that authentication using the credential set in Tower. +```yaml +- name: Logon to CyberArk Vault using PAS Web Services SDK - Not use_shared_logon_authentication + cyberark_authentication: + api_base_url: "{{ web_services_base_url }}" + username: "{{ password_object.password }}" + password: "{{ password_object.passprops.username }}" + use_shared_logon_authentication: no + +- name: Disabling a CyberArk User + cyberark_user: + username: "ansibleuser" + disabled: true + cyberark_session: "{{ cyberark_session }}" + register: cyberarkaction + +- name: Logoff from CyberArk Vault + cyberark_authentication: + state: absent + cyberark_session: "{{ cyberark_session }}" +``` diff --git a/ansible_collections/cyberark/pas/docs/images/cyberark_logo.jpg b/ansible_collections/cyberark/pas/docs/images/cyberark_logo.jpg Binary files differnew file mode 100644 index 00000000..e24741c3 --- /dev/null +++ b/ansible_collections/cyberark/pas/docs/images/cyberark_logo.jpg diff --git a/ansible_collections/cyberark/pas/docs/images/full-cyberark-logo.jpg b/ansible_collections/cyberark/pas/docs/images/full-cyberark-logo.jpg Binary files differnew file mode 100644 index 00000000..f44fdcdf --- /dev/null +++ b/ansible_collections/cyberark/pas/docs/images/full-cyberark-logo.jpg diff --git a/ansible_collections/cyberark/pas/docs/images/platform_account_properties.JPG b/ansible_collections/cyberark/pas/docs/images/platform_account_properties.JPG Binary files differnew file mode 100644 index 00000000..4ae11e3b --- /dev/null +++ b/ansible_collections/cyberark/pas/docs/images/platform_account_properties.JPG |
