diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-18 05:52:27 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-18 05:52:27 +0000 |
| commit | 3b0807ad7b283c46c21862eb826dcbb4ad04e5e2 (patch) | |
| tree | 6461ea75f03eca87a5a90c86c3c9a787a6ad037e /ansible_collections/cyberark/pas | |
| parent | Adding debian version 7.7.0+dfsg-3. (diff) | |
| download | ansible-3b0807ad7b283c46c21862eb826dcbb4ad04e5e2.tar.xz ansible-3b0807ad7b283c46c21862eb826dcbb4ad04e5e2.zip | |
Merging upstream version 9.4.0+dfsg.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/cyberark/pas')
13 files changed, 221 insertions, 50 deletions
diff --git a/ansible_collections/cyberark/pas/.github/CODEOWNERS b/ansible_collections/cyberark/pas/.github/CODEOWNERS new file mode 100644 index 000000000..526ad4f77 --- /dev/null +++ b/ansible_collections/cyberark/pas/.github/CODEOWNERS @@ -0,0 +1 @@ +* @cyberark-bizdev @enunez-cyberark @infamousjoeg diff --git a/ansible_collections/cyberark/pas/.github/workflows/ci.yml b/ansible_collections/cyberark/pas/.github/workflows/ci.yml new file mode 100644 index 000000000..63a8445ce --- /dev/null +++ b/ansible_collections/cyberark/pas/.github/workflows/ci.yml @@ -0,0 +1,105 @@ +# README FIRST +# 1. If you don't have unit tests, remove that section. +# 2. If your collection depends on other collections ensure they are installed, +# add them to the "test-deps" input. +# 3. For the comprehensive list of the inputs supported by the +# ansible-community/ansible-test-gh-action GitHub Action, see +# https://github.com/marketplace/actions/ansible-test. +# 4. If you want to prevent merging PRs that do not pass all tests, +# make sure to add the "check" job to your repository branch +# protection once this workflow is added. +# It is also possible to tweak which jobs are allowed to fail. See +# https://github.com/marketplace/actions/alls-green#gotchas for more detail. +# 5. If you need help please ask in #ansible-community on the Libera.chat IRC +# network. + +name: CI +on: + # Run CI against all pushes (direct commits, also merged PRs), Pull Requests + push: + branches: + - main + - master + - stable-* + pull_request: + # Run CI once per day (at 06:00 UTC) + # This ensures that even if there haven't been commits that we are still + # testing against latest version of ansible-test for each ansible-core + # version + schedule: + - cron: '0 6 * * *' + +concurrency: + group: >- + ${{ github.workflow }}-${{ + github.event.pull_request.number || github.sha + }} + cancel-in-progress: true + +jobs: + +### +# Sanity tests (REQUIRED) +# +# https://docs.ansible.com/ansible/latest/dev_guide/testing_sanity.html + + sanity: + name: Sanity (Ⓐ${{ matrix.ansible }}) + strategy: + matrix: + ansible: + # It's important that Sanity is tested against all stable-X.Y branches + # Testing against `devel` may fail as new tests are added. + # An alternative to `devel` is the `milestone` branch with + # gets synchronized with `devel` every few weeks and therefore + # tends to be a more stable target. Be aware that it is not updated + # around creation of a new stable branch, this might cause a problem + # that two different versions of ansible-test use the same sanity test + # ignore.txt file. + - stable-2.9 # Only if your collection supports Ansible 2.9 + - stable-2.10 # Only if your collection supports ansible-base 2.10 + - stable-2.11 + - stable-2.12 + - stable-2.13 + - stable-2.14 + - devel + # - milestone + # Ansible-test on various stable branches does not yet work well with cgroups v2. + # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04 + # image for these stable branches. The list of branches where this is necessary will + # shrink over time, check out https://github.com/ansible-collections/news-for-maintainers/issues/28 + # for the latest list. + runs-on: >- + ${{ contains(fromJson( + '["stable-2.9", "stable-2.10", "stable-2.11"]' + ), matrix.ansible) && 'ubuntu-20.04' || 'ubuntu-latest' }} + steps: + # Run sanity tests inside a Docker container. + # The docker container has all the pinned dependencies that are + # required and all Python versions Ansible supports. + - name: Perform sanity testing + uses: ansible-community/ansible-test-gh-action@release/v1 + with: + ansible-core-version: ${{ matrix.ansible }} + testing-type: sanity + # OPTIONAL If your sanity tests require code + # from other collections, install them like this + # test-deps: >- + # ansible.netcommon + # ansible.utils + + check: # This job does nothing and is only used for the branch protection + # or multi-stage CI jobs, like making sure that all tests pass before + # a publishing job is started. + if: always() + + needs: + - sanity + + runs-on: ubuntu-latest + + steps: + - name: Decide whether the needed jobs succeeded or failed + uses: re-actors/alls-green@release/v1 + with: + jobs: ${{ toJSON(needs) }} diff --git a/ansible_collections/cyberark/pas/.gitignore b/ansible_collections/cyberark/pas/.gitignore new file mode 100644 index 000000000..022880add --- /dev/null +++ b/ansible_collections/cyberark/pas/.gitignore @@ -0,0 +1,6 @@ + +meta/.galaxy_install_info +docs/.DS_Store +.DS_Store +.vscode/settings.json +*.gz diff --git a/ansible_collections/cyberark/pas/FILES.json b/ansible_collections/cyberark/pas/FILES.json index bef13dac3..425f260d8 100644 --- a/ansible_collections/cyberark/pas/FILES.json +++ b/ansible_collections/cyberark/pas/FILES.json @@ -53,7 +53,7 @@ "name": "plugins/event_source/syslog.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "7f2476298fc3942811e865f00c8d8099981c7353c5156bb3a15c0c4d5304819e", + "chksum_sha256": "6fcd787713757103e26c7b405ba7d0a8cac62267173bb361ba96c45cd7d36d04", "format": 1 }, { @@ -81,7 +81,7 @@ "name": "plugins/modules/cyberark_credential.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "63a79fd9eeda9f571a4a4020bca8c5ea836431df433212c01995133bb713705c", + "chksum_sha256": "7fb4493a3b6a01513761b4e8a49d9f400f9884eb68ecaf462de2ad9019e853a0", "format": 1 }, { @@ -179,7 +179,7 @@ "name": "meta/runtime.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "db1dfe098d05c998eb62c32cf99d3b7bbf93afc0a1f0b4704b024eaa7c7b6848", + "chksum_sha256": "34e3eb51c33492147d1f5749dba329c58fd70741deb1a619443735edd02c80d7", "format": 1 }, { @@ -207,21 +207,21 @@ "name": "roles/aimprovider/tasks/uninstallAIMProvider.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "2a3dce24d9d2f05edbee3ad2ee14b733fdcfdc6494e2fb9550c5dd02fbe1f734", + "chksum_sha256": "c96752c68df71ed3acfae857472140e20ffb1ebafd1d4ebe49fc998edb785aca", "format": 1 }, { "name": "roles/aimprovider/tasks/installAIMProvider.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "f334faee54008e6101414771409a9aa7f98b62e4996269003dca84441d4f6db5", + "chksum_sha256": "6e2e988ba937edd41efb76bc8a106d39fc128c82dee5cc2f9f36597e93992089", "format": 1 }, { "name": "roles/aimprovider/tasks/main.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "224814783560fc317b2df277f2542273747f533abf493c891b03a0e496d8feab", + "chksum_sha256": "4d81e657505c4df85527613bd90db5598c6aa5e0a2596e39c2178da40c28e0ed", "format": 1 }, { @@ -347,7 +347,7 @@ "name": "docs/cyberark_credential.md", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "903afbe64bbbbd94f8c2571eee2890a9380c4ebc0d5e94184ba3111672a708bf", + "chksum_sha256": "a197fadb85283e60bb81e3b6858a1abb87fa9c1203fa7b1e0bdca1d485412ac4", "format": 1 }, { @@ -382,7 +382,7 @@ "name": "README.md", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "8f163f0bfa5d572f89fb02db1acf39330d9e5d56e5eb3a87500a9c6b07fc0291", + "chksum_sha256": "ba94349decedc0cae0649d1e63ee6c6907eb0476a4b6ae6945c1e1defe8b3a04", "format": 1 }, { @@ -442,6 +442,13 @@ "format": 1 }, { + "name": ".gitignore", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "dfc5692588b338148d1ae60d04cb5c2561f659e2efdb0a01813b5d1ef5605605", + "format": 1 + }, + { "name": "CONTRIBUTING.md", "ftype": "file", "chksum_type": "sha256", @@ -449,6 +456,34 @@ "format": 1 }, { + "name": ".github", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": ".github/CODEOWNERS", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "bddce55d10995835c4bca70664540737833e20d80d68025942d813b15ea878dd", + "format": 1 + }, + { + "name": ".github/workflows", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": ".github/workflows/ci.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e8f0b040ee81fe1e19ea5f2b6044ad01ed4ffcef1ed28eaaa3331bdb711f0bdd", + "format": 1 + }, + { "name": "custom-cred-types", "ftype": "dir", "chksum_type": null, diff --git a/ansible_collections/cyberark/pas/MANIFEST.json b/ansible_collections/cyberark/pas/MANIFEST.json index 73d64bb7a..6bc30d809 100644 --- a/ansible_collections/cyberark/pas/MANIFEST.json +++ b/ansible_collections/cyberark/pas/MANIFEST.json @@ -2,7 +2,7 @@ "collection_info": { "namespace": "cyberark", "name": "pas", - "version": "1.0.19", + "version": "1.0.25", "authors": [ "CyberArk Business Development (@cyberark-bizdev)", "Edward Nunez (@enunez-cyberark)", @@ -36,7 +36,7 @@ "name": "FILES.json", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "963cff01c982a389719c2948de6d0c8e18531926af68e1f238789385e49cec71", + "chksum_sha256": "153afed2909055a0fb7bba7c4a86b86e6593fd071decf92476ae880b3b60ec90", "format": 1 }, "format": 1 diff --git a/ansible_collections/cyberark/pas/README.md b/ansible_collections/cyberark/pas/README.md index 43842e7dc..401676e42 100644 --- a/ansible_collections/cyberark/pas/README.md +++ b/ansible_collections/cyberark/pas/README.md @@ -17,6 +17,7 @@ The following modules will allow CyberArk administrators to automate the followi #### Requirements +- Ansible Core 2.13.x or above - CyberArk Privileged Account Security Web Services SDK - CyberArk AAM Central Credential Provider (**Only required for cyberark_credential**) diff --git a/ansible_collections/cyberark/pas/docs/cyberark_credential.md b/ansible_collections/cyberark/pas/docs/cyberark_credential.md index 046d8b2a7..d589f145c 100644 --- a/ansible_collections/cyberark/pas/docs/cyberark_credential.md +++ b/ansible_collections/cyberark/pas/docs/cyberark_credential.md @@ -124,4 +124,14 @@ options: result: { api_base_url }"/AIMWebService/api/Accounts?AppId="{ app_id }"&Query="{ query }"&ConnectionTimeout="{ connection_timeout }"&QueryFormat="{ query_format }"&FailRequestOnPasswordChange="{ fail_request_on_password_change } +- name: credential retrieval custom path + cyberark_credential: + api_base_url: "http://10.10.0.1" + app_id: "TestID" + query: "Safe=test;UserName=admin" + path: AimWebServiceCustom + register: result + + result: + { api_base_url } { path } "?AppId="{ app_id }"&Query="{ query } ``` diff --git a/ansible_collections/cyberark/pas/meta/runtime.yml b/ansible_collections/cyberark/pas/meta/runtime.yml index 1b754c9c2..0ee1c6ed6 100644 --- a/ansible_collections/cyberark/pas/meta/runtime.yml +++ b/ansible_collections/cyberark/pas/meta/runtime.yml @@ -1,2 +1,2 @@ --- - requires_ansible: '>=2.9'
\ No newline at end of file + requires_ansible: '>=2.13.0'
\ No newline at end of file diff --git a/ansible_collections/cyberark/pas/plugins/event_source/syslog.py b/ansible_collections/cyberark/pas/plugins/event_source/syslog.py index 2fbe1916c..ff89ed413 100644 --- a/ansible_collections/cyberark/pas/plugins/event_source/syslog.py +++ b/ansible_collections/cyberark/pas/plugins/event_source/syslog.py @@ -1,7 +1,3 @@ -#!/usr/bin/python -# Copyright: (c) 2017, Ansible Project -# GNU General Public License v3.0+ -# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import (absolute_import, division, print_function) @@ -22,17 +18,17 @@ Arguments: import asyncio import json import logging -import socketserver from typing import Any, Dict import re + def parse(str_input): """ Parse a string in CEF format and return a dict with the header values and the extension data. """ - logger = logging.getLogger() + logger = logging.getLogger() # Create the empty dict we'll return later values = dict() @@ -53,11 +49,11 @@ def parse(str_input): spl = re.split(r'(?<!\\)\|', header) # If the input entry had any blanks in the required headers, that's wrong - # and we should return. Note we explicitly don't check the last item in the + # and we should return. Note we explicitly don't check the last item in the # split list becuase the header ends in a '|' which means the last item # will always be an empty string (it doesn't exist, but the delimiter does). if "" in spl[0:-1]: - logger.warning(f'Blank field(s) in CEF header. Is it valid CEF format?') + logger.warning("Blank field(s) in CEF header. Is it valid CEF format?") return None # Since these values are set by their position in the header, it's @@ -108,7 +104,7 @@ def parse(str_input): return None # Now we're done! - logger.debug('Returning values: ' + str(values)) + logger.debug("Returning values: %s", str(values)) return values @@ -116,37 +112,39 @@ class SyslogProtocol(asyncio.DatagramProtocol): def __init__(self, edaQueue): super().__init__() self.edaQueue = edaQueue + def connection_made(self, transport) -> "Used by asyncio": self.transport = transport - + def datagram_received(self, data, addr): - asyncio.get_event_loop().create_task(self.datagram_received_async( data, addr)) + asyncio.get_event_loop().create_task(self.datagram_received_async(data, addr)) async def datagram_received_async(self, indata, addr) -> "Main entrypoint for processing message": # Syslog event data received, and processed for EDA - logger = logging.getLogger() + logger = logging.getLogger() rcvdata = indata.decode() - logger.info(f"Received Syslog message: {rcvdata}") + logger.info("Received Syslog message: %s", rcvdata) data = parse(rcvdata) if data is None: # if not CEF, we will try JSON load of the text from first curly brace try: value = rcvdata[rcvdata.index("{"):len(rcvdata)] - #logger.info("value after encoding:%s", value1) + # logger.info("value after encoding:%s", value1) data = json.loads(value) - #logger.info("json:%s", data) + # logger.info("json:%s", data) except json.decoder.JSONDecodeError as jerror: logger.error(jerror) data = rcvdata except UnicodeError as e: logger.error(e) - + if data: - #logger.info("json data:%s", data) + # logger.info("json data:%s", data) queue = self.edaQueue await queue.put({"cyberark": data}) + async def main(queue: asyncio.Queue, args: Dict[str, Any]): logger = logging.getLogger() @@ -156,18 +154,18 @@ async def main(queue: asyncio.Queue, args: Dict[str, Any]): transport, protocol = await asyncio.get_running_loop().create_datagram_endpoint( lambda: SyslogProtocol(queue), local_addr=((host, port))) - logger.info(f"Starting cyberark.pas.syslog [Host={host}, port={port}]") + logger.info("Starting cyberark.pas.syslog [Host=%s, port=%s]", host, port) try: while True: await asyncio.sleep(3600) # Serve for 1 hour. finally: transport.close() - - + + if __name__ == "__main__": class MockQueue: async def put(self, event): - pass #print(event) + pass asyncio.run(main(MockQueue(), {})) diff --git a/ansible_collections/cyberark/pas/plugins/modules/cyberark_credential.py b/ansible_collections/cyberark/pas/plugins/modules/cyberark_credential.py index 128d03b32..3bbf8dbee 100644 --- a/ansible_collections/cyberark/pas/plugins/modules/cyberark_credential.py +++ b/ansible_collections/cyberark/pas/plugins/modules/cyberark_credential.py @@ -98,6 +98,12 @@ options: - Reason for requesting credential if required by policy; - It must be specified if the Policy managing the object - requires it. + path: + type: str + required: false + description: + - String override for the context path + """ EXAMPLES = """ @@ -225,17 +231,22 @@ def retrieve_credential(module): fail_request_on_password_change = module.params["fail_request_on_password_change"] client_cert = None client_key = None + path = "/AIMWebService/api/Accounts" if "client_cert" in module.params: client_cert = module.params["client_cert"] if "client_key" in module.params: client_key = module.params["client_key"] + if "path" in module.params: + path = module.params["path"] + end_point = ( - "/AIMWebService/api/Accounts?AppId=%s&Query=%s&" + "%s?AppId=%s&Query=%s&" "ConnectionTimeout=%s&QueryFormat=%s" "&FailRequestOnPasswordChange=%s" ) % ( + path, quote(app_id), quote(query), connection_timeout, diff --git a/ansible_collections/cyberark/pas/roles/aimprovider/tasks/installAIMProvider.yml b/ansible_collections/cyberark/pas/roles/aimprovider/tasks/installAIMProvider.yml index ea2217202..f95d9958c 100644 --- a/ansible_collections/cyberark/pas/roles/aimprovider/tasks/installAIMProvider.yml +++ b/ansible_collections/cyberark/pas/roles/aimprovider/tasks/installAIMProvider.yml @@ -12,12 +12,13 @@ (use_shared_logon_authentication|default(false) and password_object is not defined) -- debug: msg="Installation params => zip_file_name = {{zip_file_name}} folder_name={{folder_name}}" +- name: debug message + debug: msg="Installation params => zip_file_name = {{ zip_file_name }} folder_name={{ folder_name }}" - block: - name: Copy provider zip to target and unzip - unarchive: src="{{zip_file_name}}" dest=/tmp + unarchive: src="{{ zip_file_name }}" dest=/tmp - name: Rename aimparms and copy to var/tmp command: cp "/tmp/{{folder_name}}/aimparms.sample" /var/tmp/aimparms @@ -25,8 +26,8 @@ - name: Replace parameters" in /var/tmp/aimparms replace: dest: /var/tmp/aimparms - regexp: "{{item.regexp}}" - replace: "{{item.replace}}" + regexp: "{{ item.regexp }}" + replace: "{{ item.replace }}" with_items: - {regexp: '^AcceptCyberArkEULA=.*$', replace: 'AcceptCyberArkEULA=Yes'} - {regexp: '^LicensedProducts=.*$', replace: 'LicensedProducts=AIM'} @@ -36,7 +37,7 @@ - name: Change Vault.ini to the right address replace: - dest: "/tmp/{{folder_name}}/Vault.ini" + dest: "/tmp/{{ folder_name }}/Vault.ini" regexp: '^ADDRESS=.*$' replace: 'ADDRESS={{vault_address}}' @@ -45,15 +46,16 @@ path: "/tmp/{{folder_name}}/CreateCredFile" mode: 0755 - - find: - paths: "/tmp/{{folder_name}}" + - name: find rpm + find: + paths: "/tmp/{{ folder_name }}" patterns: "CARKaim-*.rpm" register: aimrpm # debug: msg="{{aimrpm.files[0].path}}" - name: Install Provider - package: name='{{aimrpm.files[0].path}}' state=present + package: name='{{ aimrpm.files[0].path }}' state=present - name: Verify status of service after installing Provider command: service aimprv status @@ -125,15 +127,15 @@ when: (command_result.rc != 0) - name: Set vault.ini Into Place - command: cp "/tmp/{{folder_name}}/Vault.ini" /etc/opt/CARKaim/vault/vault.ini + command: cp "/tmp/{{ folder_name }}/Vault.ini" /etc/opt/CARKaim/vault/vault.ini - name: Start Provider Service service: name=aimprv state=started when: (command_result.rc != 0) - - name: Remove /tmp/{{folder_name}} + - name: Remove /tmp/{{ folder_name }} file: - path: '/tmp/{{folder_name}}' + path: '/tmp/{{ folder_name }}' state: absent - name: Remove /var/tmp/aimparms @@ -143,10 +145,11 @@ rescue: - - name: Remove /tmp/{{folder_name}} + - name: Remove /tmp/{{ folder_name }} file: - path: '/tmp/{{folder_name}}' + path: '/tmp/{{ folder_name }}' state: absent - - fail: + - name: Failure to install + fail: msg: "AIM Credential Provider Installation failed!" diff --git a/ansible_collections/cyberark/pas/roles/aimprovider/tasks/main.yml b/ansible_collections/cyberark/pas/roles/aimprovider/tasks/main.yml index 9e65e1c61..18aff1960 100644 --- a/ansible_collections/cyberark/pas/roles/aimprovider/tasks/main.yml +++ b/ansible_collections/cyberark/pas/roles/aimprovider/tasks/main.yml @@ -15,10 +15,11 @@ args: warn: false -- debug: msg="status of service RC={{service_already_running.rc}}" +- name: debug message + debug: msg="status of service RC={{ service_already_running.rc }}" - import_tasks: installAIMProvider.yml when: (state == "present" and service_already_running.rc != 0) - import_tasks: uninstallAIMProvider.yml - when: (state == "absent" and service_already_running.rc == 0)
\ No newline at end of file + when: (state == "absent" and service_already_running.rc == 0) diff --git a/ansible_collections/cyberark/pas/roles/aimprovider/tasks/uninstallAIMProvider.yml b/ansible_collections/cyberark/pas/roles/aimprovider/tasks/uninstallAIMProvider.yml index 75c15f7e2..4b5947d22 100644 --- a/ansible_collections/cyberark/pas/roles/aimprovider/tasks/uninstallAIMProvider.yml +++ b/ansible_collections/cyberark/pas/roles/aimprovider/tasks/uninstallAIMProvider.yml @@ -58,4 +58,4 @@ rescue: - fail: - msg: "AIM Credential Provider Uninstall failed!"
\ No newline at end of file + msg: "AIM Credential Provider Uninstall failed!" |