API tools faq
paste
Advertisement
Fredouye

Wallix / Onetimesecret

Fredouye
Aug 8th, 2023
3,107
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
YAML 6.22 KB | None | 0 0
raw download clone embed print report
  1. ---
  2.  
  3. - hosts: localhost
  4.   connection: local
  5.   gather_facts: false
  6.   vars:
  7.     wallix_url: https://wallix.ninja.cybersoprasteria.com
  8.     wallix_username: adm.fmangeant
  9.     wallix_password: xxxxxxxxxxxxx
  10.     wallix_newuser:
  11.         name: fmt
  12.         email: frederic.mangeant@gmail.com
  13.         comment: Ansible created user
  14.         group: admins
  15.         profil: user
  16.     smtp_host: smtp.gmail.com
  17.     smtp_port: 465
  18.     smtp_username: toto@gmail.com
  19.     smtp_password: xxxxxxxx
  20.     onetimesecret_url: https://onetimesecret.com
  21.     onetimesecret_username: toto@gmail.com
  22.     onetimesecret_apitoken: xxxxxx
  23.     onetimesecret_ttl: 86400
  24.   tasks:
  25.     - debug:
  26.         msg: 'user : {{ smtp_username }} / password : {{ smtp_password }}'
  27.  
  28.     - name: Generate multiple random strings
  29.       set_fact:
  30.         random_digits: "{{ lookup('password', '/dev/null length=4 chars=digits') }}"
  31.         random_letters: "{{ lookup('password', '/dev/null length=4 chars=ascii_letters') }}"
  32.         random_punctuation: "{{ lookup('password', '/dev/null length=4 chars=punctuation') }}"
  33.  
  34.     - name: Generate a random password
  35.       shell: 'echo "{{ random_digits }}" "{{ random_letters }}" "{{ random_punctuation }}" | shuf'
  36.       changed_when: false
  37.       register: strings_shuffled
  38.  
  39.     - name: Search for {{ wallix_newuser.name }} user
  40.       uri:
  41.         method: GET
  42.         url: '{{ wallix_url }}/api/users/?q=user_name~{{ wallix_newuser.name }}'
  43.         validate_certs: false
  44.         force_basic_auth: true
  45.         url_username: '{{ wallix_username }}'
  46.         url_password: '{{ wallix_password }}'
  47.       register: users_list
  48.  
  49.     - name: Ensure {{ wallix_newuser.name }} is created and is member of {{ wallix_newuser.group }} group
  50.       block:
  51.         - name: Search for {{ wallix_newuser.group }} group
  52.           uri:
  53.             method: GET
  54.             validate_certs: false
  55.             url: '{{ wallix_url }}/api/usergroups/{{ wallix_newuser.group }}'
  56.             force_basic_auth: true
  57.             url_username: '{{ wallix_username }}'
  58.             url_password: '{{ wallix_password }}'
  59.           ignore_errors: true
  60.           register: groups_list
  61.  
  62.         - name: Add {{ wallix_newuser.group }} group
  63.           uri:
  64.             method: POST
  65.             validate_certs: false
  66.             url: '{{ wallix_url }}/api/usergroups/'
  67.             force_basic_auth: true
  68.             url_username: '{{ wallix_username }}'
  69.             url_password: '{{ wallix_password }}'
  70.             body_format: json
  71.             body: "{
  72.              'group_name': '{{ wallix_newuser.group }}',
  73.              'timeframes': [
  74.              'allthetime'
  75.                ],
  76.              }"
  77.             status_code: 204
  78.           when: 'groups_list.json.error is defined and "Resource not found" in groups_list.json.error'
  79.  
  80.         # Methode 1
  81.         - name: Generate a random password
  82.           set_fact:
  83.             random_password: "{{ lookup('password', '/dev/null length=16 chars=ascii_letters,digits,punctuation') }}"
  84.  
  85.         # Methode 2
  86.         - name: Generate a random string
  87.           shell: < /dev/urandom tr -cd "[:print:]" | head -c 16; echo
  88.           changed_when: false
  89.           register: new_password
  90.  
  91.         - name: Set a random password
  92.           set_fact:
  93.             random_password: '{{ new_password.stdout }}'
  94.  
  95.         # Methode 3
  96.         - name: Generate multiple random strings
  97.           set_fact:
  98.             random_digits: "{{ lookup('password', '/dev/null length=4 chars=digits') }}"
  99.             random_letters: "{{ lookup('password', '/dev/null length=4 chars=ascii_letters') }}"
  100.             random_punctuation: "{{ lookup('password', '/dev/null length=4 chars=punctuation') }}"
  101.  
  102.         - name: Shuffle strings
  103.           shell: 'echo {{ random_digits }} {{ random_letters }} {{ random_punctuation }} | shuf'
  104.           changed_when: false
  105.           register: strings_shuffled
  106.  
  107.         - name: Set a random password
  108.           set_fact:
  109.             random_password: '{{ strings_shuffled.stdout }}'
  110.  
  111.         - name: Add {{ wallix_newuser.name }} user
  112.           uri:
  113.             method: POST
  114.             validate_certs: false
  115.             url: '{{ wallix_url }}/api/users'
  116.             force_basic_auth: true
  117.             url_username: '{{ wallix_username }}'
  118.             url_password: '{{ wallix_password }}'
  119.             body_format: json
  120.             body: "{
  121.              'user_name': '{{ wallix_newuser.name }}',
  122.              'email': '{{ wallix_newuser.email }}',
  123.              'profile': '{{ wallix_newuser.profil }}',
  124.              'password': '{{ random_password }}',
  125.              'user_auths': [
  126.              'local_password'
  127.                ],
  128.              'groups': [
  129.              '{{ wallix_newuser.group }}'
  130.                ],
  131.              }"
  132.             status_code: 204
  133.  
  134.         - name: Generate a random passphrase for OneTimeSecret.com
  135.           set_fact:
  136.             onetimesecret_passphrase: "{{ lookup('password', '/dev/null length=16 chars=ascii_letters,ascii_uppercase,ascii_lowercase,digits') }}"
  137.  
  138.         - name: Create a link using OneTimeSecret.com
  139.           uri:
  140.             method: POST
  141.             url: '{{ onetimesecret_url }}/api/v1/share'
  142.             url_username: '{{ onetimesecret_username }}'
  143.             url_password: '{{ onetimesecret_apitoken }}'
  144.             force_basic_auth: true
  145.             body_format: form-urlencoded
  146.             body:
  147.               passphrase: '{{ onetimesecret_passphrase }}'
  148.               ttl: "{{ onetimesecret_ttl }}"
  149.               secret: '{{ random_password }}'
  150.           register: onetimesecret_secret
  151.  
  152.         - name: Send an email to the user
  153.           mail:
  154.             host: '{{ smtp_host }}'
  155.             port: '{{ smtp_port }}'
  156.             username: '{{ smtp_username }}'
  157.             password: '{{ smtp_password }}'
  158.             subject: 'Your credentials on {{ wallix_url }}'
  159.             from: '{{ smtp_username }}'
  160.             to: '{{ wallix_newuser.email }}'
  161.             body: 'Your password is available here : {{ onetimesecret_url }}/secret/{{ onetimesecret_secret.json.secret_key }}
  162.  
  163.             Passphrase : {{ onetimesecret_passphrase }}
  164.  
  165.             Expiration in 24 hours.'
  166.       when: users_list.json[0].user_name is not defined
  167.  
  168.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!