Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---
- - hosts: localhost
- connection: local
- gather_facts: false
- vars:
- wallix_url: https://wallix.ninja.cybersoprasteria.com
- wallix_username: adm.fmangeant
- wallix_password: xxxxxxxxxxxxx
- wallix_newuser:
- name: fmt
- email: frederic.mangeant@gmail.com
- comment: Ansible created user
- group: admins
- profil: user
- smtp_host: smtp.gmail.com
- smtp_port: 465
- smtp_username: toto@gmail.com
- smtp_password: xxxxxxxx
- onetimesecret_url: https://onetimesecret.com
- onetimesecret_username: toto@gmail.com
- onetimesecret_apitoken: xxxxxx
- onetimesecret_ttl: 86400
- tasks:
- - debug:
- msg: 'user : {{ smtp_username }} / password : {{ smtp_password }}'
- - name: Generate multiple random strings
- set_fact:
- random_digits: "{{ lookup('password', '/dev/null length=4 chars=digits') }}"
- random_letters: "{{ lookup('password', '/dev/null length=4 chars=ascii_letters') }}"
- random_punctuation: "{{ lookup('password', '/dev/null length=4 chars=punctuation') }}"
- - name: Generate a random password
- shell: 'echo "{{ random_digits }}" "{{ random_letters }}" "{{ random_punctuation }}" | shuf'
- changed_when: false
- register: strings_shuffled
- - name: Search for {{ wallix_newuser.name }} user
- uri:
- method: GET
- url: '{{ wallix_url }}/api/users/?q=user_name~{{ wallix_newuser.name }}'
- validate_certs: false
- force_basic_auth: true
- url_username: '{{ wallix_username }}'
- url_password: '{{ wallix_password }}'
- register: users_list
- - name: Ensure {{ wallix_newuser.name }} is created and is member of {{ wallix_newuser.group }} group
- block:
- - name: Search for {{ wallix_newuser.group }} group
- uri:
- method: GET
- validate_certs: false
- url: '{{ wallix_url }}/api/usergroups/{{ wallix_newuser.group }}'
- force_basic_auth: true
- url_username: '{{ wallix_username }}'
- url_password: '{{ wallix_password }}'
- ignore_errors: true
- register: groups_list
- - name: Add {{ wallix_newuser.group }} group
- uri:
- method: POST
- validate_certs: false
- url: '{{ wallix_url }}/api/usergroups/'
- force_basic_auth: true
- url_username: '{{ wallix_username }}'
- url_password: '{{ wallix_password }}'
- body_format: json
- body: "{
- 'group_name': '{{ wallix_newuser.group }}',
- 'timeframes': [
- 'allthetime'
- ],
- }"
- status_code: 204
- when: 'groups_list.json.error is defined and "Resource not found" in groups_list.json.error'
- # Methode 1
- - name: Generate a random password
- set_fact:
- random_password: "{{ lookup('password', '/dev/null length=16 chars=ascii_letters,digits,punctuation') }}"
- # Methode 2
- - name: Generate a random string
- shell: < /dev/urandom tr -cd "[:print:]" | head -c 16; echo
- changed_when: false
- register: new_password
- - name: Set a random password
- set_fact:
- random_password: '{{ new_password.stdout }}'
- # Methode 3
- - name: Generate multiple random strings
- set_fact:
- random_digits: "{{ lookup('password', '/dev/null length=4 chars=digits') }}"
- random_letters: "{{ lookup('password', '/dev/null length=4 chars=ascii_letters') }}"
- random_punctuation: "{{ lookup('password', '/dev/null length=4 chars=punctuation') }}"
- - name: Shuffle strings
- shell: 'echo {{ random_digits }} {{ random_letters }} {{ random_punctuation }} | shuf'
- changed_when: false
- register: strings_shuffled
- - name: Set a random password
- set_fact:
- random_password: '{{ strings_shuffled.stdout }}'
- - name: Add {{ wallix_newuser.name }} user
- uri:
- method: POST
- validate_certs: false
- url: '{{ wallix_url }}/api/users'
- force_basic_auth: true
- url_username: '{{ wallix_username }}'
- url_password: '{{ wallix_password }}'
- body_format: json
- body: "{
- 'user_name': '{{ wallix_newuser.name }}',
- 'email': '{{ wallix_newuser.email }}',
- 'profile': '{{ wallix_newuser.profil }}',
- 'password': '{{ random_password }}',
- 'user_auths': [
- 'local_password'
- ],
- 'groups': [
- '{{ wallix_newuser.group }}'
- ],
- }"
- status_code: 204
- - name: Generate a random passphrase for OneTimeSecret.com
- set_fact:
- onetimesecret_passphrase: "{{ lookup('password', '/dev/null length=16 chars=ascii_letters,ascii_uppercase,ascii_lowercase,digits') }}"
- - name: Create a link using OneTimeSecret.com
- uri:
- method: POST
- url: '{{ onetimesecret_url }}/api/v1/share'
- url_username: '{{ onetimesecret_username }}'
- url_password: '{{ onetimesecret_apitoken }}'
- force_basic_auth: true
- body_format: form-urlencoded
- body:
- passphrase: '{{ onetimesecret_passphrase }}'
- ttl: "{{ onetimesecret_ttl }}"
- secret: '{{ random_password }}'
- register: onetimesecret_secret
- - name: Send an email to the user
- mail:
- host: '{{ smtp_host }}'
- port: '{{ smtp_port }}'
- username: '{{ smtp_username }}'
- password: '{{ smtp_password }}'
- subject: 'Your credentials on {{ wallix_url }}'
- from: '{{ smtp_username }}'
- to: '{{ wallix_newuser.email }}'
- body: 'Your password is available here : {{ onetimesecret_url }}/secret/{{ onetimesecret_secret.json.secret_key }}
- Passphrase : {{ onetimesecret_passphrase }}
- Expiration in 24 hours.'
- when: users_list.json[0].user_name is not defined
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement