cisco.intersight.intersight_local_user_policy module – Local User Policy configuration for Cisco Intersight
Note
This module is part of the cisco.intersight collection (version 1.0.22).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.intersight
.
To use it in a playbook, specify: cisco.intersight.intersight_local_user_policy
.
New in cisco.intersight 2.10
Synopsis
Local User Policy configuration for Cisco Intersight.
Used to configure local users on endpoint devices.
For more information see Cisco Intersight.
Parameters
Parameter |
Comments |
---|---|
Since passwords are not returned by the API and are encrypted on the endpoint, this option will instruct the module when to change the password. If true, the password for each user will always be updated in the policy. If false, the password will be updated only if the user is created. Default: |
|
Public API Key ID associated with the private key. If not set, the value of the INTERSIGHT_API_KEY_ID environment variable is used. |
|
Filename (absolute path) or string of PEM formatted private key data to be used for Intersight API authentication. If a string is used, Ansible vault should be used to encrypt string data. Ex. ansible-vault encrypt_string –vault-id tme@/Users/dsoper/Documents/vault_password_file ‘—–BEGIN EC PRIVATE KEY—–
If not set, the value of the INTERSIGHT_API_PRIVATE_KEY environment variable is used. |
|
URI used to access the Intersight API. If not set, the value of the INTERSIGHT_API_URI environment variable is used. Default: |
|
The user-defined description of the Local User policy. Description can contain letters(a-z, A-Z), numbers(0-9), hyphen(-), period(.), colon(:), or an underscore(_). |
|
Enables password expiry on the endpoint. Choices:
|
|
If true, enables a strong password policy. Strong password requirements:.
Choices:
|
|
List of local users on the endpoint. An admin user already exists on the endpoint. Add the admin user here only if you want to change the password, or enable or disable the user. To add admin user, provide a username as ‘admin’, select the admin user role, and then proceed. |
|
Enable or disable the user. Choices:
|
|
Valid login password of the user. |
|
Roles associated with the user on the endpoint. Choices:
|
|
Name of the user created on the endpoint. |
|
The name assigned to the Local User Policy. The name must be between 1 and 62 alphanumeric characters, allowing special characters :-_. |
|
The name of the Organization this resource is assigned to. Profiles and Policies that are created within a Custom Organization are applicable only to devices in the same Organization. Default: |
|
Specifies number of times a password cannot repeat when changed (value between 0 and 5). Entering 0 disables this option. Default: |
|
The purge argument instructs the module to consider the resource definition absolute. If true, any previously configured usernames will be removed from the policy with the exception of the `admin` user which cannot be deleted. Default: |
|
If If Choices:
|
|
List of tags in Key:<user-defined key> Value:<user-defined value> format. |
|
If Choices:
|
|
Boolean control for verifying the api_uri TLS certificate Choices:
|
Examples
- name: Configure Local User policy
intersight_local_user_policy:
api_private_key: "{{ api_private_key }}"
api_key_id: "{{ api_key_id }}"
name: guest-admin
tags:
- Key: username
Value: guest
description: User named guest with admin role
local_users:
- username: guest
role: admin
password: vault_guest_password
- username: reader
role: readonly
password: vault_reader_password
- name: Delete Local User policy
intersight_local_user_policy:
api_private_key: "{{ api_private_key }}"
api_key_id: "{{ api_key_id }}"
name: guest-admin
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The API response output returned by the specified resource. Returned: always Sample: |