Updated to 1.0.20 for certification in ansible 2.13.0 and above

cyberark · Sep 28, 2023 · 57e4d06 · 57e4d06
1 parent f70a0df
commit 57e4d06
Show file tree

Hide file tree

Showing 6 changed files with 142 additions and 137 deletions.
diff --git a/README.md b/README.md
@@ -17,6 +17,7 @@ The following modules will allow CyberArk administrators to automate the followi
 
 #### Requirements
 
+- Ansible Core 2.13.x or above
 - CyberArk Privileged Account Security Web Services SDK
 - CyberArk AAM Central Credential Provider (**Only required for cyberark_credential**)
 

diff --git a/galaxy.yml b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: "cyberark"
 name: "pas"
-version: "1.0.19"
+version: "1.0.20"
 readme: README.md
 authors:
     - CyberArk Business Development (@cyberark-bizdev)

diff --git a/meta/runtime.yml b/meta/runtime.yml
@@ -1,2 +1,2 @@
 ---
-    requires_ansible: '>=2.9'
+    requires_ansible: '>=2.13.0'
diff --git a/roles/aimprovider/tasks/installAIMProvider.yml b/roles/aimprovider/tasks/installAIMProvider.yml
@@ -12,141 +12,144 @@
         (use_shared_logon_authentication|default(false) and password_object is not defined)
 
 
-- debug: msg="Installation params => zip_file_name = {{zip_file_name}}  folder_name={{folder_name}}"
+- name: debug message
+  debug: msg="Installation params => zip_file_name = {{ zip_file_name }}  folder_name={{ folder_name }}"
 
 - block:
 
-  - name: Copy provider zip to target and unzip
-    unarchive: src="{{zip_file_name}}" dest=/tmp
-
-  - name: Rename aimparms and copy to var/tmp
-    command: cp "/tmp/{{folder_name}}/aimparms.sample" /var/tmp/aimparms
-
-  - name: Replace parameters" in /var/tmp/aimparms
-    replace:
-      dest: /var/tmp/aimparms
-      regexp: "{{item.regexp}}"
-      replace: "{{item.replace}}"
-    with_items:
-      - {regexp: '^AcceptCyberArkEULA=.*$', replace: 'AcceptCyberArkEULA=Yes'}
-      - {regexp: '^LicensedProducts=.*$', replace: 'LicensedProducts=AIM'}
-      - {regexp: '^.?CreateVaultEnvironment=.*$', replace: 'CreateVaultEnvironment=no'}
-      - {regexp: '^VaultFilePath=.*$', replace: 'VaultFilePath=/tmp/{{folder_name}}/Vault.ini'}
-
-
-  - name: Change Vault.ini to the right address
-    replace:
-      dest: "/tmp/{{folder_name}}/Vault.ini"
-      regexp: '^ADDRESS=.*$'
-      replace: 'ADDRESS={{vault_address}}'
-
-  - name: Change permission on createcredfile
-    file:
-      path: "/tmp/{{folder_name}}/CreateCredFile"
-      mode: 0755
-
-  - find:
-      paths: "/tmp/{{folder_name}}"
-      patterns: "CARKaim-*.rpm"
-    register: aimrpm
-
-  # debug: msg="{{aimrpm.files[0].path}}"
-
-  - name: Install Provider
-    package: name='{{aimrpm.files[0].path}}' state=present
-
-  - name: Verify status of service after installing Provider
-    command: service aimprv status
-    register: command_result
-    ignore_errors: true
-    args:
-      warn: false
-
-  # debug: msg="status of service RC={{command_result.rc}}"
-
-  - name: Logon to CyberArk Vault using PAS Web Services SDK - use_shared_logon_authentication
-    cyberark.pas.cyberark_authentication:
-      api_base_url: "{{ api_base_url }}"
-      use_shared_logon_authentication: true
-      validate_certs: "{{ validate_certs }}"
-    changed_when: false
-    when: (command_result.rc != 0 and use_shared_logon_authentication|default(false))
-
-  - name: Logon to CyberArk Vault using PAS Web Services SDK - Not use_shared_logon_authentication
-    cyberark.pas.cyberark_authentication:
-      api_base_url: "{{ api_base_url }}"
-      username: "{{ password_object.password }}"
-      password: "{{ password_object.passprops.username }}"
-      validate_certs: "{{ validate_certs }}"
-    changed_when: false
-    when: (command_result.rc != 0 and not use_shared_logon_authentication|default(false))
-
-  # name: Debug message
-  #  debug:
-  #    msg: "{{ cyberark_session.token }}"
-  #  when: (command_result.rc != 0)
-
-  - name: Create provider user
-    cyberark.pas.cyberark_user:
-      username: "Prov_{{ ansible_hostname }}"
-      initial_password: "Cyberark1"
-      user_type_name: "AppProvider"
-      location: "{{ app_provider_user_location }}"
-      group_name: "{{ app_provider_user_group }}"
-      change_password_on_the_next_logon: false
-      state: present
-      cyberark_session: "{{ cyberark_session }}"
-    register: cyberarkaction
-    when: (command_result.rc != 0)
-
-  # debug:
-  #    msg: "USERCREATED => {{cyberarkaction}}"
-  #  when: (command_result.rc != 0 and cyberarkaction.status_code == 201)
-
-  - name: Reset provider user credential
-    cyberark.pas.cyberark_user:
-      username: "Prov_{{ ansible_hostname }}"
-      new_password: "Cyberark1"
-      disabled: false
-      state: present
-      cyberark_session: "{{ cyberark_session }}"
-    register: cyberarkaction
-    when: (command_result.rc != 0 and cyberarkaction.status_code == 200)
-
-  - name: Logoff from CyberArk Vault
-    cyberark.pas.cyberark_authentication:
-      state: absent
-      cyberark_session: "{{ cyberark_session }}"
-    changed_when: false
-    when: (command_result.rc != 0)
-
-  - name: Create Provider Initial Cred File
-    command: /opt/CARKaim/bin/createcredfile /etc/opt/CARKaim/vault/appprovideruser.cred Password -Username Prov_{{ ansible_hostname }} -Password Cyberark1
-    when: (command_result.rc != 0)
-
-  - name: Set vault.ini Into Place
-    command: cp "/tmp/{{folder_name}}/Vault.ini" /etc/opt/CARKaim/vault/vault.ini
-
-  - name: Start Provider Service
-    service: name=aimprv state=started
-    when: (command_result.rc != 0)
-
-  - name: Remove /tmp/{{folder_name}}
-    file:
-      path: '/tmp/{{folder_name}}'
-      state: absent
-
-  - name: Remove /var/tmp/aimparms
-    file:
-      path: '/var/tmp/aimparms'
-      state: absent
-
-  rescue:
-
-    - name: Remove /tmp/{{folder_name}}
+    - name: Copy provider zip to target and unzip
+      unarchive: src="{{ zip_file_name }}" dest=/tmp
+
+    - name: Rename aimparms and copy to var/tmp
+      command: cp "/tmp/{{folder_name}}/aimparms.sample" /var/tmp/aimparms
+
+    - name: Replace parameters" in /var/tmp/aimparms
+      replace:
+        dest: /var/tmp/aimparms
+        regexp: "{{ item.regexp }}"
+        replace: "{{ item.replace }}"
+      with_items:
+        - {regexp: '^AcceptCyberArkEULA=.*$', replace: 'AcceptCyberArkEULA=Yes'}
+        - {regexp: '^LicensedProducts=.*$', replace: 'LicensedProducts=AIM'}
+        - {regexp: '^.?CreateVaultEnvironment=.*$', replace: 'CreateVaultEnvironment=no'}
+        - {regexp: '^VaultFilePath=.*$', replace: 'VaultFilePath=/tmp/{{folder_name}}/Vault.ini'}
+
+
+    - name: Change Vault.ini to the right address
+      replace:
+        dest: "/tmp/{{ folder_name }}/Vault.ini"
+        regexp: '^ADDRESS=.*$'
+        replace: 'ADDRESS={{vault_address}}'
+
+    - name: Change permission on createcredfile
+      file:
+        path: "/tmp/{{folder_name}}/CreateCredFile"
+        mode: 0755
+
+    - name: find rpm
+      find:
+        paths: "/tmp/{{ folder_name }}"
+        patterns: "CARKaim-*.rpm"
+      register: aimrpm
+
+    # debug: msg="{{aimrpm.files[0].path}}"
+
+    - name: Install Provider
+      package: name='{{ aimrpm.files[0].path }}' state=present
+
+    - name: Verify status of service after installing Provider
+      command: service aimprv status
+      register: command_result
+      ignore_errors: true
+      args:
+        warn: false
+
+    # debug: msg="status of service RC={{command_result.rc}}"
+
+    - name: Logon to CyberArk Vault using PAS Web Services SDK - use_shared_logon_authentication
+      cyberark.pas.cyberark_authentication:
+        api_base_url: "{{ api_base_url }}"
+        use_shared_logon_authentication: true
+        validate_certs: "{{ validate_certs }}"
+      changed_when: false
+      when: (command_result.rc != 0 and use_shared_logon_authentication|default(false))
+
+    - name: Logon to CyberArk Vault using PAS Web Services SDK - Not use_shared_logon_authentication
+      cyberark.pas.cyberark_authentication:
+        api_base_url: "{{ api_base_url }}"
+        username: "{{ password_object.password }}"
+        password: "{{ password_object.passprops.username }}"
+        validate_certs: "{{ validate_certs }}"
+      changed_when: false
+      when: (command_result.rc != 0 and not use_shared_logon_authentication|default(false))
+
+    # name: Debug message
+    #  debug:
+    #    msg: "{{ cyberark_session.token }}"
+    #  when: (command_result.rc != 0)
+
+    - name: Create provider user
+      cyberark.pas.cyberark_user:
+        username: "Prov_{{ ansible_hostname }}"
+        initial_password: "Cyberark1"
+        user_type_name: "AppProvider"
+        location: "{{ app_provider_user_location }}"
+        group_name: "{{ app_provider_user_group }}"
+        change_password_on_the_next_logon: false
+        state: present
+        cyberark_session: "{{ cyberark_session }}"
+      register: cyberarkaction
+      when: (command_result.rc != 0)
+
+    # debug:
+    #    msg: "USERCREATED => {{cyberarkaction}}"
+    #  when: (command_result.rc != 0 and cyberarkaction.status_code == 201)
+
+    - name: Reset provider user credential
+      cyberark.pas.cyberark_user:
+        username: "Prov_{{ ansible_hostname }}"
+        new_password: "Cyberark1"
+        disabled: false
+        state: present
+        cyberark_session: "{{ cyberark_session }}"
+      register: cyberarkaction
+      when: (command_result.rc != 0 and cyberarkaction.status_code == 200)
+
+    - name: Logoff from CyberArk Vault
+      cyberark.pas.cyberark_authentication:
+        state: absent
+        cyberark_session: "{{ cyberark_session }}"
+      changed_when: false
+      when: (command_result.rc != 0)
+
+    - name: Create Provider Initial Cred File
+      command: /opt/CARKaim/bin/createcredfile /etc/opt/CARKaim/vault/appprovideruser.cred Password -Username Prov_{{ ansible_hostname }} -Password Cyberark1
+      when: (command_result.rc != 0)
+
+    - name: Set vault.ini Into Place
+      command: cp "/tmp/{{ folder_name }}/Vault.ini" /etc/opt/CARKaim/vault/vault.ini
+
+    - name: Start Provider Service
+      service: name=aimprv state=started
+      when: (command_result.rc != 0)
+
+    - name: Remove /tmp/{{ folder_name }}
+      file:
+        path: '/tmp/{{ folder_name }}'
+        state: absent
+
+    - name: Remove /var/tmp/aimparms
       file:
-        path: '/tmp/{{folder_name}}'
+        path: '/var/tmp/aimparms'
         state: absent
 
-    - fail:
-        msg: "AIM Credential Provider Installation failed!"
+    rescue:
+
+      - name: Remove /tmp/{{ folder_name }}
+        file:
+          path: '/tmp/{{ folder_name }}'
+          state: absent
+
+      - name: Failure to install
+        fail:
+          msg: "AIM Credential Provider Installation failed!"
diff --git a/roles/aimprovider/tasks/main.yml b/roles/aimprovider/tasks/main.yml
@@ -15,10 +15,11 @@
   args:
     warn: false
 
-- debug: msg="status of service RC={{service_already_running.rc}}"
+- name: debug message
+  debug: msg="status of service RC={{ service_already_running.rc }}"
 
 - import_tasks: installAIMProvider.yml
   when: (state == "present" and service_already_running.rc != 0)
 
 - import_tasks: uninstallAIMProvider.yml
-  when: (state == "absent" and service_already_running.rc == 0)
+  when: (state == "absent" and service_already_running.rc == 0)
diff --git a/roles/aimprovider/tasks/uninstallAIMProvider.yml b/roles/aimprovider/tasks/uninstallAIMProvider.yml
@@ -58,4 +58,4 @@
   rescue:
 
     - fail:
-        msg: "AIM Credential Provider Uninstall failed!"
+        msg: "AIM Credential Provider Uninstall failed!"