cdillc.splunk.splunk_user module – Manage Splunk user accounts
Note
This module is part of the cdillc.splunk collection (version 0.26.1).
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cdillc.splunk
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cdillc.splunk.splunk_user
.
New in cdillc.splunk 0.9.0
Synopsis
Create, delete, and update local Splunk user accounts with Ansible.
This module uses the Python Splunk SDK and requires access to the splunkd administrative port.
Authentication can be handled via either username and password or via token.
Requirements
The below requirements are needed on the host that executes this module.
splunk-sdk
Parameters
Parameter |
Comments |
---|---|
When true, the specified roles will be appended to the user’s existing roles. Choices:
|
|
The default Splunk application the user sees when they login to Splunk Web. |
|
Email address associated with the Splunk user. |
|
Force user to change password. This field is set when the user is first created or when update_password=true. Choices:
|
|
The password for username/password authentication to Splunkd. Must be provided if username is provided. |
|
The full name (comment) of the user account. |
|
List of roles associated with the Splunk user. By default this will override any users existing role membership. Use append_roles=true to change this behavior to be additive. Default: |
|
Path to Splunk installation. This is used if the splunk-sdk is not installed for all users. |
|
Password for the Splunk user account being created or modified. See the notes regarding changing passwords under the update_password option. This option is required when |
|
Name of the user to create, modify or delete. |
|
The Splunkd endpoint of the Splunk server to configure. Defaults to the local server and default splunkd port. Default: |
|
Ensure the user is either present or absent; or list the contents of the user’s configuration. With Choices:
|
|
Token to use when authentication has already taken place. The This module returns an output named token that can be used for subsequent splunkd calls to the same splunkd endpoint. |
|
Timezone associated with the Splunk user. |
|
Use in combination with force_change_pass to force an update to an existing user. Whenever this is set to true the module will always report as changed. The Splunk REST api does not allow the Choices:
|
|
Replace the existing password with the one specified in password. When true this module will always report changed since there is no way to determine if the new password is different than the currently assigned password. Choices:
|
|
Splunk username for username/password authentication to Splunkd. When provided, password must also be specified. |
Notes
Note
The default behavior of this module will only set password and force_change_pass when the user is first created. This enables mostly idempotent behavior for other parameters without unwanted side effects. Set update_password=true to explicitly update the password of an existing account, or update_force_change_pass=true to force a user to change their current password. Similarly, updates to the roles field can be set to overwrite roles by default or append new roles when append_roles=true.
Examples
- name: Create a new user named 'bob'
cdillc.splunk.splunk_user::
state: present
username: admin
password: "{{ splunk_admin_password }}"
splunk_user: bob
splunk_pass: aReallyGoodPassword
roles: user,admin
tz: America/New_York
# Run splunk_user on the controller if missing splunksdk on targets
- name: Create a new user remotely
cdillc.splunk.splunk_user:
state: present
splunkd_uri: "https://{{ ansible_fqdn }}:{{ splunkd_port}}"
username: "{{ splunk_admin_username }}"
password: "{{ splunk_admin_password }}"
splunk_user: bob
splunk_pass: aReallyGoodPassword
roles:
- user
- admin
delegate_to: localhost
- name: Add bob to the 'delete_stuff' role. (existing roles are preserved)
cdillc.splunk.splunk_user::
username: admin
password: "{{ splunk_admin_password }}"
splunk_user: bob
roles: delete_stuff
append_roles: true
- name: Terminate bob after data deletion incident
cdillc.splunk.splunk_user::
state: absent
username: admin
password: "{{ splunk_admin_password }}"
splunk_user: bob
- name: Change the password of existing user 'joe'
cdillc.splunk.splunk_user::
username: admin
password: "{{ splunk_admin_password }}"
splunk_user: joe
splunk_pass: NewPassWord
update_password: true
- name: Force existing user 'joe' to change their password at next login
splunk_user:
splunkd_uri: https://splunk-sh01.megacorp.example:8089
username: admin
password: "{{ splunk_admin_password }}"
splunk_user: joe
force_change_pass: true
update_force_change_pass: true
- name: Retrieve information about top users
splunk_user:
state: list
username: admin
password: "{{ splunk_admin_password }}"
splunk_user: "{{ item }}
register: user_info
loop:
- bob
- joe
- henry
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
User attributes as returned by Splunk. A few highlights have provided below for quick reference. Returned: when user is listed, created, or updated. Upon deletion this is shown too, but subsequent invocations of state=absent will return an empty dictionary. |
|
A list of effectively Splunk capabilities for the user Returned: success Sample: |
|
Returned: success |
|
Returned: success |
|
Returned: success Sample: |
|
Real user name Returned: success |
|
Returned: success |
|
Splunk roles assigned to user. Returned: success Sample: |
|
Returned: success Sample: |
|
Returned: success Sample: |
|
Returned: success Sample: |
|
Returned: success Sample: |
|
Returned: success Sample: |
|
Returned: success Sample: |
|
Time zone Returned: success |
|
URL used to edit the user object Returned: always |
|
The overall result of the module run. Options include Returned: always Sample: |
|
The Splunk auth token created used for the REST API calls. This value can be passed into token of a subsequent REST-based operation. Returned: always |
|
A list of attributes that were set. Returned: success |