aci_aaa_user_certificate - Manage AAA user certificates (aaa:UserCert)
New in version 2.5.
Synopsis
- Manage AAA user certificates on Cisco ACI fabrics.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| aaa_user
required
|
The name of the user to add a certificate to.
|
|
| aaa_user_type |
|
Whether this is a normal user or an appuser.
|
| certificate |
The PEM format public key extracted from the X.509 certificate.
aliases: cert_data, certificate_data |
|
| certificate_name |
The name of the user certificate entry in ACI.
aliases: cert_name |
|
| host
required
|
IP Address or hostname of APIC resolvable by Ansible control host.
aliases: hostname |
|
| output_level |
|
Influence the output of this ACI module.
normal means the standard output, incl. current dict
info adds informational output, incl. previous, proposed and sent dicts
debug adds debugging output, incl. filter_string, method, response, status and url information
|
| password
required
|
The password to use for authentication.
This option is mutual exclusive with private_key. If private_key is provided too, it will be used instead.
|
|
| port |
Port number to be used for REST connection.
The default value depends on parameter `use_ssl`.
|
|
| private_key
required
|
PEM formatted file that contains your private key to be used for signature-based authentication.
The name of the key (without extension) is used as the certificate name in ACI, unless
certificate_name is specified.
This option is mutual exclusive with
password. If password is provided too, it will be ignored.
aliases: cert_key |
|
| state |
|
Use
present or absent for adding or removing.
Use query for listing an object or multiple objects.
|
| timeout
int
|
Default:
30
|
The socket level timeout in seconds.
|
| use_proxy
bool
|
|
If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
|
| use_ssl
bool
|
|
If no, an HTTP connection will be used instead of the default HTTPS connection.
|
| username | Default:
"admin"
|
The username to use for authentication.
aliases: user |
| validate_certs
bool
|
|
If
no, SSL certificates will not be validated.
This should only set to no when used on personally controlled sites using self-signed certificates.
|
Notes
Note
- The
aaa_usermust exist before using this module in your playbook. The aci_aaa_user module can be used for this. - More information about the internal APIC class aaa:UserCert from the APIC Management Information Model reference.
- Please read the Cisco ACI Guide for more detailed information on how to manage your ACI infrastructure using Ansible.
Examples
- name: Add a certificate to user
aci_aaa_user_certificate:
host: apic
username: admin
password: SomeSecretPassword
aaa_user: admin
certificate_name: admin
certificate_data: '{{ lookup("file", "pki/admin.crt") }}'
state: present
- name: Remove a certificate of a user
aci_aaa_user_certificate:
host: apic
username: admin
password: SomeSecretPassword
aaa_user: admin
certificate_name: admin
state: absent
- name: Query a certificate of a user
aci_aaa_user_certificate:
host: apic
username: admin
password: SomeSecretPassword
aaa_user: admin
certificate_name: admin
state: query
- name: Query all certificates of a user
aci_aaa_user_certificate:
host: apic
username: admin
password: SomeSecretPassword
aaa_user: admin
state: query
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| current
list
|
success |
The existing configuration from the APIC after the module has finished
Sample:
[{'fvTenant': {'attributes': {'descr': 'Production environment', 'dn': 'uni/tn-production', 'name': 'production', 'nameAlias': '', 'ownerKey': '', 'ownerTag': ''}}}]
|
| error
dict
|
failure |
The error information as returned from the APIC
Sample:
{'code': '122', 'text': 'unknown managed object class foo'}
|
| filter_string
string
|
failure or debug |
The filter string used for the request
Sample:
?rsp-prop-include=config-only
|
| method
string
|
failure or debug |
The HTTP method used for the request to the APIC
Sample:
POST
|
| previous
list
|
info |
The original configuration from the APIC before the module has started
Sample:
[{'fvTenant': {'attributes': {'descr': 'Production', 'dn': 'uni/tn-production', 'name': 'production', 'nameAlias': '', 'ownerKey': '', 'ownerTag': ''}}}]
|
| proposed
dict
|
info |
The assembled configuration from the user-provided parameters
Sample:
{'fvTenant': {'attributes': {'descr': 'Production environment', 'name': 'production'}}}
|
| raw
string
|
parse error |
The raw output returned by the APIC REST API (xml or json)
Sample:
<?xml version="1.0" encoding="UTF-8"?><imdata totalCount="1"><error code="122" text="unknown managed object class foo"/></imdata>
|
| response
string
|
failure or debug |
The HTTP response from the APIC
Sample:
OK (30 bytes)
|
| sent
list
|
info |
The actual/minimal configuration pushed to the APIC
Sample:
{'fvTenant': {'attributes': {'descr': 'Production environment'}}}
|
| status
int
|
failure or debug |
The HTTP status from the APIC
Sample:
200
|
| url
string
|
failure or debug |
The HTTP url used for the request to the APIC
Sample:
https://10.11.12.13/api/mo/uni/tn-production.json
|
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Maintenance
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Author
- Dag Wieers (@dagwieers)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.6/modules/aci_aaa_user_certificate_module.html