Osirium PAM: Devices

Summary

This module contains actions for reading device information from PAM.

Supported Versions

This plugin supports PAM versions 6.5.0 & newer.

Remember

You must have a PAM Appliance provisioned as a Vault inside PPA to use this plugin.

Actions

pam.devices.

access_routes

Warning

This action is not documented yet!

pam.devices.

add_to_profile

Add an Active Directory device to a profile with an account mapping.

This action requires PAM version 9.0.0 or newer

Minimum Plugin Version: 6.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

device_id: the ID of the device

profile_id: the ID of the profile

account_mapping_id: the ID of the account mapping

Output

Nothing is outputted by this action.

Example

- pam.devices.add_to_profile:
    pam_address: pam.internal.net
  load:
    device_id: device.id
    profile_id: profile.id
    account_mapping_id: account_mapping.id

pam.devices.

display

Display devices in a table.

The table will have the following columns:

Name
Host Name
Address
Active Directory
Profile Count

Minimum Plugin Version: 2.0.0

Input

text: the title of the table
devices: any number of Devices

Output

Nothing is outputted by this action.

Example

- pam.devices.get_all:
    pam_address: pam.internal.net
  save: all_devices

- pam.devices.display:
    text: All Devices
  load:
    devices: all_devices

pam.devices.

get_all

Get all devices from the PAM appliance.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

Output

A list of Devices.

Example

1
2
3

- pam.devices.get_all:
    pam_address: pam.internal.net
  save: all_devices

pam.devices.

get_by_hostname

Get a device using its hostname.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

hostname: the hostname of the device

Output

A single Device.

Example

- pam.devices.get_by_hostname:
    pam_address: pam.internal.net
    hostname: uat-iis.internal.net
  save: uat_iis_server

pam.devices.

get_by_id

Get a device using its ID.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

device_id: the ID of the device

Output

A single Device.

Example

- pam.devices.get_by_id:
    pam_address: pam.internal.net
    device_id: 10
  save: device

pam.devices.

get_by_name

Get a device using its name.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

name: the name of the device

Output

A single Device.

Example

- pam.devices.get_by_name:
    pam_address: pam.internal.net
    name: uat-iis
  save: uat_iis_server

pam.devices.

input_table

Display devices in a table, & allow the task operator to make a selection.

The table will have the following columns:

Name
Host Name
Address
Active Directory
Profile Count

Minimum Plugin Version: 1.0.0

Input

text: The title of the table
devices: any number of Devices
minimum: The minimum number of acceptable selections
maximum: The maximum number of acceptable selections

Output

A list of Devices.

Tip

If neither a minimum or maximum is provided, the task operator will be able to submit 0 selections.
If minimum or maximum are provided, the operation will repeat until the task operator makes a valid number of selections.

Example

- pam.devices.search:
    pam_address: pam.internal.net
    queries:
      - attribute: authentication_service_name
        query: equal
        value: example.domain.com
  save: domain_devices

- pam.devices.input_table:
    text: Select a Device
    minimum: 1
    maximum: 1
  load:
    devices: domain_devices
  save: selected_device

pam.devices.

output_table

Display devices in a table.

The table will have the following columns:

Name
Host Name
Address
Active Directory
Profile Count

Deprecation Warning

This action will soon be deprecated in favour of display.

Minimum Plugin Version: 1.0.0

Input

text: the title of the table
devices: any number of Devices

Output

Nothing is outputted by this action.

Example

- pam.devices.search:
    pam_address: pam.internal.net
    queries:
      - attribute: authentication_service_name
        query: equal
        value: example.domain.com
  save: domain_devices

- pam.devices.output_table:
    text: Devices on Example Domain
  load:
    devices: domain_devices

pam.devices.

provision

Provision an Active Directory device in the PAM Appliance.

This action requires PAM version 9.0.0 or newer

This action only supports Known or Managed control accounts!

Minimum Plugin Version: 6.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

display_name: the display name of the new device

template_id: the ID of the device template to use

authentication_service_id: the ID of the Active Directory in PAM

control_account: the name of the Active Directory account to set as the control account

connection_parameters: a dictionary containing device parameter names & values

meta_values: optional dictionary of metacolumn names & values to set against the device

enabled: set to false to provision the device in disabled state (defaults to true)

Output

Nothing is outputted by this action.

Example

- pam.devices.provision:
    pam_address: pam.internal.net
    display_name: Server-01
    template_id: 5
    authentication_service_id: 2
    connection_parameters:
      rdp_port: 3389
      ip_address: server-1.internal.net
      hostname: server1

pam.devices.

reveal_control_account

Reveal a device's control account secrets using its ID.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

device_id: the ID of the device

Output

A single Secret.

Example

- pam.devices.reveal_control_account:
    pam_address: pam.internal.net
    device_id: 10
  save: device_secrets

pam.devices.

search

Search for devices in the PAM appliance.

Minimum Plugin Version: 2.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

queries: a list of Queries to use in the search

Output

A SearchResult containing:

total: the number of Devices found
all: a list of Devices found
first: the first Device found
last: the last Device found

Search Result Format

The search result format was updated in version 2.0.0 of this plugin.

It is not compatible with playbooks written against previous versions.

See here for more information.

Example

Finding all windows template devices in example.domain.com:

- pam.devices.search:
    pam_address: pam.internal.net
    queries:
      - attribute: device_template_name
        query: like
        value: %windows%
      - attribute: authentication_service_name
        query: equal
        value: example.domain.com
  save: search_results

Wildcard Queries

You can use the % character as a wildcard in the value of each query.

pam.devices.

select

Display devices in a table & prompt the task operator to make a selection.

The table will have the following columns:

Name
Host Name
Address
Active Directory
Profile Count

Minimum Plugin Version: 2.0.0

Input

text: the title of the table
devices: any number of Devices
minimum: the minimum number of selections
maximum: the maximum number of selections

Output

A Selection containing:

total: the number of selected Devices
all: a list of selected Devices
first: the first selected Device

Example

- pam.devices.get_all:
    pam_address: pam.internal.net
  save: all_devices

- pam.devices.select:
    text: Select Devices
  load:
    devices: domain_devices
  save: selection

pam.devices.

select_one

Display devices in a table & prompt the task operator to select one.

The table will have the following columns:

Name
Host Name
Address
Active Directory
Profile Count

Minimum Plugin Version: 2.0.0

Input

text: the title of the table
devices: any number of Devices

Output

A single Device.

Example

- pam.devices.get_all:
    pam_address: pam.internal.net
  save: devices

- pam.devices.select_one:
    text: Select Device
  load:
    devices: devices
  save: device