Skip to content

Osirium PAM Osirium PAM: User Groups

Summary

This module contains actions for reading user group information from PAM.

Supported Versions

This plugin supports PAM versions 6.5.0 & newer.

Remember

You must have a PAM Appliance provisioned as a Vault inside PPA to use this plugin.

Actions

pam.user_groups.

display

Display user groups in a table.

The table will have the following columns:

  • Name
  • AD Synchronised
  • Profile Count
  • User Count
  • Enabled

Minimum Plugin Version: 2.0.0

Input

  • text: the title of the table

  • groups: any number of UserGroups

Output

Nothing is outputted by this action.

Example
1
2
3
4
5
6
7
8
- pam.user_groups.get_all:
    pam_address: pam.internal.net
  save: user_groups

- pam.user_groups.display:
    text: User Groups
  load:
    user_groups: user_groups

pam.user_groups.

display_report

Display a table generated by the generate_report action.

You can combine reports from multiple appliances before displaying them (see generate_report).

The table will have the following columns:

  • Appliance
  • User Group
  • User Name
  • User Display Name

Minimum Plugin Version: 3.3.0

Input

text: the title of the table

report: the output of generate_report

Output

Nothing is outputted by this action.

Example
1
2
3
4
5
6
7
8
9
- pam.user_groups.generate_report:
    pam_address: 192.168.123.4
    appliance_name: Internal PAM Appliance
  save: report

- pam.user_groups.display_report:
    text: Internal PAM User Group Report
  load:
    report: report

pam.user_groups.

generate_report

Generate a user group report showing each user membership for each group.

The table can be displayed in the task interface with the display_report action.

You can combine reports from multiple appliances before displaying them (see examples below).

Minimum Plugin Version: 3.3.0

Input

pam_address: the IP or DNS address of the PAM Appliance

appliance_name: a friendly name for the PAM appliance in the report (defaults to pam_address)

Output

A report containing each user group membership on the supplied PAM Appliance.

Example 1 - Single Appliance
1
2
3
4
5
6
7
8
9
- pam.user_groups.generate_report:
    pam_address: 192.168.123.4
    appliance_name: Internal PAM Appliance
  save: report

- pam.user_groups.display_report:
    text: Internal PAM User Group Report
  load:
    report: report
Example 2 - Multiple Appliances
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# Generate a report from the first appliance
- pam.user_groups.generate_report:
    pam_address: 192.168.123.4
    appliance_name: Internal PAM Appliance
  save: internal_report

# Generate a report from the second appliance
- pam.user_groups.generate_report:
    pam_address: 192.168.123.5
    appliance_name: Third-Party PAM Appliance
  save: third_party_report

# Combine both reports into a single report
- ppa_tools.lists.combine:
  load:
    first: internal_report
    second: third_party_report
  save: report

# Display the combined report
- pam.user_groups.display_report:
    text: PAM User Group Reports
  load:
    report: report

pam.user_groups.

get_all

Get all user groups from the PAM appliance.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

Output

A list of UserGroups.

Example
1
2
3
- pam.user_groups.get_all:
    pam_address: pam.internal.net
  save: all_user_groups

pam.user_groups.

get_by_id

Get a user group using its ID.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_group_id: the ID of the user group

Output

A single UserGroup.

Example
1
2
3
4
- pam.user_groups.get_by_id:
    pam_address: pam.internal.net
    user_group_id: 2
  save: user_group

pam.user_groups.

get_by_name

Get a user group using its name.

Minimum Plugin Version: 3.2.0

Input

pam_address: the IP or DNS address of the PAM Appliance

name: the name of the user group

Output

A single UserGroup.

Example
1
2
3
4
- pam.user_groups.get_by_name:
    pam_address: pam.internal.net
    user_group_id: Admins
  save: user_group

pam.user_groups.

get_profiles

Get all profiles a particular user group is assigned to.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_group_id: the ID of the user group

Output

A list of Profiles.

Example
1
2
3
4
- pam.user_groups.get_profiles:
    pam_address: pam.internal.net
    user_group_id: 2
  save: profiles

pam.user_groups.

get_users

Get all users assigned to a particular user group.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_group_id: the ID of the user group

Output

A list of Users.

Example
1
2
3
4
- pam.user_groups.get_users:
    pam_address: pam.internal.net
    user_group_id: 2
  save: users

pam.user_groups.

in_profile

Determine if the supplied user group is in a particular profile.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_group_id: the ID of the user group

profile_id: the ID of the profile to check

Output

A boolean is outputted by this action:

  • true if the supplied user group is in the profile

  • false if the supplied user group is not in the group

Example
1
2
3
4
5
- pam.user_groups.in_profile:
    pam_address: pam.internal.net
    user_group_id: 2
    profile_id: 10
  save: in_profile

pam.user_groups.

input_table

Display user groups in a table, & allow the task operator to make a selection.

The table will have the following columns:

  • Name
  • AD Synchronised
  • Profile Count
  • User Count
  • Enabled

Deprecation Warning

This action will soon be deprecated in favour of select.

Minimum Plugin Version: 1.0.0

Input

  • text: The title of the table

  • groups: a single or list of UserGroups to display in the table

  • minimum: The minimum number of acceptable selections

  • maximum: The maximum number of acceptable selections

Output

A list of UserGroups.

Tip

  • If neither a minimum or maximum is provided, the task operator will be able to submit 0 selections.

  • If minimum or maximum are provided, the operation will repeat until the task operator makes a valid number of selections.

Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
- pam.user_groups.get_all:
    pam_address: pam.internal.net
  save: all_user_groups

- pam.user_groups.input_table:
    text: Select a User Group
    minimum: 1
    maximum: 1
  load:
    groups: all_user_groups
  save: selected_user_groups

pam.user_groups.

output_table

Display user groups in a table.

The table will have the following columns:

  • Name
  • AD Synchronised
  • Profile Count
  • User Count
  • Enabled

Deprecation Warning

This action will soon be deprecated in favour of display.

Minimum Plugin Version: 1.0.0

Input

  • text: the title of the table

  • groups: a single or list of UserGroups to display in the table

Output

Nothing is outputted by this action.

Example
1
2
3
4
5
6
7
8
- pam.user_groups.get_all:
    pam_address: pam.internal.net
  save: all_user_groups

- pam.user_groups.output_table:
    text: All User Groups
  load:
    groups: all_user_groups

pam.user_groups.

Search for user groups in the PAM appliance.

Minimum Plugin Version: 2.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

queries: a list of Queries to use in the search

Output

A SearchResult containing:

Search Result Format

The search result format was updated in version 2.0.0 of this plugin.

It is not compatible with playbooks written against previous versions.

See here for more information.

Example

Find all user groups with 1 or more users:

1
2
3
4
5
6
7
- pam.user_groups.search:
    pam_address: pam.internal.net
    queries:
      - attribute: user_count
        query: greater_than
        value: 0
  save: search_results

Wildcard Queries

You can use the % character as a wildcard in the value of each query.

pam.user_groups.

select

Display user groups in a table & prompt the task operator to make a selection.

The table will have the following columns:

  • Name
  • AD Synchronised
  • Profile Count
  • User Count
  • Enabled

Minimum Plugin Version: 2.0.0

Input

  • text: The title of the table

  • user_groups: any number of UserGroups

  • minimum: The minimum number of acceptable selections

  • maximum: The maximum number of acceptable selections

Output

A Selection containing:

Example
1
2
3
4
5
6
7
8
9
- pam.user_groups.get_all:
    pam_address: pam.internal.net
  save: user_groups

- pam.user_groups.select:
    text: Select User Groups
  load:
    user_groups: user_groups
  save: selection

pam.user_groups.

select_one

Display user groups in a table & prompt the task operator to select one.

The table will have the following columns:

  • Name
  • AD Synchronised
  • Profile Count
  • User Count
  • Enabled

Minimum Plugin Version: 2.0.0

Input

  • text: The title of the table

  • user_groups: any number of UserGroups

Output

A single UserGroup.

Example
1
2
3
4
5
6
7
8
9
- pam.user_groups.get_all:
    pam_address: pam.internal.net
  save: user_groups

- pam.user_groups.select_one:
    text: Select User Group
  load:
    user_groups: user_groups
  save: user_group