Osirium PAM Osirium PAM: Users

Summary

This module contains actions for reading user information from PAM.

Supported Versions

This plugin supports PAM versions 6.5.0 & newer.

Remember

You must have a PAM Appliance provisioned as a Vault inside PPA to use this plugin.

Actions

pam.users.

display

Display users in a table.

The table will have the following columns:

  • Name
  • Username
  • Email Address
  • Authentication Type
  • Enabled
  • Expires At

Minimum Plugin Version: 2.0.0

Input
  • text: the title of the table

  • users: any number of Users

Output

Nothing is outputted by this action.

Example
1
2
3
4
5
6
7
8
- pam.users.get_all:
    pam_address: pam.internal.net
  save: users

- pam.users.display:
    text: Users
  load:
    users: users

pam.users.

get_all

Get all users from the PAM appliance.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

Output

A list of Users.

Example
1
2
3
- pam.users.get_all:
    pam_address: pam.internal.net
  save: all_users

pam.users.

get_all_profiles

Get all profiles the supplied user is assigned to.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_id: the ID of the user

Output

A list of Profiles.

Example
1
2
3
4
- pam.users.get_all_profiles:
    pam_address: pam.internal.net
    user_id: 2
  save: profiles

pam.users.

get_by_id

Get a user using its ID.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_id: the ID of the user

Output

A single User.

Example
1
2
3
4
- pam.users.get_by_id:
    pam_address: pam.internal.net
    user_id: 2
  save: user

pam.users.

get_by_username

Get a user using its username.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

username: the user's username

Output

A single User.

Example
1
2
3
4
- pam.users.get_by_username:
    pam_address: pam.internal.net
    username: example.user
  save: user

pam.users.

get_devices

Get all devices the supplied user has access to.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_id: the ID of the user

Output

A list of Devices.

Example
1
2
3
4
- pam.users.get_devices:
    pam_address: pam.internal.net
    user_id: 2
  save: devices

pam.users.

get_direct_profiles

Get all profiles the supplied user is directly assigned to.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_id: the ID of the user

Output

A list of Profiles.

Example
1
2
3
4
- pam.users.get_direct_profiles:
    pam_address: pam.internal.net
    user_id: 2
  save: direct_profiles

pam.users.

get_user_group_profiles

Get all profiles the supplied user is assigned to via a user group.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_id: the ID of the user

Output

A list of Profiles.

Example
1
2
3
4
- pam.users.get_user_group_profiles:
    pam_address: pam.internal.net
    user_id: 2
  save: user_group_profiles

pam.users.

get_user_groups

Get all user groups the supplied user is assigned to.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_id: the ID of the user

Output

A list of UserGroups.

Example
1
2
3
4
- pam.users.get_user_groups:
    pam_address: pam.internal.net
    user_id: 2
  save: user_groups

pam.users.

in_profile

Determine if the supplied user is in a particular profile.

Minimum Plugin Version: 1.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

user_id: the ID of the user group

profile_id: the ID of the profile to check

Output

A boolean is outputted by this action:

  • true if the supplied user group is in the profile

  • false if the supplied user group is not in the group

Example
1
2
3
4
5
- pam.users.in_profile:
    pam_address: pam.internal.net
    user_id: 2
    profile_id: 10
  save: in_profile

pam.users.

input_table

Display users in a table, & allow the task operator to make a selection.

The table will have the following columns:

  • Name
  • Username
  • Email Address
  • Authentication Type
  • Enabled
  • Expires At

Deprecation Warning

This action will soon be deprecated in favour of select.

Minimum Plugin Version: 1.0.0

Input
  • text: The title of the table

  • users: a single or list of Users to display in the table

  • minimum: The minimum number of acceptable selections

  • maximum: The maximum number of acceptable selections

Output

A list of Users.

Tip
  • If neither a minimum or maximum is provided, the task operator will be able to submit 0 selections.

  • If minimum or maximum are provided, the operation will repeat until the task operator makes a valid number of selections.

Example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
- pam.users.get_all:
    pam_address: pam.internal.net
  save: all_users

- pam.users.input_table:
    text: Select a User
    minimum: 1
    maximum: 1
  load:
    users: all_users
  save: selected_users

pam.users.

output_table

Display users in a table.

The table will have the following columns:

  • Name
  • Username
  • Email Address
  • Authentication Type
  • Enabled
  • Expires At

Deprecation Warning

This action will soon be deprecated in favour of display.

Minimum Plugin Version: 1.0.0

Input
  • text: the title of the table

  • users: any number of Users

Output

Nothing is outputted by this action.

Example
1
2
3
4
5
6
7
8
- pam.users.get_all:
    pam_address: pam.internal.net
  save: all_users

- pam.users.output_table:
    text: All Users
  load:
    groups: all_users

pam.users.

Search for users in the PAM appliance.

Minimum Plugin Version: 2.0.0

Input

pam_address: the IP or DNS address of the PAM Appliance

queries: a list of Queries to use in the search

Output

A SearchResult containing:

  • total: the number of Users found

  • all: a list of Users found

  • first: the first User found

  • last: the last User found

Search Result Format

The search result format was updated in version 2.0.0 of this plugin.

It is not compatible with playbooks written again previous versions.

See here for more information.

Example

Find all disabled users:

1
2
3
4
5
6
7
- pam.users.search:
    pam_address: pam.internal.net
    queries:
      - attribute: enabled
        query: is
        value: false
  save: search_results

Wildcard Queries

You can use the % character as a wildcard in the value of each query.

pam.users.

select

Display users in a table & prompt the task operator to make a selection.

The table will have the following columns:

  • Name
  • Username
  • Email Address
  • Authentication Type
  • Enabled
  • Expires At

Minimum Plugin Version: 2.0.0

Input
  • text: The title of the table

  • users: any number of Users

  • minimum: The minimum number of acceptable selections

  • maximum: The maximum number of acceptable selections

Output

A Selection containing:

  • total: the number of selected Users

  • all: a list of selected Users

  • first: the first selected User

Example
1
2
3
4
5
6
7
8
9
- pam.users.get_all:
    pam_address: pam.internal.net
  save: users

- pam.users.select:
    text: Select Users
  load:
    users: users
  save: selection

pam.users.

select_one

Display users in a table & prompt the task operator to select one.

The table will have the following columns:

  • Name
  • Username
  • Email Address
  • Authentication Type
  • Enabled
  • Expires At

Minimum Plugin Version: 2.0.0

Input
  • text: The title of the table

  • users: any number of Users

Output

A single User.

Example
1
2
3
4
5
6
7
8
9
- pam.users.get_all:
    pam_address: pam.internal.net
  save: users

- pam.users.select_one:
    text: Select User
  load:
    users: users
  save: user