mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-24 21:14:00 -07:00 
			
		
		
		
	
		
			
				
	
	
		
			209 lines
		
	
	
	
		
			6.7 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			209 lines
		
	
	
	
		
			6.7 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| #!/usr/bin/python
 | |
| # -*- coding: utf-8 -*-
 | |
| 
 | |
| # Copyright: (c) 2018, Ansible Project
 | |
| # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 | |
| 
 | |
| ANSIBLE_METADATA = {'metadata_version': '1.1',
 | |
|                     'status': ['preview'],
 | |
|                     'supported_by': 'community'}
 | |
| 
 | |
| DOCUMENTATION = r'''
 | |
| ---
 | |
| module: win_credential
 | |
| version_added: '2.8'
 | |
| short_description: Manages Windows Credentials in the Credential Manager
 | |
| description:
 | |
| - Used to create and remove Windows Credentials in the Credential Manager.
 | |
| - This module can manage both standard username/password credentials as well as
 | |
|   certificate credentials.
 | |
| options:
 | |
|   alias:
 | |
|     description:
 | |
|     - Adds an alias for the credential.
 | |
|     - Typically this is the NetBIOS name of a host if I(name) is set to the DNS
 | |
|       name.
 | |
|     type: str
 | |
|   attributes:
 | |
|     description:
 | |
|     - A list of dicts that set application specific attributes for a
 | |
|       credential.
 | |
|     - When set, existing attributes will be compared to the list as a whole,
 | |
|       any differences means all attributes will be replaced.
 | |
|     suboptions:
 | |
|       name:
 | |
|         description:
 | |
|         - The key for the attribute.
 | |
|         - This is not a unique identifier as multiple attributes can have the
 | |
|           same key.
 | |
|         type: str
 | |
|         required: true
 | |
|       data:
 | |
|         description:
 | |
|         - The value for the attribute.
 | |
|         type: str
 | |
|       data_format:
 | |
|         description:
 | |
|         - Controls the input type for I(data).
 | |
|         - If C(text), I(data) is a text string that is UTF-16LE encoded to
 | |
|           bytes.
 | |
|         - If C(base64), I(data) is a base64 string that is base64 decoded to
 | |
|           bytes.
 | |
|         type: str
 | |
|         choices: [ base64, text ]
 | |
|         default: text
 | |
|   comment:
 | |
|     description:
 | |
|     - A user defined comment for the credential.
 | |
|     type: str
 | |
|   name:
 | |
|     description:
 | |
|     - The target that identifies the server or servers that the credential is
 | |
|       to be used for.
 | |
|     - If the value can be a NetBIOS name, DNS server name, DNS host name suffix
 | |
|       with a wildcard character (C(*)), a NetBIOS of DNS domain name that
 | |
|       contains a wildcard character sequence, or an asterisk.
 | |
|     - See C(TargetName) in U(https://docs.microsoft.com/en-us/windows/desktop/api/wincred/ns-wincred-_credentiala)
 | |
|       for more details on what this value can be.
 | |
|     - This is used with I(type) to produce a unique credential.
 | |
|     type: str
 | |
|     required: true
 | |
|   persistence:
 | |
|     description:
 | |
|     - Defines the persistence of the credential.
 | |
|     - If C(local), the credential will persist for all logons of the same user
 | |
|       on the same host.
 | |
|     - C(enterprise) is the same as C(local) but the credential is visible to
 | |
|       the same domain user when running on other hosts and not just localhost.
 | |
|     type: str
 | |
|     choices: [ enterprise, local ]
 | |
|     default: local
 | |
|   secret:
 | |
|     description:
 | |
|     - The secret for the credential.
 | |
|     - When omitted, then no secret is used for the credential if a new
 | |
|       credentials is created.
 | |
|     - When I(type) is a password type, this is the password for I(username).
 | |
|     - When I(type) is a certificate type, this is the pin for the certificate.
 | |
|     type: str
 | |
|   secret_format:
 | |
|     description:
 | |
|     - Controls the input type for I(secret).
 | |
|     - If C(text), I(secret) is a text string that is UTF-16LE encoded to bytes.
 | |
|     - If C(base64), I(secret) is a base64 string that is base64 decoded to
 | |
|       bytes.
 | |
|     type: str
 | |
|     choices: [ base64, text ]
 | |
|     default: text
 | |
|   state:
 | |
|     description:
 | |
|     - When C(absent), the credential specified by I(name) and I(type) is
 | |
|       removed.
 | |
|     - When C(present), the credential specified by I(name) and I(type) is
 | |
|       removed.
 | |
|     type: str
 | |
|     choices: [ absent, present ]
 | |
|     default: present
 | |
|   type:
 | |
|     description:
 | |
|     - The type of credential to store.
 | |
|     - This is used with I(name) to produce a unique credential.
 | |
|     - When the type is a C(domain) type, the credential is used by Microsoft
 | |
|       authentication packages like Negotiate.
 | |
|     - When the type is a C(generic) type, the credential is not used by any
 | |
|       particular authentication package.
 | |
|     - It is recommended to use a C(domain) type as only authentication
 | |
|       providers can access the secret.
 | |
|     type: str
 | |
|     required: true
 | |
|     choices: [ domain_certificate, domain_password, generic_certificate, generic_password ]
 | |
|   update_secret:
 | |
|     description:
 | |
|     - When C(always), the secret will always be updated if they differ.
 | |
|     - When C(on_create), the secret will only be checked/updated when it is
 | |
|       first created.
 | |
|     - If the secret cannot be retrieved and this is set to C(always), the
 | |
|       module will always result in a change.
 | |
|     type: str
 | |
|     choices: [ always, on_create ]
 | |
|     default: always
 | |
|   username:
 | |
|     description:
 | |
|     - When I(type) is a password type, then this is the username to store for
 | |
|       the credential.
 | |
|     - When I(type) is a credential type, then this is the thumbprint as a hex
 | |
|       string of the certificate to use.
 | |
|     - When C(type=domain_password), this should be in the form of a Netlogon
 | |
|       (DOMAIN\Username) or a UPN (username@DOMAIN).
 | |
|     - If using a certificate thumbprint, the certificate must exist in the
 | |
|       C(CurrentUser\My) certificate store for the executing user.
 | |
|     type: str
 | |
| notes:
 | |
| - This module requires to be run with C(become) so it can access the
 | |
|   user's credential store.
 | |
| - There can only be one credential per host and type. if a second credential is
 | |
|   defined that uses the same host and type, then the original credential is
 | |
|   overwritten.
 | |
| seealso:
 | |
| - module: win_user_right
 | |
| - module: win_whoami
 | |
| author:
 | |
| - Jordan Borean (@jborean93)
 | |
| '''
 | |
| 
 | |
| EXAMPLES = r'''
 | |
| - name: Create a local only credential
 | |
|   win_credential:
 | |
|     name: server.domain.com
 | |
|     type: domain_password
 | |
|     username: DOMAIN\username
 | |
|     secret: Password01
 | |
|     state: present
 | |
| 
 | |
| - name: Remove a credential
 | |
|   win_credential:
 | |
|     name: server.domain.com
 | |
|     type: domain_password
 | |
|     state: absent
 | |
| 
 | |
| - name: Create a credential with full values
 | |
|   win_credential:
 | |
|     name: server.domain.com
 | |
|     type: domain_password
 | |
|     alias: server
 | |
|     username: username@DOMAIN.COM
 | |
|     secret: Password01
 | |
|     comment: Credential for server.domain.com
 | |
|     persistence: enterprise
 | |
|     attributes:
 | |
|     - name: Source
 | |
|       data: Ansible
 | |
|     - name: Unique Identifier
 | |
|       data: Y3VzdG9tIGF0dHJpYnV0ZQ==
 | |
|       data_format: base64
 | |
| 
 | |
| - name: Create a certificate credential
 | |
|   win_credential:
 | |
|     name: '*.domain.com'
 | |
|     type: domain_certificate
 | |
|     username: 0074CC4F200D27DC3877C24A92BA8EA21E6C7AF4
 | |
|     state: present
 | |
| 
 | |
| - name: Create a generic credential
 | |
|   win_credential:
 | |
|     name: smbhost
 | |
|     type: generic_password
 | |
|     username: smbuser
 | |
|     password: smbuser
 | |
|     state: present
 | |
| 
 | |
| - name: Remove a generic credential
 | |
|   win_credential:
 | |
|     name: smbhost
 | |
|     type: generic_password
 | |
|     state: absent
 | |
| '''
 | |
| 
 | |
| RETURN = r'''
 | |
| #
 | |
| '''
 |