ad_auth_provider – Manage Sensu AD authentication provider

Create, update or delete a Sensu Go AD authentication provider.

For more information, refer to the Sensu Go documentation at https://docs.sensu.io/sensu-go/latest/operations/control-access/ad-auth/.

New in version 1.10.0.

Requirements

The below requirements are needed on the host that executes this module:

• python >= 2.7

Examples

- name: Create a AD auth provider
  sensu.sensu_go.ad_auth_provider:
    name: activedirectory
    servers:
      - host: 127.0.0.1
        group_search:
          base_dn: dc=acme,dc=org
        user_search:
          base_dn: dc=acme,dc=org
- name: Delete a AD auth provider
  sensu.sensu_go.ad_auth_provider:
    name: activedirectory
    state: absent

See Also

See also

• auth_provider_info – List Sensu authentication providers

• ldap_auth_provider – Manage Sensu LDAP authentication provider

• oidc_auth_provider – Manage Sensu OIDC authentication provider

Parameters

auth (optional)

Authentication parameters. Can define each of them with ENV as well.

type: dict

api_key (optional)

The API key that should be used when authenticating. If this is not set, the value of the SENSU_API_KEY environment variable will be checked.

This replaces auth.user and auth.password parameters.

For more information about the API key, refer to the official Sensu documentation at https://docs.sensu.io/sensu-go/latest/guides/use-apikey-feature/.

type: str

ca_path (optional)

Path to the CA bundle that should be used to validate the backend certificate.

If this parameter is not set, module will use the CA bundle that python is using.

It is also possible to set this parameter via the SENSU_CA_PATH environment variable.

type: path

password (optional)

The Sensu user’s password. If this is not set the value of the SENSU_PASSWORD environment variable will be checked.

This parameter is ignored if the auth.api_key parameter is set.

type: str

default: P@ssw0rd!

url (optional)

Location of the Sensu backend API. If this is not set the value of the SENSU_URL environment variable will be checked.

type: str

default: http://localhost:8080

user (optional)

The username to use for connecting to the Sensu API. If this is not set the value of the SENSU_USER environment variable will be checked.

This parameter is ignored if the auth.api_key parameter is set.

type: str

default: admin

verify (optional)

Flag that controls the certificate validation.

If you are using self-signed certificates, you can set this parameter to false.

ONLY USE THIS PARAMETER IN DEVELOPMENT SCENARIOS! In you use self-signed certificates in production, see the auth.ca_path parameter.

It is also possible to set this parameter via the SENSU_VERIFY environment variable.

type: bool

default: True

groups_prefix (optional)

The prefix added to all AD groups.

type: str

name (required)

The Sensu resource’s name. This name (in combination with the namespace where applicable) uniquely identifies the resource that Ansible operates on.

If the resource with selected name already exists, Ansible module will update it to match the specification in the task.

Consult the name metadata attribute specification in the upstream docs on https://docs.sensu.io/sensu-go/latest/reference/ for more details about valid names and other restrictions.

type: str

servers (optional)

An array of AD servers for your directory.

type: list

binding (optional)

The AD account that performs user and group lookups.

If your sever supports anonymous binding, you can omit the user_dn or password attributes to query the directory without credentials.

type: dict

password (required)

Password for the user_dn account.

If your sever supports anonymous binding, you can omit this attribute.

type: str

user_dn (required)

The AD account that performs user and group lookups.

If your sever supports anonymous binding, you can omit this attribute.

type: str

client_cert_file (optional)

Path to the certificate that should be sent to the server if requested.

type: str

client_key_file (optional)

Path to the key file associated with the client_cert_file.

Required if client_cert_file is present.

type: str

default_upn_domain (optional)

Enables UPN authentication when set. The default UPN suffix that will be appended to the username when a domain is not specified during login (for example, user becomes user@defaultdomain.xyz).

type: str

group_search (optional)

Search configuration for groups.

type: dict

attribute (optional)

Used for comparing result entries.

type: str

default: member

base_dn (required)

Which part of the directory tree to search.

type: str

name_attribute (optional)

Represents the attribute to use as the entry name.

type: str

default: cn

object_class (optional)

Identifies the class of objects returned in the search result.

type: str

default: group

host (required)

AD server IP address.

type: str

include_nested_groups (optional)

If true, the group search includes any nested groups a user is a member of. If false, the group search includes only the top-level groups a user is a member of.

type: bool

insecure (optional)

Skips SSL certificate verification when set to true.

type: bool

port (optional)

AD server port.

type: int

security (optional)

Encryption type to be used for the connection to the AD server.

type: str

default: tls

choices: insecure, tls, starttls

trusted_ca_file (optional)

Path to an alternative CA bundle file.

type: str

user_search (optional)

Search configuration for users.

type: dict

attribute (optional)

Used for comparing result entries.

type: str

default: sAMAccountName

base_dn (required)

Which part of the directory tree to search.

type: str

name_attribute (optional)

Represents the attribute to use as the entry name.

type: str

default: displayName

object_class (optional)

Identifies the class of objects returned in the search result.

type: str

default: person

state (optional)

Target state of the Sensu object.

type: str

default: present

choices: present, absent

username_prefix (optional)

The prefix added to all AD usernames.

type: str

Return Values

object

Object representing Sensu AD authentication provider.

sample:

groups_prefix: AD
metadata:
  name: activedirectory
servers:
  binding:
    user_dn: cn=binder,dc=acme,dc=org
  client_cert_file: /path/to/ssl/cert.pem
  client_key_file: /path/to/ssl/key.pem
  default_upn_domain: example.org
  group_search:
    attribute: member
    base_dn: dc=acme,dc=org
    name_attribute': cn
    object_class: group
  host: 127.0.0.1
  insecure: 'False'
  port: '636'
  security: tls
  trusted_ca_file: /path/to/trusted-certificate-authorities.pem
  user_search:
    attribute: sAMAccountName
    base_dn: dc=acme,dc=org
    name_attribute: displayName
    object_class: person
username_prefix: AD