cloudera.cloud.account_auth module – Gather and set authentication details for a CDP Account

Note

This module is part of the cloudera.cloud collection (version 2.5.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cloudera.cloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cloudera.cloud.account_auth.

Synopsis

  • Gather and set information for a CDP account.

  • The module supports check_mode.

Requirements

The below requirements are needed on the host that executes this module.

  • cdpy

Parameters

Parameter

Comments

cdp_region

aliases: cdp_endpoint_region, endpoint_region

string

Specify the Cloudera Data Platform endpoint region.

Default: "default"

debug

aliases: debug_endpoints

boolean

Capture the CDP SDK debug log.

Choices:

  • false ← (default)

  • true

enable_sso

aliases: sso, enable_cloudera_sso

boolean

Flag to enable or disable interactive login using the Cloudera SSO for the account.

When disabled, only users who are designated account administrators will be able to use Cloudera SSO to login interactively to the account.

All other users will only be able to login interactively using other SAML providers defined for the account.

Choices:

  • false

  • true

password_lifetime

aliases: workload_password_lifetime

integer

The maximum lifetime of workload passwords for the account, in days.

If set to 0, passwords never expire.

Changes to the workload password lifetime only affect passwords that are set after the policy has been updated.

profile

string

If provided, the CDP SDK will use this value as its profile.

verify_endpoint_tls

aliases: endpoint_tls

boolean

Verify the TLS certificates for the CDP endpoint.

Choices:

  • false

  • true ← (default)

Examples

# Note: These examples do not set authentication details.

# Disable Cloudera SSO login for all non-admin users
- cloudera.cloud.account_auth:
    disable_sso: yes

# Set the password expiration to 7 days
- cloudera.cloud.account_auth:
    password_lifetime: 7

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

account

dictionary

Returns the authentication settings for the CDP Account

Returned: always

clouderaSSOLoginEnabled

boolean

Flag indicating whether interactive login using Cloudera SSO is enabled.

Returned: always

workloadPasswordPolicy

dictionary

Information about the workload password policy for an account.

Returned: always

maxPasswordLifetimeDays

integer

The max lifetime, in days, of the password. If ‘0’, passwords never expire.

Returned: always

sdk_out

string

Returns the captured CDP SDK log.

Returned: when supported

sdk_out_lines

list / elements=string

Returns a list of each line of the captured CDP SDK log.

Returned: when supported

Authors

  • Webster Mudge (@wmudge)

  • Dan Chaffelson (@chaffelson)