-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.yaml
136 lines (132 loc) · 4.03 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
---
cog_bundle_version: 4
name: pi
version: 0.2.7
docker:
image: pannet/pi-bundle
tag: 0.2.7
description: Manage privacyIDEA user resources and tokens
long_description: >
This bundle provides commands for viewing and manipulating users and token
in privacyIDEA.
Permissions are used to control which users are authorized to run each command.
Listing and searching for resources requires the pi:read permission.
Modifying the objects or other values of a resource requires the pi:write
Some delete and revoke commands require pi:admin permission.
permissions:
- pi:read
- pi:write
- pi:execute
- pi:admin
config:
notes: >
Make sure the privacyIDEA user set in the environment variables has the necessary rights.
env:
- var: pi_fqdn
description: privacyIDEA FQDN (missing http schema will default to https)
- var: pi_username
description: privacyIDEA username
- var: pi_password
description: privacyIDEA user's password
homepage: https://github.com/pan-net-security/pi-bundle
author: Diogenes Santos de Jesus <[email protected]>
commands:
token-list:
executable: /usr/bin/cog-command
description: List token for a given user
long_description: >
List tokens for a user
examples: |
* List tokens for a given user
!pi:token-list <user> [<user> ...]
rules:
- must have pi:read
token-reset:
executable: /usr/bin/cog-command
description: Reset failcounter for all tokens of a user
long_description: >
Reset failcounter for all tokens of a user
examples: |
* Reset failcounter for all tokens of a user
!pi:token-reset <user>
rules:
- must have pi:write
token-delete:
executable: /usr/bin/cog-command
description: Delete a token
long_description: >
Delete a token based on serial
examples: |
* Delete a token based on serial
!pi:token-delete <serial> [<serial> ...]
rules:
- must have pi:admin
templates:
token_list:
body: |
~each var=$results as=user~
~if cond=$user.result == true~
~if cond=length($user.tokens) == 0~
~attachment title=$user.name color="black"~
No token assigned for ~$user.name~
~end~
~end~
~if cond=length($user.tokens) > 0~
~each var=$user.tokens as=token~
~if cond=$token.failcount >= 10~
~attachment title=$user.name color="red"~
**Token Serial:** ~$token.serial~
**Token Type**: ~$token.tokentype~
**Fail Counter:** ~$token.failcount~/~$token.maxfail~
~end~
~end~
~if cond=$token.failcount < 10~
~attachment title=$user.name color="green"~
**Token Serial:** ~$token.serial~
**Token Type**: ~$token.tokentype~
**Fail Counter:** ~$token.failcount~/~$token.maxfail~
~end~
~end~
~end~
~end~
~end~
~if cond=$user.result == false~
~attachment title=$user.name color="black"~
The user was not found.
~end~
~end~
~end~
~attachment title=$task.name color="white" footer="Example.org"~
~end~
token_reset:
body: |
~each var=$results~
~if cond=$item.result == true~
~attachment color="green"~
Successfully reset failcounter for all tokens belonging to ~$item.name~
~end~
~end~
~if cond=$item.result == false~
~attachment color="red"~
Could not reset all tokens for ~$item.name~
~end~
~end~
~end~
~attachment title=$task.name color="white" footer="Pan-Net Infra Security"~
~end~
token_delete:
body: |
~each var=$results as=token~
~if cond=$token.result == 0~
~attachment title=$token.serial color="red"~
The token was not deleted (Are you sure it exists?).
~end~
~end~
~if cond=$token.result == 1~
~attachment title=$token.serial color="green"~
Token deleted successfully.
~end~
~end~
~end~
~attachment title=$task.name color="white" footer="Pan-Net Infra Security"~
~end~