I have my vcenter username "Administrator#vsphere.local" and password as "Test#2100$1", if I create variable as below:
vars:
- username: 'vsphere.local\Administrator'
vars_prompt:
- name: password
prompt: Enter Vcenter password to authenticate fence user
It authenticates with wrong username and password, when checked in the configuration it shows:
username = vsphere.localAdministrator {without the slash}
password = Test#2100 {without the $1 characters in the password text}.
Kindly suggest me how to key in the AD domain username "vsphere.local\Administrator" and password with special character as ansible variable.
so a simple test to check the value off user/password:
i have added private: no to see the password typed
- name: test
hosts: localhost
vars:
username: vsphere.local\Administrator
vars_prompt:
- name: password
prompt: Enter Vcenter password to authenticate fence user
private: no
tasks:
- debug:
msg: password for {{ username }} is {{ password}}
result:
ok: [localhost] =>
msg: password for vsphere.local\Administrator is Test#2100$1
Related
Requirement:
Below code is having 2 functions. 1st verify the username and password of user and if it is true it trigger OTP in SMS(Default behavior of AWS as 2 factor authentication is enabled). But we do not want OTP in SMS. We want OTP in Email with custom template, so implemented 2nd function with AuthFlow: 'CUSTOM_AUTH'(and 2nd method works as expected).
We do not want OTP to be triggered in SMS(But also can not disable 2 factor auth because it is used in other use cases). Also, only need solution using aws-sdk. There are ways using amplify and other library but it is not useful in case of App client secret is there.
//verify username,password and send code in sms
response0 = await cognitoIdentityServiceProvider.adminInitiateAuth({
AuthFlow: 'ADMIN_NO_SRP_AUTH',
ClientId: tenant.cognitoClientId,
UserPoolId: tenant.cognitoUserPool,
AuthParameters: {
SECRET_HASH: crypto.createHmac('SHA256', tenant.cognitoClientSecret).update(username + tenant.cognitoClientId).digest('base64'),
USERNAME: username,
PASSWORD: password
}
}).promise();
// send code to email using custom auth flow
response1 = await cognitoIdentityServiceProvider.adminInitiateAuth({
AuthFlow: 'CUSTOM_AUTH',
ClientId: tenant.cognitoClientId,
UserPoolId: tenant.cognitoUserPool,
AuthParameters: {
SECRET_HASH: crypto.createHmac('SHA256', tenant.cognitoClientSecret).update(username + tenant.cognitoClientId).digest('base64'),
USERNAME: username,
PASSWORD: tenantId + secrets.PASSWORD_SECRET
}
}).promise();
Need solution where we can check username password using AuthFlow: 'CUSTOM_AUTH'(Can change lambda triggers) or any other way where OTP should not be triggered and able to check username and password correctly.
I have a simple Ansible playbook to
Fetch a database connection config from an RestAPI,
Extract the config object from the payload,
Using the config JSON (as request body) to create a PUT request to another RestAPI.
At the 3rd stage I found that the database username and password combination is wrong. Later, while I print the outputs, I have found that the password has been replaced with a string named "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER".
After some googling, I found that this is a security feature by Ansible. Unfortunately, I haven't found any configuration or something like this to disable this feature. Is it possible to disable this feature? Or any other workaround?
---
- name: my-playbook
gather_facts: no
hosts: all
vars_files:
- secret
tasks:
- name: Fetch the config payload from the API
uri:
url: "{{get_config}}"
method: GET
user: "{{username}}"
password: "{{password}}"
validate_certs: no
return_content: yes
status_code: 200
body_format: json
register: config
- name: Extract the config object
set_fact:
config_raw: "{{ config.json | json_query(jmesquery) }}"
vars:
jmesquery: '{{name}}.config'
- name: print the config
debug:
msg: "{{config_raw}}"
- name: Creating object using config
uri:
url: "{{create_ocject}}"
method: PUT
user: "{{username}}"
password: "{{password}}"
validate_certs: no
body: "{{config_raw}}"
body_format: json
return_content: yes
status_code: 200
headers:
Content-Type: "application/json"
register: test_res
- name: output value
debug:
msg: "{{test_res.json}}"
In the following Ansible Playbook, I am trying to create a user's password using predefined variables from defaults/main.yml which in return calls password from vars/passwords.yml. this file will be vaulted later.
vars/passwords
---
passwords:
foobar:
password: pass1234
defaults/main.yml
users:
- username: foobar
group: barfoo
password: "{{passwords.foobar}}"
tasks/main.yml
- include_vars: passwords.yml
- name: Create user
user:
name: "{{item.username}}"
group: "{{item.group}}"
password: "{{item.password | password_hash('sha512') }}"
When I run this playbook, I get the following error:
ERROR:
{
"msg": "[{u'username': u'foobar',
u'group': u'barfoo',
u'password': u'{{passwords.username}}'}]: 'list object' has no attribute 'username'"
}
Any idea how can I achieve assigning a variable by referencing another one.
the first file you provided, has passwords as a list variable, while in your defaults/main.yml file you are expecting a dictionary variable (passwords.foobar).
please change 1st file contents to:
---
passwords:
foobar: pass1234
cant comment about the rest, it looks to me that the tasks/main.yml is missing a line, probably a line including with_items statement. I dont imply its a problem in your code, you just probably didn't paste all your code to this question.
With the current variables files (defaults and vars), the solution for me was to call the password for user bar using the username as a key. I currently have:
- include_vars: passwords.yml
- name: Create user
user:
name: "{{item.username}}"
group: "{{item.group}}"
password: "{{item.password | password_hash('sha512') }}"
the new defaults/main.yml will not have a password key/value:
users:
- username: foobar
group: barfoo
Now with vars/passwords.yml :
---
passwords:
foobar:
password: pass1234
I can edit my change my task to:
- include_vars: passwords.yml
- name: Create user
user:
name: "{{item.username}}"
group: "{{item.group}}"
password: "{{passwords[item.username].password | password_hash('sha512') }}"
This solved my problem, and allows me to vault passwords.yml.
Please let me know if you have any improvements or suggestions.
I have a password that contains "]" so rebol doesn't accept mysql://user:password
How to concatenate a string with mysql:// ?
You can use the block form to open the port:
my-database: open [
scheme: 'mysql
host: "localhost"
user: "user"
pass: "pass"
path: "/dbpath"
]
You can examine output from the DECODE-URL function to see how Rebol turns a URL into a port specification:
probe decode-url foo://bar:baz#foobar.qux:999/quux
I have a meteor app that seems to force a logout after 24 hours.
Our app (in beta) is using a "guest login" process where we create accounts on the fly, so i want to actually have an indefinite token lifetime.
Is there a way to extend the lifetime of these tokens?
Error logging in with token: Error: You've been logged out by the server. Please log in again. [403]
update failed: Access denied
Our guest login looks something like this:
postCreateUser = (username, password) ->
dclib.clog("login", "created", username)
Meteor.loginWithPassword username, password, ->
# FIXME? could this be in onCreateUser server side?
Meteor.call "createPersonalRoomIfNone"
if Meteor.isClient
Meteor.startup ->
unless Meteor.userId()
Meteor.call "getLastUserIndex", (err,index)->
if err
throw err
console.log("creating guest user", index)
username = "Guest #{index}"
password = Random.id()
Accounts.createUser
username: username
email: ""
password: password
role: "guest"
, -> postCreateUser(username, password)
this does it i hope!
# prevent users getting logged out
# http://devdocs.io/meteor/index#accounts_config
Accounts.config ({loginExpirationInDays: null})