cisco.asa icon indicating copy to clipboard operation
cisco.asa copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

Support for login method of privilege escalation

Open robertegithub opened this issue 3 years ago • 0 comments

SUMMARY

Provide a parameter that will enable use of the "login" feature of ASA for privilege escalation.

ISSUE TYPE
  • Feature Idea
COMPONENT NAME

Applicable to all modules where privilege escalation is used

ADDITIONAL INFORMATION

The "become_method" for ASA seems to be limited to "enable". If a certain aaa command is not configured, this requires a different password than the user who logged in initially, and does not retain the user when escalating privilege. Adding a "login" method would require just one more prompt interaction. Instead of:

some-cisco-asa-fw> enable
Password: *********
some-cisco-asa-fw#

It would be:

some-cisco-asa-fw> login
Username: auser
Password: *********
some-cisco-asa-fw#

With the username and password being the original ansible_user and the password being the original ansible_ssh_pass, and no need for an ansible_become_pass

- name: run some asa commands
  cisco.asa.asa_command:
    commands:
      -  show run aaa
  cisco_login: true

robertegithub avatar Apr 15 '21 22:04 robertegithub