Resource Type: panos_admin

Defined in:: lib/puppet/type/panos_admin.rb

Overview

This type provides Puppet with the capabilities to manage “administrator” user accounts on Palo Alto devices.

Properties

authentication_profile

Provide an authentication profile. You can use this setting for RADIUS, TACACS+, LDAP, Kerberos, or local database authentication.
client_certificate_only

Enable this option to use client certificate authentication for web access. If you select this option, a username and password are not required; the certificate is sufficient to authenticate access to the firewall.
ensure (defaults to: present)

Whether this resource should be present or absent on the target system.
password_hash

Provide a password hash.
role
Specify the access level for the administrator.
- superuser: Has full access to the firewall and can define new administrator accounts and virtual systems. You must have superuser privileges to create an administrative user with superuser privileges.
- superreader: Has read-only access to the firewall.
- deviceadmin: Has full access to all firewall settings except for defining new accounts or virtual systems.
- devicereader: Has read-only access to all firewall settings except password profiles (no access) and administrator accounts (only the logged in account is visible).
role_profile
Specify the role profile for the user The following built in roles are available:
- auditadmin: The Audit Administrator is responsible for the regular review of the firewall’s audit data.
- cryptoadmin: The Cryptographic Administrator is responsible for the configuration and maintenance of cryptographic elements related to the establishment of secure connections to the firewall.
- securityadmin: The Security Administrator is responsible for all other administrative tasks (e.g. creating the firewall’s security policy) not addressed by the other two administrative roles.
ssh_key

Provide the users public key in plain text

Parameters

name (namevar)

The username.