summaryrefslogtreecommitdiff
path: root/lib/ansible/modules/cloud/amazon/iam_saml_federation.py
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ansible/modules/cloud/amazon/iam_saml_federation.py')
-rw-r--r--lib/ansible/modules/cloud/amazon/iam_saml_federation.py249
1 files changed, 0 insertions, 249 deletions
diff --git a/lib/ansible/modules/cloud/amazon/iam_saml_federation.py b/lib/ansible/modules/cloud/amazon/iam_saml_federation.py
deleted file mode 100644
index ee3c720afb..0000000000
--- a/lib/ansible/modules/cloud/amazon/iam_saml_federation.py
+++ /dev/null
@@ -1,249 +0,0 @@
-#!/usr/bin/python
-# -*- coding: utf-8 -*-
-# This file is part of Ansible
-#
-# Ansible is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
-
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
-
-ANSIBLE_METADATA = {'metadata_version': '1.1',
- 'status': ['preview'],
- 'supported_by': 'community'}
-
-DOCUMENTATION = '''
----
-module: iam_saml_federation
-version_added: "2.10"
-short_description: Maintain IAM SAML federation configuration.
-requirements:
- - boto3
-description:
- - Provides a mechanism to manage AWS IAM SAML Identity Federation providers (create/update/delete metadata).
-options:
- name:
- description:
- - The name of the provider to create.
- required: true
- type: str
- saml_metadata_document:
- description:
- - The XML document generated by an identity provider (IdP) that supports SAML 2.0.
- type: str
- state:
- description:
- - Whether to create or delete identity provider. If 'present' is specified it will attempt to update the identity provider matching the name field.
- default: present
- choices: [ "present", "absent" ]
- type: str
-extends_documentation_fragment:
- - aws
- - ec2
-author:
- - Tony (@axc450)
- - Aidan Rowe (@aidan-)
-'''
-
-EXAMPLES = '''
-# Note: These examples do not set authentication details, see the AWS Guide for details.
-# It is assumed that their matching environment variables are set.
-# Creates a new iam saml identity provider if not present
-- name: saml provider
- iam_saml_federation:
- name: example1
- # the > below opens an indented block, so no escaping/quoting is needed when in the indentation level under this key
- saml_metadata_document: >
- <?xml version="1.0"?>...
- <md:EntityDescriptor
-# Creates a new iam saml identity provider if not present
-- name: saml provider
- iam_saml_federation:
- name: example2
- saml_metadata_document: "{{ item }}"
- with_file: /path/to/idp/metdata.xml
-# Removes iam saml identity provider
-- name: remove saml provider
- iam_saml_federation:
- name: example3
- state: absent
-'''
-
-RETURN = '''
-saml_provider:
- description: Details of the SAML Identity Provider that was created/modified.
- type: complex
- returned: present
- contains:
- arn:
- description: The ARN of the identity provider.
- type: str
- returned: present
- sample: "arn:aws:iam::123456789012:saml-provider/my_saml_provider"
- metadata_document:
- description: The XML metadata document that includes information about an identity provider.
- type: str
- returned: present
- create_date:
- description: The date and time when the SAML provider was created in ISO 8601 date-time format.
- type: str
- returned: present
- sample: "2017-02-08T04:36:28+00:00"
- expire_date:
- description: The expiration date and time for the SAML provider in ISO 8601 date-time format.
- type: str
- returned: present
- sample: "2017-02-08T04:36:28+00:00"
-'''
-
-try:
- import botocore.exceptions
-except ImportError:
- pass
-
-from ansible.module_utils.aws.core import AnsibleAWSModule
-from ansible.module_utils.ec2 import AWSRetry
-
-
-class SAMLProviderManager:
- """Handles SAML Identity Provider configuration"""
-
- def __init__(self, module):
- self.module = module
-
- try:
- self.conn = module.client('iam')
- except botocore.exceptions.ClientError as e:
- self.module.fail_json_aws(e, msg="Unknown boto error")
-
- # use retry decorator for boto3 calls
- @AWSRetry.backoff(tries=3, delay=5)
- def _list_saml_providers(self):
- return self.conn.list_saml_providers()
-
- @AWSRetry.backoff(tries=3, delay=5)
- def _get_saml_provider(self, arn):
- return self.conn.get_saml_provider(SAMLProviderArn=arn)
-
- @AWSRetry.backoff(tries=3, delay=5)
- def _update_saml_provider(self, arn, metadata):
- return self.conn.update_saml_provider(SAMLProviderArn=arn, SAMLMetadataDocument=metadata)
-
- @AWSRetry.backoff(tries=3, delay=5)
- def _create_saml_provider(self, metadata, name):
- return self.conn.create_saml_provider(SAMLMetadataDocument=metadata, Name=name)
-
- @AWSRetry.backoff(tries=3, delay=5)
- def _delete_saml_provider(self, arn):
- return self.conn.delete_saml_provider(SAMLProviderArn=arn)
-
- def _get_provider_arn(self, name):
- providers = self._list_saml_providers()
- for p in providers['SAMLProviderList']:
- provider_name = p['Arn'].split('/', 1)[1]
- if name == provider_name:
- return p['Arn']
-
- return None
-
- def create_or_update_saml_provider(self, name, metadata):
- if not metadata:
- self.module.fail_json(msg="saml_metadata_document must be defined for present state")
-
- res = {'changed': False}
- try:
- arn = self._get_provider_arn(name)
- except (botocore.exceptions.ValidationError, botocore.exceptions.ClientError) as e:
- self.module.fail_json_aws(e, msg="Could not get the ARN of the identity provider '{0}'".format(name))
-
- if arn: # see if metadata needs updating
- try:
- resp = self._get_saml_provider(arn)
- except (botocore.exceptions.ValidationError, botocore.exceptions.ClientError) as e:
- self.module.fail_json_aws(e, msg="Could not retrieve the identity provider '{0}'".format(name))
-
- if metadata.strip() != resp['SAMLMetadataDocument'].strip():
- # provider needs updating
- res['changed'] = True
- if not self.module.check_mode:
- try:
- resp = self._update_saml_provider(arn, metadata)
- res['saml_provider'] = self._build_res(resp['SAMLProviderArn'])
- except botocore.exceptions.ClientError as e:
- self.module.fail_json_aws(e, msg="Could not update the identity provider '{0}'".format(name))
-
- else: # create
- res['changed'] = True
- if not self.module.check_mode:
- try:
- resp = self._create_saml_provider(metadata, name)
- res['saml_provider'] = self._build_res(resp['SAMLProviderArn'])
- except botocore.exceptions.ClientError as e:
- self.module.fail_json_aws(e, msg="Could not create the identity provider '{0}'".format(name))
-
- self.module.exit_json(**res)
-
- def delete_saml_provider(self, name):
- res = {'changed': False}
- try:
- arn = self._get_provider_arn(name)
- except (botocore.exceptions.ValidationError, botocore.exceptions.ClientError) as e:
- self.module.fail_json_aws(e, msg="Could not get the ARN of the identity provider '{0}'".format(name))
-
- if arn: # delete
- res['changed'] = True
- if not self.module.check_mode:
- try:
- self._delete_saml_provider(arn)
- except botocore.exceptions.ClientError as e:
- self.module.fail_json_aws(e, msg="Could not delete the identity provider '{0}'".format(name))
-
- self.module.exit_json(**res)
-
- def _build_res(self, arn):
- saml_provider = self._get_saml_provider(arn)
- return {
- "arn": arn,
- "metadata_document": saml_provider["SAMLMetadataDocument"],
- "create_date": saml_provider["CreateDate"].isoformat(),
- "expire_date": saml_provider["ValidUntil"].isoformat()
- }
-
-
-def main():
- argument_spec = dict(
- name=dict(required=True),
- saml_metadata_document=dict(default=None, required=False),
- state=dict(default='present', required=False, choices=['present', 'absent']),
- )
-
- module = AnsibleAWSModule(
- argument_spec=argument_spec,
- supports_check_mode=True,
- required_if=[('state', 'present', ['saml_metadata_document'])]
- )
-
- name = module.params['name']
- state = module.params.get('state')
- saml_metadata_document = module.params.get('saml_metadata_document')
-
- sp_man = SAMLProviderManager(module)
-
- if state == 'present':
- sp_man.create_or_update_saml_provider(name, saml_metadata_document)
- elif state == 'absent':
- sp_man.delete_saml_provider(name)
-
-
-if __name__ == '__main__':
- main()
View Lorry Controller Status