ansible_collections/openstack/cloud/plugins/modules/federation_idp.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

#!/usr/bin/python
# -*- coding: utf-8 -*-

# Copyright: Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

DOCUMENTATION = r'''
module: federation_idp
short_description: Manage an identity provider in a OpenStack cloud
author: OpenStack Ansible SIG
description:
  - Create, update or delete an identity provider of the OpenStack
    identity (Keystone) service.
options:
  description:
    description:
      - The description of the identity provider.
    type: str
  domain_id:
    description:
      - The ID of a domain that is associated with the identity provider.
      - Federated users that authenticate with the identity provider will be
        created under the domain specified.
      - Required when creating a new identity provider.
    type: str
  id:
    description:
      - The ID (and name) of the identity provider.
    type: str
    required: true
    aliases: ['name']
  is_enabled:
    description:
      - Whether the identity provider is enabled or not.
      - Will default to C(false) when creating a new identity provider.
    type: bool
    aliases: ['enabled']
  remote_ids:
    description:
      - "List of the unique identity provider's remote IDs."
      - Will default to an empty list when creating a new identity provider.
    type: list
    elements: str
  state:
    description:
      - Whether the identity provider should be C(present) or C(absent).
    choices: ['present', 'absent']
    default: present
    type: str
extends_documentation_fragment:
  - openstack.cloud.openstack
'''

EXAMPLES = r'''
- name: Create an identity provider
  openstack.cloud.federation_idp:
    cloud: example_cloud
    name: example_provider
    domain_id: 0123456789abcdef0123456789abcdef
    description: 'My example IDP'
    remote_ids:
      - 'https://auth.example.com/auth/realms/ExampleRealm'

- name: Delete an identity provider
  openstack.cloud.federation_idp:
    cloud: example_cloud
    name: example_provider
    state: absent
'''

RETURN = r'''
identity_provider:
  description: Dictionary describing the identity providers
  returned: On success when I(state) is C(present).
  type: dict
  contains:
    description:
      description: Identity provider description
      type: str
      sample: "demodescription"
    domain_id:
      description: Domain to which the identity provider belongs
      type: str
      sample: "default"
    id:
      description: Identity provider ID
      type: str
      sample: "test-idp"
    is_enabled:
      description: Indicates whether the identity provider is enabled
      type: bool
    name:
      description: Name of the identity provider, equals its ID.
      type: str
      sample: "test-idp"
    remote_ids:
      description: Remote IDs associated with the identity provider
      type: list
'''

from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule
from ansible_collections.openstack.cloud.plugins.module_utils.resource import StateMachine


class IdentityProviderModule(OpenStackModule):
    argument_spec = dict(
        description=dict(),
        domain_id=dict(),
        id=dict(required=True, aliases=['name']),
        is_enabled=dict(type='bool', aliases=['enabled']),
        remote_ids=dict(type='list', elements='str'),
        state=dict(default='present', choices=['absent', 'present']),
    )
    module_kwargs = dict(
        supports_check_mode=True,
    )

    def run(self):
        sm = StateMachine(connection=self.conn,
                          service_name='identity',
                          type_name='identity_provider',
                          sdk=self.sdk)

        kwargs = dict((k, self.params[k])
                      for k in ['state', 'timeout']
                      if self.params[k] is not None)

        kwargs['attributes'] = \
            dict((k, self.params[k])
                 for k in ['description', 'domain_id', 'id', 'is_enabled',
                           'remote_ids']
                 if self.params[k] is not None)

        identity_provider, is_changed = \
            sm(check_mode=self.ansible.check_mode,
               updateable_attributes=None,
               non_updateable_attributes=['domain_id'],
               wait=False,
               **kwargs)

        if identity_provider is None:
            self.exit_json(changed=is_changed)
        else:
            self.exit_json(
                changed=is_changed,
                identity_provider=identity_provider.to_dict(computed=False))


def main():
    module = IdentityProviderModule()
    module()


if __name__ == '__main__':
    main()