Try SpotterManage Azure AuthorizationServer instance.
| "added in version" 2.9 of azure.rm"
Authors: Zim Kalinowski (@zikalino)
preview | supported by community
Install with ansible-galaxy collection install azure.rm:==0.0.6
collections:
- name: azure.rm
version: 0.0.6Create, update and delete instance of Azure AuthorizationServer.
- name: ApiManagementCreateAuthorizationServer
azure.rm.apimanagementauthorizationserver:
resource_group: myResourceGroup
service_name: myService
authsid: myAuthorizationServer
description: test server
authorization_methods:
- GET
token_endpoint: 'https://www.contoso.com/oauth2/token'
support_state: true
default_scope: read write
bearer_token_sending_methods:
- authorizationHeader
client_secret: '2'
resource_owner_username: un
resource_owner_password: pwd
display_name: test2
client_registration_endpoint: 'https://www.contoso.com/apps'
authorization_endpoint: 'https://www.contoso.com/oauth2/auth'
grant_types:
- authorizationCode
- implicit
client_id: '1'
- name: ApiManagementUpdateAuthorizationServer
azure.rm.apimanagementauthorizationserver:
resource_group: myResourceGroup
service_name: myService
authsid: myAuthorizationServer
client_secret: updated
client_id: update
- name: ApiManagementDeleteAuthorizationServer
azure.rm.apimanagementauthorizationserver:
resource_group: myResourceGroup
service_name: myService
authsid: myAuthorizationServer
state: absent
id:
description:
- Resource ID.
type: str
name:
description:
- Resource name.
type: str
type:
description:
- Resource type for API Management resource.
type: str
state:
choices:
- absent
- present
default: present
description:
- Assert the state of the AuthorizationServer.
- Use C(present) to create or update an AuthorizationServer and C(absent) to delete
it.
secret:
description:
- Azure client secret. Use when authenticating with a Service Principal.
type: str
tenant:
description:
- Azure tenant ID. Use when authenticating with a Service Principal.
type: str
ad_user:
description:
- Active Directory username. Use when authenticating with an Active Directory user
rather than service principal.
type: str
authsid:
description:
- Identifier of the authorization server.
required: true
type: str
profile:
description:
- Security profile found in ~/.azure/credentials file.
type: str
log_mode:
description:
- Parent argument.
type: str
log_path:
description:
- Parent argument.
type: str
password:
description:
- Active Directory user password. Use when authenticating with an Active Directory
user rather than service principal.
type: str
client_id:
description:
- Client or app id registered with this authorization server.
required: true
type: str
api_profile:
default: latest
description:
- Selects an API profile to use when communicating with Azure services. Default value
of C(latest) is appropriate for public clouds; future values will allow use with
Azure Stack.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
auth_source:
choices:
- auto
- cli
- credential_file
- env
- msi
default: auto
description:
- Controls the source of the credentials to use for authentication.
- Can also be set via the C(ANSIBLE_AZURE_AUTH_SOURCE) environment variable.
- When set to C(auto) (the default) the precedence is module parameters -> C(env)
-> C(credential_file) -> C(cli).
- When set to C(env), the credentials will be read from the environment variables
- When set to C(credential_file), it will read the profile from C(~/.azure/credentials).
- When set to C(cli), the credentials will be sources from the Azure CLI profile.
C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID) can be used
to identify the subscription ID if more than one is present otherwise the default
az cli subscription is used.
- When set to C(msi), the host machine must be an azure resource with an enabled MSI
extension. C(subscription_id) or the environment variable C(AZURE_SUBSCRIPTION_ID)
can be used to identify the subscription ID if the resource is granted access to
more than one subscription, otherwise the first subscription is chosen.
- The C(msi) was added in Ansible 2.6.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
description:
description:
- Description of the authorization server. Can contain HTML formatting tags.
type: str
grant_types:
description:
- Form of an authorization grant, which the client uses to request the access token.
required: true
type: list
display_name:
description:
- User-friendly authorization server name.
required: true
type: str
service_name:
description:
- The name of the API Management service.
required: true
type: str
client_secret:
description:
- Client or app secret registered with this authorization server.
type: str
default_scope:
description:
- Access token scope that is going to be requested by default. Can be overridden at
the API level. Should be provided in the form of a string containing space-delimited
values.
type: str
support_state:
description:
- If true, authorization server will include state parameter from the authorization
request to its response. Client may use state parameter to raise protocol security.
type: bool
resource_group:
description:
- The name of the resource group.
required: true
type: str
token_endpoint:
description:
- OAuth token endpoint. Contains absolute URI to entity being referenced.
type: str
subscription_id:
description:
- Your Azure subscription Id.
type: str
cloud_environment:
default: AzureCloud
description:
- For cloud environments other than the US public cloud, the environment name (as
defined by Azure Python SDK, eg, C(AzureChinaCloud), C(AzureUSGovernment)), or a
metadata discovery endpoint URL (required for Azure Stack). Can also be set via
credential file profile or the C(AZURE_CLOUD_ENVIRONMENT) environment variable.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
adfs_authority_url:
description:
- Azure AD authority url. Use when authenticating with Username/password, and has
your own ADFS authority.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
cert_validation_mode:
choices:
- ignore
- validate
description:
- Controls the certificate validation behavior for Azure endpoints. By default, all
modules will validate the server certificate, but when an HTTPS proxy is in use,
or against Azure Stack, it may be necessary to disable this behavior by passing
C(ignore). Can also be set via credential file profile or the C(AZURE_CERT_VALIDATION)
environment variable.
type: str
version_added: 0.0.1
version_added_collection: azure.azcollection
authorization_methods:
description:
- HTTP verbs supported by the authorization endpoint. GET must be always present.
POST is optional.
type: list
token_body_parameters:
description:
- 'Additional parameters required by the token endpoint of this authorization server
represented as an array of JSON objects with name and value string properties, i.e.
{"name" : "name value", "value": "a value"}.'
suboptions:
name:
description:
- body parameter name.
required: true
type: str
value:
description:
- body parameter value.
required: true
type: str
type: list
authorization_endpoint:
description:
- OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.
required: true
type: str
resource_owner_password:
description:
- Can be optionally specified when resource owner password grant type is supported
by this authorization server. Default resource owner password.
type: str
resource_owner_username:
description:
- Can be optionally specified when resource owner password grant type is supported
by this authorization server. Default resource owner username.
type: str
bearer_token_sending_methods:
description:
- 'Specifies the mechanism by which access token is passed to the API. '
type: list
client_authentication_method:
description:
- Method of authentication supported by the token endpoint of this authorization server.
Possible values are Basic and/or Body. When Body is specified, client credentials
and other parameters are passed within the request body in the application/x-www-form-urlencoded
format.
type: list
client_registration_endpoint:
description:
- Optional reference to a page where client or app registration for this authorization
server is performed. Contains absolute URL to entity being referenced.
required: true
type: str
id:
description:
- Resource ID.
returned: always
sample: null
type: str
name:
description:
- Resource name.
returned: always
sample: null
type: str
properties:
contains:
authorization_endpoint:
description:
- OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.
returned: always
sample: null
type: str
authorization_methods:
description:
- HTTP verbs supported by the authorization endpoint. GET must be always present.
POST is optional.
returned: always
sample: null
type: str
bearer_token_sending_methods:
description:
- 'Specifies the mechanism by which access token is passed to the API. '
returned: always
sample: null
type: str
client_authentication_method:
description:
- Method of authentication supported by the token endpoint of this authorization
server. Possible values are Basic and/or Body. When Body is specified, client
credentials and other parameters are passed within the request body in the
application/x-www-form-urlencoded format.
returned: always
sample: null
type: str
client_id:
description:
- Client or app id registered with this authorization server.
returned: always
sample: null
type: str
client_registration_endpoint:
description:
- Optional reference to a page where client or app registration for this authorization
server is performed. Contains absolute URL to entity being referenced.
returned: always
sample: null
type: str
client_secret:
description:
- Client or app secret registered with this authorization server.
returned: always
sample: null
type: str
default_scope:
description:
- Access token scope that is going to be requested by default. Can be overridden
at the API level. Should be provided in the form of a string containing space-delimited
values.
returned: always
sample: null
type: str
description:
description:
- Description of the authorization server. Can contain HTML formatting tags.
returned: always
sample: null
type: str
display_name:
description:
- User-friendly authorization server name.
returned: always
sample: null
type: str
grant_types:
description:
- Form of an authorization grant, which the client uses to request the access
token.
returned: always
sample: null
type: str
resource_owner_password:
description:
- Can be optionally specified when resource owner password grant type is supported
by this authorization server. Default resource owner password.
returned: always
sample: null
type: str
resource_owner_username:
description:
- Can be optionally specified when resource owner password grant type is supported
by this authorization server. Default resource owner username.
returned: always
sample: null
type: str
support_state:
description:
- If true, authorization server will include state parameter from the authorization
request to its response. Client may use state parameter to raise protocol
security.
returned: always
sample: null
type: bool
token_body_parameters:
contains:
name:
description:
- body parameter name.
returned: always
sample: null
type: str
value:
description:
- body parameter value.
returned: always
sample: null
type: str
description:
- 'Additional parameters required by the token endpoint of this authorization
server represented as an array of JSON objects with name and value string
properties, i.e. {"name" : "name value", "value": "a value"}.'
returned: always
sample: null
type: dict
token_endpoint:
description:
- OAuth token endpoint. Contains absolute URI to entity being referenced.
returned: always
sample: null
type: str
description:
- Properties of the External OAuth authorization server Contract.
returned: always
sample: null
type: dict
type:
description:
- Resource type for API Management resource.
returned: always
sample: null
type: str