freeipa.ansible_freeipa.ipaidp (1.12.1) — module

Install collection

Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.12.1

Add to requirements.yml

  collections:
    - name: freeipa.ansible_freeipa
      version: 1.12.1

Description

Manage FreeIPA idp

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Ensure keycloak idp my-keycloak-idp is present
- freeipa.ansible_freeipa.ipaidp:
    ipaadmin_password: SomeADMINpassword
    name: my-keycloak-idp
    provider: keycloak
    organization: main
    base_url: keycloak.idm.example.com:8443/auth
    client_id: my-client-id

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Ensure google idp my-google-idp is present
- freeipa.ansible_freeipa.ipaidp:
    ipaadmin_password: SomeADMINpassword
    name: my-google-idp
    auth_uri: https://accounts.google.com/o/oauth2/auth
    dev_auth_uri: https://oauth2.googleapis.com/device/code
    token_uri: https://oauth2.googleapis.com/token
    userinfo_uri: https://openidconnect.googleapis.com/v1/userinfo
    client_id: my-client-id
    scope: "openid email"
    idp_user_id: email

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Ensure google idp my-google-idp is present without using provider
- freeipa.ansible_freeipa.ipaidp:
    ipaadmin_password: SomeADMINpassword
    name: my-google-idp
    provider: google
    client_id: my-google-client-id

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Ensure keycloak idp my-keycloak-idp is absent
- freeipa.ansible_freeipa.ipaidp:
    ipaadmin_password: SomeADMINpassword
    name: my-keycloak-idp
    delete_continue: true
    state: absent

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Ensure idps my-keycloak-idp, my-github-idp and my-google-idp are absent
- freeipa.ansible_freeipa.ipaidp:
    ipaadmin_password: SomeADMINpassword
    name:
    - my-keycloak-idp
    - my-github-idp
    - my-google-idp
    delete_continue: true
    state: absent

Inputs

    
name:
    aliases:
    - cn
    description: The list of idp name strings.
    elements: str
    required: true
    type: list

scope:
    aliases:
    - ipaidpscope
    description: OAuth 2.0 scope. Multiple scopes separated by space
    required: false
    type: str

state:
    choices:
    - present
    - absent
    - renamed
    default: present
    description: The state to ensure.
    type: str

rename:
    aliases:
    - new_name
    description: 'New name the Identity Provider server object. Only with state: renamed.

      '
    required: false
    type: str

secret:
    aliases:
    - ipaidpclientsecret
    description: OAuth 2.0 client secret
    no_log: true
    required: false
    type: str

auth_uri:
    aliases:
    - ipaidpauthendpoint
    description: OAuth 2.0 authorization endpoint
    required: false
    type: str

base_url:
    aliases:
    - ipaidpbaseurl
    description: Base URL for IdP provider templates
    required: false
    type: str

keys_uri:
    aliases:
    - ipaidpkeysendpoint
    description: JWKS endpoint
    required: false
    type: str

provider:
    aliases:
    - ipaidpprovider
    choices:
    - google
    - github
    - microsoft
    - okta
    - keycloak
    description: 'Pre-defined template string. This provides the provider defaults, which

      can be overridden with the other IdP options.

      '
    required: false
    type: str

client_id:
    aliases:
    - ipaidpclientid
    description: OAuth 2.0 client identifier
    required: false
    type: str

token_uri:
    aliases:
    - ipaidptokenendpoint
    description: Token endpoint
    required: false
    type: str

issuer_url:
    aliases:
    - ipaidpissuerurl
    description: The Identity Provider OIDC URL
    required: false
    type: str

idp_user_id:
    aliases:
    - ipaidpsub
    description: Attribute for user identity in OAuth 2.0 userinfo
    required: false
    type: str

dev_auth_uri:
    aliases:
    - ipaidpdevauthendpoint
    description: Device authorization endpoint
    required: false
    type: str

organization:
    aliases:
    - ipaidporg
    description: Organization ID or Realm name for IdP provider templates
    required: false
    type: str

userinfo_uri:
    aliases:
    - ipaidpuserinfoendpoint
    description: User information endpoint
    required: false
    type: str

ipaapi_context:
    choices:
    - server
    - client
    description: 'The context in which the module will execute. Executing in a

      server context is preferred. If not provided context will be

      determined by the execution environment.

      '
    required: false
    type: str

delete_continue:
    aliases:
    - continue
    description: Continuous mode. Don't stop on errors. Valid only if `state` is `absent`.
    required: false
    type: bool

ipaadmin_password:
    description: The admin password.
    required: false
    type: str

ipaapi_ldap_cache:
    default: true
    description: Use LDAP cache for IPA connection.
    type: bool

ipaadmin_principal:
    default: admin
    description: The admin principal.
    type: str