/ home / netapp / netapp.storagegrid / 21.12.0 / module / na_sg_grid_identity_federation

netapp.storagegrid.na_sg_grid_identity_federation (21.12.0) — module

NetApp StorageGRID manage Grid identity federation.

| "added in version" 21.6.0 of netapp.storagegrid"

Authors: NetApp Ansible Team (@joshedmonds) <ng-ansibleteam@netapp.com>

Install collection

Install with ansible-galaxy collection install netapp.storagegrid:==21.12.0

Add to requirements.yml

  collections:
    - name: netapp.storagegrid
      version: 21.12.0

Description

Configure Grid Identity Federation within NetApp StorageGRID.

If module is run with I(check_mode), a connectivity test will be performed using the supplied values without changing the configuration.

This module is idempotent if I(password) is not specified.

Usage examples

Scanned by Steampunk Spotter

  - name: test identity federation configuration
    netapp.storagegrid.na_sg_grid_identity_federation:
      api_url: "https://<storagegrid-endpoint-url>"
      auth_token: "storagegrid-auth-token"
      validate_certs: false
      state: present
      ldap_service_type: "Active Directory"
      hostname: "ad.example.com"
      port: 389
      username: "binduser"
      password: "bindpass"
      base_group_dn: "DC=example,DC=com"
      base_user_dn: "DC=example,DC=com"
      tls: "Disabled"
    check_mode: yes

Scanned by Steampunk Spotter

  - name: configure identity federation with AD and TLS
    netapp.storagegrid.na_sg_grid_identity_federation:
      api_url: "https://<storagegrid-endpoint-url>"
      auth_token: "storagegrid-auth-token"
      validate_certs: false
      state: present
      ldap_service_type: "Active Directory"
      hostname: "ad.example.com"
      port: 636
      username: "binduser"
      password: "bindpass"
      base_group_dn: "DC=example,DC=com"
      base_user_dn: "DC=example,DC=com"
      tls: "LDAPS"
      ca_cert: |
          -----BEGIN CERTIFICATE-----
          MIIC+jCCAeICCQDmn9Gow08LTzANBgkqhkiG9w0BAQsFADA/..swCQYDVQQGEwJV
          bXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB..JFzNIXQEGnsgjV
          JGU4giuvOLOZ8Q3gyuUbkSUQDjmjpMR8PliwJ6iW2Ity89Dv..dl1TaIYI/ansyZ
          Uxk4YXeN6kUkrDtNxCg1McALzXVAfxMTtj2SFlLxne4Z6rX2..UyftQrfM13F1vY
          gK8dBPz+l+X/Uozo/xNm7gxe68p9le9/pcULst1CQn5/sPqq..kgWcSvlKUItu82
          lq3B2169rovdIaNdcvaQjMPhrDGo5rvLfMN35U3Hgbz41PL5..x2BcUE6/0ab5T4
          qKBxKa3t9twj+zpUqOzyL0PFfCE+SK5fEXAS1ow4eAcLN+eB..gR/PuvGAyIPCtE
          1+X4GrECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAFpO+04Ra..FMJPH6dBmzfb7l
          k04BWTvSlur6HiQdXY+oFQMJZzyI7MQ8v9HBIzS0ZAzYWLp4..VZhHmRxnrWyxVs
          u783V5YfQH2L4QnBDoiDefgxyfDs2PcoF5C+X9CGXmPqzst2..y/6tdOVJzdiA==
          -----END CERTIFICATE-----

Inputs

    
tls:
    choices:
    - STARTTLS
    - LDAPS
    - Disabled
    default: STARTTLS
    description:
    - Whether Transport Layer Security is used to connect to the LDAP server.
    type: str

port:
    description:
    - The port used to connect to the LDAP server. Typically 389 for LDAP, or 636 for
      LDAPS.
    type: int

type:
    default: ldap
    description:
    - The type of identity source.
    - Default is C(ldap).
    type: str

state:
    choices:
    - present
    - absent
    default: present
    description:
    - Whether identity federation should be enabled or not.
    type: str

api_url:
    description:
    - The url to the StorageGRID Admin Node REST API.
    required: true
    type: str

ca_cert:
    description:
    - Custom certificate used to connect to the LDAP server.
    - If a custom certificate is not supplied, the operating system CA certificate will
      be used.
    type: str

hostname:
    description:
    - The hostname or IP address of the LDAP server.
    type: str

password:
    description:
    - The password associated with the username.
    type: str

username:
    description:
    - The username to bind to the LDAP server.
    type: str

auth_token:
    description:
    - The authorization token for the API request
    required: true
    type: str

base_user_dn:
    description:
    - The Distinguished Name of the LDAP subtree to search for users.
    type: str

base_group_dn:
    description:
    - The Distinguished Name of the LDAP subtree to search for groups.
    type: str

validate_certs:
    default: true
    description:
    - Should https certificates be validated?
    required: false
    type: bool

ldap_service_type:
    choices:
    - Active Directory
    - OpenLDAP
    - Other
    description:
    - The type of LDAP server.
    type: str

ldap_user_id_attribute:
    description:
    - The LDAP attribute which contains the unique user name of a user.
    - Should be configured if I(ldap_service_type=Other).
    type: str

ldap_group_id_attribute:
    description:
    - The LDAP attribute which contains the group for a user.
    - Should be configured if I(ldap_service_type=Other).
    type: str

ldap_user_uuid_attribute:
    description:
    - The LDAP attribute which contains the permanent unique identity of a user.
    - Should be configured if I(ldap_service_type=Other).
    type: str

ldap_group_uuid_attribute:
    description:
    - The LDAP attribute which contains the group's permanent unique identity.
    - Should be configured if I(ldap_service_type=Other).
    type: str

Outputs

resp:
  description: Returns information about the StorageGRID management identity source
    configuration.
  returned: success
  sample:
    baseGroupDn: DC=example,DC=com
    baseUserDn: DC=example,DC=com
    caCert: '-----BEGIN CERTIFICATE----- abcdefghijkl123456780ABCDEFGHIJKL 123456/7890ABCDEFabcdefghijklABCD
      -----END CERTIFICATE----- '
    disable: false
    disableTLS: false
    enableLDAPS: false
    hostname: 10.1.2.3
    id: 00000000-0000-0000-0000-000000000000
    ldapServiceType: Active Directory
    password: '********'
    port: 389
    type: ldap
    username: MYDOMAIN\Administrator
  type: dict