/ home / sensu / sensu.sensu_go / 1.14.0 / module / oidc_auth_provider

sensu.sensu_go.oidc_auth_provider (1.14.0) — module

Manage Sensu OIDC authentication provider

| "added in version" 1.10.0 of sensu.sensu_go"

Authors: Aljaz Kosir (@aljazkosir), Manca Bizjak (@mancabizjak), Miha Dolinar (@mdolin), Tadej Borovsak (@tadeboro)

stableinterface | supported by certified

Install collection

Install with ansible-galaxy collection install sensu.sensu_go:==1.14.0

Add to requirements.yml

  collections:
    - name: sensu.sensu_go
      version: 1.14.0

Description

Create, update or delete a Sensu Go OIDC authentication provider.

For more information, refer to the Sensu Go documentation at U(https://docs.sensu.io/sensu-go/latest/operations/control-access/oidc-auth/).

Requirements

python >= 2.7

Usage examples

Scanned by Steampunk Spotter

- name: Create a OIDC auth provider
  sensu.sensu_go.oidc_auth_provider:
    state: present
    name: oidc_name
    additional_scopes:
        - groups
        - email
    client_id: a8e43af034e7f2608780
    client_secret: b63968394be6ed2edb61c93847ee792f31bf6216
    disable_offline_access: false
    redirect_uri: http://127.0.0.1:8080/api/enterprise/authentication/v2/oidc/callback
    server: https://oidc.example.com:9031
    groups_claim: groups
    groups_prefix: 'oidc:'
    username_claim: email
    username_prefix: 'oidc:'

Scanned by Steampunk Spotter

- name: Delete a OIDC auth provider
  sensu.sensu_go.oidc_auth_provider:
    name: oidc_name
    state: absent

Inputs

auth:
description:
- Authentication parameters. Can define each of them with ENV as well.
suboptions:
api_key:
description:
- The API key that should be used when authenticating. If this is not set, the
value of the SENSU_API_KEY environment variable will be checked.
- This replaces I(auth.user) and I(auth.password) parameters.
- For more information about the API key, refer to the official Sensu documentation
at U(https://docs.sensu.io/sensu-go/latest/guides/use-apikey-feature/).
type: str
version_added: 1.3.0
version_added_collection: sensu.sensu_go
ca_path:
description:
- Path to the CA bundle that should be used to validate the backend certificate.
- If this parameter is not set, module will use the CA bundle that python is using.
- It is also possible to set this parameter via the I(SENSU_CA_PATH) environment
variable.
type: path
version_added: 1.5.0
version_added_collection: sensu.sensu_go
password:
default: P@ssw0rd!
description:
- The Sensu user's password. If this is not set the value of the SENSU_PASSWORD
environment variable will be checked.
- This parameter is ignored if the I(auth.api_key) parameter is set.
type: str
url:
default: http://localhost:8080
description:
- Location of the Sensu backend API. If this is not set the value of the SENSU_URL
environment variable will be checked.
type: str
user:
default: admin
description:
- The username to use for connecting to the Sensu API. If this is not set the
value of the SENSU_USER environment variable will be checked.
- This parameter is ignored if the I(auth.api_key) parameter is set.
type: str
verify:
default: true
description:
- Flag that controls the certificate validation.
- If you are using self-signed certificates, you can set this parameter to C(false).
- ONLY USE THIS PARAMETER IN DEVELOPMENT SCENARIOS! In you use self-signed certificates
in production, see the I(auth.ca_path) parameter.
- It is also possible to set this parameter via the I(SENSU_VERIFY) environment
variable.
type: bool
version_added: 1.5.0
version_added_collection: sensu.sensu_go
type: dict

name:
description:
- The Sensu resource's name. This name (in combination with the namespace where applicable)
uniquely identifies the resource that Ansible operates on.
- If the resource with selected name already exists, Ansible module will update it
to match the specification in the task.
- Consult the I(name) metadata attribute specification in the upstream docs on U(https://docs.sensu.io/sensu-go/latest/reference/)
for more details about valid names and other restrictions.
required: true
type: str

state:
choices:
- present
- absent
default: present
description:
- Target state of the Sensu object.
type: str

server:
description:
- The location of the OIDC server you wish to authenticate against.
- Required if I(state) is C(present).
type: str

client_id:
description:
- The OIDC provider application Client ID.
- Required if I(state) is C(present).
type: str

groups_claim:
description:
- The claim to use to form the associated RBAC groups.
type: str

redirect_uri:
description:
- Redirect URL to provide to the OIDC provider.
type: str

client_secret:
description:
- The OIDC provider application Client Secret.
- Required if I(state) is C(present).
type: str

groups_prefix:
description:
- The prefix added to all OIDC groups.
type: str

username_claim:
description:
- The claim to use to form the final RBAC user name.
- Required if I(state) is C(present).
type: str

username_prefix:
description:
- The prefix added to all OIDC usernames.
type: str

additional_scopes:
default: openid
description:
- Scopes to include in the claims.
elements: str
type: list

disable_offline_access:
default: false
description:
- If C(true), the OIDC provider cannot include the offline_access scope in the authentication
request. Otherwise, C(false).
type: bool

Outputs

object:
  description: Object representing Sensu OIDC authentication provider.
  returned: success
  sample:
    additional_scopes:
    - groups
    - email
    client_id: a8e43af034e7f2608780
    disable_offline_access: false
    groups_claim: groups
    groups_prefix: 'oidc:'
    metadata:
      created_by: admin
      name: oidc_name
    redirect_uri: http://sensu-backend.example.com:8080/api/enterprise/authentication/v2/oidc/callback
    server: https://oidc.example.com:9031
    username_claim: email
    username_prefix: 'oidc:'
  type: dict