purestorage.flasharray.purefa_saml module – Manage FlashArray SAML2 service and identity providers

Note

This module is part of the purestorage.flasharray collection (version 1.31.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install purestorage.flasharray. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: purestorage.flasharray.purefa_saml.

New in purestorage.flasharray 1.12.0

Synopsis

  • Enable or disable FlashArray SAML2 providers

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 3.3

  • purestorage >= 1.19

  • py-pure-client >= 1.26.0

  • netaddr

  • requests

  • pycountry

  • urllib3

Parameters

Parameter

Comments

api_token

string

FlashArray API token for admin privileged user.

array_url

string

The URL of the FlashArray

decryption_credential

string

The credential used by the service provider to decrypt encrypted SAML assertions from the identity provider

disable_warnings

boolean

added in purestorage.flasharray 1.29.0

Disable insecure certificate warnings in debug logs

Choices:

  • false ← (default)

  • true

enabled

boolean

Defines the enabled state of the identity provider

Choices:

  • false ← (default)

  • true

encrypt_asserts

boolean

If set to true, SAML assertions will be encrypted by the identity provider

Choices:

  • false ← (default)

  • true

fa_url

string

FlashArray management IPv4 address or Hostname.

metadata_url

string

The URL of the identity provider metadata

name

string / required

Name of the SAML2 identity provider (IdP)

sign_request

boolean

If set to true, SAML requests will be signed by the service provider.

Choices:

  • false ← (default)

  • true

signing_credential

string

The credential used by the service provider to sign SAML requests

state

string

Define whether the API client should exist or not, or test.

Choices:

  • "absent"

  • "present" ← (default)

  • "test"

url

string

The URL of the identity provider

x509_cert

string

The X509 certificate that the service provider uses to verify the SAML response signature from the identity provider

Notes

Note

  • This module requires the purestorage and py-pure-client Python libraries

  • Additional Python librarues may be required for specific modules.

  • You must set PUREFA_URL and PUREFA_API environment variables if fa_url and api_token arguments are not passed to the module directly

Examples

- name: Create (disabled) SAML2 SSO with only metadata URL
  purestorage.flasharray.purefa_saml:
    name: myIDP
    array_url: "https://10.10.10.2"
    metadata_url: "https://myidp.acme.com/adfs/ls"
    x509_cert: "{{lookup('file', 'x509_cert_file') }}"
    fa_url: 10.10.10.2
    api_token: e31060a7-21fc-e277-6240-25983c6c4592

- name: Enable SAML2 SSO
  purestorage.flasharray.purefa_saml:
    name: myISO
    enabled: true
    fa_url: 10.10.10.2
    api_token: e31060a7-21fc-e277-6240-25983c6c4592

- name: Delete SAML2 SSO
  purestorage.flasharray.purefa_saml:
    state: absent
    name: myIDP
    fa_url: 10.10.10.2
    api_token: e31060a7-21fc-e277-6240-25983c6c4592

Authors

  • Pure Storage Ansible Team (@sdodsley)