purestorage.flashblade.purefb_saml module – Manage FlashBlade SAML2 service and identity providers

Note

This module is part of the purestorage.flashblade collection (version 1.21.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install purestorage.flashblade. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: purestorage.flashblade.purefb_saml.

New in purestorage.flashblade 1.19.0

Synopsis

  • Enable or disable FlashBlade SAML2 providers

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 3.9

  • py-pure-client

  • purity_fb >= 1.12.2

  • netaddr

  • datetime

  • pytz

  • distro

  • pycountry

  • urllib3

Parameters

Parameter

Comments

api_token

string

FlashBlade API token for admin privileged user.

array_url

string

The URL of the FlashBlade

decryption_credential

string

The credential used by the service provider to decrypt encrypted SAML assertions from the identity provider

disable_warnings

boolean

added in purestorage.flashblade 1.18.0

Disable insecure certificate warnings

Choices:

  • false ← (default)

  • true

enabled

boolean

Defines the enabled state of the identity provider

Choices:

  • false ← (default)

  • true

encrypt_asserts

boolean

If set to true, SAML assertions will be encrypted by the identity provider

Choices:

  • false ← (default)

  • true

entity_id

string

added in purestorage.flashblade 1.21.0

A globally unique name for the identity provider

fb_url

string

FlashBlade management IP address or Hostname.

metadata_url

string

The URL of the identity provider metadata

name

string / required

Name of the SAML2 identity provider (IdP)

sign_request

boolean

If set to true, SAML requests will be signed by the service provider.

Choices:

  • false ← (default)

  • true

signing_credential

string

The credential used by the service provider to sign SAML requests

state

string

Define whether the API client should exist or not, or test.

Choices:

  • "absent"

  • "present" ← (default)

  • "test"

url

string

The URL of the identity provider

x509_cert

string

The X509 certificate that the service provider uses to verify the SAML response signature from the identity provider

Notes

Note

  • This module requires the purity_fb Python library

  • You must set PUREFB_URL and PUREFB_API environment variables if fb_url and api_token arguments are not passed to the module directly

Examples

- name: Create (disabled) SAML2 SSO with only metadata URL
  purestorage.flashblade.purefb_saml:
    name: myIDP
    array_url: "https://10.10.10.2"
    metadata_url: "https://myidp.acme.com/adfs/ls"
    x509_cert: "{{lookup('file', 'x509_cert_file') }}"
    fb_url: 10.10.10.2
    api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6

- name: Enable SAML2 SSO
  purestorage.flashblade.purefb_saml:
    name: myISO
    enabled: true
    fb_url: 10.10.10.2
    api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6

- name: Delete SAML2 SSO
  purestorage.flashblade.purefb_saml:
    state: absent
    name: myIDP
    fb_url: 10.10.10.2
    api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6

Authors

  • Pure Storage Ansible Team (@sdodsley)