#!/usr/bin/python # This file is part of Ansible # # Ansible is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Ansible is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Ansible. If not, see . DOCUMENTATION = ''' --- module: iam_server_certificate_facts short_description: Retrieve the facts of a server certificate description: - Retrieve the attributes of a server certificate version_added: "2.2" author: "Allen Sanabria (@linuxdynasty)" requirements: [boto3, botocore] options: name: description: - The name of the server certificate you are retrieveing attributes for. required: true extends_documentation_fragment: - aws - ec2 ''' EXAMPLES = ''' # Retrieve server certificate - iam_server_certificate_facts: name: production-cert register: server_cert # Fail if the server certificate name was not found - iam_server_certificate_facts: name: production-cert register: server_cert failed_when: "{{ server_cert.results | length == 0 }}" ''' RETURN = ''' server_certificate_id: description: The 21 character certificate id returned: success type: str sample: "ADWAJXWTZAXIPIMQHMJPO" certificate_body: description: The asn1der encoded PEM string returned: success type: str sample: "-----BEGIN CERTIFICATE-----\nbunch of random data\n-----END CERTIFICATE-----" server_certificate_name: description: The name of the server certificate returned: success type: str sample: "server-cert-name" arn: description: The Amazon resource name of the server certificate returned: success type: str sample: "arn:aws:iam::911277865346:server-certificate/server-cert-name" path: description: The path of the server certificate returned: success type: str sample: "/" expiration: description: The date and time this server certificate will expire, in ISO 8601 format. returned: success type: str sample: "2017-06-15T12:00:00+00:00" upload_date: description: The date and time this server certificate was uploaded, in ISO 8601 format. returned: success type: str sample: "2015-04-25T00:36:40+00:00" ''' try: import boto3 import botocore.exceptions HAS_BOTO3 = True except ImportError: HAS_BOTO3 = False def get_server_cert(iam, name=None): """Retrieve the attributes of a server certificate if it exists Args: iam (botocore.client.IAM): The boto3 iam instance. Kwargs: name (str): The name of the server certificate. Basic Usage: >>> import boto3 >>> iam = boto3.client('iam') >>> name = "server-cert-name" >>> results = get_server_cert(iam, name) [ { "upload_date": "2015-04-25T00:36:40+00:00", "server_certificate_id": "ADWAJXWTZAXIPIMQHMJPO", "certificate_body": "-----BEGIN CERTIFICATE-----\nbunch of random data\n-----END CERTIFICATE-----", "server_certificate_name": "server-cert-name", "expiration": "2017-06-15T12:00:00+00:00", "path": "/", "arn": "arn:aws:iam::911277865346:server-certificate/server-cert-name" } ] """ results = [] try: server_cert = iam.get_server_certificate(ServerCertificateName=name)['ServerCertificate'] cert_md = server_cert['ServerCertificateMetadata'] cert_data = { 'certificate_body': server_cert['CertificateBody'], 'server_certificate_id': cert_md['ServerCertificateId'], 'server_certificate_name': cert_md['ServerCertificateName'], 'arn': cert_md['Arn'], 'path': cert_md['Path'], 'expiration': cert_md['Expiration'].isoformat(), 'upload_date': cert_md['UploadDate'].isoformat(), } results.append(cert_data) except botocore.exceptions.ClientError: pass return results def main(): argument_spec = ec2_argument_spec() argument_spec.update(dict( name=dict(required=True, type='str'), )) module = AnsibleModule(argument_spec=argument_spec,) if not HAS_BOTO3: module.fail_json(msg='boto3 required for this module') try: region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module, boto3=True) iam = boto3_conn(module, conn_type='client', resource='iam', region=region, endpoint=ec2_url, **aws_connect_kwargs) except botocore.exceptions.ClientError, e: module.fail_json(msg="Boto3 Client Error - " + str(e.msg)) cert_name = module.params.get('name') results = get_server_cert(iam, cert_name) module.exit_json(results=results) # import module snippets from ansible.module_utils.basic import * from ansible.module_utils.ec2 import * if __name__ == '__main__': main()