#!/usr/bin/python from __future__ import (absolute_import, division, print_function) from ansible.module_utils.basic import AnsibleModule __metaclass__ = type DOCUMENTATION = r''' --- module: smardigo_user_token short_description: create smardigo user token ''' EXAMPLES = r''' # Pass in secret and user_id - name: create smardigo user token smardigo_user_token: secret: "some-secret" user_id: "some-user" # Also pass in realm and client_id - name: create smardigo user token smardigo_user_token: secret: "some-secret" user_id: "some-user" realm: "some-some" client_id: "some-client" ''' RETURN = r''' token: description: The generated user token. type: str returned: always sample: 'eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..Q1NwxoSW8iHpceK8PhEycA.XNJc_8h5rW2aQ2788hpw6XumG-bKIiNIdDxWaRrvIyc._BJSwA_Y_0RlvgM5R8gaXA' changed: description: A user token was generated. type: bool returned: always sample: true ''' from jose import jwe import json def run_module(): module_args = dict( secret=dict(type='str', required=True), user_id=dict(type='str', required=True), realm=dict(type='str', required=False, default=''), client_id=dict(type='str', required=False, default='') ) module = AnsibleModule( argument_spec=module_args, supports_check_mode=True ) result = dict( changed=False, token='' ) claims = dict( sub=module.params["user_id"], ) if module.params['realm'] and module.params['client_id']: claims['iam'] = dict( realm=module.params['realm'], clientId=module.params['client_id'], client_id=module.params['client_id'], ) elif module.params['realm'] or module.params['client_id']: module.fail_json( msg='Please specify both \'realm\' and \'client_id\'', **result) result['token'] = jwe.encrypt(json.dumps( claims), module.params["secret"], algorithm='dir', encryption='A128CBC-HS256') result['changed'] = True module.exit_json(**result) def main(): run_module() if __name__ == '__main__': main()