From a3a0742ce5a48b4f26cac7ccfaf1cf6af129b80d Mon Sep 17 00:00:00 2001
From: Lujeni <julien@thebault.co>
Date: Tue, 16 May 2017 15:31:39 +0200
Subject: [PATCH] Add new aws module - iam_cert_facts (#24451)

---
 .../modules/cloud/amazon/iam_cert_facts.py    | 156 ++++++++++++++++++
 1 file changed, 156 insertions(+)
 create mode 100644 lib/ansible/modules/cloud/amazon/iam_cert_facts.py

diff --git a/lib/ansible/modules/cloud/amazon/iam_cert_facts.py b/lib/ansible/modules/cloud/amazon/iam_cert_facts.py
new file mode 100644
index 00000000000..a8161fa72c5
--- /dev/null
+++ b/lib/ansible/modules/cloud/amazon/iam_cert_facts.py
@@ -0,0 +1,156 @@
+#!/usr/bin/python
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+ANSIBLE_METADATA = {'metadata_version': '1.0',
+                    'status': ['preview'],
+                    'supported_by': 'community'}
+
+DOCUMENTATION = '''
+---
+module: iam_cert_facts
+short_description: Retrieves iam_cert details using AWS methods.
+description:
+    - Gets various details related to IAM cert, ARN, expiration, Certificates.
+version_added: "2.4"
+options:
+  certificate_name:
+    description:
+      - The name of the server certificate you want to retrieve information about.
+    required: False
+
+  path_prefix:
+    description:
+      - The path prefix for filtering the results. http://docs.aws.amazon.com/cli/latest/reference/iam/list-server-certificates.html#options
+    required: False
+
+
+author: Julien Thebault (@Lujeni)
+extends_documentation_fragment: aws
+'''
+
+EXAMPLES = '''
+- name: List all server certificates
+  iam_cert_facts:
+  register: server_certificates
+
+- name: Retrieve specific certificate
+  iam_cert_facts:
+      certificate_name: cookie
+
+- name: List all server certificates with this path
+  iam_cert_facts:
+      path_prefix: /company/servercerts
+'''
+
+RETURN = '''
+is_truncated:
+    description: A flag that indicates whether there are more items to return.
+    returned: always
+    type: bool
+    sample: false
+
+response_metadata:
+    description: Response metadata.
+    returned: always
+    type: dict
+    sample: {"http_status_code": 200, "request_id": "9f6d-671298e72d8b"}
+
+server_certificate_metadata_list:
+    description: Metadata list.
+    returned: always
+    type: dict
+    sample: http://boto3.readthedocs.io/en/latest/reference/services/iam.html#IAM.Client.list_server_certificates
+'''
+
+from traceback import format_exc
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.ec2 import (
+    boto3_conn, ec2_argument_spec, get_aws_connection_info,
+    camel_dict_to_snake_dict, HAS_BOTO3)
+
+from botocore.exceptions import ClientError
+
+
+def get_server_certificate(client, module, server_certificate_name):
+    """ Retrieves information about the specified server certificate stored in IAM.
+    """
+    try:
+        response = client.get_server_certificate(
+            ServerCertificateName=server_certificate_name)
+    except ClientError as e:
+        client_error = camel_dict_to_snake_dict(e.response)
+        if client_error['error']['code'] == 'NoSuchEntity':
+            return client_error['error']
+        else:
+            raise
+    except Exception as e:
+        module.fail_json(msg="Unable to get server certificate :: %s" % str(e), exception=format_exc())
+    return response
+
+
+def list_server_certificates(client, module, path_prefix):
+    """ Lists the server certificates stored in IAM that have the specified path prefix.
+        If none exist, the action returns an empty list.
+    """
+    try:
+        if path_prefix:
+            response = client.list_server_certificates(PathPrefix=path_prefix)
+        else:
+            response = client.list_server_certificates()
+    except Exception as e:
+        module.fail_json(msg="Unable to get server certificates :: %s" % str(e), exception=format_exc())
+    return response
+
+
+def main():
+    argument_spec = ec2_argument_spec()
+    argument_spec.update(dict(
+        certificate_name=dict(type='str', default=None),
+        path_prefix=dict(type='str', default=None),
+    ))
+
+    module = AnsibleModule(
+        argument_spec=argument_spec,
+        mutually_exclusive=[
+            ['certificate_name', 'path_prefix'],
+        ],
+        supports_check_mode=False,
+    )
+
+    if not HAS_BOTO3:
+        module.fail_json(msg="boto3 is required")
+
+    try:
+        region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module, boto3=True)
+        iam_cert = boto3_conn(module, conn_type='client', resource='iam',
+                              region=region, endpoint=ec2_url, **aws_connect_kwargs)
+    except Exception as e:
+        module.fail_json(msg="Can't authorize connection - %s " % str(e), exception=format_exc())
+
+    certificate_name = module.params['certificate_name']
+    path_prefix = module.params['path_prefix']
+
+    if certificate_name:
+        results = get_server_certificate(
+            client=iam_cert, module=module, server_certificate_name=certificate_name)
+    else:
+        results = list_server_certificates(client=iam_cert, module=module, path_prefix=path_prefix)
+
+    module.exit_json(**camel_dict_to_snake_dict(results))
+
+if __name__ == '__main__':
+    main()