Remove identity center auth manager cli (#42481)

* Remove identity center auth manager cli The CLI command to setup identity center could only setup part of the required resources, since adding an application must be done from the console. As of November 15, 2023 it is now required to have an AWS Organization setup to create the required type of Identity Center Instance. The script would have to be change majorly to achieve this but it is also something that should be done with great care and intention since creating an organization in your AWS account has implications. If we automate it, many users won't know it's being created. Instead have users run through the wizard provided in the AWS console. * Missing test change
apache · Sep 25, 2024 · f6852c2 · f6852c2
1 parent f9877af
commit f6852c2
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 337 deletions.
diff --git a/airflow/providers/amazon/aws/auth_manager/cli/definition.py b/airflow/providers/amazon/aws/auth_manager/cli/definition.py
@@ -55,12 +55,6 @@
 ################
 
 AWS_AUTH_MANAGER_COMMANDS = (
-    ActionCommand(
-        name="init-identity-center",
-        help="Initialize AWS IAM identity Center resources to be used by AWS manager",
-        func=lazy_load_command("airflow.providers.amazon.aws.auth_manager.cli.idc_commands.init_idc"),
-        args=(ARG_INSTANCE_NAME, ARG_APPLICATION_NAME, ARG_DRY_RUN, ARG_VERBOSE),
-    ),
     ActionCommand(
         name="init-avp",
         help="Initialize Amazon Verified resources to be used by AWS manager",

diff --git a/airflow/providers/amazon/aws/auth_manager/cli/idc_commands.py b/airflow/providers/amazon/aws/auth_manager/cli/idc_commands.py
diff --git a/docs/apache-airflow-providers-amazon/auth-manager/setup/identity-center.rst b/docs/apache-airflow-providers-amazon/auth-manager/setup/identity-center.rst
@@ -27,51 +27,23 @@ Create resources
 ================
 
 The AWS auth manager needs two resources in AWS IAM Identity Center: an instance and an application.
-You can create them either through the provided CLI command or manually.
+You can must create them manually.
 
-Create resources with CLI
--------------------------
-
-.. note::
-  The CLI command is not compatible with AWS accounts that are managed through AWS organizations.
-  If your AWS account is managed through an AWS organization, please follow the
-  :ref:`manual configuration <identity_center_manual_configuration>`.
-
-.. note::
-  To create all necessary resources for the AWS Auth Manager, you can utilize the CLI command provided as part of the
-  AWS auth manager. Before executing the command, ensure the AWS auth manager is configured as the auth manager
-  for the Airflow instance. See :doc:`/auth-manager/setup/config`.
-
-To create the resources, please run the following command:
-
-.. code-block:: bash
-
-  airflow aws-auth-manager init-identity-center
-
-The CLI command will ask you to create any resources manually if they cannot be automatically created. Please look carefully at the CLI command output to understand which resource(s)
-have or have not been created successfully. The resource(s) which have not been successfully created need to be
-:ref:`created manually <identity_center_manual_configuration>`.
-
-If the error message below is raised, please create the AWS IAM Identity Center application through the console
-following :ref:`these instructions <identity_center_manual_configuration_application>`: ::
-
-  Creation of SAML applications is only supported in AWS console today. Please create the application through the console.
-
-.. _identity_center_manual_configuration:
+Create the instance
+-------------------
 
-Create resources manually
--------------------------
+The AWS auth manager leverages SAML 2.0 as the underlying technology powering authentication against AWS Identity Center.
 
-Create the instance
-~~~~~~~~~~~~~~~~~~~
+There are several instance types, but only Organization level instances can use SAML 2.0 applications. See more details
+about instances types `here <https://docs.aws.amazon.com/singlesignon/latest/userguide/identity-center-instances.html>`_.
 
-Please follow `AWS documentation <https://docs.aws.amazon.com/singlesignon/latest/userguide/identity-center-instances.html>`_
-to create the AWS IAM Identity Center instance.
+Please follow `AWS documentation <https://docs.aws.amazon.com/singlesignon/latest/userguide/get-set-up-for-idc.html>`_
+to create the AWS IAM Identity Center instance at the organization level.
 
 .. _identity_center_manual_configuration_application:
 
 Create the application
-~~~~~~~~~~~~~~~~~~~~~~
+----------------------
 
 Please follow the instructions below to create the AWS IAM Identity Center application.
 

diff --git a/tests/providers/amazon/aws/auth_manager/cli/test_definition.py b/tests/providers/amazon/aws/auth_manager/cli/test_definition.py
@@ -21,4 +21,4 @@
 
 class TestAwsCliDefinition:
     def test_aws_auth_manager_cli_commands(self):
-        assert len(AWS_AUTH_MANAGER_COMMANDS) == 3
+        assert len(AWS_AUTH_MANAGER_COMMANDS) == 2
diff --git a/tests/providers/amazon/aws/auth_manager/cli/test_idc_commands.py b/tests/providers/amazon/aws/auth_manager/cli/test_idc_commands.py