Try SpotterManage roles on your Cassandra cluster.
Authors: Rhys Campbell (@rhysmeister)
Install with ansible-galaxy collection install community.cassandra:==1.3.3
collections:
- name: community.cassandra
version: 1.3.3Manage roles on your Cassandra Cluster.
- name: Create a role
community.cassandra.cassandra_role:
name: app_user
password: 'secretZHB78'
state: present
login: yes
- name: Remove a role
community.cassandra.cassandra_role:
name: app_user
state: absent
- name: Create a super user
community.cassandra.cassandra_role:
name: admin
password: 'BigSecretUser2019'
state: present
login: yes
super_user: yes
- name: Create a user with access only to certain data centres
community.cassandra.cassandra_role:
name: rhys
password: 'secret'
state: present
login: yes
data_centres:
london:
zurich:
- name: Create a user with specific permissions for specific keyspaces
community.cassandra.cassandra_role:
name: rhys
password: 'secret'
update_password: true
state: present
login: yes
permissions:
mykeyspace:
- "ALL PERMISSIONS" # Same as GRANT ALL PERMISSIONS ON mykeyspace TO rhys;
mydummy:
- "SELECT"
- "EXECUTE" # Same as GRANT SELECT, EXECUTE ON mydummy TO rhys;
all_keyspaces:
- "SELECT" # Same as GRANT SELECT ON ALL KEYSPACES TO rhys;
ssl:
default: false
description: Uses SSL encryption if basic SSL encryption is enabled on Cassandra cluster
(without client/server verification)
type: bool
name:
description: The name of the role to create or manage.
required: true
type: str
debug:
default: false
description:
- Additional debug output.
type: bool
login:
default: true
description:
- True allows the role to log in.
- Use true to create login accounts for internal authentication, PasswordAuthenticator
or DSE Unified Authenticator.
type: bool
roles:
description:
- One or more roles to grant to this user or role.
elements: str
type: list
state:
choices:
- present
- absent
description: The desired state of the role.
required: true
type: str
options:
description:
- Reserved for use with authentication plug-ins. Refer to the authenticator documentation
for details.
type: dict
password:
description:
- The password for the role.
type: str
login_host:
description: The Cassandra hostname.
elements: str
type: list
login_port:
default: 9042
description: The Cassandra port.
type: int
login_user:
description: The Cassandra user to login with.
type: str
super_user:
default: false
description:
- If the user is a super user or not.
type: bool
data_centres:
aliases:
- data_centers
description:
- Only relevant if a network_authorizer has been configured.
- Specify data centres as keys of this dict.
- Can specify a key as 'all' although this implicity assumed by Cassandra if not supplied.
type: dict
ssl_ca_certs:
default: ''
description: The SSL CA chain or certificate location to confirm supplied certificate
validity (required when ssl_cert_reqs is set to CERT_OPTIONAL or CERT_REQUIRED)
type: str
ssl_cert_reqs:
choices:
- CERT_NONE
- CERT_OPTIONAL
- CERT_REQUIRED
default: CERT_NONE
description: SSL verification mode.
type: str
login_password:
description: The Cassandra password to login with.
type: str
update_password:
default: false
description:
- Passwords are not handled by default. With this set to true, passwords are always
overridden.
- The task will always be considered changed if this is set to true.
type: bool
keyspace_permissions:
description:
- Grant privileges on keyspace objects.
- Specify keyspaces as keys of this dict.
- Permissions supplied as a list to the keyspace keys.
- Valid permissions at keyspace level are as follows; ALL PERMISSIONS, CREATE, ALTER,
AUTHORIZE, DROP, MODIFY, SELECT
- A special key 'all_keyspaces' can be supplied to assign permissions to all keyspaces.
type: dict
changed:
description: Whether the module has changed the role.
returned: on success
type: bool
cql:
description: The cql used to create or alter the role.
returned: changed
sample: ALTER ROLE admin / WITH SUPERUSER = true / AND LOGIN = true / AND PASSWORD
= 'XXXXXXXX'
type: str
msg:
description: Exceptions encountered during module execution.
returned: on error
type: str
role:
description: The role operated on.
returned: on success
type: str