Try SpotterManages role permissions on Apache CloudStack based clouds.
Authors: David Passante (@dpassante)
preview | supported by community
Install with ansible-galaxy collection install community.general:==0.1.1
collections:
- name: community.general
version: 0.1.1Create, update and remove CloudStack role permissions.
Managing role permissions only supported in CloudStack >= 4.9.
- name: Create a role permission
cs_role_permission:
role: My_Custom_role
name: createVPC
permission: allow
description: My comments
delegate_to: localhost
- name: Remove a role permission
cs_role_permission:
state: absent
role: My_Custom_role
name: createVPC
delegate_to: localhost
- name: Update a system role permission
cs_role_permission:
role: Domain Admin
name: createVPC
permission: deny
delegate_to: localhost
- name: Update rules order. Move the rule at the top of list
cs_role_permission:
role: Domain Admin
name: createVPC
parent: 0
delegate_to: localhost
name:
description:
- The API name of the permission.
required: true
type: str
role:
description:
- Name or ID of the role.
required: true
type: str
state:
choices:
- present
- absent
default: present
description:
- State of the role permission.
type: str
parent:
description:
- The parent role permission uuid. use 0 to move this rule at the top of the list.
type: str
api_key:
description:
- API key of the CloudStack API.
- If not given, the C(CLOUDSTACK_KEY) env variable is considered.
- As the last option, the value is taken from the ini config file, also see the notes.
type: str
api_url:
description:
- URL of the CloudStack API e.g. https://cloud.example.com/client/api.
- If not given, the C(CLOUDSTACK_ENDPOINT) env variable is considered.
- As the last option, the value is taken from the ini config file, also see the notes.
type: str
api_region:
default: cloudstack
description:
- Name of the ini section in the C(cloustack.ini) file.
- If not given, the C(CLOUDSTACK_REGION) env variable is considered.
type: str
api_secret:
description:
- Secret key of the CloudStack API.
- If not set, the C(CLOUDSTACK_SECRET) env variable is considered.
- As the last option, the value is taken from the ini config file, also see the notes.
type: str
permission:
choices:
- allow
- deny
default: deny
description:
- The rule permission, allow or deny. Defaulted to deny.
type: str
api_timeout:
description:
- HTTP timeout in seconds.
- If not given, the C(CLOUDSTACK_TIMEOUT) env variable is considered.
- As the last option, the value is taken from the ini config file, also see the notes.
- Fallback value is 10 seconds if not specified.
type: int
description:
description:
- The description of the role permission.
type: str
api_http_method:
choices:
- get
- post
description:
- HTTP method used to query the API endpoint.
- If not given, the C(CLOUDSTACK_METHOD) env variable is considered.
- As the last option, the value is taken from the ini config file, also see the notes.
- Fallback value is C(get) if not specified.
type: str
description: description: The description of the role permission returned: success sample: Deny createVPC for users type: str id: description: The ID of the role permission. returned: success sample: a6f7a5fc-43f8-11e5-a151-feff819cdc9f type: str name: description: The API name of the permission. returned: success sample: createVPC type: str permission: description: The permission type of the api name. returned: success sample: allow type: str role_id: description: The ID of the role to which the role permission belongs. returned: success sample: c6f7a5fc-43f8-11e5-a151-feff819cdc7f type: str