Try SpotterManage local roles on an ESXi host or vCenter
Authors: Abhijeet Kasurde (@Akasurde), Christian Kotte (@ckotte)
Install with ansible-galaxy collection install community.vmware:==4.2.0
collections:
- name: community.vmware
version: 4.2.0This module can be used to manage local roles on an ESXi host or vCenter.
- name: Add local role to ESXi
community.vmware.vmware_local_role_manager:
hostname: '{{ esxi_hostname }}'
username: '{{ esxi_username }}'
password: '{{ esxi_password }}'
local_role_name: vmware_qa
state: present
delegate_to: localhost
- name: Add local role with privileges to vCenter
community.vmware.vmware_local_role_manager:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
local_role_name: vmware_qa
local_privilege_ids: [ 'Folder.Create', 'Folder.Delete']
state: present
delegate_to: localhost
- name: Remove local role from ESXi
community.vmware.vmware_local_role_manager:
hostname: '{{ esxi_hostname }}'
username: '{{ esxi_username }}'
password: '{{ esxi_password }}'
local_role_name: vmware_qa
state: absent
delegate_to: localhost
- name: Add a privilege to an existing local role
community.vmware.vmware_local_role_manager:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
local_role_name: vmware_qa
local_privilege_ids: [ 'Folder.Create' ]
action: add
delegate_to: localhost
- name: Remove a privilege to an existing local role
community.vmware.vmware_local_role_manager:
hostname: '{{ esxi_hostname }}'
username: '{{ esxi_username }}'
password: '{{ esxi_password }}'
local_role_name: vmware_qa
local_privilege_ids: [ 'Folder.Create' ]
action: remove
delegate_to: localhost
- name: Set a privilege to an existing local role
community.vmware.vmware_local_role_manager:
hostname: '{{ vcenter_hostname }}'
username: '{{ vcenter_username }}'
password: '{{ vcenter_password }}'
local_role_name: vmware_qa
local_privilege_ids: [ 'Folder.Create' ]
action: set
delegate_to: localhost
port:
default: 443
description:
- The port number of the vSphere vCenter or ESXi server.
- If the value is not specified in the task, the value of environment variable E(VMWARE_PORT)
will be used instead.
type: int
state:
choices:
- present
- absent
default: present
description:
- Indicate desired state of the role.
- If the role already exists when V(present), the role info is updated.
type: str
action:
choices:
- add
- remove
- set
default: set
description:
- This parameter is only valid while updating an existing role with privileges.
- V(add) will add the privileges to the existing privilege list.
- V(remove) will remove the privileges from the existing privilege list.
- V(set) will replace the privileges of the existing privileges with user defined
list of privileges.
type: str
hostname:
description:
- The hostname or IP address of the vSphere vCenter or ESXi server.
- If the value is not specified in the task, the value of environment variable E(VMWARE_HOST)
will be used instead.
type: str
password:
aliases:
- pass
- pwd
description:
- The password of the vSphere vCenter or ESXi server.
- If the value is not specified in the task, the value of environment variable E(VMWARE_PASSWORD)
will be used instead.
type: str
username:
aliases:
- admin
- user
description:
- The username of the vSphere vCenter or ESXi server.
- If the value is not specified in the task, the value of environment variable E(VMWARE_USER)
will be used instead.
type: str
proxy_host:
description:
- Address of a proxy that will receive all HTTPS requests and relay them.
- The format is a hostname or a IP.
- If the value is not specified in the task, the value of environment variable E(VMWARE_PROXY_HOST)
will be used instead.
required: false
type: str
proxy_port:
description:
- Port of the HTTP proxy that will receive all HTTPS requests and relay them.
- If the value is not specified in the task, the value of environment variable E(VMWARE_PROXY_PORT)
will be used instead.
required: false
type: int
force_remove:
default: false
description:
- If set to V(false) then prevents the role from being removed if any permissions
are using it.
type: bool
validate_certs:
default: true
description:
- Allows connection when SSL certificates are not valid. Set to V(false) when certificates
are not trusted.
- If the value is not specified in the task, the value of environment variable E(VMWARE_VALIDATE_CERTS)
will be used instead.
type: bool
local_role_name:
description:
- The local role name to be managed.
required: true
type: str
local_privilege_ids:
default: []
description:
- The list of privileges that role needs to have.
- Please see U(https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-ED56F3C4-77D0-49E3-88B6-B99B8B437B62.html)
elements: str
type: list
local_role_name: description: Name of local role returned: always type: str new_privileges: description: List of privileges returned: always type: list old_privileges: description: List of privileges of role before the update returned: on update type: list privileges: description: List of privileges returned: always type: list privileges_previous: description: List of privileges of role before the update returned: on update type: list role_id: description: Generated local role id returned: always type: int role_name: description: Name of local role returned: always type: str