community.vmware.vmware_object_role_permission (4.2.0) — module

Install collection

Install with ansible-galaxy collection install community.vmware:==4.2.0

Add to requirements.yml

  collections:
    - name: community.vmware
      version: 4.2.0

Description

This module can be used to manage object permissions on the given host or vCenter.

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Assign user to VM folder
  community.vmware.vmware_object_role_permission:
    hostname: '{{ esxi_hostname }}'
    username: '{{ esxi_username }}'
    password: '{{ esxi_password }}'
    role: Admin
    principal: user_bob
    object_name: services
    state: present
  delegate_to: localhost

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Remove user from VM folder
  community.vmware.vmware_object_role_permission:
    hostname: '{{ vcenter_hostname }}'
    username: '{{ vcenter_username }}'
    password: '{{ vcenter_password }}'
    role: Admin
    principal: user_bob
    object_name: services
    state: absent
  delegate_to: localhost

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Assign finance group to VM folder
  community.vmware.vmware_object_role_permission:
    hostname: '{{ esxi_hostname }}'
    username: '{{ esxi_username }}'
    password: '{{ esxi_password }}'
    role: Limited Users
    group: finance
    object_name: Accounts
    state: present
  delegate_to: localhost

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Assign view_user Read Only permission at root folder
  community.vmware.vmware_object_role_permission:
    hostname: '{{ esxi_hostname }}'
    username: '{{ esxi_username }}'
    password: '{{ esxi_password }}'
    role: ReadOnly
    principal: view_user
    object_name: rootFolder
    state: present
  delegate_to: localhost

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Assign domain user to VM folder
  community.vmware.vmware_object_role_permission:
    hostname: "{{ vcenter_hostname }}"
    username: "{{ vcenter_username }}"
    password: "{{ vcenter_password }}"
    validate_certs: false
    role: Admin
    principal: "vsphere.local\\domainuser"
    object_name: services
    state: present
  delegate_to: localhost

Inputs

    
port:
    default: 443
    description:
    - The port number of the vSphere vCenter or ESXi server.
    - If the value is not specified in the task, the value of environment variable E(VMWARE_PORT)
      will be used instead.
    type: int

role:
    description:
    - The role to be assigned permission.
    - User can also specify role name presented in Web UI.
    required: true
    type: str

group:
    description:
    - The group to be assigned permission.
    - Required if O(principal) is not specified.
    type: str

state:
    choices:
    - present
    - absent
    default: present
    description:
    - Indicate desired state of the object's permission.
    - When V(present), the permission will be added if it doesn't already exist.
    - When V(absent), the permission is removed if it exists.
    type: str

hostname:
    description:
    - The hostname or IP address of the vSphere vCenter or ESXi server.
    - If the value is not specified in the task, the value of environment variable E(VMWARE_HOST)
      will be used instead.
    type: str

password:
    aliases:
    - pass
    - pwd
    description:
    - The password of the vSphere vCenter or ESXi server.
    - If the value is not specified in the task, the value of environment variable E(VMWARE_PASSWORD)
      will be used instead.
    type: str

username:
    aliases:
    - admin
    - user
    description:
    - The username of the vSphere vCenter or ESXi server.
    - If the value is not specified in the task, the value of environment variable E(VMWARE_USER)
      will be used instead.
    type: str

principal:
    description:
    - The user to be assigned permission.
    - Required if O(group) is not specified.
    - If specifying domain user, required separator of domain uses backslash.
    type: str

recursive:
    default: true
    description:
    - Should the permissions be recursively applied.
    type: bool

proxy_host:
    description:
    - Address of a proxy that will receive all HTTPS requests and relay them.
    - The format is a hostname or a IP.
    - If the value is not specified in the task, the value of environment variable E(VMWARE_PROXY_HOST)
      will be used instead.
    required: false
    type: str

proxy_port:
    description:
    - Port of the HTTP proxy that will receive all HTTPS requests and relay them.
    - If the value is not specified in the task, the value of environment variable E(VMWARE_PROXY_PORT)
      will be used instead.
    required: false
    type: int

object_name:
    description:
    - The object name to assigned permission.
    required: true
    type: str

object_type:
    choices:
    - Folder
    - VirtualMachine
    - Datacenter
    - ResourcePool
    - Datastore
    - Network
    - HostSystem
    - ComputeResource
    - ClusterComputeResource
    - DistributedVirtualSwitch
    - DistributedVirtualPortgroup
    - StoragePod
    default: Folder
    description:
    - The object type being targeted.
    type: str

validate_certs:
    default: true
    description:
    - Allows connection when SSL certificates are not valid. Set to V(false) when certificates
      are not trusted.
    - If the value is not specified in the task, the value of environment variable E(VMWARE_VALIDATE_CERTS)
      will be used instead.
    type: bool

Outputs

changed:
  description: whether or not a change was made to the object's role
  returned: always
  type: bool