confluent / confluent.cloud / 0.1.0 / module / role_binding Manage Confluent Cloud role bindings | "added in version" 0.0.1 of confluent.cloud" Authors: Keith Resar (@keithresar)confluent.cloud.role_binding (0.1.0) — module
Install with ansible-galaxy collection install confluent.cloud:==0.1.0
collections: - name: confluent.cloud version: 0.1.0
Manage Confluent Cloud role bindings within a Confluent Cloud environment.
Note that granular Kafka RBAC is available only on Standard and Dedicated clusters.
- name: Get context for a specific environment confluent.cloud.environment_info: ids: - env-yoxp06 register: result
- name: Create new role binding confluent.cloud.role_binding: role: EnvironmentAdmin principal: sa-j31z28 resource_uri: "{{ result.resource_uri }}" state: present
- name: Delete role_binding confluent.cloud.role_binding: role: EnvironmentAdmin principal: sa-j31z28 resource_uri: "{{ result.resource_uri }}" state: absent
- name: Delete role_binding (by id) confluent.cloud.role_binding: id: rb-jhz28 state: absent
- name: Get cluster confluent.cloud.cluster_info: environment: env-12m16j ids: - lkc-7yxkd2 register: result
- name: Create role binding. Note modifying crn associated with the cluster for use in role binding confluent.cloud.role_binding: resource_uri: "{{ result.resource_uri | regex_replace('/kafka=.*?$', '') }}" principal: sa-j31z28 role: CloudClusterAdmin state: present
id: description: Role binding Id type: str role: description: - Role. `resource_uri` may change based on the scope of the role being added. - Available roles are `OrganizationAdmin`, `EnvironmentAdmin`, `CloudClusterAdmin`, `Operator`, `NetworkAdmin`, `MetricsViewer`, `ResourceOwner`, `DeveloperManage`, `DeveloperRead`, `DeveloperWrite`, and `KsqlAdmin`. [View details on roles here](https://docs.confluent.io/cloud/current/access-management/access-control/cloud-rbac.html#ccloud-rbac-roles). type: str state: choices: - absent - present default: present description: - If `absent`, the service account will be removed. Note that absent will not cause Role Binding to fail if the Role Binding does not exist. - If `present`, the service account will be created. type: str api_key: description: Confluent Cloud API Key required: true type: str principal: description: Role type: str api_secret: description: Confluent Cloud API Secret required: true type: str api_retries: default: 5 description: Amount of max retries for the API requests. type: int api_timeout: default: 60 description: Timeout used for the API requests. type: int api_endpoint: default: https://api.confluent.cloud description: Endpoint used for the API requests. type: str resource_uri: description: - URI (crn://) associated with the resource in which to search - Note that the `crn` URI associated with some resources may need to be modified to be accepted as a as the `resource_uri`. Review examples for how to modify the cluster `crn`. required: true type: str validate_certs: default: true description: Whether to vaidate API endpoint TLS certs type: bool api_retry_max_delay: default: 12 description: Exponential backoff delay in seconds between retries up to this max delay value. type: int
id: description: Role binding id returned: success sample: rb-y3mDg type: str metadata: description: User metadata, including create timestamp and updated timestamp returned: success type: dict principal: description: Principal that role binding applies to returned: success sample: User:u-l6xn83 type: str role: description: Role that role binding applies to returned: success sample: EnvironmentAdmin type: str