Try SpotterManage Confluent Cloud role bindings
| "added in version" 0.0.1 of confluent.cloud"
Authors: Keith Resar (@keithresar)
Install with ansible-galaxy collection install confluent.cloud:==0.1.0
collections:
- name: confluent.cloud
version: 0.1.0Manage Confluent Cloud role bindings within a Confluent Cloud environment.
Note that granular Kafka RBAC is available only on Standard and Dedicated clusters.
- name: Get context for a specific environment
confluent.cloud.environment_info:
ids:
- env-yoxp06
register: result
- name: Create new role binding
confluent.cloud.role_binding:
role: EnvironmentAdmin
principal: sa-j31z28
resource_uri: "{{ result.resource_uri }}"
state: present
- name: Delete role_binding
confluent.cloud.role_binding:
role: EnvironmentAdmin
principal: sa-j31z28
resource_uri: "{{ result.resource_uri }}"
state: absent
- name: Delete role_binding (by id)
confluent.cloud.role_binding:
id: rb-jhz28
state: absent
- name: Get cluster
confluent.cloud.cluster_info:
environment: env-12m16j
ids:
- lkc-7yxkd2
register: result
- name: Create role binding. Note modifying crn associated with the cluster for use in role binding
confluent.cloud.role_binding:
resource_uri: "{{ result.resource_uri | regex_replace('/kafka=.*?$', '') }}"
principal: sa-j31z28
role: CloudClusterAdmin
state: present
id:
description: Role binding Id
type: str
role:
description:
- Role. `resource_uri` may change based on the scope of the role being added.
- Available roles are `OrganizationAdmin`, `EnvironmentAdmin`, `CloudClusterAdmin`,
`Operator`, `NetworkAdmin`, `MetricsViewer`, `ResourceOwner`, `DeveloperManage`,
`DeveloperRead`, `DeveloperWrite`, and `KsqlAdmin`. [View details on roles here](https://docs.confluent.io/cloud/current/access-management/access-control/cloud-rbac.html#ccloud-rbac-roles).
type: str
state:
choices:
- absent
- present
default: present
description:
- If `absent`, the service account will be removed. Note that absent will not cause
Role Binding to fail if the Role Binding does not exist.
- If `present`, the service account will be created.
type: str
api_key:
description: Confluent Cloud API Key
required: true
type: str
principal:
description: Role
type: str
api_secret:
description: Confluent Cloud API Secret
required: true
type: str
api_retries:
default: 5
description: Amount of max retries for the API requests.
type: int
api_timeout:
default: 60
description: Timeout used for the API requests.
type: int
api_endpoint:
default: https://api.confluent.cloud
description: Endpoint used for the API requests.
type: str
resource_uri:
description:
- URI (crn://) associated with the resource in which to search
- Note that the `crn` URI associated with some resources may need to be modified to
be accepted as a as the `resource_uri`. Review examples for how to modify the cluster
`crn`.
required: true
type: str
validate_certs:
default: true
description: Whether to vaidate API endpoint TLS certs
type: bool
api_retry_max_delay:
default: 12
description: Exponential backoff delay in seconds between retries up to this max delay
value.
type: int
id: description: Role binding id returned: success sample: rb-y3mDg type: str metadata: description: User metadata, including create timestamp and updated timestamp returned: success type: dict principal: description: Principal that role binding applies to returned: success sample: User:u-l6xn83 type: str role: description: Role that role binding applies to returned: success sample: EnvironmentAdmin type: str