goldyfruit.ibmcloud_automation.ic_iam_authz_policy (1.0.4) — module

Manage IAM authorization policies on IBM Cloud.

| "added in version" 2.9 of goldyfruit.ibmcloud_automation"

Authors: Gaëtan Trellu (@goldyfruit)

preview | supported by community

Install collection

Install with ansible-galaxy collection install goldyfruit.ibmcloud_automation:==1.0.4


Add to requirements.yml

  collections:
    - name: goldyfruit.ibmcloud_automation
      version: 1.0.4

Description

An IAM policy enables a subject to access a resource. These policies are used in access decisions when calling APIs for IAM-enabled services.


Requirements

Usage examples

  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Allow Infrastructure Image to communicate with Cloud Object Storage
  ic_iam_authz_policy:
    subjects:
      source_service_name: is
      source_resource_type: image
    resources:
      target_service_name: cloud-object-storage
      target_service_instance: ibmcloud-resource-instance-baby
    roles:
      - Reader
      - Writer
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Delete authorization policy
  ic_iam_authz_policy:
    policy: a0a03ee9-48c7-4c58-be49-6f473a98ae16
    state: absent

Inputs

    
roles:
    description:
    - A set of role cloud resource names granted by the policy.
    type: list

state:
    choices:
    - present
    - absent
    default: present
    description:
    - Should the resource be present or absent.
    type: str

policy:
    description:
    - The policy ID.
    - Only required for policy deletion.
    type: str

subjects:
    description:
    - The subject attribute values that must match in order for this policy to apply in
      a permission decision.
    suboptions:
      source_resource_type:
        description:
        - Resource type of source service
        type: str
      source_service_instance:
        description:
        - The source resource instance name or ID.
        type: str
      source_service_name:
        description:
        - The source service name.
        type: str
    type: dict

resources:
    description:
    - The attributes of the resource. Note that only one resource is allowed in a policy.
    suboptions:
      target_resource_type:
        description:
        - Resource type of target service.
        type: str
      target_service_instance:
        description:
        - The target resource instance name or ID.
        type: str
      target_service_name:
        description:
        - The target service name.
        type: str
    type: dict