Try SpotterModule to manage permissions of users/groups in oVirt/RHV
| "added in version" 1.0.0 of mnecas.ovirt"
Authors: Ondra Machacek (@machacekondra), Martin Necas (@mnecas)
Install with ansible-galaxy collection install mnecas.ovirt:==1.5.5
collections:
- name: mnecas.ovirt
version: 1.5.5Module to manage permissions of users/groups in oVirt/RHV.
# Examples don't contain auth parameter for simplicity,
# look at ovirt_auth module to see how to reuse authentication:
- name: Add user user1 from authorization provider example.com-authz
mnecas.ovirt.ovirt_permission:
user_name: user1
authz_name: example.com-authz
object_type: vm
object_name: myvm
role: UserVmManager
- name: Remove permission from user
mnecas.ovirt.ovirt_permission:
state: absent
user_name: user1
authz_name: example.com-authz
object_type: cluster
object_name: mycluster
role: ClusterAdmin
- name: Assign QuotaConsumer role to user
mnecas.ovirt.ovirt_permissions:
state: present
user_name: user1
authz_name: example.com-authz
object_type: data_center
object_name: mydatacenter
quota_name: myquota
role: QuotaConsumer
- name: Assign QuotaConsumer role to group
mnecas.ovirt.ovirt_permissions:
state: present
group_name: group1
authz_name: example.com-authz
object_type: data_center
object_name: mydatacenter
quota_name: myquota
role: QuotaConsumer
auth:
description:
- 'Dictionary with values needed to create HTTP/HTTPS connection to oVirt:'
required: true
suboptions:
ca_file:
description:
- A PEM file containing the trusted CA certificates.
- The certificate presented by the server will be verified using these CA certificates.
- If C(ca_file) parameter is not set, system wide CA certificate store is used.
- Default value is set by C(OVIRT_CAFILE) environment variable.
type: str
compress:
default: true
description: Flag indicating if compression is used for connection.
type: bool
headers:
description:
- Dictionary of HTTP headers to be added to each API call.
type: dict
hostname:
description:
- A string containing the hostname of the server, usually something like `I(server.example.com)`.
- Default value is set by C(OVIRT_HOSTNAME) environment variable.
- Either C(url) or C(hostname) is required.
type: str
insecure:
default: false
description:
- A boolean flag that indicates if the server TLS certificate and host name should
be checked.
type: bool
kerberos:
description:
- A boolean flag indicating if Kerberos authentication should be used instead
of the default basic authentication.
type: bool
password:
description:
- The password of the user.
- Default value is set by C(OVIRT_PASSWORD) environment variable.
required: true
type: str
timeout:
description: Number of seconds to wait for response.
type: int
token:
description:
- Token to be used instead of login with username/password.
- Default value is set by C(OVIRT_TOKEN) environment variable.
type: str
url:
description:
- A string containing the API URL of the server, usually something like `I(https://server.example.com/ovirt-engine/api)`.
- Default value is set by C(OVIRT_URL) environment variable.
- Either C(url) or C(hostname) is required.
type: str
username:
description:
- The name of the user, something like I(admin@internal).
- Default value is set by C(OVIRT_USERNAME) environment variable.
required: true
type: str
type: dict
role:
default: UserRole
description:
- Name of the role to be assigned to user/group on specific object.
type: str
wait:
default: true
description:
- C(yes) if the module should wait for the entity to get into desired state.
type: bool
state:
choices:
- absent
- present
default: present
description:
- Should the permission be present/absent.
type: str
timeout:
default: 180
description:
- The amount of time in seconds the module should wait for the instance to get into
desired state.
type: int
namespace:
description:
- Namespace of the authorization provider, where user/group resides.
type: str
object_id:
description:
- ID of the object where the permissions should be managed.
type: str
user_name:
description:
- Username of the user to manage. In most LDAPs it's I(uid) of the user, but in Active
Directory you must specify I(UPN) of the user.
- Note that if user does not exist in the system this module will fail, you should
ensure the user exists by using M(mnecas.ovirt.ovirt_users) module.
type: str
authz_name:
aliases:
- domain
description:
- Authorization provider of the user/group.
required: true
type: str
group_name:
description:
- Name of the group to manage.
- Note that if group does not exist in the system this module will fail, you should
ensure the group exists by using M(mnecas.ovirt.ovirt_groups) module.
type: str
quota_name:
description:
- Name of the quota to assign permission. Works only with C(object_type) I(data_center).
type: str
object_name:
description:
- Name of the object where the permissions should be managed.
type: str
object_type:
choices:
- cluster
- cpu_profile
- data_center
- disk
- disk_profile
- host
- network
- storage_domain
- system
- template
- vm
- vm_pool
- vnic_profile
default: vm
description:
- The object where the permissions should be managed.
type: str
fetch_nested:
default: false
description:
- If I(True) the module will fetch additional data from the API.
- It will fetch IDs of the VMs disks, snapshots, etc. User can configure to fetch
other attributes of the nested entities by specifying C(nested_attributes).
type: bool
poll_interval:
default: 3
description:
- Number of the seconds the module waits until another poll request on entity status
is sent.
type: int
nested_attributes:
description:
- Specifies list of the attributes which should be fetched from the API.
- This parameter apply only when C(fetch_nested) is I(true).
elements: str
type: list
id:
description: ID of the permission which is managed
returned: On success if permission is found.
sample: 7de90f31-222c-436c-a1ca-7e655bd5b60c
type: str
permission:
description: 'Dictionary of all the permission attributes. Permission attributes
can be found on your oVirt/RHV instance at following url: http://ovirt.github.io/ovirt-engine-api-model/master/#types/permission.'
returned: On success if permission is found.
type: dict