Try SpotterManage access policies in pulp
Authors: Matthias Dellweg (@mdellweg)
Install with ansible-galaxy collection install pulp.squeezer:==0.0.15
collections:
- name: pulp.squeezer
version: 0.0.15This module lets you view and change access policies on a pulp3 server.
- name: Dump all access policies
pulp.squeezer.access_policy:
pulp_url: https://pulp.example.org
username: admin
password: password
register: access_policies_status
- name: Report the access policies
debug:
var: access_policies_status
- name: View the access policy for tasks
pulp.squeezer.access_policy:
pulp_url: https://pulp.example.org
username: admin
password: password
viewset_name: "tasks"
register: access_policy_status
- name: Report the access policy
debug:
var: access_policy_status
- name: Modify the access policy for tasks
pulp.squeezer.access_policy:
pulp_url: https://pulp.example.org
username: admin
password: password
viewset_name: "tasks"
statements:
- action: "*"
principal: "*"
effect: "allow"
state: present
state:
choices:
- present
description:
- State the entity should be in
type: str
timeout:
default: 10
description:
- Time in seconds to wait for tasks.
type: int
password:
description:
- Password of api user.
- If no value is specified, the value of the environment variable C(SQUEEZER_PASSWORD)
will be used as a fallback.
required: false
type: str
pulp_url:
description:
- URL of the server to connect to (without 'pulp/api/v3').
- If no value is specified, the value of the environment variable C(SQUEEZER_PULP_URL)
will be used as a fallback.
required: true
type: str
user_key:
description:
- Client certificate key of api user.
required: false
type: str
username:
description:
- Username of api user.
- If no value is specified, the value of the environment variable C(SQUEEZER_USERNAME)
will be used as a fallback.
required: false
type: str
user_cert:
description:
- Client certificate of api user.
required: false
type: str
statements:
description:
- Statements to controll access to certain actions
elements: dict
suboptions:
action:
description: Names of actions on the viewset
elements: str
required: true
type: list
condition:
description:
- Condition as a string or a list
- If a list is provided, all conditions are composed with and
type: raw
effect:
choices:
- allow
- deny
description: Effect of the statement
required: true
type: str
principal:
description: Description of the actor
required: true
type: str
type: list
viewset_name:
description:
- Name of the viewset the access policy is attatched to
type: str
creation_hooks:
aliases:
- permissions_assignment
description:
- Hooks to be called on object creation
elements: dict
suboptions:
function:
description: Function to call
required: true
type: str
parameters:
description: Parameters for the function call
required: true
type: raw
permissions:
description: List of permissions to assign to a principal
elements: str
required: false
type: list
type: list
validate_certs:
default: true
description:
- Whether SSL certificates should be verified.
- If no value is specified, the value of the environment variable C(SQUEEZER_VALIDATE_CERTS)
will be used as a fallback.
type: bool
refresh_api_cache:
default: false
description:
- Whether the cached API specification should be invalidated.
- It is recommended to use this once with the M(pulp.squeezer.status) module at the
beginning of the playbook.
type: bool
access_policies: description: List of access policies returned: when no viewset_name is given type: list remote: description: Access policy details returned: when viewset_name is given type: dict