pulp / pulp.squeezer / 0.0.15 / module / access_policy Manage access policies in pulp Authors: Matthias Dellweg (@mdellweg)pulp.squeezer.access_policy (0.0.15) — module
Install with ansible-galaxy collection install pulp.squeezer:==0.0.15
collections: - name: pulp.squeezer version: 0.0.15
This module lets you view and change access policies on a pulp3 server.
- name: Dump all access policies pulp.squeezer.access_policy: pulp_url: https://pulp.example.org username: admin password: password register: access_policies_status
- name: Report the access policies debug: var: access_policies_status
- name: View the access policy for tasks pulp.squeezer.access_policy: pulp_url: https://pulp.example.org username: admin password: password viewset_name: "tasks" register: access_policy_status
- name: Report the access policy debug: var: access_policy_status
- name: Modify the access policy for tasks pulp.squeezer.access_policy: pulp_url: https://pulp.example.org username: admin password: password viewset_name: "tasks" statements: - action: "*" principal: "*" effect: "allow" state: present
state: choices: - present description: - State the entity should be in type: str timeout: default: 10 description: - Time in seconds to wait for tasks. type: int password: description: - Password of api user. - If no value is specified, the value of the environment variable C(SQUEEZER_PASSWORD) will be used as a fallback. required: false type: str pulp_url: description: - URL of the server to connect to (without 'pulp/api/v3'). - If no value is specified, the value of the environment variable C(SQUEEZER_PULP_URL) will be used as a fallback. required: true type: str user_key: description: - Client certificate key of api user. required: false type: str username: description: - Username of api user. - If no value is specified, the value of the environment variable C(SQUEEZER_USERNAME) will be used as a fallback. required: false type: str user_cert: description: - Client certificate of api user. required: false type: str statements: description: - Statements to controll access to certain actions elements: dict suboptions: action: description: Names of actions on the viewset elements: str required: true type: list condition: description: - Condition as a string or a list - If a list is provided, all conditions are composed with and type: raw effect: choices: - allow - deny description: Effect of the statement required: true type: str principal: description: Description of the actor required: true type: str type: list viewset_name: description: - Name of the viewset the access policy is attatched to type: str creation_hooks: aliases: - permissions_assignment description: - Hooks to be called on object creation elements: dict suboptions: function: description: Function to call required: true type: str parameters: description: Parameters for the function call required: true type: raw permissions: description: List of permissions to assign to a principal elements: str required: false type: list type: list validate_certs: default: true description: - Whether SSL certificates should be verified. - If no value is specified, the value of the environment variable C(SQUEEZER_VALIDATE_CERTS) will be used as a fallback. type: bool refresh_api_cache: default: false description: - Whether the cached API specification should be invalidated. - It is recommended to use this once with the M(pulp.squeezer.status) module at the beginning of the playbook. type: bool
access_policies: description: List of access policies returned: when no viewset_name is given type: list remote: description: Access policy details returned: when viewset_name is given type: dict