purestorage / purestorage.flashblade / 1.17.0 / module / purefb_policy Manage FlashBlade policies | "added in version" 1.0.0 of purestorage.flashblade" Authors: Pure Storage Ansible Team (@sdodsley) <pure-ansible-team@purestorage.com> preview | supported by communitypurestorage.flashblade.purefb_policy (1.17.0) — module
Install with ansible-galaxy collection install purestorage.flashblade:==1.17.0
collections: - name: purestorage.flashblade version: 1.17.0
Manage policies for filesystem, file replica links and object store access.
To update an existing snapshot policy rule, you must first delete the original rule and then add the new rule to replace it. Purity's best-fit will try to ensure that any required snapshots deleted on the deletion of the first rule will be recovered as long replacement rule is added before the snapshot eradication period is exceeded (usuually 24 hours).
- name: Create a simple snapshot policy with no rules purestorage.flashblade.purefb_policy: name: test_policy policy_type: snapshot fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create a snapshot policy and connect to existing filesystems and filesystem replica links purestorage.flashblade.purefb_policy: name: test_policy_with_members policy_type: snapshot filesystem: - fs1 - fs2 replica_link: - rl1 - rl2 fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create a snapshot policy with rules purestorage.flashblade.purefb_policy: name: test_policy2 policy_type: snapshot at: 11AM keep_for: 86400 every: 86400 timezone: Asia/Shanghai fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete a snapshot policy purestorage.flashblade.purefb_policy: name: test_policy policy_type: snapshot state: absent fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create an empty object store access policy purestorage.flashblade.purefb_policy: name: test_os_policy account: test policy_type: access fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create an empty object store access policy and assign user purestorage.flashblade.purefb_policy: name: test_os_policy account: test policy_type: access user: fred fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create a object store access policy with simple rule purestorage.flashblade.purefb_policy: name: test_os_policy_rule policy_type: access account: test rule: rule1 actions: "s3:*" object_resources: "*" fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create an empty SMB client policy purestorage.flashblade.purefb_policy: name: test_smb_client policy_type: smb_client fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create an SMB client policy with a client rule purestorage.flashblade.purefb_policy: name: test_smb_client policy_type: smb_client client: "10.0.1.0/24" permission: rw fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create an empty NFS export policy purestorage.flashblade.purefb_policy: name: test_nfs_export policy_type: nfs fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create an NFS export policy with a client rule purestorage.flashblade.purefb_policy: name: test_nfs_export policy_type: nfs atime: true client: "10.0.1.0/24" secure: true security: [sys, krb5] permission: rw fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create a new rule for an existing NFS export policy purestorage.flashblade.purefb_policy: name: test_nfs_export policy_type: nfs atime: true client: "10.0.2.0/24" security: sys permission: ro fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete a client rule from an NFS export policy purestorage.flashblade.purefb_policy: name: test_nfs_export client: "10.0.1.0/24" policy_type: nfs state: absent fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete an NFS export policy and all associated rules purestorage.flashblade.purefb_policy: name: test_nfs_export state: absent policy_type: nfs fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete a rule from an object store access policy purestorage.flashblade.purefb_policy: name: test_os_policy_rule account: test policy_type: access rule: rule1 state: absent fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete a user from an object store access policy purestorage.flashblade.purefb_policy: name: test_os_policy_rule account: test user: fred policy_type: access state: absent fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete an object store access policy with attached users (USE WITH CAUTION) purestorage.flashblade.purefb_policy: name: test_os_policy_rule account: test policy_type: access force_delete: true state: absent fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete an object store access policy with no attached users purestorage.flashblade.purefb_policy: name: test_os_policy_rule account: test policy_type: access state: absent fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Copy an object store access policy rule to another exisitng policy purestorage.flashblade.purefb_policy: name: test_os_policy_rule policy_type: access account: test target: "account2/anotherpolicy" target_rule: new_rule1 state: copy fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Rename an NFS Export Policy purestorage.flashblade.purefb_policy: name: old_name policy_type: nfs rename: new_name fb_url: 10.10.10.2 api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
at: description: - Provide a time in 12-hour AM/PM format, eg. 11AM type: str desc: default: '' description: - A description of an object store policy, optionally specified when the policy is created. - Cannot be modified for an existing policy. type: str version_added: 1.14.0 version_added_collection: purestorage.flashblade name: description: - Name of the policy type: str read: choices: - allow - deny - '' description: - The state of the SMB share principals Read access permission. - Setting to "" will clear the current setting type: str version_added: 1.12.0 version_added_collection: purestorage.flashblade rule: description: - Name of the rule for the Object Store Access Policy - Rules in system wide policies cannot be deleted or modified type: str version_added: 1.9.0 version_added_collection: purestorage.flashblade user: description: - User in the I(account) that the policy is granted to. type: str version_added: 1.9.0 version_added_collection: purestorage.flashblade atime: default: true description: - After a read operation has occurred, the inode access time is updated only if any of the following conditions is true; the previous access time is less than the inode modify time, the previous access time is less than the inode change time, or the previous access time is more than 24 hours ago. - If set to false, disables the update of inode access times after read operations. type: bool version_added: 1.9.0 version_added_collection: purestorage.flashblade every: description: - Interval between snapshots in seconds - Range available 300 - 31536000 (equates to 5m to 365d) type: int state: choices: - absent - present - copy default: present description: - Create or delete policy. - Copy is applicable only to Object Store Access Policies Rules type: str access: choices: - root-squash - all-squash - no-squash default: root-squash description: - Specifies access control for the export policy rule type: str version_added: 1.9.0 version_added_collection: purestorage.flashblade change: choices: - allow - deny - '' description: - The state of the SMB share principals Change access permission. - Setting to "" will clear the current setting type: str version_added: 1.12.0 version_added_collection: purestorage.flashblade client: description: - Specifies the clients that will be permitted to access the export. - Accepted notation is a single IP address, subnet in CIDR notation, netgroup, or anonymous (*). type: str version_added: 1.9.0 version_added_collection: purestorage.flashblade effect: choices: - allow - deny default: allow description: - Allow S3 requests that match all of the I(actions) item selected. Rules are additive. type: str version_added: 1.9.0 version_added_collection: purestorage.flashblade fb_url: description: - FlashBlade management IP address or Hostname. type: str rename: description: - New name for policy - Only applies to NFS and SMB policies type: str version_added: 1.10.0 version_added_collection: purestorage.flashblade secure: default: false description: - If true, this prevents NFS access to client connections coming from non-reserved ports. - If false, allows NFS access to client connections coming from non-reserved ports. - Applies to NFSv3, NFSv4.1, and auxiliary protocols MOUNT and NLM. type: bool version_added: 1.9.0 version_added_collection: purestorage.flashblade target: description: - Name of policy to copy rule to type: str version_added: 1.9.0 version_added_collection: purestorage.flashblade account: description: - Name of Object Store account policy applies to. - B(Special Case) I(pure policy) is used for the system-wide S3 policies type: str version_added: 1.9.0 version_added_collection: purestorage.flashblade actions: choices: - s3:* - s3:AbortMultipartUpload - s3:BypassGovernanceRetention - s3:CreateBucket - s3:DeleteBucket - s3:DeleteObject - s3:DeleteObjectVersion - s3:ExtendSafemodeRetentionPeriod - s3:GetBucketAcl - s3:GetBucketLocation - s3:GetBucketVersioning - s3:GetLifecycleConfiguration - s3:GetObject - s3:GetObjectAcl - s3:GetObjectLegalHold - s3:GetObjectLockConfiguration - s3:GetObjectRetention - s3:GetObjectTagging - s3:GetObjectVersion - s3:GetObjectVersionTagging - s3:ListAllMyBuckets - s3:ListBucket - s3:ListBucketMultipartUploads - s3:ListBucketVersions - s3:ListMultipartUploadParts - s3:PutBucketVersioning - s3:PutLifecycleConfiguration - s3:PutObject - s3:PutObjectLegalHold - s3:PutObjectLockConfiguration - s3:PutObjectRetention - s3:ResolveSafemodeConflicts description: - List of permissions to grant. - System-wide policy rules cannot be deleted or modified elements: str type: list version_added: 1.9.0 version_added_collection: purestorage.flashblade anongid: description: - Any user whose GID is affected by an I(access) of `root_squash` or `all_squash` will have their GID mapped to anongid. The default anongid is null, which means 65534. Use "" to clear. type: str version_added: 1.9.0 version_added_collection: purestorage.flashblade anonuid: description: - Any user whose UID is affected by an I(access) of `root_squash` or `all_squash` will have their UID mapped to anonuid. The default is null, which means 65534. Use "" to clear. type: str version_added: 1.9.0 version_added_collection: purestorage.flashblade enabled: default: true description: - State of policy type: bool keep_for: description: - How long to keep snapshots for - Range available 300 - 31536000 (equates to 5m to 365d) - Must not be set less than I(every) type: int security: choices: - sys - krb5 - krb5i - krb5p default: sys description: - The security flavors to use for accessing files on this mount point. - If the server does not support the requested flavor, the mount operation fails. - I(sys) trusts the client to specify users identity. - I(krb) provides cryptographic proof of a users identity in each RPC request. - I(krb5i) adds integrity checking to krb5, to ensure the data has not been tampered with. - I(krb5p) adds integrity checking and encryption to krb5. elements: str type: list version_added: 1.9.0 version_added_collection: purestorage.flashblade timezone: description: - Time Zone used for the I(at) parameter - If not provided, the module will attempt to get the current local timezone from the server type: str api_token: description: - FlashBlade API token for admin privileged user. type: str principal: description: - The user or group who is the subject of this rule, and their domain type: str version_added: 1.12.0 version_added_collection: purestorage.flashblade filesystem: description: - List of filesystems to add to a policy on creation - To amend policy members use the I(purestorage.flashblade.purefb_fs) module elements: str type: list interfaces: choices: - management-ssh - management-rest-api - management-web-ui - snmp - local-network-superuser-password-access description: - Specifies which product interfaces the network access policy rule applies to, whether it is permitting or denying access. elements: str type: list version_added: 1.17.0 version_added_collection: purestorage.flashblade permission: choices: - rw - ro default: ro description: - Specifies which read-write client access permissions are allowed for the export. type: str version_added: 1.9.0 version_added_collection: purestorage.flashblade source_ips: description: - List of IPs and subnets from which this rule should allow requests; e.g., 10.20.30.40, 10.20.30.0/24, 2001:DB8:1234:5678::/64. - System-wide policy rules cannot be deleted or modified elements: str type: list version_added: 1.9.0 version_added_collection: purestorage.flashblade before_rule: description: - The index of the client rule to insert or move a client rule before. type: int version_added: 1.9.0 version_added_collection: purestorage.flashblade policy_type: choices: - snapshot - access - nfs - smb_share - smb_client - network default: snapshot description: - Type of policy type: str version_added: 1.9.0 version_added_collection: purestorage.flashblade s3_prefixes: description: - List of 'folders' (object key prefixes) for which object listings may be requested. - System-wide policy rules cannot be deleted or modified elements: str type: list version_added: 1.9.0 version_added_collection: purestorage.flashblade target_rule: description: - Name of the rule to copy the exisitng rule to. - If not defined the existing rule name is used. type: str version_added: 1.9.0 version_added_collection: purestorage.flashblade fileid_32bit: default: false description: - Whether the file id is 32 bits or not. type: bool version_added: 1.9.0 version_added_collection: purestorage.flashblade force_delete: default: false description: - Force the deletion of a Object Store Access Policy is this has attached users. - WARNING This can have undesired side-effects. - System-wide policies cannot be deleted type: bool version_added: 1.9.0 version_added_collection: purestorage.flashblade full_control: choices: - allow - deny - '' description: - The state of the SMB share principals Full Control access permission. - Setting to "" will clear the current setting type: str version_added: 1.12.0 version_added_collection: purestorage.flashblade replica_link: description: - List of filesystem replica links to add to a policy on creation - To amend policy members use the I(purestorage.flashblade.purefb_fs_replica) module elements: str type: list s3_delimiters: description: - List of delimiter characters allowed in object list requests. - Grants permissions to list 'folder names' (prefixes ending in a delimiter) instead of object keys. - System-wide policy rules cannot be deleted or modified elements: str type: list version_added: 1.9.0 version_added_collection: purestorage.flashblade smb_encryption: choices: - disabled - optional - required default: optional description: - The status of SMB encryption in a client policy rule type: str version_added: 1.12.0 version_added_collection: purestorage.flashblade object_resources: description: - List of bucket names and object paths, with a wildcard (*) to specify objects in a bucket; e.g., bucket1, bucket1/*, bucket2, bucket2/*. - System-wide policy rules cannot be deleted or modified elements: str type: list version_added: 1.9.0 version_added_collection: purestorage.flashblade destroy_snapshots: default: false description: - This parameter must be set to true in order to modify a policy such that local or remote snapshots would be destroyed. type: bool version_added: 1.11.0 version_added_collection: purestorage.flashblade ignore_enforcement: default: true description: - Certain combinations of actions and other rule elements are inherently ignored if specified together in a rule. - If set to true, operations which attempt to set these combinations will fail. - If set to false, such operations will instead be allowed. type: bool version_added: 1.9.0 version_added_collection: purestorage.flashblade