cluster_role – Manage Sensu cluster roles

Create, update or delete Sensu role.

For more information, refer to the Sensu documentation at https://docs.sensu.io/sensu-go/latest/reference/rbac/#roles-and-cluster-roles.

New in version 1.0.0.

Requirements

The below requirements are needed on the host that executes this module:

  • python >= 2.7

Examples

- name: Create a cluster role
  sensu.sensu_go.cluster_role:
    name: readonly
    rules:
      - verbs:
          - get
          - list
        resources:
          - checks
          - entities

- name: Delete a cluster role
  sensu.sensu_go.cluster_role:
    name: readonly
    state: absent

See Also

Parameters

auth (optional)

Authentication parameters. Can define each of them with ENV as well.

type: dict
api_key (optional)

The API key that should be used when authenticating. If this is not set, the value of the SENSU_API_KEY environment variable will be checked.

This replaces auth.user and auth.password parameters.

For more information about the API key, refer to the official Sensu documentation at https://docs.sensu.io/sensu-go/latest/guides/use-apikey-feature/.

type: str
ca_path (optional)

Path to the CA bundle that should be used to validate the backend certificate.

If this parameter is not set, module will use the CA bundle that python is using.

It is also possible to set this parameter via the SENSU_CA_PATH environment variable.

type: path
password (optional)

The Sensu user’s password. If this is not set the value of the SENSU_PASSWORD environment variable will be checked.

This parameter is ignored if the auth.api_key parameter is set.

type: str
default: P@ssw0rd!
url (optional)

Location of the Sensu backend API. If this is not set the value of the SENSU_URL environment variable will be checked.

type: str
user (optional)

The username to use for connecting to the Sensu API. If this is not set the value of the SENSU_USER environment variable will be checked.

This parameter is ignored if the auth.api_key parameter is set.

type: str
default: admin
verify (optional)

Flag that controls the certificate validation.

If you are using self-signed certificates, you can set this parameter to false.

ONLY USE THIS PARAMETER IN DEVELOPMENT SCENARIOS! In you use self-signed certificates in production, see the auth.ca_path parameter.

It is also possible to set this parameter via the SENSU_VERIFY environment variable.

type: bool
default: True
name (required)

The Sensu resource’s name. This name (in combination with the namespace where applicable) uniquely identifies the resource that Ansible operates on.

If the resource with selected name already exists, Ansible module will update it to match the specification in the task.

Consult the name metadata attribute specification in the upstream docs on https://docs.sensu.io/sensu-go/latest/reference/ for more details about valid names and other restrictions.

type: str
rules (optional)

Rules that the cluster role applies.

Must be non-empty if state is present.

type: list
resource_names (optional)

Names of specific resources the rule has permission to access.

Note that for the create verb, this argument will not be taken into account when enforcing RBAC, even if it is provided.

type: list
resources (required)

Types of resources the rule has permission to access.

type: list
verbs (required)

Permissions to be applied by the rule.

type: list
choices: get, list, create, update, delete
state (optional)

Target state of the Sensu object.

type: str
default: present
choices: present, absent

Return Values

object

Object representing Sensu cluster role.

sample:

metadata:
  name: cluster-role
rules:
- resource_names:
  - sample-name
  resources:
  - assets
  - checks
  verbs:
  - get
  - list