azure.azcollection.azure_rm_roleassignment – Manage Azure Role Assignment¶
Note
This plugin is part of the azure.azcollection collection (version 1.5.0).
To install it use: ansible-galaxy collection install azure.azcollection
.
To use it in a playbook, specify: azure.azcollection.azure_rm_roleassignment
.
New in version 0.1.2: of azure.azcollection
Requirements¶
The below requirements are needed on the host that executes this module.
python >= 2.7
azure >= 2.0.0
Parameters¶
Notes¶
Note
For authentication with Azure you can pass parameters, set environment variables, use a profile stored in ~/.azure/credentials, or log in before you run your tasks or playbook with
az login
.Authentication is also possible using a service principal or Active Directory user.
To authenticate via service principal, pass subscription_id, client_id, secret and tenant or set environment variables AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET and AZURE_TENANT.
To authenticate via Active Directory user, pass ad_user and password, or set AZURE_AD_USER and AZURE_PASSWORD in the environment.
Alternatively, credentials can be stored in ~/.azure/credentials. This is an ini file containing a [default] section and the following keys: subscription_id, client_id, secret and tenant or subscription_id, ad_user and password. It is also possible to add additional profiles. Specify the profile by passing profile or setting AZURE_PROFILE in the environment.
See Also¶
See also
- Sign in with Azure CLI
How to authenticate using the
az login
command.
Examples¶
- name: Create a role assignment
azure_rm_roleassignment:
scope: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
assignee_object_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
role_definition_id:
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
- name: Create a role assignment
azure_rm_roleassignment:
name: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
scope: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
assignee_object_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
role_definition_id:
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
- name: Delete a role assignment
azure_rm_roleassignment:
name: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
scope: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
state: absent
- name: Delete a role assignment
azure_rm_roleassignment:
id: /subscriptions/xxx-sub-guid-xxx/resourceGroups/rgname/providers/Microsoft.Authorization/roleAssignments/xxx-assign-guid-xxx"
- name: Delete a role assignment
azure_rm_roleassignment:
scope: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
assignee_object_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
role_definition_id:
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Authors¶
Yunge Zhu(@yungezz)
Paul Aiton(@paultaiton)