- Docs »
- ngine_io.cloudstack.cs_role_permission – Manages role permissions on Apache CloudStack based clouds.
-
You are reading the latest community version of the Ansible documentation. Red Hat subscribers, select 2.9 in the version selection to the left for the most recent Red Hat release.
ngine_io.cloudstack.cs_role_permission – Manages role permissions on Apache CloudStack based clouds.
Note
This plugin is part of the ngine_io.cloudstack collection (version 2.1.0).
To install it use: ansible-galaxy collection install ngine_io.cloudstack.
To use it in a playbook, specify: ngine_io.cloudstack.cs_role_permission.
New in version 0.1.0: of ngine_io.cloudstack
Create, update and remove CloudStack role permissions.
Managing role permissions only supported in CloudStack >= 4.9.
The below requirements are needed on the host that executes this module.
python >= 2.6
cs >= 0.9.0
| Parameter |
Choices/Defaults |
Comments |
|
api_http_method
string
|
|
HTTP method used to query the API endpoint.
If not given, the CLOUDSTACK_METHOD env variable is considered.
|
|
api_key
string
/ required
|
|
API key of the CloudStack API.
If not given, the CLOUDSTACK_KEY env variable is considered.
|
|
api_secret
string
/ required
|
|
Secret key of the CloudStack API.
If not set, the CLOUDSTACK_SECRET env variable is considered.
|
|
api_timeout
integer
|
Default:
10
|
HTTP timeout in seconds.
If not given, the CLOUDSTACK_TIMEOUT env variable is considered.
|
|
api_url
string
/ required
|
|
URL of the CloudStack API e.g. https://cloud.example.com/client/api.
If not given, the CLOUDSTACK_ENDPOINT env variable is considered.
|
|
api_verify_ssl_cert
string
|
|
Verify CA authority cert file.
If not given, the CLOUDSTACK_VERIFY env variable is considered.
|
|
description
string
|
|
The description of the role permission.
|
|
name
string
/ required
|
|
The API name of the permission.
|
|
parent
string
|
|
The parent role permission uuid. use 0 to move this rule at the top of the list.
|
|
permission
string
|
|
The rule permission, allow or deny. Defaulted to deny.
|
|
role
string
/ required
|
|
Name or ID of the role.
|
|
state
string
|
Choices:
present ← - absent
|
State of the role permission.
|
- name: Create a role permission
ngine_io.cloudstack.cs_role_permission:
role: My_Custom_role
name: createVPC
permission: allow
description: My comments
- name: Remove a role permission
ngine_io.cloudstack.cs_role_permission:
state: absent
role: My_Custom_role
name: createVPC
- name: Update a system role permission
ngine_io.cloudstack.cs_role_permission:
role: Domain Admin
name: createVPC
permission: deny
- name: Update rules order. Move the rule at the top of list
ngine_io.cloudstack.cs_role_permission:
role: Domain Admin
name: createVPC
parent: 0
Common return values are documented here, the following are the fields unique to this module:
| Key |
Returned |
Description |
|
description
string
|
success |
The description of the role permission
Sample:
Deny createVPC for users
|
|
id
string
|
success |
The ID of the role permission.
Sample:
a6f7a5fc-43f8-11e5-a151-feff819cdc9f
|
|
name
string
|
success |
The API name of the permission.
Sample:
createVPC
|
|
permission
string
|
success |
The permission type of the api name.
Sample:
allow
|
|
role_id
string
|
success |
The ID of the role to which the role permission belongs.
Sample:
c6f7a5fc-43f8-11e5-a151-feff819cdc7f
|
