ngine_io.cloudstack.cs_role_permission – Manages role permissions on Apache CloudStack based clouds.

Note

This plugin is part of the ngine_io.cloudstack collection (version 2.1.0).

To install it use: ansible-galaxy collection install ngine_io.cloudstack.

To use it in a playbook, specify: ngine_io.cloudstack.cs_role_permission.

New in version 0.1.0: of ngine_io.cloudstack

Synopsis

  • Create, update and remove CloudStack role permissions.

  • Managing role permissions only supported in CloudStack >= 4.9.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 2.6

  • cs >= 0.9.0

Parameters

Parameter Choices/Defaults Comments
api_http_method
string
    Choices:
  • get ←
  • post
HTTP method used to query the API endpoint.
If not given, the CLOUDSTACK_METHOD env variable is considered.
api_key
string / required
API key of the CloudStack API.
If not given, the CLOUDSTACK_KEY env variable is considered.
api_secret
string / required
Secret key of the CloudStack API.
If not set, the CLOUDSTACK_SECRET env variable is considered.
api_timeout
integer
Default:
10
HTTP timeout in seconds.
If not given, the CLOUDSTACK_TIMEOUT env variable is considered.
api_url
string / required
URL of the CloudStack API e.g. https://cloud.example.com/client/api.
If not given, the CLOUDSTACK_ENDPOINT env variable is considered.
api_verify_ssl_cert
string
Verify CA authority cert file.
If not given, the CLOUDSTACK_VERIFY env variable is considered.
description
string
The description of the role permission.
name
string / required
The API name of the permission.
parent
string
The parent role permission uuid. use 0 to move this rule at the top of the list.
permission
string
    Choices:
  • allow
  • deny ←
The rule permission, allow or deny. Defaulted to deny.
role
string / required
Name or ID of the role.
state
string
    Choices:
  • present ←
  • absent
State of the role permission.

Notes

Note

  • A detailed guide about cloudstack modules can be found in the CloudStack Cloud Guide.

  • This module supports check mode.

Examples

- name: Create a role permission
  ngine_io.cloudstack.cs_role_permission:
    role: My_Custom_role
    name: createVPC
    permission: allow
    description: My comments

- name: Remove a role permission
  ngine_io.cloudstack.cs_role_permission:
    state: absent
    role: My_Custom_role
    name: createVPC

- name: Update a system role permission
  ngine_io.cloudstack.cs_role_permission:
    role: Domain Admin
    name: createVPC
    permission: deny

- name: Update rules order. Move the rule at the top of list
  ngine_io.cloudstack.cs_role_permission:
    role: Domain Admin
    name: createVPC
    parent: 0

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
description
string
success
The description of the role permission

Sample:
Deny createVPC for users
id
string
success
The ID of the role permission.

Sample:
a6f7a5fc-43f8-11e5-a151-feff819cdc9f
name
string
success
The API name of the permission.

Sample:
createVPC
permission
string
success
The permission type of the api name.

Sample:
allow
role_id
string
success
The ID of the role to which the role permission belongs.

Sample:
c6f7a5fc-43f8-11e5-a151-feff819cdc7f


Authors

  • David Passante (@dpassante)