purestorage.flashblade.purefb_bucket_access module – Manage FlashBlade bucket access policies

Note

This module is part of the purestorage.flashblade collection (version 1.21.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install purestorage.flashblade. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: purestorage.flashblade.purefb_bucket_access.

New in purestorage.flashblade 1.20.0

Synopsis

  • Manage object store bucket policies.

  • This modules allows the management of both bucket access and cross-origin resource sharing policies and their associated rules.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 3.9

  • py-pure-client

  • purity_fb >= 1.12.2

  • netaddr

  • datetime

  • pytz

  • distro

  • pycountry

  • urllib3

Parameters

Parameter

Comments

actions

list / elements=string

List of permissions to grant.

System-wide policy rules cannot be deleted or modified

Currently only s3:GetObject is allowed

Choices:

  • "s3:*"

  • "s3:AbortMultipartUpload"

  • "s3:BypassGovernanceRetention"

  • "s3:CreateBucket"

  • "s3:DeleteBucket"

  • "s3:DeleteObject"

  • "s3:DeleteObjectVersion"

  • "s3:ExtendSafemodeRetentionPeriod"

  • "s3:GetBucketAcl"

  • "s3:GetBucketLocation"

  • "s3:GetBucketVersioning"

  • "s3:GetLifecycleConfiguration"

  • "s3:GetObject" ← (default)

  • "s3:GetObjectAcl"

  • "s3:GetObjectLegalHold"

  • "s3:GetObjectLockConfiguration"

  • "s3:GetObjectRetention"

  • "s3:GetObjectTagging"

  • "s3:GetObjectVersion"

  • "s3:GetObjectVersionTagging"

  • "s3:ListAllMyBuckets"

  • "s3:ListBucket"

  • "s3:ListBucketMultipartUploads"

  • "s3:ListBucketVersions"

  • "s3:ListMultipartUploadParts"

  • "s3:PutBucketVersioning"

  • "s3:PutLifecycleConfiguration"

  • "s3:PutObject"

  • "s3:PutObjectLegalHold"

  • "s3:PutObjectLockConfiguration"

  • "s3:PutObjectRetention"

  • "s3:ResolveSafemodeConflicts"

Default: ["s3:GetObject"]

api_token

string

FlashBlade API token for admin privileged user.

disable_warnings

boolean

added in purestorage.flashblade 1.18.0

Disable insecure certificate warnings

Choices:

  • false ← (default)

  • true

effect

string

Allow S3 requests that match all of the actions item selected. Rules are additive.

Choices:

  • "allow" ← (default)

  • "deny"

fb_url

string

FlashBlade management IP address or Hostname.

headers

list / elements=string

A list of headers that are permitted to be included in cross-origin requests to access a bucket.

The only currently supported allowed header is ‘*’.

Default: ["*"]

methods

list / elements=string

A list of HTTP methods that are permitted for cross-origin requests to access a bucket.

The only currently supported combination of allowed methods is all methods.

Choices:

  • "GET" ← (default)

  • "PUT" ← (default)

  • "HEAD" ← (default)

  • "POST" ← (default)

  • "DELETE" ← (default)

Default: ["GET", "PUT", "HEAD", "POST", "DELETE"]

name

string / required

Name of Object Store bucket the policy applies to.

origins

list / elements=string

A list of origins (domains) that are permitted to make cross-origin requests to access a bucket.

The only currently supported allowed origin is ‘*’.

Default: ["*"]

policy_type

string

Type of policy

Choices:

  • "access" ← (default)

  • "cors"

principals

boolean

Defines if the rule will apply to all object store users regardless of their origin or principal.

Choices:

  • false

  • true ← (default)

resources

list / elements=string

The list of resources which this rule applies to.

The only currently supported resource is all objects in a bucket to which the parent policy belongs.

Default: ["*"]

rule

string

Name of the rule in the Bucket Policy

Required if state is present

state

string

Create or delete policy or rule.

Choices:

  • "absent"

  • "present" ← (default)

Notes

Note

  • This module requires the purity_fb Python library

  • You must set PUREFB_URL and PUREFB_API environment variables if fb_url and api_token arguments are not passed to the module directly

Examples

- name: Create a bucket access policy rule for bucket bar
  purestorage.flashblade.purefb_bucket_policy:
    rule: foo
    name: bar
    policy_type: access
    fb_url: 10.10.10.2
    api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Create a CORS policy rule for bucket bar
  purestorage.flashblade.purefb_bucket_policy:
    rule: foo
    name: bar
    policy_type: cors
    fb_url: 10.10.10.2
    api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete bucket policy rule foo from bucket bar
  purestorage.flashblade.purefb_bucket_policy:
    rule: foo
    name: bar
    policy_type: access
    state: absent
    fb_url: 10.10.10.2
    api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6
- name: Delete all bucket policy rules from bucket bar
  purestorage.flashblade.purefb_bucket_policy:
    name: bar
    policy_type: access
    state: absent
    fb_url: 10.10.10.2
    api_token: T-9f276a18-50ab-446e-8a0c-666a3529a1b6

Authors

  • Pure Storage Ansible Team (@sdodsley)