purestorage.flasharray.purefa_dsrole module – Configure FlashArray Directory Service Roles

Note

This module is part of the purestorage.flasharray collection (version 1.32.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install purestorage.flasharray. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: purestorage.flasharray.purefa_dsrole.

New in purestorage.flasharray 1.0.0

Synopsis

  • Set or erase directory services role configurations.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 3.3

  • purestorage >= 1.19

  • py-pure-client >= 1.26.0

  • netaddr

  • requests

  • pycountry

  • urllib3

Parameters

Parameter

Comments

api_token

string

FlashArray API token for admin privileged user.

disable_warnings

boolean

added in purestorage.flasharray 1.29.0

Disable insecure certificate warnings in debug logs

Choices:

  • false ← (default)

  • true

fa_url

string

FlashArray management IPv4 address or Hostname.

group

string

Sets the common Name (CN) of the configured directory service group containing users for the FlashBlade. This name should be just the Common Name of the group without the CN= specifier.

Common Names should not exceed 64 characters in length.

group_base

string

Specifies where the configured group is located in the directory tree. This field consists of Organizational Units (OUs) that combine with the base DN attribute and the configured group CNs to complete the full Distinguished Name of the groups. The group base should specify OU= for each OU and multiple OUs should be separated by commas. The order of OUs is important and should get larger in scope from left to right.

Each OU should not exceed 64 characters in length.

name

string

added in purestorage.flasharray 1.32.0

Name of role

If not providied, will be assinged to the same as role

role

string

The directory service role to work on

Choices:

  • "array_admin"

  • "ops_admin"

  • "readonly"

  • "storage_admin"

state

string

Create or delete directory service role

Choices:

  • "absent"

  • "present" ← (default)

Notes

Note

  • This module requires the purestorage and py-pure-client Python libraries

  • Additional Python librarues may be required for specific modules.

  • You must set PUREFA_URL and PUREFA_API environment variables if fa_url and api_token arguments are not passed to the module directly

Examples

- name: Delete exisitng array_admin directory service role
  purestorage.flasharray.purefa_dsrole:
    role: array_admin
    state: absent
    fa_url: 10.10.10.2
    api_token: e31060a7-21fc-e277-6240-25983c6c4592

- name: Create observability directory service role with readonly policy
  purestorage.flasharray.purefa_dsrole:
    name: observability
    role: readonly
    group_base: "OU=PureGroups,OU=ReadOnly"
    group: o11y
    fa_url: 10.10.10.2
    api_token: e31060a7-21fc-e277-6240-25983c6c4592

- name: Update system-defined array_admin directory service role
  purestorage.flasharray.purefa_dsrole:
    role: array_admin
    group_base: "OU=PureGroups,OU=SANManagers"
    group: pureadmins
    fa_url: 10.10.10.2
    api_token: e31060a7-21fc-e277-6240-25983c6c4592

- name: Update directory service role policy
  purestorage.flasharray.purefa_dsrole:
    name: observability
    role: ops_admin
    fa_url: 10.10.10.2
    api_token: e31060a7-21fc-e277-6240-25983c6c4592

Authors

  • Pure Storage Ansible Team (@sdodsley)