ovirt.ovirt.ovirt_permission module – Module to manage permissions of users/groups in oVirt/RHV
Note
This module is part of the ovirt.ovirt collection (version 3.2.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ovirt.ovirt
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: ovirt.ovirt.ovirt_permission
.
New in ovirt.ovirt 1.0.0
Synopsis
Module to manage permissions of users/groups in oVirt/RHV.
Requirements
The below requirements are needed on the host that executes this module.
python >= 2.7
ovirt-engine-sdk-python >= 4.4.0
Parameters
Parameter |
Comments |
---|---|
Dictionary with values needed to create HTTP/HTTPS connection to oVirt: |
|
A PEM file containing the trusted CA certificates. The certificate presented by the server will be verified using these CA certificates. If Default value is set by |
|
Flag indicating if compression is used for connection. Choices:
|
|
Dictionary of HTTP headers to be added to each API call. |
|
A string containing the hostname of the server, usually something like `server.example.com`. Default value is set by Either |
|
A boolean flag that indicates if the server TLS certificate and host name should be checked. Choices:
|
|
A boolean flag indicating if Kerberos authentication should be used instead of the default basic authentication. Choices:
|
|
The password of the user. Default value is set by |
|
Number of seconds to wait for response. |
|
Token to be used instead of login with username/password. Default value is set by |
|
A string containing the API URL of the server, usually something like `https://server.example.com/ovirt-engine/api`. Default value is set by Either |
|
The name of the user, something like admin@internal. Default value is set by |
|
Authorization provider of the user/group. |
|
If True the module will fetch additional data from the API. It will fetch IDs of the VMs disks, snapshots, etc. User can configure to fetch other attributes of the nested entities by specifying Choices:
|
|
Name of the group to manage. Note that if group does not exist in the system this module will fail, you should ensure the group exists by using ovirt.ovirt.ovirt_groups module. |
|
Namespace of the authorization provider, where user/group resides. |
|
Specifies list of the attributes which should be fetched from the API. This parameter apply only when |
|
ID of the object where the permissions should be managed. |
|
Name of the object where the permissions should be managed. |
|
The object where the permissions should be managed. Choices:
|
|
Number of the seconds the module waits until another poll request on entity status is sent. Default: |
|
Name of the quota to assign permission. Works only with |
|
Name of the role to be assigned to user/group on specific object. Default: |
|
Should the permission be present/absent. Choices:
|
|
The amount of time in seconds the module should wait for the instance to get into desired state. Default: |
|
Username of the user to manage. In most LDAPs it’s uid of the user, but in Active Directory you must specify UPN of the user. Note that if user does not exist in the system this module will fail, you should ensure the user exists by using ovirt.ovirt.ovirt_users module. |
|
Choices:
|
Notes
Note
In order to use this module you have to install oVirt Python SDK. To ensure it’s installed with correct version you can create the following task: pip: name=ovirt-engine-sdk-python version=4.4.0
Examples
# Examples don't contain auth parameter for simplicity,
# look at ovirt_auth module to see how to reuse authentication:
- name: Add user user1 from authorization provider example.com-authz
ovirt.ovirt.ovirt_permission:
user_name: user1
authz_name: example.com-authz
object_type: vm
object_name: myvm
role: UserVmManager
- name: Remove permission from user
ovirt.ovirt.ovirt_permission:
state: absent
user_name: user1
authz_name: example.com-authz
object_type: cluster
object_name: mycluster
role: ClusterAdmin
- name: Assign QuotaConsumer role to user
ovirt.ovirt.ovirt_permissions:
state: present
user_name: user1
authz_name: example.com-authz
object_type: data_center
object_name: mydatacenter
quota_name: myquota
role: QuotaConsumer
- name: Assign QuotaConsumer role to group
ovirt.ovirt.ovirt_permissions:
state: present
group_name: group1
authz_name: example.com-authz
object_type: data_center
object_name: mydatacenter
quota_name: myquota
role: QuotaConsumer
- ovirt.ovirt.ovirt_permission:
user_name: user1
authz_name: example.com-authz
object_type: mac_pool
object_name: Default
role: MacPoolUser
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
ID of the permission which is managed Returned: On success if permission is found. Sample: |
|
Dictionary of all the permission attributes. Permission attributes can be found on your oVirt/RHV instance at following url: http://ovirt.github.io/ovirt-engine-api-model/master/#types/permission. Returned: On success if permission is found. |