cisco.mso.mso_role – Manage roles

Note

This plugin is part of the cisco.mso collection (version 1.0.1).

To install it use: ansible-galaxy collection install cisco.mso.

To use it in a playbook, specify: cisco.mso.mso_role.

Synopsis
Requirements
Parameters
Notes
Examples

Synopsis

Manage roles on Cisco ACI Multi-Site.

Requirements

The below requirements are needed on the host that executes this module.

Multi Site Orchestrator v2.1 or newer

Parameters

Parameter	Choices/Defaults	Comments
description string		The description of the role.
display_name string		The name of the role to be displayed in the web UI.
host string / required		IP Address or hostname of the ACI Multi Site Orchestrator host. If the value is not specified in the task, the value of environment variable `MSO_HOST` will be used instead. aliases: hostname
login_domain string		The login domain name to use for authentication. The default value is Local. If the value is not specified in the task, the value of environment variable `MSO_LOGIN_DOMAIN` will be used instead.
output_level string	Choices: debug info normal ←	Influence the output of this ACI module. `normal` means the standard output, incl. `current` dict `info` adds informational output, incl. `previous`, `proposed` and `sent` dicts `debug` adds debugging output, incl. `filter_string`, `method`, `response`, `status` and `url` information If the value is not specified in the task, the value of environment variable `MSO_OUTPUT_LEVEL` will be used instead.
password string / required		The password to use for authentication. If the value is not specified in the task, the value of environment variables `MSO_PASSWORD` or `ANSIBLE_NET_PASSWORD` will be used instead.
port integer		Port number to be used for the REST connection. The default value depends on parameter `use_ssl`. If the value is not specified in the task, the value of environment variable `MSO_PORT` will be used instead.
read_permissions list / elements=string	Choices: backup-db manage-audit-records manage-labels manage-roles manage-schemas manage-sites manage-tenants manage-tenant-schemas manage-users platform-logs view-all-audit-records view-labels view-roles view-schemas view-sites view-tenants view-tenant-schemas view-users	A list of read permissions tied to this role.
role string		The name of the role. aliases: name
state string	Choices: absent present ← query	Use `present` or `absent` for adding or removing. Use `query` for listing an object or multiple objects.
timeout integer	Default: 30	The socket level timeout in seconds. If the value is not specified in the task, the value of environment variable `MSO_TIMEOUT` will be used instead.
use_proxy boolean	Choices: no yes ←	If `no`, it will not use a proxy, even if one is defined in an environment variable on the target hosts. If the value is not specified in the task, the value of environment variable `MSO_USE_PROXY` will be used instead.
use_ssl boolean	Choices: no yes ←	If `no`, an HTTP connection will be used instead of the default HTTPS connection. If the value is not specified in the task, the value of environment variable `MSO_USE_SSL` will be used instead.
username string	Default: "admin"	The username to use for authentication. If the value is not specified in the task, the value of environment variables `MSO_USERNAME` or `ANSIBLE_NET_USERNAME` will be used instead.
validate_certs boolean	Choices: no yes ←	If `no`, SSL certificates will not be validated. This should only set to `no` when used on personally controlled sites using self-signed certificates. If the value is not specified in the task, the value of environment variable `MSO_VALIDATE_CERTS` will be used instead.
write_permissions list / elements=string	Choices: backup-db manage-audit-records manage-labels manage-roles manage-schemas manage-sites manage-tenants manage-tenant-schemas manage-users platform-logs view-all-audit-records view-labels view-roles view-schemas view-sites view-tenants view-tenant-schemas view-users	A list of write permissions tied to this role. aliases: permissions

Notes

Note

Please read the Cisco ACI Guide for more detailed information on how to manage your ACI infrastructure using Ansible.
This module was written to support ACI Multi Site Orchestrator v2.1 or newer. Some or all functionality may not work on earlier versions.

Examples

- name: Add a new role
  cisco.mso.mso_role:
    host: mso_host
    username: admin
    password: SomeSecretPassword
    role: readOnly
    display_name: Read Only
    description: Read-only access for troubleshooting
    read_permissions:
    - view-roles
    - view-schemas
    - view-sites
    - view-tenants
    - view-tenant-schemas
    - view-users
    write_permissions:
    - manage-roles
    - manage-schemas
    - manage-sites
    - manage-tenants
    - manage-tenant-schemas
    - manage-users
    state: present
  delegate_to: localhost

- name: Remove a role
  cisco.mso.mso_role:
    host: mso_host
    username: admin
    password: SomeSecretPassword
    role: readOnly
    state: absent
  delegate_to: localhost

- name: Query a role
  cisco.mso.mso_role:
    host: mso_host
    username: admin
    password: SomeSecretPassword
    role: readOnly
    state: query
  delegate_to: localhost
  register: query_result

- name: Query all roles
  cisco.mso.mso_role:
    host: mso_host
    username: admin
    password: SomeSecretPassword
    state: query
  delegate_to: localhost
  register: query_result

Authors

Dag Wieers (@dagwieers)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/cisco/mso/mso_role_module.html