ovirt_permissions - Module to manage permissions of users/groups in oVirt/RHV

New in version 2.3.

Synopsis
Requirements (on host that executes module)
Options
Examples
Return Values
Notes
- Status

Synopsis

Module to manage permissions of users/groups in oVirt/RHV

Requirements (on host that executes module)

python >= 2.7
ovirt-engine-sdk-python >= 4.0.0

Options

parameter	required	default	choices	comments
auth	yes			Dictionary with values needed to create HTTP/HTTPS connection to oVirt: `username`[required] - The name of the user, something like admin@internal. Default value is set by OVIRT_USERNAME environment variable. `password`[required] - The password of the user. Default value is set by OVIRT_PASSWORD environment variable. `url`[required] - A string containing the base URL of the server, usually something like `https://server.example.com/ovirt-engine/api`. Default value is set by OVIRT_URL environment variable. `token` - Token to be used instead of login with username/password. Default value is set by OVIRT_TOKEN environment variable. `insecure` - A boolean flag that indicates if the server TLS certificate and host name should be checked. `ca_file` - A PEM file containing the trusted CA certificates. The certificate presented by the server will be verified using these CA certificates. If ``ca_file`` parameter is not set, system wide CA certificate store is used. Default value is set by OVIRT_CAFILE environment variable. `kerberos` - A boolean flag indicating if Kerberos authentication should be used instead of the default basic authentication. `headers` - Dictionary of HTTP headers to be added to each API call.
authz_name	yes			Authorization provider of the user/group. In previous versions of oVirt/RHV known as domain. aliases: domain
fetch_nested (added in 2.3)	no			If True the module will fetch additional data from the API. It will fetch IDs of the VMs disks, snapshots, etc. User can configure to fetch other attributes of the nested entities by specifying `nested_attributes`.
group_name	no			Name of the group to manage. Note that if group don't exist in the system this module will fail, you should ensure the group exists by using ovirt_groups module.
namespace	no			Namespace of the authorization provider, where user/group resides.
nested_attributes (added in 2.3)	no			Specifies list of the attributes which should be fetched from the API. This parameter apply only when `fetch_nested` is true.
object_id	no			ID of the object where the permissions should be managed.
object_name	no			Name of the object where the permissions should be managed.
object_type	no	vm	data_center cluster host storage_domain network disk vm vm_pool template cpu_profile disk_profile vnic_profile system	The object where the permissions should be managed.
poll_interval	no	3		Number of the seconds the module waits until another poll request on entity status is sent.
role	no	UserRole		Name of the role to be assigned to user/group on specific object.
state	no	present	present absent	Should the permission be present/absent.
timeout	no	180		The amount of time in seconds the module should wait for the instance to get into desired state.
user_name	no			Username of the user to manage. In most LDAPs it's uid of the user, but in Active Directory you must specify UPN of the user. Note that if user don't exist in the system this module will fail, you should ensure the user exists by using ovirt_users module.
wait	no			True if the module should wait for the entity to get into desired state.

Examples

# Examples don't contain auth parameter for simplicity,
# look at ovirt_auth module to see how to reuse authentication:

# Add user user1 from authorization provider example.com-authz
- ovirt_permissions:
    user_name: user1
    authz_name: example.com-authz
    object_type: vm
    object_name: myvm
    role: UserVmManager

# Remove permission from user
- ovirt_permissions:
    state: absent
    user_name: user1
    authz_name: example.com-authz
    object_type: cluster
    object_name: mycluster
    role: ClusterAdmin

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
id	ID of the permission which is managed	On success if permission is found.	str	7de90f31-222c-436c-a1ca-7e655bd5b60c
permission	Dictionary of all the permission attributes. Permission attributes can be found on your oVirt/RHV instance at following url: http://ovirt.github.io/ovirt-engine-api-model/master/#types/permission.	On success if permission is found.	dict

Notes

Note

In order to use this module you have to install oVirt Python SDK. To ensure it’s installed with correct version you can create the following task: pip: name=ovirt-engine-sdk-python version=4.0.0

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/ovirt_permissions_module.html