The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
auth dictionary / required | Dictionary with values needed to create HTTP/HTTPS connection to oVirt: | ||
ca_file string | A PEM file containing the trusted CA certificates. The certificate presented by the server will be verified using these CA certificates. If ca_file parameter is not set, system wide CA certificate store is used.Default value is set by OVIRT_CAFILE environment variable. | ||
headers dictionary | Dictionary of HTTP headers to be added to each API call. | ||
hostname string | A string containing the hostname of the server, usually something like `server.example.com`. Default value is set by OVIRT_HOSTNAME environment variable.Either url or hostname is required. | ||
insecure boolean |
| A boolean flag that indicates if the server TLS certificate and host name should be checked. | |
kerberos boolean |
| A boolean flag indicating if Kerberos authentication should be used instead of the default basic authentication. | |
password string / required | The password of the user. Default value is set by OVIRT_PASSWORD environment variable. | ||
token string | Token to be used instead of login with username/password. Default value is set by OVIRT_TOKEN environment variable. | ||
url string | A string containing the API URL of the server, usually something like `https://server.example.com/ovirt-engine/api`. Default value is set by OVIRT_URL environment variable.Either url or hostname is required. | ||
username string / required | The name of the user, something like admin@internal. Default value is set by OVIRT_USERNAME environment variable. | ||
authz_name - / required | Authorization provider of the user/group. aliases: domain | ||
fetch_nested boolean |
| If True the module will fetch additional data from the API. It will fetch IDs of the VMs disks, snapshots, etc. User can configure to fetch other attributes of the nested entities by specifying nested_attributes . | |
group_name - | Name of the group to manage. Note that if group does not exist in the system this module will fail, you should ensure the group exists by using ovirt_groups module. | ||
namespace - | Namespace of the authorization provider, where user/group resides. | ||
nested_attributes list | Specifies list of the attributes which should be fetched from the API. This parameter apply only when fetch_nested is true. | ||
object_id - | ID of the object where the permissions should be managed. | ||
object_name - | Name of the object where the permissions should be managed. | ||
object_type - |
| The object where the permissions should be managed. | |
poll_interval integer | Default: 3 | Number of the seconds the module waits until another poll request on entity status is sent. | |
quota_name - added in 2.7 | Name of the quota to assign permission. Works only with object_type data_center. | ||
role - | Default: "UserRole" | Name of the role to be assigned to user/group on specific object. | |
state - |
| Should the permission be present/absent. | |
timeout integer | Default: 180 | The amount of time in seconds the module should wait for the instance to get into desired state. | |
user_name - | Username of the user to manage. In most LDAPs it's uid of the user, but in Active Directory you must specify UPN of the user. Note that if user does not exist in the system this module will fail, you should ensure the user exists by using ovirt_users module. | ||
wait boolean |
| yes if the module should wait for the entity to get into desired state. |
Note
# Examples don't contain auth parameter for simplicity, # look at ovirt_auth module to see how to reuse authentication: - name: Add user user1 from authorization provider example.com-authz ovirt_permission: user_name: user1 authz_name: example.com-authz object_type: vm object_name: myvm role: UserVmManager - name: Remove permission from user ovirt_permission: state: absent user_name: user1 authz_name: example.com-authz object_type: cluster object_name: mycluster role: ClusterAdmin - name: Assign QuotaConsumer role to user ovirt_permissions: state: present user_name: user1 authz_name: example.com-authz object_type: data_center object_name: mydatacenter quota_name: myquota role: QuotaConsumer - name: Assign QuotaConsumer role to group ovirt_permissions: state: present group_name: group1 authz_name: example.com-authz object_type: data_center object_name: mydatacenter quota_name: myquota role: QuotaConsumer
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
id string | On success if permission is found. | ID of the permission which is managed Sample: 7de90f31-222c-436c-a1ca-7e655bd5b60c |
permission dictionary | On success if permission is found. | Dictionary of all the permission attributes. Permission attributes can be found on your oVirt/RHV instance at following url: http://ovirt.github.io/ovirt-engine-api-model/master/#types/permission. |
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/ovirt_permission_module.html