ovirt_permissions - Module to manage permissions of users/groups in oVirt¶
New in version 2.3.
Requirements (on host that executes module)¶
- python >= 2.7
- ovirt-engine-sdk-python >= 4.0.0
Options¶
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| auth |
yes |
Dictionary with values needed to create HTTP/HTTPS connection to oVirt:
username[required] - The name of the user, something like `admin@internal`.
password[required] - The password of the user.
url[required] - A string containing the base URL of the server, usually something like `https://server.example.com/ovirt-engine/api`.
token - Token to be used instead of login with username/password.
insecure - A boolean flag that indicates if the server TLS certificate and host name should be checked.
ca_file - A PEM file containing the trusted CA certificates. The certificate presented by the server will be verified using these CA certificates. If `ca_file` parameter is not set, system wide CA certificate store is used.
kerberos - A boolean flag indicating if Kerberos authentication should be used instead of the default basic authentication.
| ||
| authz_name |
yes |
Authorization provider of the user/group. In previous versions of oVirt known as domain.
aliases: domain | ||
| group_name |
no |
Name of the the group to manage.
| ||
| namespace |
no |
Namespace of the authorization provider, where user/group resides.
| ||
| object_id |
no |
ID of the object where the permissions should be managed.
| ||
| object_name |
no |
Name of the object where the permissions should be managed.
| ||
| object_type |
no | virtual_machine |
|
The object where the permissions should be managed.
|
| poll_interval |
no | 3 |
Number of the seconds the module waits until another poll request on entity status is sent.
| |
| role |
no | UserRole |
Name of the the role to be assigned to user/group on specific object.
| |
| state |
no | present |
|
Should the permission be present/absent.
|
| timeout |
no | 180 |
The amount of time in seconds the module should wait for the instance to get into desired state.
| |
| user_name |
no |
Username of the the user to manage. In most LDAPs it's uid of the user, but in Active Directory you must specify UPN of the user.
| ||
| wait |
no |
True if the module should wait for the entity to get into desired state.
|
Examples¶
# Examples don't contain auth parameter for simplicity, # look at ovirt_auth module to see how to reuse authentication: # Add user user1 from authorization provider example.com-authz - ovirt_permissions: user_name: user1 authz_name: example.com-authz object_type: vm object_name: myvm role: UserVmManager # Remove permission from user - ovirt_permissions: state: absent user_name: user1 authz_name: example.com-authz object_type: cluster object_name: mycluster role: ClusterAdmin
Return Values¶
Common return values are documented here common_return_values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| id | ID of the permission which is managed | On success if permission is found. | str | 7de90f31-222c-436c-a1ca-7e655bd5b60c |
| permission | Dictionary of all the permission attributes. Permission attributes can be found on your oVirt instance at following url: https://ovirt.example.com/ovirt-engine/api/model#types/permission. | On success if permission is found. |
Notes¶
Note
In order to use this module you have to install oVirt Python SDK. To ensure it’s installed with correct version you can create the following task: pip: name=ovirt-engine-sdk-python version=4.0.0
This is an Extras Module¶
For more information on what this means please read modules_extra
For help in developing on modules, should you be so inclined, please read community, developing_test_pr and developing_modules.