vmware_object_role_permission – Manage local roles on an ESXi host
New in version 2.8.
Synopsis
- This module can be used to manage object permissions on the given host.
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.7
- PyVmomi
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
group
string
|
The group to be assigned permission.
Required if
principal is not specified.
|
|
hostname
string
|
The hostname or IP address of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable
VMWARE_HOST will be used instead.
Environment variable support added in Ansible 2.6.
|
|
object_name
string /
required
|
The object name to assigned permission.
|
|
object_type
string
|
|
The object type being targeted.
|
password
string
|
The password of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable
VMWARE_PASSWORD will be used instead.
Environment variable support added in Ansible 2.6.
aliases: pass, pwd |
|
port
integer
added in 2.5
|
Default:
443
|
The port number of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable
VMWARE_PORT will be used instead.
Environment variable support added in Ansible 2.6.
|
principal
string
|
The user to be assigned permission.
Required if
group is not specified.
|
|
proxy_host
string
added in 2.9
|
Address of a proxy that will receive all HTTPS requests and relay them.
The format is a hostname or a IP.
If the value is not specified in the task, the value of environment variable
VMWARE_PROXY_HOST will be used instead.
This feature depends on a version of pyvmomi greater than v6.7.1.2018.12
|
|
proxy_port
integer
added in 2.9
|
Port of the HTTP proxy that will receive all HTTPS requests and relay them.
If the value is not specified in the task, the value of environment variable
VMWARE_PROXY_PORT will be used instead.
|
|
recursive
boolean
|
|
Should the permissions be recursively applied.
|
role
string /
required
|
The role to be assigned permission.
|
|
state
string
|
|
Indicate desired state of the object's permission.
When
state=present , the permission will be added if it doesn't already exist.
When
state=absent , the permission is removed if it exists.
|
username
string
|
The username of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable
VMWARE_USER will be used instead.
Environment variable support added in Ansible 2.6.
aliases: admin, user |
|
validate_certs
boolean
|
|
Allows connection when SSL certificates are not valid. Set to
false when certificates are not trusted.
If the value is not specified in the task, the value of environment variable
VMWARE_VALIDATE_CERTS will be used instead.
Environment variable support added in Ansible 2.6.
If set to
yes , please make sure Python >= 2.7.9 is installed on the given machine.
|
Notes
Note
- Tested on ESXi 6.5, vSphere 6.7
- The ESXi login user must have the appropriate rights to administer permissions.
- Permissions for a distributed switch must be defined and managed on either the datacenter or a folder containing the switch.
Examples
- name: Assign user to VM folder vmware_object_role_permission: role: Admin principal: user_bob object_name: services state: present delegate_to: localhost - name: Remove user from VM folder vmware_object_role_permission: role: Admin principal: user_bob object_name: services state: absent delegate_to: localhost - name: Assign finance group to VM folder vmware_object_role_permission: role: Limited Users group: finance object_name: Accounts state: present delegate_to: localhost - name: Assign view_user Read Only permission at root folder vmware_object_role_permission: role: ReadOnly principal: view_user object_name: rootFolder state: present delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
changed
boolean
|
always |
whether or not a change was made to the object's role
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Derek Rushing (@kryptsi)
- Joseph Andreatta (@vmwjoseph)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/vmware_object_role_permission_module.html