community.vmware.vmware_object_role_permission – Manage local roles on an ESXi host
Note
This plugin is part of the community.vmware collection (version 1.15.0).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.vmware.
To use it in a playbook, specify: community.vmware.vmware_object_role_permission.
Synopsis
- This module can be used to manage object permissions on the given host.
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.7
- PyVmomi
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| group
string
|
The group to be assigned permission.
Required if principal is not specified.
|
|
| hostname
string
|
The hostname or IP address of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable
VMWARE_HOST will be used instead.
Environment variable support added in Ansible 2.6.
|
|
| object_name
string / required
|
The object name to assigned permission.
|
|
| object_type
string
|
|
The object type being targeted.
|
| password
string
|
The password of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable
VMWARE_PASSWORD will be used instead.
Environment variable support added in Ansible 2.6.
aliases: pass, pwd |
|
| port
integer
|
Default:
443
|
The port number of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable
VMWARE_PORT will be used instead.
Environment variable support added in Ansible 2.6.
|
| principal
string
|
The user to be assigned permission.
Required if
group is not specified.
If specifying domain user, required separator of domain uses backslash.
|
|
| proxy_host
string
|
Address of a proxy that will receive all HTTPS requests and relay them.
The format is a hostname or a IP.
If the value is not specified in the task, the value of environment variable
VMWARE_PROXY_HOST will be used instead.
This feature depends on a version of pyvmomi greater than v6.7.1.2018.12
|
|
| proxy_port
integer
|
Port of the HTTP proxy that will receive all HTTPS requests and relay them.
If the value is not specified in the task, the value of environment variable VMWARE_PROXY_PORT will be used instead.
|
|
| recursive
boolean
|
|
Should the permissions be recursively applied.
|
| role
string / required
|
The role to be assigned permission.
User can also specify role name presented in Web UI. Supported added in 1.5.0.
|
|
| state
string
|
|
Indicate desired state of the object's permission.
When
state=present, the permission will be added if it doesn't already exist.
When state=absent, the permission is removed if it exists.
|
| username
string
|
The username of the vSphere vCenter or ESXi server.
If the value is not specified in the task, the value of environment variable
VMWARE_USER will be used instead.
Environment variable support added in Ansible 2.6.
aliases: admin, user |
|
| validate_certs
boolean
|
|
Allows connection when SSL certificates are not valid. Set to
false when certificates are not trusted.
If the value is not specified in the task, the value of environment variable
VMWARE_VALIDATE_CERTS will be used instead.
Environment variable support added in Ansible 2.6.
If set to true, please make sure Python >= 2.7.9 is installed on the given machine.
|
Notes
Note
- Tested on ESXi 6.5, vSphere 6.7
- The ESXi login user must have the appropriate rights to administer permissions.
- Permissions for a distributed switch must be defined and managed on either the datacenter or a folder containing the switch.
- All modules requires API write access and hence is not supported on a free ESXi license.
Examples
- name: Assign user to VM folder
community.vmware.vmware_object_role_permission:
hostname: '{{ esxi_hostname }}'
username: '{{ esxi_username }}'
password: '{{ esxi_password }}'
role: Admin
principal: user_bob
object_name: services
state: present
delegate_to: localhost
- name: Remove user from VM folder
community.vmware.vmware_object_role_permission:
hostname: '{{ esxi_hostname }}'
username: '{{ esxi_username }}'
password: '{{ esxi_password }}'
role: Admin
principal: user_bob
object_name: services
state: absent
delegate_to: localhost
- name: Assign finance group to VM folder
community.vmware.vmware_object_role_permission:
hostname: '{{ esxi_hostname }}'
username: '{{ esxi_username }}'
password: '{{ esxi_password }}'
role: Limited Users
group: finance
object_name: Accounts
state: present
delegate_to: localhost
- name: Assign view_user Read Only permission at root folder
community.vmware.vmware_object_role_permission:
hostname: '{{ esxi_hostname }}'
username: '{{ esxi_username }}'
password: '{{ esxi_password }}'
role: ReadOnly
principal: view_user
object_name: rootFolder
state: present
delegate_to: localhost
- name: Assign domain user to VM folder
community.vmware.vmware_object_role_permission:
hostname: "{{ vcenter_hostname }}"
username: "{{ vcenter_username }}"
password: "{{ vcenter_password }}"
validate_certs: false
role: Admin
principal: "vsphere.local\\domainuser"
object_name: services
state: present
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| changed
boolean
|
always |
whether or not a change was made to the object's role
|
Authors
- Derek Rushing (@kryptsi)
- Joseph Andreatta (@vmwjoseph)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/vmware/vmware_object_role_permission_module.html