community.vmware.vmware_object_role_permission – Manage local roles on an ESXi host

Note

This plugin is part of the community.vmware collection (version 1.7.0).

To install it use: ansible-galaxy collection install community.vmware.

To use it in a playbook, specify: community.vmware.vmware_object_role_permission.

Synopsis
Requirements
Parameters
Notes
Examples
Return Values

Synopsis

This module can be used to manage object permissions on the given host.

Requirements

The below requirements are needed on the host that executes this module.

python >= 2.7
PyVmomi

Parameters

Parameter	Choices/Defaults	Comments
group string		The group to be assigned permission. Required if `principal` is not specified.
hostname string		The hostname or IP address of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable `VMWARE_HOST` will be used instead. Environment variable support added in Ansible 2.6.
object_name string / required		The object name to assigned permission.
object_type string	Choices: Folder ← VirtualMachine Datacenter ResourcePool Datastore Network HostSystem ComputeResource ClusterComputeResource DistributedVirtualSwitch	The object type being targeted.
password string		The password of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable `VMWARE_PASSWORD` will be used instead. Environment variable support added in Ansible 2.6. aliases: pass, pwd
port integer	Default: 443	The port number of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable `VMWARE_PORT` will be used instead. Environment variable support added in Ansible 2.6.
principal string		The user to be assigned permission. Required if `group` is not specified. If specifying domain user, required separator of domain uses backslash.
proxy_host string		Address of a proxy that will receive all HTTPS requests and relay them. The format is a hostname or a IP. If the value is not specified in the task, the value of environment variable `VMWARE_PROXY_HOST` will be used instead. This feature depends on a version of pyvmomi greater than v6.7.1.2018.12
proxy_port integer		Port of the HTTP proxy that will receive all HTTPS requests and relay them. If the value is not specified in the task, the value of environment variable `VMWARE_PROXY_PORT` will be used instead.
recursive boolean	Choices: no yes ←	Should the permissions be recursively applied.
role string / required		The role to be assigned permission. User can also specify role name presented in Web UI. Supported added in 1.5.0.
state string	Choices: present ← absent	Indicate desired state of the object's permission. When `state=present`, the permission will be added if it doesn't already exist. When `state=absent`, the permission is removed if it exists.
username string		The username of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable `VMWARE_USER` will be used instead. Environment variable support added in Ansible 2.6. aliases: admin, user
validate_certs boolean	Choices: no yes ←	Allows connection when SSL certificates are not valid. Set to `false` when certificates are not trusted. If the value is not specified in the task, the value of environment variable `VMWARE_VALIDATE_CERTS` will be used instead. Environment variable support added in Ansible 2.6. If set to `true`, please make sure Python >= 2.7.9 is installed on the given machine.

Notes

Note

Tested on ESXi 6.5, vSphere 6.7
The ESXi login user must have the appropriate rights to administer permissions.
Permissions for a distributed switch must be defined and managed on either the datacenter or a folder containing the switch.

Examples

- name: Assign user to VM folder
  community.vmware.vmware_object_role_permission:
    hostname: '{{ esxi_hostname }}'
    username: '{{ esxi_username }}'
    password: '{{ esxi_password }}'
    role: Admin
    principal: user_bob
    object_name: services
    state: present
  delegate_to: localhost

- name: Remove user from VM folder
  community.vmware.vmware_object_role_permission:
    hostname: '{{ esxi_hostname }}'
    username: '{{ esxi_username }}'
    password: '{{ esxi_password }}'
    role: Admin
    principal: user_bob
    object_name: services
    state: absent
  delegate_to: localhost

- name: Assign finance group to VM folder
  community.vmware.vmware_object_role_permission:
    hostname: '{{ esxi_hostname }}'
    username: '{{ esxi_username }}'
    password: '{{ esxi_password }}'
    role: Limited Users
    group: finance
    object_name: Accounts
    state: present
  delegate_to: localhost

- name: Assign view_user Read Only permission at root folder
  community.vmware.vmware_object_role_permission:
    hostname: '{{ esxi_hostname }}'
    username: '{{ esxi_username }}'
    password: '{{ esxi_password }}'
    role: ReadOnly
    principal: view_user
    object_name: rootFolder
    state: present
  delegate_to: localhost

- name: Assign domain user to VM folder
  community.vmware.vmware_object_role_permission:
    hostname: "{{ vcenter_hostname }}"
    username: "{{ vcenter_username }}"
    password: "{{ vcenter_password }}"
    validate_certs: false
    role: Admin
    principal: "vsphere.local\\domainuser"
    object_name: services
    state: present
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
changed boolean	always	whether or not a change was made to the object's role

Authors

Derek Rushing (@kryptsi)
Joseph Andreatta (@vmwjoseph)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/vmware/vmware_object_role_permission_module.html