vmware_object_role_permission – Manage local roles on an ESXi host
New in version 2.8.
Synopsis
- This module can be used to manage object permissions on the given host.
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.7
- PyVmomi
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
group string | The group to be assigned permission. Required if principal is not specified. | |
hostname string | The hostname or IP address of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable VMWARE_HOST will be used instead.Environment variable support added in Ansible 2.6. | |
object_name string / required | The object name to assigned permission. | |
object_type string |
| The object type being targeted. |
password string | The password of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable VMWARE_PASSWORD will be used instead.Environment variable support added in Ansible 2.6. aliases: pass, pwd | |
port integer added in 2.5 | Default: 443 | The port number of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable VMWARE_PORT will be used instead.Environment variable support added in Ansible 2.6. |
principal string | The user to be assigned permission. Required if group is not specified. | |
proxy_host string added in 2.9 | Address of a proxy that will receive all HTTPS requests and relay them. The format is a hostname or a IP. If the value is not specified in the task, the value of environment variable VMWARE_PROXY_HOST will be used instead.This feature depends on a version of pyvmomi greater than v6.7.1.2018.12 | |
proxy_port integer added in 2.9 | Port of the HTTP proxy that will receive all HTTPS requests and relay them. If the value is not specified in the task, the value of environment variable VMWARE_PROXY_PORT will be used instead. | |
recursive boolean |
| Should the permissions be recursively applied. |
role string / required | The role to be assigned permission. | |
state string |
| Indicate desired state of the object's permission. When state=present , the permission will be added if it doesn't already exist.When state=absent , the permission is removed if it exists. |
username string | The username of the vSphere vCenter or ESXi server. If the value is not specified in the task, the value of environment variable VMWARE_USER will be used instead.Environment variable support added in Ansible 2.6. aliases: admin, user | |
validate_certs boolean |
| Allows connection when SSL certificates are not valid. Set to false when certificates are not trusted.If the value is not specified in the task, the value of environment variable VMWARE_VALIDATE_CERTS will be used instead.Environment variable support added in Ansible 2.6. If set to yes , please make sure Python >= 2.7.9 is installed on the given machine. |
Notes
Note
- Tested on ESXi 6.5, vSphere 6.7
- The ESXi login user must have the appropriate rights to administer permissions.
- Permissions for a distributed switch must be defined and managed on either the datacenter or a folder containing the switch.
Examples
- name: Assign user to VM folder vmware_object_role_permission: role: Admin principal: user_bob object_name: services state: present delegate_to: localhost - name: Remove user from VM folder vmware_object_role_permission: role: Admin principal: user_bob object_name: services state: absent delegate_to: localhost - name: Assign finance group to VM folder vmware_object_role_permission: role: Limited Users group: finance object_name: Accounts state: present delegate_to: localhost - name: Assign view_user Read Only permission at root folder vmware_object_role_permission: role: ReadOnly principal: view_user object_name: rootFolder state: present delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
changed boolean | always | whether or not a change was made to the object's role |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Derek Rushing (@kryptsi)
- Joseph Andreatta (@vmwjoseph)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/vmware_object_role_permission_module.html