cloudera.cloud.iam_group module – Create, update, or destroy CDP IAM Groups
Note
This module is part of the cloudera.cloud collection (version 2.5.1).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install cloudera.cloud.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cloudera.cloud.iam_group.
Synopsis
Create, update, and destroy CDP IAM Groups.
A group is a named collection of users and machine users.
Roles and resource roles can be assigned to a group impacting all members of the group.
Requirements
The below requirements are needed on the host that executes this module.
cdpy
Parameters
Parameter |
Comments |
|---|---|
Specify the Cloudera Data Platform endpoint region. Default: |
|
Capture the CDP SDK debug log. Choices:
|
|
The name of the group. The name must be unique, must have a maximum of 32 characters, and must contain only alphanumeric characters, “-”, and “_”. The first character of the name must be alphabetic or an underscore. Names are are not case-sensitive. The group named “administrators” is reserved. |
|
If provided, the CDP SDK will use this value as its profile. |
|
Flag to replace Choices:
|
|
A list of resource role assignments. |
|
The resource CRN for the rights assignment. |
|
The resource role CRN to be assigned. |
|
A single role or list of roles assigned to the group. The role must be identified by its full CRN. |
|
The state of the group. Choices:
|
|
Whether group membership is synced when a user logs in. The default is to sync group membership. Choices:
|
|
A single user or list of users assigned to the group. The user can be either the name or CRN. |
|
Verify the TLS certificates for the CDP endpoint. Choices:
|
Examples
# Note: These examples do not set authentication details.
# Create a group
- cloudera.cloud.iam_group:
name: group-example
# Create a group with membership sync disabled
- cloudera.cloud.iam_group:
state: present
name: group-example
sync: no
# Delete a group
- cloudera.cloud.iam_group:
state: absent
name: group-example
# Assign users to a group
- cloudera.cloud.iam_group:
name: group-example
users:
- user-a
- user-b
# Assign roles to a group
- cloudera.cloud.iam_group:
name: group-example
roles:
- role-a
- role-b
# Replace resource roles a group
- cloudera.cloud.iam_group:
name: group-example
resource_roles:
- role-c
- role-d
purge: yes
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The information about the Group Returned: always |
|
The date when this group record was created. Returned: on success Sample: |
|
The CRN of the group. Returned: on success |
|
The group name. Returned: on success Sample: |
|
List of Resource-to-Role assignments, by CRN, that are associated with the group. Returned: on success |
|
The CRN of the resource granted the rights of the role. Returned: on success |
|
The CRN of the CDP Role. Returned: on success |
|
List of Role CRNs assigned to the group. Returned: on success |
|
Flag indicating whether group membership is synced when a user logs in. The default is to sync group membership. Returned: when supported |
|
List of User CRNs which are members of the group. Returned: on success |
|
Returns the captured CDP SDK log. Returned: when supported |
|
Returns a list of each line of the captured CDP SDK log. Returned: when supported |