cloudera.cluster.external_account module – Create, update, or delete an external module account

Note

This module is part of the cloudera.cluster collection (version 5.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cloudera.cluster. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cloudera.cluster.external_account.

New in cloudera.cluster 5.0.0

Synopsis

  • Manage external accounts, including creation, updates, and deletion.

  • Supports a variety of account types such as AWS, Azure, Altus, and Basic Authentication.

  • Configure account-specific parameters, including access keys, client secrets, or basic credentials.

  • Supports check_mode.

Requirements

The below requirements are needed on the host that executes this module.

  • cm-client

Parameters

Parameter

Comments

agent_header

aliases: user_agent

string

Set the HTTP user agent header when interacting with the CM API endpoint.

Default: "ClouderaFoundry"

category

string

The category of the account.

Choices:

  • "AWS"

  • "ALTUS"

  • "AZURE"

  • "BASICAUTH"

debug

aliases: debug_endpoints

boolean

Capture the HTTP interaction logs with the CM API endpoint.

Choices:

  • false ← (default)

  • true

force_tls

boolean

Flag to force TLS during CM API endpoint discovery.

If False, discovery will first try HTTP and follow any redirects.

Choices:

  • false ← (default)

  • true

host

aliases: hostname

string

Hostname of the CM API endpoint.

If set, the host parameter will trigger CM API endpoint discovery, which will follow redirects.

Mutually exclusive with url.

message

aliases: msg

string

Message to log for any changes to the entity.

Default: "Managed by Ansible"

name

string

The initial name of the account.

params

dictionary

A dictionary of parameters for the external account configuration.

The required parameters depend on the type of the account.

access_key_id

string

The Altus access key ID for ALTUS_ACCESS_KEY_AUTH.

adls_client_id

string

The Azure AD client ID for ADLS_AD_SVC_PRINC_AUTH.

adls_client_key

string

The Azure AD client secret key for ADLS_AD_SVC_PRINC_AUTH.

adls_tenant_id

string

The Azure AD tenant ID for ADLS_AD_SVC_PRINC_AUTH.

aws_access_key

string

The AWS access key for AWS_ACCESS_KEY_AUTH.

aws_secret_key

string

The AWS secret key for AWS_ACCESS_KEY_AUTH.

password

string

The password for BASIC_AUTH.

private_key

string

The private key for ALTUS_ACCESS_KEY_AUTH.

username

string

The username for BASIC_AUTH.

password

string / required

Password for access to the CM API endpoint.

This parameter is set to no_log.

port

integer

Port of the CM API endpoint.

If set, CM API endpoint discovery will connect to the designated port first and will follow redirects.

Default: 7180

proxy_server

aliases: proxy, http_proxy

string

Set the HTTP/S proxy server when interacting with the CM API endpoint.

ssl_ca_cert

aliases: tls_cert, ssl_cert

path

Path to SSL CA certificate to use for validation.

state

string

If state=present, the account will be created or updated.

If state=absent, the account will be deleted.

Choices:

  • "present" ← (default)

  • "absent"

type

string

The type of the external account.

Choices:

  • "AWS_ACCESS_KEY_AUTH"

  • "AWS_IAM_ROLES_AUTH"

  • "ALTUS_ACCESS_KEY_AUTH"

  • "ADLS_AD_SVC_PRINC_AUTH"

  • "BASIC_AUTH"

url

aliases: endpoint, cm_endpoint_url

string

The CM API endpoint URL and should include scheme, host, port, and API root path.

Mutually exclusive with host.

username

aliases: user

string / required

Username for access to the CM API endpoint.

verify_tls

boolean

Verify the TLS certificates for the CM API endpoint.

Choices:

  • false

  • true ← (default)

version

aliases: api_version

string

API version of the CM API endpoint.

Default: "True"

Attributes

Attribute

Support

Description

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target, if not supported the action will be skipped.

diff_mode

Support: full

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode

platform

Platforms: 

Target OS/families that can be operated against

Examples

- name: Create AWS Access key credentials
  cloudera.cluster.external_account:
    host: example.cloudera.com
    port: "7180"
    username: "jane_smith"
    password: "S&peR4Ec*re"
    name: access_key_1
    state: present
    type: AWS
    category: AWS_ACCESS_KEY_AUTH
    params:
      aws_access_key: access_key1
      aws_secret_key: secret_key1

- name: Create basic authentication credentials
  cloudera.cluster.external_account:
    host: example.cloudera.com
    port: "7180"
    username: "jane_smith"
    password: "S&peR4Ec*re"
    name: Jane
    state: present
    type: BASIC_AUTH
    category: BASICAUTH
    params:
      username: jane_user
      password: pass123!

- name: Update AWS Access key credentials
  cloudera.cluster.external_account:
    host: example.cloudera.com
    port: "7180"
    username: "jane_smith"
    password: "S&peR4Ec*re"
    name: access_key_1
    state: present
    type: AWS
    category: AWS_ACCESS_KEY_AUTH
    params:
      aws_access_key: access_key2
      aws_secret_key: secret_key2

- name: Remove basic authentication credentials
  cloudera.cluster.external_account:
    host: example.cloudera.com
    port: "7180"
    username: "jane_smith"
    password: "S&peR4Ec*re"
    name: Jane
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

external_account

dictionary

Details of the external account created, updated, or retrieved.

Returned: always

account_configs

list / elements=dictionary

The configuration options for this account.

Returned: always

created_time

string

The time of creation for this account.

Returned: always

display_name

string

A modifiable label to identify this account for user-visible purposes.

Returned: always

last_modified_time

string

The last modification time for this account.

Returned: always

name

string

Represents the initial name of the account.

Returned: always

type_name

string

The Type ID of a supported external account type.

Returned: always

Authors

  • Ronald Suplina (@rsuplina)