cloudera.cluster.external_user_mappings module – Create, update, or delete external user mappings

Note

This module is part of the cloudera.cluster collection (version 5.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cloudera.cluster. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cloudera.cluster.external_user_mappings.

New in cloudera.cluster 5.0.0

Synopsis

  • Configure details of a specific external user mapping.

  • Create a new external user mapping.

  • Update an existing external user mapping.

  • Delete a external user mapping.

  • The module supports check_mode.

Requirements

The below requirements are needed on the host that executes this module.

  • cm_client

Parameters

Parameter

Comments

agent_header

aliases: user_agent

string

Set the HTTP user agent header when interacting with the CM API endpoint.

Default: "ClouderaFoundry"

auth_roles

list / elements=string

A list of authorization roles that the external user mapping will include.

debug

aliases: debug_endpoints

boolean

Capture the HTTP interaction logs with the CM API endpoint.

Choices:

  • false ← (default)

  • true

force_tls

boolean

Flag to force TLS during CM API endpoint discovery.

If False, discovery will first try HTTP and follow any redirects.

Choices:

  • false ← (default)

  • true

host

aliases: hostname

string

Hostname of the CM API endpoint.

If set, the host parameter will trigger CM API endpoint discovery, which will follow redirects.

Mutually exclusive with url.

name

string

The name of the external mapping.

password

string / required

Password for access to the CM API endpoint.

This parameter is set to no_log.

port

integer

Port of the CM API endpoint.

If set, CM API endpoint discovery will connect to the designated port first and will follow redirects.

Default: 7180

proxy_server

aliases: proxy, http_proxy

string

Set the HTTP/S proxy server when interacting with the CM API endpoint.

purge

boolean

Flag for whether the declared authorization roles should append or overwrite any existing authorization roles.

If purge=True, all existing authorization roles will be removed, and only the provided authorization roles will be set.

If purge=False, the provided authorization roles will be added to the existing ones, and any duplicates will be ignored.

Choices:

  • false ← (default)

  • true

ssl_ca_cert

aliases: tls_cert, ssl_cert

path

Path to SSL CA certificate to use for validation.

state

string

Defines the desired state of the external user mapping.

If state=present, the external user mapping will be created if it doesn’t exist or updated if it does.

If state=absent, the external user mapping will be modified by removing the specified authorization roles or entirely deleted if no specific roles are provided.

Choices:

  • "present" ← (default)

  • "absent"

type

string

The type of the external mapping.

url

aliases: endpoint, cm_endpoint_url

string

The CM API endpoint URL and should include scheme, host, port, and API root path.

Mutually exclusive with host.

username

aliases: user

string / required

Username for access to the CM API endpoint.

uuid

string

The uuid of the external mapping.

verify_tls

boolean

Verify the TLS certificates for the CM API endpoint.

Choices:

  • false

  • true ← (default)

version

aliases: api_version

string

API version of the CM API endpoint.

Default: "True"

Attributes

Attribute

Support

Description

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target, if not supported the action will be skipped.

diff_mode

Support: full

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode

platform

Platforms: 

Target OS/families that can be operated against

Examples

- name: Create external user mapping with admin permissions
  cloudera.cluster.external_user_mappings:
    host: example.cloudera.com
    username: "jane_smith"
    password: "S&peR4Ec*re"
    name: "admin_user"
    state: "present"
    type: "LDAP"
    auth_roles: ["ROLE_CLUSTER_ADMIN"]

- name: Add additional permissions to external user mapping
  cloudera.cluster.external_user_mappings:
    host: example.cloudera.com
    username: "jane_smith"
    password: "S&peR4Ec*re"
    name: "basic_user"
    state: "present"
    type: "LDAP"
    auth_roles: ["ROLE_DASHBOARD_USER", "ROLE_USER", "ROLE_CLUSTER_CREATOR"]

- name: Replace current permissions in external user mapping
  cloudera.cluster.external_user_mappings:
    host: example.cloudera.com
    username: "jane_smith"
    password: "S&peR4Ec*re"
    name: "basic_user"
    state: "present"
    purge: "True"
    type: "LDAP"
    auth_roles: ["ROLE_DASHBOARD_USER", "ROLE_USER"]

- name: Remove specified authorization roles from external user mapping
  cloudera.cluster.external_user_mappings:
    host: example.cloudera.com
    username: "jane_smith"
    password: "S&peR4Ec*re"
    name: "default_user"
    state: "absent"
    type: "LDAP"
    auth_roles: ["ROLE_DASHBOARD_USER", "ROLE_USER"]

- name: Remove external user mapping
  cloudera.cluster.external_user_mappings:
    host: example.cloudera.com
    username: "jane_smith"
    password: "S&peR4Ec*re"
    name: "default_user"
    state: "absent"
    type: "LDAP"

- name: Remove all authorizing roles from external user mapping
  cloudera.cluster.external_user_mappings:
    host: example.cloudera.com
    username: "jane_smith"
    password: "S&peR4Ec*re"
    name: "basic_user"
    purge: true
    auth_roles: []

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

external_user_mappings

dictionary

A dictionary containing details of external user mapping.

Returned: always

auth_roles

list / elements=string

The list of auth roles associated with external user mapping.

Returned: always

name

string

The name of the external mapping.

Returned: always

type

string

The type of the external mapping.

Returned: always

uuid

string

The UUID of the external mapping.

Returned: always

Authors

  • Ronald Suplina (@rsuplina)