community.proxmox.proxmox_access_acl module – Manages ACLs on the Proxmox PVE cluster

Note

This module is part of the community.proxmox collection (version 1.6.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.proxmox. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.proxmox.proxmox_access_acl.

New in community.proxmox 1.1.0

Synopsis

  • Setting ACLs via /access/acls to grant permission to interact with objects.

Requirements

The below requirements are needed on the host that executes this module.

  • proxmoxer >= 2.0

  • requests

Parameters

Parameter

Comments

api_host

string / required

Specify the target host of the Proxmox VE cluster.

Uses the PROXMOX_HOST environment variable if not specified.

api_password

string

Specify the password to authenticate with.

Uses the PROXMOX_PASSWORD environment variable if not specified.

api_port

integer

Specify the target port of the Proxmox VE cluster.

Uses the PROXMOX_PORT environment variable if not specified.

api_timeout

integer

Time limit for requests towards the Proxmox VE API.

Default: 5

api_token_id

string

Specify the token ID.

Uses the PROXMOX_TOKEN_ID environment variable if not specified.

api_token_secret

string

Specify the token secret.

Uses the PROXMOX_TOKEN_SECRET environment variable if not specified.

api_user

string / required

Specify the user to authenticate with.

Uses the PROXMOX_USER environment variable if not specified.

ca_path

path

Path to a local certificate, which will be used to verify TLS connections.

Ignored if validate_certs=false.

path

string

Access Control Path.

propagate

boolean

Allow to propagate (inherit) permissions.

Choices:

  • false

  • true ← (default)

roleid

string

The name of the role.

state

string

Indicate desired state of the ACL.

Choices:

  • "present" ← (default)

  • "absent"

type

string

Type of access control.

Choices:

  • "user"

  • "group"

  • "token"

ugid

string

The ID of user or group.

validate_certs

boolean

Validate the TLS certificates used for the connection to the Proxmox VE API.

Currently defaults to false and changes default to true with community.proxmox 2.0.0.

Uses the PROXMOX_VALIDATE_CERTS environment variable if not specified.

Choices:

  • false

  • true

Attributes

Attribute

Support

Description

action_group

Action group: community.proxmox.proxmox

Use group/community.proxmox.proxmox in module_defaults to set defaults for this module.

check_mode

Support: none

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: none

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Examples

- name: Create ACE
  community.proxmox.proxmox_access_acl:
    api_host: "{{ ansible_host }}"
    api_password: "{{ proxmox_root_pw | default(lookup('ansible.builtin.env', 'PROXMOX_PASSWORD', default='')) }}"
    api_user: root@pam

    state: "present"
    path: /vms/100
    type: user
    ugid: "a01mako@pam"
    roleid: PVEVMUser
    propagate: 1

- name: Delete all ACEs for a given path
  community.proxmox.proxmox_access_acl:
    api_host: "{{ ansible_host }}"
    api_password: "{{ proxmox_root_pw | default(lookup('ansible.builtin.env', 'PROXMOX_PASSWORD', default='')) }}"
    api_user: root@pam

    state: "absent"
    path: /vms/100

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

new_acls

list / elements=string

The output message that the test module generates.

Returned: when changed

old_acls

list / elements=string

The original name param that was passed in.

Returned: always

Authors

  • Markus Kötter (@commonism)