cassandra_role -- Manage roles on your Cassandra cluster.

Synopsis
Parameters
Examples
Return Values
Status

Synopsis

Manage roles on your Cassandra Cluster.

Parameters

login_user (optional, str, None)

The Cassandra user to login with.

login_password (optional, str, None)

The Cassandra password to login with.

login_host (optional, list, None)

The Cassandra hostname.

login_port (optional, int, 9042)

The Cassandra poret.

name (True, str, None)

The name of the role to create or manage.

state (True, str, None)

The desired state of the role.

super_user (optional, bool, False)

If the user is a super user or not.

login (optional, bool, True)

True allows the role to log in.

Use true to create login accounts for internal authentication, PasswordAuthenticator or DSE Unified Authenticator.

password (optional, str, None)

The password for the role.

options (optional, dict, None)

Reserved for use with authentication plug-ins. Refer to the authenticator documentation for details.

data_centers (optional, dict, None)

Only relevant if a network_authorizer has been configured.

Specify data centres as keys of this dict.

Can specify a key as 'all' although this implicity assumed by Cassandra if not supplied.

keyspace_permissions (optional, dict, None)

Grant privileges on keyspace objects.

Specify keyspaces as keys of this dict.

Permissions supplied as a list to the keyspace keys.

Valid permissions at keyspace level are as follows; ALL PERMISSIONS, CREATE, ALTER, AUTHORIZE, DROP, MODIFY, SELECT

A special key 'all_keyspaces' can be supplied to assign permissions to all keyspaces.

roles (optional, list, None)

One or more roles to grant to this user or role.

debug (optional, bool, False)

Additional debug output.

Examples

- name: Create a role
  community.cassandra.cassandra_role:
    name: app_user
    password: 'secretZHB78'
    state: present
    login: yes

- name: Remove a role
  community.cassandra.cassandra_role:
    name: app_user
    state: absent

- name: Create a super user
  community.cassandra.cassandra_role:
    name: admin
    password: 'BigSecretUser2019'
    state: present
    login: yes
    super_user: yes

- name: Create a user with access only to certain data centres
  community.cassandra.cassandra_role:
    name: rhys
    password: 'secret'
    state: present
    login: yes
    data_centres:
      london:
      zurich:

- name: Create a user with specific permissions for specific keyspaces
  community.cassandra.cassandra_role:
    name: rhys
    password: 'secret'
    state: present
    login: yes
    permissions:
      mykeyspace:
        - "ALL PERMISSIONS" # Same as GRANT ALL PERMISSIONS ON mykeyspace TO rhys;
      mydummy:
        - "SELECT"
        - "EXECUTE" # Same as GRANT SELECT, EXECUTE ON mydummy TO rhys;
      all_keyspaces:
        - "SELECT" # Same as GRANT SELECT ON ALL KEYSPACES TO rhys;

Return Values

changed (on success, bool, ): Whether the module has changed the role.
cql (changed, str, ALTER ROLE admin / WITH SUPERUSER = true / AND LOGIN = true / AND PASSWORD = 'XXXXXXXX'): The cql used to create or alter the role.
role (on success, str, ): The role operated on.
msg (on error, str, ): Exceptions encountered during module execution.

Status

Authors

Rhys Campbell (@rhysmeister)