templating out rest-roles | NetApp | Page 1

proud phoenix Jul 2, 2024, 5:18 PM

#

Hey all,

So I'm trying to utilize the below

    netapp.ontap.na_ontap_user_role:
      state: present
      privileges:
        - path: "{{ sec_roles['football']['rw'] }}"
          access: read_create_modify
      vserver: "{{ short_hostname }}"
      name: football
      hostname: "{{ g_hostname }}"
      username: "{{ g_username }}"
      password: "{{ g_password }}"
      use_rest: always
      validate_certs: false

To make sure that our systems don't undergo creep and set everything in a variable file, then immediately use that to create/modify/maintain roles across five separate clusters.

The role does exist already, but the error below cites using the rest-role ... Rest-role what? Module? There isn't one in the list from what I can tell.

   "msg": "Error creating role privilege ['/api', '/api/name-services/name-mappings', '/api/protocols/cifs/shares', '/api/protocols/nfs/export-policies', '/api/storage/volumes']: calling: security/roles/f21679d0-089c-11ef-b95d-00a098fe4a9c/football/privileges: got {'message': 'This role is mapped to a rest-role and cannot be modified directly. Modifications should be done with rest-role.', 'code': '5636168'}."
}

proud phoenix Jul 8, 2024, 3:05 PM

#

Outlook: grim!

sharp aurora Jul 11, 2024, 4:03 PM

#

Hey sorry for the delay we are looking in to this.

What version of ONTAP are you using for this

proud phoenix Jul 15, 2024, 1:08 PM

#

9.14.1p2, impending update to more recent p releases

sharp aurora Jul 15, 2024, 4:57 PM

#

we've sent a question on this internally to the rest team.

proud phoenix Jul 15, 2024, 5:15 PM

#

Sure.
I'll happily collect/scrape things as need be.

I've got everything else ready but those plays, it's no rush.

Thanks Chris

proud phoenix Jul 25, 2024, 5:46 PM

#

Any good news?

#templating out rest-roles