search

dell / ansible-powerscale

PowerScale (Isilon) Ansible modules
GNU General Public License v3.0
25 stars 21 forks source link

[FEATURE]: Allow removal of share permissions (in addition to allowing/denying) #42

Open mophahr opened 1 year ago

mophahr commented 1 year ago

Describe the solution you'd like I'd like to be able to delete old permissions using the ansible module dellemc.powerscale.smb. At the moment I can only chose between allow or deny as vaues for the premission_type parameter in entries in the permissions dictionary

Describe alternatives you've considered An alternative is to use the ansible.builtin.uri module to talk to OneFS, but that comes at a higher cost (i.e. the login needs to be perfomed explicitely within the playbook, tasks which otherwise would be taken care of by the dellemc.powerscale module.

anupamaloke commented 1 year ago

@mophahr, thank you for submitting this feature request. It has been added to the backlog and will be triaged accordingly.

anupamaloke commented 1 year ago

@mophahr, just wanted to provide an update on this. It seems that the OneFS SMB Share API does not have support for removal of share permissions at present. So, we will relook at this feature request once that support is added in APIs. As of now, I don't have any ETA on when that will be added.

Meanwhile, you can use the Isilon CLI command with Ansible to delete the smb share permissions:

vpi2151-1% isi smb shares permission delete --help
Description:
    Delete permissions for an SMB share.

Required Privileges:
    ISI_PRIV_SMB

Usage:
    isi smb shares permission delete <share> { <user> | --group <name> | --gid <id> | --uid <id> | --sid <sid> | --wellknown <name> }
        [--zone <string>]
        [{--force | -f}]
        [{--verbose | -v}]
        [{--help | -h}]

Options:
    <share>
        An SMB share name.

  Persona:
    <user>
        A user name.
    --group <name>
        A group name.
    --gid <id>
        A numeric group identifier.
    --uid <id>
        A numeric user identifier.
    --sid <sid>
        A security identifier.
    --wellknown <name>
        A well-known user, group, machine or account name.
    --zone <string>
        Access zone.

  Display Options:
    --force | -f
        Do not ask confirmation.
    --verbose | -v
        Display more detailed information.
    --help | -h
        Display help for this command.

Argument Formats:
    <gid>
      The numeric identifier of an object

    <user>
      A string used to identify an object.

    <sid>
      A string security identifier; e.g. S-1-5-21-13.