awx.awx.role – grant or revoke an Automation Platform Controller role.
Note
This plugin is part of the awx.awx collection (version 19.4.0).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install awx.awx.
To use it in a playbook, specify: awx.awx.role.
Synopsis
- Roles are used for access control, this module is for managing user access to server resources.
- Grant or revoke Automation Platform Controller roles to users. See https://www.ansible.com/tower for an overview.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| controller_config_file
path
|
Path to the controller config file.
If provided, the other locations for config files will not be considered.
aliases: tower_config_file |
|
| controller_host
string
|
URL to your Automation Platform Controller instance.
If value not set, will try environment variable
CONTROLLER_HOST and then config files
If value not specified by any means, the value of
127.0.0.1 will be used
aliases: tower_host |
|
| controller_oauthtoken
raw
added in 3.7.0 of awx.awx
|
The OAuth token to use.
This value can be in one of two formats.
A string which is the token itself. (i.e. bqV5txm97wqJqtkxlMkhQz0pKhRMMX)
A dictionary structure as returned by the token module.
If value not set, will try environment variable
CONTROLLER_OAUTH_TOKEN and then config files
aliases: tower_oauthtoken |
|
| controller_password
string
|
Password for your controller instance.
If value not set, will try environment variable
CONTROLLER_PASSWORD and then config files
aliases: tower_password |
|
| controller_username
string
|
Username for your controller instance.
If value not set, will try environment variable
CONTROLLER_USERNAME and then config files
aliases: tower_username |
|
| credential
string
|
Credential the role acts on.
Deprecated, use 'credentials'.
|
|
| credentials
list / elements=string
|
Credential the role acts on.
|
|
| inventories
list / elements=string
|
Inventory the role acts on.
|
|
| inventory
string
|
Inventory the role acts on.
Deprecated, use 'inventories'.
|
|
| job_template
string
|
The job template the role acts on.
Deprecated, use 'job_templates'.
|
|
| job_templates
list / elements=string
|
The job template the role acts on.
|
|
| lookup_organization
string
|
Organization the inventories, job templates, projects, or workflows the items exists in.
Used to help lookup the object, for organization roles see organization.
If not provided, will lookup by name only, which does not work with duplicates.
|
|
| organization
string
|
Organization the role acts on.
Deprecated, use 'organizations'.
|
|
| organizations
list / elements=string
|
Organization the role acts on.
|
|
| project
string
|
Project the role acts on.
Deprecated, use 'projects'.
|
|
| projects
list / elements=string
|
Project the role acts on.
|
|
| role
string / required
|
|
The role type to grant/revoke.
|
| state
string
|
|
Desired state.
State of present indicates the user should have the role.
State of absent indicates the user should have the role taken away, if they have it.
|
| target_team
string
|
Team that the role acts on.
For example, make someone a member or an admin of a team.
Members of a team implicitly receive the permissions that the team has.
Deprecated, use 'target_teams'.
|
|
| target_teams
list / elements=string
|
Team that the role acts on.
For example, make someone a member or an admin of a team.
Members of a team implicitly receive the permissions that the team has.
|
|
| team
string
|
Team that receives the permissions specified by the role.
|
|
| user
string
|
User that receives the permissions specified by the role.
|
|
| validate_certs
boolean
|
|
Whether to allow insecure connections to AWX.
If
no, SSL certificates will not be validated.
This should only be used on personally controlled sites using self-signed certificates.
If value not set, will try environment variable
CONTROLLER_VERIFY_SSL and then config files
aliases: tower_verify_ssl |
| workflow
string
|
The workflow job template the role acts on.
Deprecated, use 'workflows'.
|
|
| workflows
list / elements=string
|
The workflow job template the role acts on.
|
Notes
Note
- If no config_file is provided we will attempt to use the tower-cli library defaults to find your host information.
- config_file should be in the following format host=hostname username=username password=password
Examples
- name: Add jdoe to the member role of My Team
role:
user: jdoe
target_team: "My Team"
role: member
state: present
- name: Add Joe to multiple job templates and a workflow
role:
user: joe
role: execute
workflow: test-role-workflow
job_templates:
- jt1
- jt2
state: present
Authors
- Wayne Witzel III (@wwitzel3)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/awx/awx/role_module.html