awx.awx.tower_role – grant or revoke an Ansible Tower role.

From Get docs
Ansible/docs/2.11/collections/awx/awx/tower role module


awx.awx.tower_role – grant or revoke an Ansible Tower role.

Note

This plugin is part of the awx.awx collection (version 17.0.1).

To install it use: ansible-galaxy collection install awx.awx.

To use it in a playbook, specify: awx.awx.tower_role.


Synopsis

  • Roles are used for access control, this module is for managing user access to server resources.
  • Grant or revoke Ansible Tower roles to users. See https://www.ansible.com/tower for an overview.

Parameters

Parameter Choices/Defaults Comments

credential

string

Credential the role acts on.

Deprecated, use 'credentials'.

credentials

list / elements=string

Credential the role acts on.

inventories

list / elements=string

Inventory the role acts on.

inventory

string

Inventory the role acts on.

Deprecated, use 'inventories'.

job_template

string

The job template the role acts on.

Deprecated, use 'job_templates'.

job_templates

list / elements=string

The job template the role acts on.

lookup_organization

string

Organization the inventories, job templates, projects, or workflows the items exists in.

Used to help lookup the object, for organization roles see organization.

If not provided, will lookup by name only, which does not work with duplicates.

organization

string

Organization the role acts on.

Deprecated, use 'organizations'.

organizations

list / elements=string

Organization the role acts on.

project

string

Project the role acts on.

Deprecated, use 'projects'.

projects

list / elements=string

Project the role acts on.

role

string / required

  • admin
  • read
  • member
  • execute
  • adhoc
  • update
  • use
  • approval
  • auditor
  • project_admin
  • inventory_admin
  • credential_admin
  • workflow_admin
  • notification_admin
  • job_template_admin

The role type to grant/revoke.

state

string

  • present

  • absent

Desired state.

State of present indicates the user should have the role.

State of absent indicates the user should have the role taken away, if they have it.

target_team

string

Team that the role acts on.

For example, make someone a member or an admin of a team.

Members of a team implicitly receive the permissions that the team has.

Deprecated, use 'target_teams'.

target_teams

list / elements=string

Team that the role acts on.

For example, make someone a member or an admin of a team.

Members of a team implicitly receive the permissions that the team has.

team

string

Team that receives the permissions specified by the role.

tower_config_file

path

Path to the Tower or AWX config file.

If provided, the other locations for config files will not be considered.

tower_host

string

URL to your Tower or AWX instance.

If value not set, will try environment variable TOWER_HOST and then config files

If value not specified by any means, the value of 127.0.0.1 will be used

tower_oauthtoken

raw

added in 3.7 of awx.awx

The Tower OAuth token to use.

This value can be in one of two formats.

A string which is the token itself. (i.e. bqV5txm97wqJqtkxlMkhQz0pKhRMMX)

A dictionary structure as returned by the tower_token module.

If value not set, will try environment variable TOWER_OAUTH_TOKEN and then config files

tower_password

string

Password for your Tower or AWX instance.

If value not set, will try environment variable TOWER_PASSWORD and then config files

tower_username

string

Username for your Tower or AWX instance.

If value not set, will try environment variable TOWER_USERNAME and then config files

user

string

User that receives the permissions specified by the role.

validate_certs

boolean

  • no
  • yes

Whether to allow insecure connections to Tower or AWX.

If no, SSL certificates will not be validated.

This should only be used on personally controlled sites using self-signed certificates.

If value not set, will try environment variable TOWER_VERIFY_SSL and then config files


aliases: tower_verify_ssl

workflow

string

The workflow job template the role acts on.

Deprecated, use 'workflows'.

workflows

list / elements=string

The workflow job template the role acts on.



Notes

Note

  • If no config_file is provided we will attempt to use the tower-cli library defaults to find your Tower host information.
  • config_file should contain Tower configuration in the following format host=hostname username=username password=password


Examples

- name: Add jdoe to the member role of My Team
  tower_role:
    user: jdoe
    target_team: "My Team"
    role: member
    state: present

- name: Add Joe to multiple job templates and a workflow
  tower_role:
    user: joe
    role: execute
    workflow: test-role-workflow
    job_templates:
      - jt1
      - jt2
    state: present

Authors

  • Wayne Witzel III (@wwitzel3)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/awx/awx/tower_role_module.html