awx.awx.tower_token – create, update, or destroy Ansible Tower tokens.

From Get docs
Ansible/docs/2.11/collections/awx/awx/tower token module


awx.awx.tower_token – create, update, or destroy Ansible Tower tokens.

Note

This plugin is part of the awx.awx collection (version 17.0.1).

To install it use: ansible-galaxy collection install awx.awx.

To use it in a playbook, specify: awx.awx.tower_token.


New in version 2.3: of awx.awx


Synopsis

  • Create or destroy Ansible Tower tokens. See https://www.ansible.com/tower for an overview.
  • In addition, the module sets an Ansible fact which can be passed into other tower_* modules as the parameter tower_oauthtoken. See examples for usage.
  • Because of the sensitive nature of tokens, the created token value is only available once through the Ansible fact. (See RETURN for details)
  • Due to the nature of tokens in Tower this module is not idempotent. A second will with the same parameters will create a new token.
  • If you are creating a temporary token for use with modules you should delete the token when you are done with it. See the example for how to do it.

Parameters

Parameter Choices/Defaults Comments

application

string

The application tied to this token.

description

string

Default:

""

Optional description of this access token.

existing_token

dictionary

The data structure produced from tower_token in create mode to be used with state absent.

existing_token_id

string

A token ID (number) which can be used to delete an arbitrary token with state absent.

scope

string

  • read
  • write

Allowed scopes, further restricts user's permissions. Must be a simple space-separated string with allowed scopes ['read', 'write'].

state

string

  • present

  • absent

Desired state of the resource.

tower_config_file

path

Path to the Tower or AWX config file.

If provided, the other locations for config files will not be considered.

tower_host

string

URL to your Tower or AWX instance.

If value not set, will try environment variable TOWER_HOST and then config files

If value not specified by any means, the value of 127.0.0.1 will be used

tower_oauthtoken

raw

added in 3.7 of awx.awx

The Tower OAuth token to use.

This value can be in one of two formats.

A string which is the token itself. (i.e. bqV5txm97wqJqtkxlMkhQz0pKhRMMX)

A dictionary structure as returned by the tower_token module.

If value not set, will try environment variable TOWER_OAUTH_TOKEN and then config files

tower_password

string

Password for your Tower or AWX instance.

If value not set, will try environment variable TOWER_PASSWORD and then config files

tower_username

string

Username for your Tower or AWX instance.

If value not set, will try environment variable TOWER_USERNAME and then config files

validate_certs

boolean

  • no
  • yes

Whether to allow insecure connections to Tower or AWX.

If no, SSL certificates will not be validated.

This should only be used on personally controlled sites using self-signed certificates.

If value not set, will try environment variable TOWER_VERIFY_SSL and then config files


aliases: tower_verify_ssl



Notes

Note

  • If no config_file is provided we will attempt to use the tower-cli library defaults to find your Tower host information.
  • config_file should contain Tower configuration in the following format host=hostname username=username password=password


Examples

- block:
    - name: Create a new token using an existing token
      tower_token:
        description: '{{ token_description }}'
        scope: "write"
        state: present
        tower_oauthtoken: "{{ my_existing_token }}"

    - name: Delete this token
      tower_token:
        existing_token: "{{ tower_token }}"
        state: absent

    - name: Create a new token using username/password
      tower_token:
        description: '{{ token_description }}'
        scope: "write"
        state: present
        tower_username: "{{ my_username }}"
        tower_password: "{{ my_password }}"

    - name: Use our new token to make another call
      tower_job_list:
        tower_oauthtoken: "{{ tower_token }}"

  always:
    - name: Delete our Token with the token we created
      tower_token:
        existing_token: "{{ tower_token }}"
        state: absent
      when: tower_token is defined

- name: Delete a token by its id
  tower_token:
    existing_token_id: 4
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

tower_token

dictionary

on successful create

An Ansible Fact variable representing a Tower token object which can be used for auth in subsequent modules. See examples for usage.


id

string

success

The numeric ID of the token created


token

string

success

The token that was generated. This token can never be accessed again, make sure this value is noted before it is lost.





Authors

  • John Westcott IV (@john-westcott-iv)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/awx/awx/tower_token_module.html