Try Spottergrant or revoke an Automation Platform Controller role.
Authors: Wayne Witzel III (@wwitzel3)
preview | supported by community
Install with ansible-galaxy collection install shanemcd.awx:==20.0.14
collections:
- name: shanemcd.awx
version: 20.0.14Roles are used for access control, this module is for managing user access to server resources.
Grant or revoke Automation Platform Controller roles to users. See U(https://www.ansible.com/tower) for an overview.
- name: Add jdoe to the member role of My Team
role:
user: jdoe
target_team: "My Team"
role: member
state: present
- name: Add Joe to multiple job templates and a workflow
role:
user: joe
role: execute
workflow: test-role-workflow
job_templates:
- jt1
- jt2
state: present
role:
choices:
- admin
- read
- member
- execute
- adhoc
- update
- use
- approval
- auditor
- project_admin
- inventory_admin
- credential_admin
- workflow_admin
- notification_admin
- job_template_admin
- execution_environment_admin
description:
- The role type to grant/revoke.
required: true
type: str
team:
description:
- Team that receives the permissions specified by the role.
type: str
user:
description:
- User that receives the permissions specified by the role.
type: str
state:
choices:
- present
- absent
default: present
description:
- Desired state.
- State of present indicates the user should have the role.
- State of absent indicates the user should have the role taken away, if they have
it.
type: str
project:
description:
- Project the role acts on.
- Deprecated, use 'projects'.
type: str
projects:
description:
- Project the role acts on.
elements: str
type: list
workflow:
description:
- The workflow job template the role acts on.
- Deprecated, use 'workflows'.
type: str
inventory:
description:
- Inventory the role acts on.
- Deprecated, use 'inventories'.
type: str
workflows:
description:
- The workflow job template the role acts on.
elements: str
type: list
credential:
description:
- Credential the role acts on.
- Deprecated, use 'credentials'.
type: str
credentials:
description:
- Credential the role acts on.
elements: str
type: list
inventories:
description:
- Inventory the role acts on.
elements: str
type: list
target_team:
description:
- Team that the role acts on.
- For example, make someone a member or an admin of a team.
- Members of a team implicitly receive the permissions that the team has.
- Deprecated, use 'target_teams'.
type: str
job_template:
description:
- The job template the role acts on.
- Deprecated, use 'job_templates'.
type: str
organization:
description:
- Organization the role acts on.
- Deprecated, use 'organizations'.
type: str
target_teams:
description:
- Team that the role acts on.
- For example, make someone a member or an admin of a team.
- Members of a team implicitly receive the permissions that the team has.
elements: str
type: list
job_templates:
description:
- The job template the role acts on.
elements: str
type: list
organizations:
description:
- Organization the role acts on.
elements: str
type: list
validate_certs:
aliases:
- tower_verify_ssl
description:
- Whether to allow insecure connections to AWX.
- If C(no), SSL certificates will not be validated.
- This should only be used on personally controlled sites using self-signed certificates.
- If value not set, will try environment variable C(CONTROLLER_VERIFY_SSL) and then
config files
type: bool
controller_host:
aliases:
- tower_host
description:
- URL to your Automation Platform Controller instance.
- If value not set, will try environment variable C(CONTROLLER_HOST) and then config
files
- If value not specified by any means, the value of C(127.0.0.1) will be used
type: str
controller_password:
aliases:
- tower_password
description:
- Password for your controller instance.
- If value not set, will try environment variable C(CONTROLLER_PASSWORD) and then
config files
type: str
controller_username:
aliases:
- tower_username
description:
- Username for your controller instance.
- If value not set, will try environment variable C(CONTROLLER_USERNAME) and then
config files
type: str
lookup_organization:
description:
- Organization the inventories, job templates, projects, or workflows the items exists
in.
- Used to help lookup the object, for organization roles see organization.
- If not provided, will lookup by name only, which does not work with duplicates.
type: str
controller_oauthtoken:
aliases:
- tower_oauthtoken
description:
- The OAuth token to use.
- This value can be in one of two formats.
- A string which is the token itself. (i.e. bqV5txm97wqJqtkxlMkhQz0pKhRMMX)
- A dictionary structure as returned by the token module.
- If value not set, will try environment variable C(CONTROLLER_OAUTH_TOKEN) and then
config files
type: raw
version_added: 3.7.0
version_added_collection: shanemcd.awx
controller_config_file:
aliases:
- tower_config_file
description:
- Path to the controller config file.
- If provided, the other locations for config files will not be considered.
type: path