awx.awx.tower_role – grant or revoke an Ansible Tower role.

Note

This plugin is part of the awx.awx collection.

To install it use: ansible-galaxy collection install awx.awx.

To use it in a playbook, specify: awx.awx.tower_role.

Synopsis

  • Roles are used for access control, this module is for managing user access to server resources.

  • Grant or revoke Ansible Tower roles to users. See https://www.ansible.com/tower for an overview.

Parameters

Parameter Choices/Defaults Comments
credential
string
Credential the role acts on.
inventory
string
Inventory the role acts on.
job_template
string
The job template the role acts on.
organization
string
Organization the role acts on.
project
string
Project the role acts on.
role
string / required
    Choices:
  • admin
  • read
  • member
  • execute
  • adhoc
  • update
  • use
  • auditor
  • project_admin
  • inventory_admin
  • credential_admin
  • workflow_admin
  • notification_admin
  • job_template_admin
The role type to grant/revoke.
state
string
    Choices:
  • present ←
  • absent
Desired state.
State of present indicates the user should have the role.
State of absent indicates the user should have the role taken away, if they have it.
target_team
string
Team that the role acts on.
For example, make someone a member or an admin of a team.
Members of a team implicitly receive the permissions that the team has.
team
string
Team that receives the permissions specified by the role.
tower_config_file
path
Path to the Tower or AWX config file.
If provided, the other locations for config files will not be considered.
tower_host
string
URL to your Tower or AWX instance.
If value not set, will try environment variable TOWER_HOST and then config files
If value not specified by any means, the value of 127.0.0.1 will be used
tower_oauthtoken
raw
added in 3.7 of awx.awx
The Tower OAuth token to use.
This value can be in one of two formats.
A string which is the token itself. (i.e. bqV5txm97wqJqtkxlMkhQz0pKhRMMX)
A dictionary structure as returned by the tower_token module.
If value not set, will try environment variable TOWER_OAUTH_TOKEN and then config files
tower_password
string
Password for your Tower or AWX instance.
If value not set, will try environment variable TOWER_PASSWORD and then config files
tower_username
string
Username for your Tower or AWX instance.
If value not set, will try environment variable TOWER_USERNAME and then config files
user
string
User that receives the permissions specified by the role.
validate_certs
boolean
    Choices:
  • no
  • yes
Whether to allow insecure connections to Tower or AWX.
If no, SSL certificates will not be validated.
This should only be used on personally controlled sites using self-signed certificates.
If value not set, will try environment variable TOWER_VERIFY_SSL and then config files

aliases: tower_verify_ssl
workflow
string
The workflow job template the role acts on.

Notes

Note

  • If no config_file is provided we will attempt to use the tower-cli library defaults to find your Tower host information.

  • config_file should contain Tower configuration in the following format host=hostname username=username password=password

Examples

- name: Add jdoe to the member role of My Team
  tower_role:
    user: jdoe
    target_team: "My Team"
    role: member
    state: present

Authors

  • Wayne Witzel III (@wwitzel3)