RBAC Role¶
Description¶
This resource is used for managing RBAC roles in Tower. More importantly, it can be used for granting roles to and revoke roles from a user or team.
Fields Table¶
name | type | help_text | read_only | unique | filterable | required |
---|---|---|---|---|---|---|
user | Resource user | The user field. | False | False | True | False |
team | Resource team | The team that receives the permissions specified by the role. | False | False | True | False |
type | Choices: admin,read,member,execute,adhoc,update,use,auditor | The type of permission that the role controls. | False | False | True | False |
resource_name | String | The resource_name field. | False | False | True | False |
resource_type | String | The resource_type field. | False | False | True | False |
target_team | Resource team | The team that the role acts on. | False | False | True | False |
inventory | Resource inventory | The inventory field. | False | False | True | False |
job_template | Resource job_template | The job_template field. | False | False | True | False |
credential | Resource credential | The credential field. | False | False | True | False |
organization | Resource organization | The organization field. | False | False | True | False |
project | Resource project | The project field. | False | False | True | False |
workflow | Resource workflow | The workflow field. | False | False | True | False |
API Specification¶
-
class
tower_cli.resources.role.
Resource
[source]¶ A resource for managing roles.
This resource has ordinary list and get methods, but it roles can not be created or edited, instead, they are automatically generated along with the connected resource.
-
copy
(pk=None, new_name=None, **kwargs)[source]¶ Copy an object.
Parameters: - pk (int) – Primary key of the resource object to be copied
- new_name – The new name to give the resource if deep copying via the API
- **kwargs – Keyword arguments of fields whose given value will override the original value.
Returns: loaded JSON of the copied new resource object.
Return type:
-
get
(pk=None, **kwargs)[source]¶ Retrieve one and exactly one object.
Parameters: - pk (int) – Primary key of the resource to be read. Tower CLI will only attempt to read that object
if
pk
is provided (notNone
). - **kwargs – Keyword arguments used to look up resource object to retrieve if
pk
is not provided.
Returns: loaded JSON of the retrieved resource object.
Return type: - pk (int) – Primary key of the resource to be read. Tower CLI will only attempt to read that object
if
-
grant
(fail_on_found=False, **kwargs)[source]¶ Add a user or a team to a role. Required information: * Type of the role. * Resource of the role, inventory, credential, or any other. * A user or a team to add to the role.
Parameters: - fail_on_found (bool) – Flag that if set, the operation fails if a user/team already has the role.
- **kwargs – The user to be associated and the role to associate.
Returns: parsed JSON of role grant.
Return type:
-
list
(**kwargs)[source]¶ Retrieve a list of objects.
Parameters: - all_pages (bool) – Flag that if set, collect all pages of content from the API when returning results.
- page (int) – The page to show. Ignored if all_pages is set.
- query (list) – Contains 2-tuples used as query parameters to filter resulting resource objects.
- **kwargs – Keyword arguments list of available fields used for searching resource objects.
Returns: A JSON object containing details of all resource objects returned by Tower backend.
Return type:
-
revoke
(fail_on_found=False, **kwargs)[source]¶ Remove a user or a team from a role. Required information: * Type of the role. * Resource of the role, inventory, credential, or any other. * A user or a team to add to the role.
Parameters: - fail_on_found (bool) – Flag that if set, the operation fails if a user/team dose not have the role.
- **kwargs – The user to be disassociated and the role to disassociate.
Returns: parsed JSON of role revoke.
Return type:
-