RBAC Role

Description

This resource is used for managing RBAC roles in Tower. More importantly, it can be used for granting roles to and revoke roles from a user or team.

Fields Table

name type help_text read_only unique filterable required
user Resource user The user field. False False True False
team Resource team The team that receives the permissions specified by the role. False False True False
type Choices: admin,read,member,execute,adhoc,update,use,auditor The type of permission that the role controls. False False True False
resource_name String The resource_name field. False False True False
resource_type String The resource_type field. False False True False
target_team Resource team The team that the role acts on. False False True False
inventory Resource inventory The inventory field. False False True False
job_template Resource job_template The job_template field. False False True False
credential Resource credential The credential field. False False True False
organization Resource organization The organization field. False False True False
project Resource project The project field. False False True False
workflow Resource workflow The workflow field. False False True False

API Specification

class tower_cli.resources.role.Resource[source]

A resource for managing roles.

This resource has ordinary list and get methods, but it roles can not be created or edited, instead, they are automatically generated along with the connected resource.

copy(pk=None, new_name=None, **kwargs)[source]

Copy an object.

Parameters:
  • pk (int) – Primary key of the resource object to be copied
  • new_name – The new name to give the resource if deep copying via the API
  • **kwargs – Keyword arguments of fields whose given value will override the original value.
Returns:

loaded JSON of the copied new resource object.

Return type:

dict

get(pk=None, **kwargs)[source]

Retrieve one and exactly one object.

Parameters:
  • pk (int) – Primary key of the resource to be read. Tower CLI will only attempt to read that object if pk is provided (not None).
  • **kwargs – Keyword arguments used to look up resource object to retrieve if pk is not provided.
Returns:

loaded JSON of the retrieved resource object.

Return type:

dict

grant(fail_on_found=False, **kwargs)[source]

Add a user or a team to a role. Required information: * Type of the role. * Resource of the role, inventory, credential, or any other. * A user or a team to add to the role.

Parameters:
  • fail_on_found (bool) – Flag that if set, the operation fails if a user/team already has the role.
  • **kwargs – The user to be associated and the role to associate.
Returns:

parsed JSON of role grant.

Return type:

dict

list(**kwargs)[source]

Retrieve a list of objects.

Parameters:
  • all_pages (bool) – Flag that if set, collect all pages of content from the API when returning results.
  • page (int) – The page to show. Ignored if all_pages is set.
  • query (list) – Contains 2-tuples used as query parameters to filter resulting resource objects.
  • **kwargs – Keyword arguments list of available fields used for searching resource objects.
Returns:

A JSON object containing details of all resource objects returned by Tower backend.

Return type:

dict

revoke(fail_on_found=False, **kwargs)[source]

Remove a user or a team from a role. Required information: * Type of the role. * Resource of the role, inventory, credential, or any other. * A user or a team to add to the role.

Parameters:
  • fail_on_found (bool) – Flag that if set, the operation fails if a user/team dose not have the role.
  • **kwargs – The user to be disassociated and the role to disassociate.
Returns:

parsed JSON of role revoke.

Return type:

dict