hub_group_roles

In this file we need to configure the access rights/role a gateway team will be assigned in the automation hub.
Note that the team in this configuration is preceded by the organization name.

group_vars/all/hub_group_roles.yml

Below you see three teams receiving different roles in automation hub.
We chose the role "galaxy.content_admin" for the automated hub users shown here, this is because you can grant other roles to users, but those have to be set on specific(existing) objects. These users we grant access to create new content, so they need a system role.

---
hub_group_roles_all:
  - groups:
      - MGT::hub_coll_team
    role_list:
      - roles:
          - galaxy.content_admin
    state: present
  - groups:
      - MGT::hub_ee_team
    role_list:
      - roles:
          - galaxy.content_admin
  - groups:
      - MGT::audit
    role_list:
      - roles:
          - galaxy.collection_curator

But you can already see that the variable name used here has the "_all" extension, so the variable will not be overridden as this is not quite a inventory.
Why we do this, will become clear in a moment.

group_vars/dev/hub_group_roles.yml

As we do not configure extra group_roles in automation hub, this file is an empty set.

---
hub_group_roles_dev: []
  # No extra config exists
...

Here the variable has the "_dev" extension, so the variable will not be overridden.

group_vars/prod/hub_group_roles.yml

As we do not configure extra group_roles in automation hub, this file is an empty set.

---
hub_group_roles_prod: []
  # No extra config exists
...

Here the variable has the "_prod" extension, so the variable will not be overridden.

Back