gateway_role_team_assignments
In this file we configure the role a team has within automation platform.
This is not working at the moment
Due to the bug this assignment is not working form the configuration as code.
The system_role galaxy.content_admin is present in gatway, but can't be mapped.
Therefore we added the section below with the assignment_objects to see if the mapping of these
roles would function normally, it didn't.
No roles are mapped to teams whatsoever from this configuration as code.
These are the role that can be mapped through the UI, so after running the configuration as code,
these roles must be assigned manually to create a functional automation platform with the
configuration described here.
For the hub_coll group:
select all repositories:
validated
rh-certified
rejected
staging
community
published
apply the role: galaxy.ansible_repository_owner
to team: hub_coll
For the hub_ee group:
select all execution environments:
*
apply the role: galaxy.execution_environment_namespace_owner
to team: hub_ee
This will be removed when the issue is resolved.
Working with support on this..
group_vars/all/gateway_role_user_assignments.yml
---
gateway_role_team_assignments_all:
- role_definition: galaxy.content_admin
team: hub_coll
state: present
- role_definition: galaxy.content_admin
team: hub_ee
state: present
...
But you can already see that the variable name used here has the "_all" extension, so the variable will not be overridden as this is not quite a inventory.
Why we do this, will become clear in a moment.
group_vars/dev/gateway_role_team_assignments.yml
As we do not configure extra role_user_assignments in rhaap, this file is an empty set.
---
gateway_role_team_assignments_dev: []
# No extra config exists
...
Here the variable has the "_dev" extension, so the variable will not be overridden.
group_vars/prod/gateway_role_team_assignments.yml
As we do not configure extra role_user_asignments in rhaap, this file is an empty set.
---
gateway_role_team_assignments_prod: []
# No extra config exists
...
Here the variable has the "_prod" extension, so the variable will not be overridden.
When we run a pipeline for a certain environment, the inventory structure will provide us with 2 variables:
- gateway_role_team_assignments_all
- gateway_role_team_assignments_
We will merge these 2 variables into 1: gateway_role_team_assignments and feed this to the infra.aap_configuration.gateway_role_team_assignments role.
In main.yml the merge of the variables is done by this piece of code:
- name: Set the gateway vars
ansible.builtin.set_fact:
gateway_role_team_assignments: >
{{ gateway_role_team_assignments_all |
community.general.lists_mergeby(vars['gateway_role_team_assignments_' + branch_name],
'role_definition', recursive=true, list_merge='append') }}
This results in the gateway_role_team_assignments variable the collection needs.