gateway_role_user_assignments

In this file we configure the role a user has within automation platform.

group_vars/all/gateway_role_user_assignments.yml

---
gateway_role_user_assignments_all:

  - role_definition: Organization Member
    user: wilco
    object_ids: MGT

  - role_definition: Organization Member
    user: coll_upload
    object_ids: MGT

  - role_definition: Team Member
    user: coll_upload
    object_ids: hub_coll_team

  - role_definition: Organization Member
    user: coll_get
    object_ids: MGT

  - role_definition: Team Member
    user: coll_get
    object_ids: hub_coll_team

  - role_definition: Organization Member
    user: ee_upload
    object_ids: MGT

  - role_definition: Team Member
    user: ee_upload
    object_ids: hub_ee_team

  - role_definition: Organization Member
    user: ee_pull
    object_ids: MGT

  - role_definition: Team Member
    user: ee_pull
    object_ids: hub_ee_team

  - role_definition: Organization Admin
    user: mgt
    object_ids: MGT

  - role_definition: Organization Admin
    user: CaC_admin_MGT
    object_ids: MGT
...

But you can already see that the variable name used here has the "_all" extension, so the variable will not be overridden as this is not quite a inventory.
Why we do this, will become clear in a moment.

group_vars/dev/gateway_role_user_assignments.yml

As we do not configure extra role_user_assignments in rhaap, this file is an empty set. 

---
gateway_role_user_assignments_dev: []
  # No extra config exists
...

Here the variable has the "_dev" extension, so the variable will not be overridden.

group_vars/prod/gateway_role_user_assignments.yml

As we do not configure extra role_user_asignments in rhaap, this file is an empty set. 

---
gateway_role_user_assignments_prod: []
  # No extra config exists
...

Here the variable has the "_prod" extension, so the variable will not be overridden.

When we run a pipeline for a certain environment, the inventory structure will provide us with 2 variables: - gateway_role_user_assignments_all
- gateway_role_user_assignments_

We will merge these 2 variables into 1: gateway_role_user_assignments and feed this to the infra.aap_configuration.gateway_role_user_assignments role.
In main.yml the merge of the variables is done by this piece of code:

    - name: Set the gateway vars
      ansible.builtin.set_fact:
        gateway_role_user_assignments: >
          {{ gateway_role_user_assignments_all |
          community.general.lists_mergeby(vars['gateway_role_user_assignments_' + branch_name],
          'role_definition', recursive=true, list_merge='append') }}

This results in the gateway_role_user_assignments variable the collection needs.

Back