Closed przemkalit closed 2 weeks ago
Okay, something is not right on our side, I will close this issue.
Sorry but in result I found the bug. It occurs in the export of roles: the role looks for workflow/workflows inside the controller_roles structure, but filetree_create exports workflow_job_template/workflow_job_templates into controller_roles. That's why the roles cannot be imported.
/roles/roles/tasks/main.yml
- name: "Managing Role Based Access Entries on Controller"
role:
...
workflow: "{{ __controller_role_item.0.workflow | default(__controller_role_item.workflow) | default(omit, true) }}"
workflows: "{{ __controller_role_item.0.workflows | default(__controller_role_item.workflows) | default(([] if controller_configuration_role_enforce_defaults else omit), true) }}"
/roles/filetree_create/templates/current_team_roles.j2
{% if first_team_role | default(true) | bool %}
---
controller_roles:
{% endif %}
{% for role in object_roles %}
...
{% elif (role|dict2items)[0].value.resource_type is match('workflow_job_template') %}
workflow_job_templates:
I don't know why it works for the user, but I think maybe user is treated differently.
So... if I understand well... the key workflow_job_templates
should be changed to workflow
or workflows
to let the dispatch to work. Am I right?
Yes, that works in our customised collection, I would create PR but I am kinda busy with something else.
Summary
Hi, I've discovered that team permissions for a workflow are not populated in the target controller. As a result, user roles for the workflow are added, but team roles are marked as
Ok
instead ofChanged
. I tested this with the latest versions of the ansible.controller, with awx.awx controller there is no issue.Please check it ASAP, because this functionality is crucial.
Issue Type
Ansible, Collection, Controller details
OS / ENVIRONMENT
RH 9.4
Desired Behavior
Permission roles are imported
Actual Behavior
Permission roles are not imported
STEPS TO REPRODUCE