aap_teams
In this file allteams that exist in rhaap are defined, these teams are for the local users and the LDAP mapped teams.
The usage for each team can be found in the descriptions.
The infra.aap_configuration collection expects the vaules in the variable: aap_teams.
As we intend to configure everything just once, we spit the set of vars into the environments and join the lists in the main.yml, before calling the collection.
If there are no teams defined, do not add this file.
If you do, ensure the file is present in all branches, with the correct content, described below.
group_vars/all/aap_teams.yml
we start the base configuration with some teams for global management tasks such as content management on automation hub, as we do not want everyone to add collections to the hub without checking them (security).
After these we will add some teams that could be created through LDAP, but mapping roles is easier this way.
---
aap_teams_all:
- name: audit
description: audit users
organization: MGT
- name: hub_coll_team
description: hub collection Admins
organization: MGT
- name: hub_ee_team
description: Automationhub Execution Environment Admins
organization: MGT
- name: admin
organization: MGT
description: Organization Admin users (local)
# This set is created for each new organization
- name: LDAP_MGT_Admins
organization: MGT
description: Organization Admins (LDAP)
- name: LDAP_MGT_Developers
organization: MGT
description: Organization Developers (LDAP)
- name: LDAP_MGT_Operators
organization: MGT
description: Organization Operators (LDAP)
# End set
...
But you can already see that the variable name used here has the "_all" extension, so the variable will not be overridden as this is not quite a inventory.
Why we do this, will become clear in a moment.
group_vars/dev/aap_teams.yml
As we do not configure extra teams in development rhaap, this file is an empty set.
---
aap_teams_dev: []
# No extra config exists
...
Here the variable has the "_dev" extension, so the variable will not be overridden.
group_vars/prod/aap_teams.yml
As we do not configure extra teams in production rhaap, this file is an empty set.
---
aap_teams_prod: []
# No extra config exists
...
Here the variable has the "_prod" extension, so the variable will not be overridden.
When we run a pipeline for a certain environment, the inventory structure will provide us with 2 variables:
- aap_teams_all
- aap_teams_
We will merge these 2 variables into 1: aap_teams and feed this to the infra.aap_configuration.gateway_teams role.
In main.yml the merge of the variables can done by this piece of code:
- name: Set the gateway vars
ansible.builtin.set_fact:
aap_teams: >
{{ aap_teams_all |
community.general.lists_mergeby(vars['aap_teams_' + branch_name],
'name', recursive=true, list_merge='append') }}
This results in the aap_teams variable the collection needs.
As you read the main.yml, you will find we are now using different code to merge the vars.