Red Hat SummitConfiguration as Code migration guide for Ansible Automation Platform 2.7
If you are upgrading to Ansible Automation Platform 2.7, review the following changes to the ansible.controller and ansible.hub collections that can affect your existing Configuration as Code playbooks.
Deprecated parameters
Copy linkLink copied!
The following parameters are deprecated and scheduled for removal in a future release of Ansible Automation Platform. Update your playbooks to use the replacement parameters.
| Module | Deprecated parameter | Replacement | Details |
|---|---|---|---|
user |
organizations |
role_user_assignment module |
Use the role_user_assignment module to assign organization roles to users instead of the organizations parameter. |
user |
is_platform_auditor |
role_user_assignment module |
Assign the Platform Auditor role by using the role_user_assignment module. |
user |
authenticators |
associated_authenticators |
The associated_authenticators parameter accepts a dictionary keyed by authenticator ID with values containing uid and email. |
user |
authenticator_uid |
associated_authenticators |
Use the associated_authenticators parameter instead. |
role_user_assignment |
object_id |
object_ids |
The object_ids parameter accepts a list of resource identifiers, enabling batch role assignments in a single task. |
Removed modules from the ansible.hub collection
Copy linkLink copied!
Ansible Automation Platform 2.7 removes the following modules from the ansible.hub collection. Use the ansible.platform replacements instead. Other modules in the ansible.hub collection remain available.
| Removed module | Replacement | Action required |
|---|---|---|
ansible.hub.ah_user |
ansible.platform.user |
Update all playbooks that use ansible.hub.ah_user to use ansible.platform.user. The ansible.platform.user module manages users through platform gateway and supports additional parameters such as associated_authenticators. |
ansible.hub.ah_token |
ansible.platform.token |
Update all playbooks that use ansible.hub.ah_token to use ansible.platform.token. Note that the ansible.platform.token module is not idempotent; each run creates a new token. |
New modules
Copy linkLink copied!
The following modules are new in ansible.platform version 2.7:
-
feature_flag - Query and manage feature flags. Use this module to enable or disable run-time feature flags for your platform.
-
ca_certificate - Manage CA certificates for mutual TLS (mTLS) authentication between services.
-
role_team_assignment -
Assign roles to teams for specific resources or organizations. Supports batch operations through the
assignment_objectsparameter. -
role_definition - Create custom RBAC role definitions with specific permissions scoped to a content type.
-
ui_plugin_route - Configure UI plugin routes for front-end plugin integration with platform gateway.
New features in existing modules
Copy linkLink copied!
The following features are available in existing modules:
- Mutual TLS support: The
serviceandroutemodules support anenable_mtlsparameter for mutual TLS authentication. When you enable mTLS, setenable_gateway_authtofalse. - Route timeouts: The
service,route, andui_plugin_routemodules supportrequest_timeout_secondsandidle_timeout_secondsparameters for per-route timeout configuration. - OIDC User Identity: The
authenticatormodule supports OIDC User Identity configuration for platform gateway. - Batch role assignments: The
role_user_assignmentmodule supportsobject_idsfor assigning a role to a user across multiple resources in a single task.
Example: Update a playbook for 2.7
Copy linkLink copied!
The following example shows how to update a playbook that uses deprecated parameters.
Before (2.6)
- name: Create user with org membership
ansible.platform.user:
username: "demo-user"
organizations:
- "Demo-Organization"
is_platform_auditor: trueAfter (2.7)
- name: Create user
ansible.platform.user:
username: "demo-user"
state: present
- name: Assign organization role to user
ansible.platform.role_user_assignment:
user: "demo-user"
role_definition: "Organization Member"
object_ids:
- "Demo-Organization"
state: present
- name: Assign Platform Auditor role to user
ansible.platform.role_user_assignment:
user: "demo-user"
role_definition: "Platform Auditor"
# object_ids is not required for platform-wide roles
state: present
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}