Red Hat SummitModules in the ansible.platform collection
The ansible.platform collection provides modules for managing Ansible Automation Platform resources. The following tables list the available modules grouped by category.
Identity and access management
Copy linkLink copied!
| Module | Description | Supported states |
|---|---|---|
organization |
Create, update, or delete organizations. | present, absent, exists, enforced |
user |
Create, update, or delete users. Configure superuser status and authenticator associations. | present, absent, exists, enforced |
team |
Create, update, or delete teams within an organization. | present, absent, exists, enforced |
role_definition |
Create, update, or delete custom RBAC role definitions with specific permissions. | present, absent, exists, enforced |
role_user_assignment |
Assign roles to users for specific resources or organizations. | present, absent, exists |
role_team_assignment |
Assign roles to teams for specific resources or organizations. Supports batch operations with assignment_objects. |
present, absent, exists |
Authentication
Copy linkLink copied!
| Module | Description | Supported states |
|---|---|---|
authenticator |
Configure authentication providers such as LDAP, OIDC, SAML, and GitHub. | present, absent, exists, enforced |
authenticator_map |
Define authentication mapping rules to map external groups to Ansible Automation Platform roles, teams, and organizations. | present, absent, exists, enforced |
authenticator_user |
Associate users with authentication providers for migration between providers. This module does not support deleting associations. | present, exists |
Gateway infrastructure
Copy linkLink copied!
| Module | Description | Supported states |
|---|---|---|
service |
Configure API service routes for automation controller, automation hub, and Event-Driven Ansible controller. | present, absent, exists, enforced |
route |
Configure non-API gateway routes. | present, absent, exists, enforced |
service_cluster |
Manage service clusters with health check and outlier detection settings. | present, absent, exists, enforced |
service_node |
Add or remove individual service nodes within clusters. | present, absent, exists, enforced |
service_type |
Define service type definitions with login and logout paths. | present, absent, exists, enforced |
service_key |
Manage service authentication keys for inter-service communication. | present, absent, exists, enforced |
http_port |
Configure HTTP listener ports for the Envoy proxy. | present, absent, exists, enforced |
ui_plugin_route |
Configure UI plugin routes for front-end plugin integration. | present, absent, exists, enforced |
Platform configuration
Copy linkLink copied!
| Module | Description | Supported states |
|---|---|---|
settings |
Modify platform-wide settings including token authentication, JWT configuration, password policies, and session settings. This module has no state parameter and always applies changes. To get a full list of available setting keys for your environment, query the platform gateway REST API. |
N/A (always applies) |
feature_flag |
Query and manage feature flags. Only run-time flags can be modified; install-time flags are read-only. This module defaults to exists instead of present, so you must explicitly set state: present to modify a flag. |
present, absent, exists, enforced |
The settings module requires a dictionary of setting keys and values, but the full list of available keys depends on your Ansible Automation Platform deployment. To discover all available setting keys and their current values, query the following REST API endpoints on your platform gateway:
https://aap-host/api/gateway/v1/settings/all/— platform gateway settingshttps://aap-host/api/controller/v2/settings/all/— automation controller settings
Application and token management
Copy linkLink copied!
| Module | Description | Supported states |
|---|---|---|
application |
Create, update, or delete OAuth2 applications for platform gateway. Configure grant types, client types, and redirect URIs. | present, absent, exists, enforced |
token |
Create or delete OAuth2 tokens. Each run creates a new token; this module is not idempotent. The token value is only available at creation time. | present, absent |
ca_certificate |
Manage CA certificates for mutual TLS (mTLS) authentication. | present, absent, exists |
Lookup plugin
Copy linkLink copied!
| Plugin | Description |
|---|---|
gateway_api |
Query any platform gateway API endpoint. Supports pagination, filtering, and returning objects or IDs. Use for read-only lookups of users, teams, organizations, settings, and other resources. |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}