"controller_roles" role in "infra.aap_configuration" adds but does not remove roles

I have been playing with the “controller_roles” role in the “infra.aap_configuration” collection (GitHub - redhat-cop/infra.aap_configuration: A collection of roles to manage Ansible Automation Platform 2.5+ with code & Ansible Galaxy) to associate roles with teams. It does a nice job to add them. I’m wondering how to remove a role when it’s removed from the data structure. Any ideas?

Hi @iamroddo

Try using state: absent. Based on the awx.awx./ansible.controller module doc (which I believe underpins the infra.aap_controller collection/roles), that will remove the role if present. It mentioned users but I’d be curious if that also works on teams.


controller - Red Hat Ecosystem Catalog

Best regards,

Joe

Thanks @iwt-cmd for the response. I was hoping that there’d be a mechanism like that in awx.awx and ansible.controller with the export module to determine the difference between the data structure or desired state and the actual state of the controller for roles.

I think I’m following, more of a declarative approach rather than imperative? If that’s the case, the object_diff role may be worth looking into ( Ansible Galaxy - infra.controller_configuration). I haven’t used it but appears to apply a git-based config to the AAP controller and deletes objects not in the config. I don’t have an AAP-based sandbox with the new API to test it though (insert “Real men test in production” meme here).

There is also a controller_export_diff module that seems to be more of a reporting option but could probably also be exported and used for create/delete tasks. Ansible Galaxy - infra.controller_configuration

We’re moving into more of the Config as Code realm and the new AAP 2.5 paradigm so curious to see what you find.

Best regards,

Joe