Question about contextualizing approval in AWX's job template workflow

Get Help
1

Hello,

I am working in AWX to create a job workflow template. My workflow is to gather DNS entries, prompt the user for approval of deleting the DNS entries. If they approve, it will run a playbook to delete the gathered DNS entries.

Here’s my job workflow’s config:

image
image920×583 18.8 KB

I have “prompt on launch” enabled since I intend to allow the user to specify certain things determining what DNS entries are to be gathered.

Here is the first job_template node in the workflow’s playbook:

- name: AWX Decom DNS
  hosts: localhost
  connection: local
  gather_facts: true

  tasks:
    - name: Set fact
      ansible.builtin.set_fact:
        approval_summary: "These items will be deleted! example1.company.com and example2.company.com"

    - name: Set stats for dns_items_to_delete
      ansible.builtin.set_stats:
        per_host: false
        data:
          approval_summary: "These items will be deleted! example1.company.com and example2.company.com"
          dns_items_to_delete:
            - example1.company.com
            - example2.company.com

    - name: Show approval_summary
      ansible.builtin.debug:
        msg: "approval_summary is: {{ approval_summary }}"

approval_summary seems to be transferring correctly to the final deletion playbook and reads “These items will be deleted![…]” as expected . I am trying to figure out how to pass this info in some way to the approval step to help the user to know which DNS entries will be deleted. This bit seems to be eluding me despite my attempts.

This is what is seen in step 2 of the workflow, the approval step:

image
image1214×608 24.4 KB

Variables is empty. I also tried having the description contain {{ approval_summary }} but I figure this is set at create time only, hence it defaulting to my fallback of “Nothing supplied for approval_summary”.

I presume variables being under Workflow Job means the initial variables the user supplied. Is there a way for a preceding step of an approval to insert information into this approval step so the user knows what they are approving without having to click the preceding job and looking at the log there…? Or is there some other way to add context to this approval?

2

Hi @mcen1

I looked at a couple of our workflow approvals and can only see the variables that were set at the start of the job, not the stats that were set via the job templates in the workflow. The way that we handle the approvals is to have the users go back to the job before the approval to review the debug message before approving/denying. It’s a bit clunky and I like your desired approach better so curious if others have a way of doing this.

Another option would be to output the debug message data to the intended approvers via something like email/Teams/Slack/ITSM and include the workflow job ID in the message so users could find the right approval.

Best regards,

Joe

1 Like
3

Gotcha, appreciate the reply!

I’m going to be working with an area with ahh high turnover and not much training, so I’m trying my best to make this as unchallenging as possible for that audience (I have a front-end for running AWX jobs, so using the workflow approval mechanisms within would already be a departure).

I suspected a response like yours would be coming. I think I will proceed with my plan B: the playbook will request an “approval” object via the Python fastapi middleware we’ve developed for augmenting some other functionality, the user will be given a link to approve or deny the delete, and the playbook will poll the results for 30 minutes or so.

I’ll keep this thread open in case anyone has suggestions on how the workflow template might still be able to accomplish this.

1 Like