1

I am trying to get a list of the inventories in my server using awx-cli inventory list -a but what I would like to get is also, what users/groups/teams have access to said inventories and which kind of access. I cannot seem to find a way to get this information from awx-cli.

If I do awx-cli users list -a I get the users and it only tells me whether they are global admins or not, it doesn't say what groups they belong to or which roles do they have over which inventory.

awx-cli list inventory -a and awx-cli users list -a but there doesn't seem to be any info in the help documents to achieve what I need.

Zeitounator
  • 38,476
  • 7
  • 53
  • 66
Alexia Rivera
  • 11
  • 1
  • 1
    "_... it doesn't say what groups they belong to or which roles do they have over which inventory ..._", right. Since this seems to be a chain of dependencies such information would need to gathered recursively. I would assume that such query isn't implemented yet in AWX / Tower and that to get the information several different queries are necessary. – U880D Dec 15 '22 at 17:27
  • Any ideas how could I get started getting this info? i dont mind to perform a few commands and or join them through bash but I'd need a little bit of guidance on how could I possibly achieve this. – Alexia Rivera Dec 15 '22 at 22:27

1 Answers1

1

awx-cli does not implement all API queries, but it is possible to combine awx-cli with curl and jq to get the result you need

Below I detail a possible solution using a bash script

#!/bin/bash

# This script comes with ABSOLUTELY NO WARRANTY, use at own risk
# Copyright (C) 2022 Osiris Alejandro Gomez <osiux@osiux.com>
# Copyright (C) 2022 Osiris Alejandro Gomez <osiris@gcoop.coop>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

function awx_config()
{
  awk -F= "/$1/ {print \$2}" $HOME/.tower_cli.cfg
}

function roles_related()
{
  AWX_URL="$AWX_HOST/api/v2/roles/$1/$2/"
  curl -s --user $AWX_USER:$AWX_PASS "$AWX_URL"
}

function roles_users()
{
  roles_related $1 users        \
    | jq -r .results[].username \
    | while read USERNAME;do echo 'user' "$USERNAME";done
}

function roles_teams()
{
  roles_related $1 teams    \
    | jq -r .results[].name \
    | while read TEAM;do echo 'team' "$TEAM";done
}

AWX_HOST="$(awx_config host)"
AWX_USER="$(awx_config username)"
AWX_PASS="$(awx_config password)"
INVENTORY="$1"

[[ -z "$INVENTORY" ]] && exit 1

awx-cli role list -a --inventory "$INVENTORY" -f json \
  | jq -r '.results[] | "\(.id) \(.name)"'            \
  | while read -r ID TYPE
    do
      roles_users $ID | while read -r U;do echo "$TYPE $U";done
      roles_teams $ID | while read -r T;do echo "$TYPE $T";done
    done

The result is:

Admin user admin
Admin team devops

I share other similar solutions, in the repository Ansible Tools

U880D
  • 8,601
  • 6
  • 24
  • 40
OSiUX
  • 11
  • 3