1. Oracle Linux Automation Manager CLI and API Reference Guide
  2. Tasks
  3. Settings

Update a Setting

put

/api/v2/settings/{category_slug}/

Make a PUT or PATCH request to this resource to update this setting. The following fields may be modified:

  • ACTIVITY_STREAM_ENABLED: Enable capturing activity for the activity stream. (boolean, required)
  • ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC: Enable capturing activity for the activity stream when running inventory sync. (boolean, required)
  • ORG_ADMINS_CAN_SEE_ALL_USERS: Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization. (boolean, required)
  • MANAGE_ORGANIZATION_AUTH: Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration. (boolean, required)
  • TOWER_URL_BASE: This setting is used by services like notifications to render a valid url to the service. (string, required)
  • REMOTE_HOST_HEADERS: HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the AAP Installation guide for more details. (list, required)
  • PROXY_IP_ALLOWED_LIST: If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally') (list, required)

  • CSRF_TRUSTED_ORIGINS: If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values. (list, default=[])

  • REDHAT_USERNAME: This username is used to send data to Automation Analytics (string, default="")

  • REDHAT_PASSWORD: This password is used to send data to Automation Analytics (string, default="")
  • SUBSCRIPTIONS_USERNAME: This username is used to retrieve subscription and content information (string, default="")
  • SUBSCRIPTIONS_PASSWORD: This password is used to retrieve subscription and content information (string, default="")

  • AUTOMATION_ANALYTICS_URL: This setting is used to to configure the upload URL for data collection for Automation Analytics. (string, default="https://example.com")

  • DEFAULT_EXECUTION_ENVIRONMENT: The Execution Environment to be used when one has not been configured for a job template. (field, default=None)

  • CUSTOM_VENV_PATHS: Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line. (list, default=[])
  • AD_HOC_COMMANDS: List of modules allowed to be used by ad-hoc jobs. (list, default=['command', 'shell', 'yum', 'apt', 'apt_key', 'apt_repository', 'apt_rpm', 'service', 'group', 'user', 'mount', 'ping', 'selinux', 'setup', 'win_ping', 'win_service', 'win_updates', 'win_group', 'win_user'])
  • ALLOW_JINJA_IN_EXTRA_VARS: Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to "template" or "never". (choice, required)
    • always: Always
    • never: Never
    • template: Only On Job Template Definitions (default)
  • AWX_ISOLATION_BASE_PATH: The directory in which the service will create new temporary directories for job execution and isolation (such as credential files). (string, required)
  • AWX_ISOLATION_SHOW_PATHS: List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. (list, default=[])
  • AWX_TASK_ENV: Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending. (nested object, default={})
  • AWX_RUNNER_KEEPALIVE_SECONDS: Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open. (integer, required)
  • GALAXY_TASK_ENV: Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git. (nested object, required)
  • INSIGHTS_TRACKING_STATE: Enables the service to gather data on automation and send it to Automation Analytics. (boolean, default=False)
  • PROJECT_UPDATE_VVV: Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates. (boolean, required)
  • AWX_ROLES_ENABLED: Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects. (boolean, default=True)
  • AWX_COLLECTIONS_ENABLED: Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects. (boolean, default=True)
  • AWX_SHOW_PLAYBOOK_LINKS: Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself. (boolean, default=False)
  • AWX_MOUNT_ISOLATED_PATHS_ON_K8S: Expose paths via hostPath for the Pods created by a Container Group. HostPath volumes present many security risks, and it is a best practice to avoid the use of HostPaths when possible. (boolean, default=False)
  • GALAXY_IGNORE_CERTS: If set to true, certificate validation will not be done when installing content from any Galaxy server. (boolean, default=False)
  • STDOUT_MAX_BYTES_DISPLAY: Maximum Size of Standard Output in bytes to display before requiring the output be downloaded. (integer, required)
  • EVENT_STDOUT_MAX_BYTES_DISPLAY: Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. stdout will end with ??? when truncated. (integer, required)
  • MAX_WEBSOCKET_EVENT_RATE: Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit. (integer, default=30)
  • SCHEDULE_MAX_JOBS: Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created. (integer, required)
  • AWX_ANSIBLE_CALLBACK_PLUGINS: List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line. (list, default=[])
  • DEFAULT_JOB_TIMEOUT: Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this. (integer, default=0)
  • DEFAULT_JOB_IDLE_TIMEOUT: If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed. (integer, default=0)
  • DEFAULT_INVENTORY_UPDATE_TIMEOUT: Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this. (integer, default=0)
  • DEFAULT_PROJECT_UPDATE_TIMEOUT: Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this. (integer, default=0)
  • ANSIBLE_FACT_CACHE_TIMEOUT: Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed. (integer, default=0)
  • MAX_FORKS: Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied. (integer, default=200)
  • LOG_AGGREGATOR_HOST: Hostname/IP where external logs will be sent to. (string, default="")
  • LOG_AGGREGATOR_PORT: Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator). (integer, default=None)
  • LOG_AGGREGATOR_TYPE: Format messages for the chosen log aggregator. (choice)
    • None: --------- (default)
    • logstash
    • splunk
    • loggly
    • sumologic
    • other
  • LOG_AGGREGATOR_USERNAME: Username for external log aggregator (if required; HTTP/s only). (string, default="")
  • LOG_AGGREGATOR_PASSWORD: Password or authentication token for external log aggregator (if required; HTTP/s only). (string, default="")
  • LOG_AGGREGATOR_LOGGERS: List of loggers that will send HTTP logs to the collector, these can include any or all of: awx - service logs activity_stream - activity stream records job_events - callback data from Ansible job events system_tracking - facts gathered from scan jobs broadcast_websocket - errors pertaining to websockets broadcast metrics (list, default=['awx', 'activity_stream', 'job_events', 'system_tracking', 'broadcast_websocket'])
  • LOG_AGGREGATOR_INDIVIDUAL_FACTS: If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing. (boolean, default=False)
  • LOG_AGGREGATOR_ENABLED: Enable sending logs to external log aggregator. (boolean, default=False)
  • LOG_AGGREGATOR_TOWER_UUID: Useful to uniquely identify instances. (string, default="")
  • LOG_AGGREGATOR_PROTOCOL: Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname. (choice)
    • https: HTTPS/HTTP (default)
    • tcp: TCP
    • udp: UDP
  • LOG_AGGREGATOR_TCP_TIMEOUT: Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols. (integer, default=5)
  • LOG_AGGREGATOR_VERIFY_CERT: Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is "https". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection. (boolean, default=True)
  • LOG_AGGREGATOR_LEVEL: Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting) (choice)
    • DEBUG
    • INFO (default)
    • WARNING
    • ERROR
    • CRITICAL
  • LOG_AGGREGATOR_ACTION_QUEUE_SIZE: Defines how large the rsyslog action queue can grow in number of messages stored. This can have an impact on memory utilization. When the queue reaches 75% of this number, the queue will start writing to disk (queue.highWatermark in rsyslog). When it reaches 90%, NOTICE, INFO, and DEBUG messages will start to be discarded (queue.discardMark with queue.discardSeverity=5). (integer, default=131072)
  • LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB: Amount of data to store (in gigabytes) if an rsyslog action takes time to process an incoming message (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting on the action (e.g. omhttp). It stores files in the directory specified by LOG_AGGREGATOR_MAX_DISK_USAGE_PATH. (integer, default=1)
  • LOG_AGGREGATOR_MAX_DISK_USAGE_PATH: Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting. (string, default="/var/lib/awx")
  • LOG_AGGREGATOR_RSYSLOGD_DEBUG: Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation. (boolean, default=False)
  • API_400_ERROR_LOG_FORMAT: The format of logged messages when an API 4XX error occurs, the following variables will be substituted: status_code - The HTTP status code of the error user_name - The user name attempting to use the API url_path - The URL path to the API endpoint called remote_addr - The remote address seen for the user error - The error set by the api endpoint Variables need to be in the format {<variable name>}. (string, default="status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}")
  • AUTOMATION_ANALYTICS_LAST_GATHER: (datetime, required)
  • AUTOMATION_ANALYTICS_LAST_ENTRIES: (string, default="")

  • AUTOMATION_ANALYTICS_GATHER_INTERVAL: Interval (in seconds) between data gathering. (integer, default=14400)

  • BULK_JOB_MAX_LAUNCH: Max jobs to allow bulk jobs to launch (integer, default=100)

  • BULK_HOST_MAX_CREATE: Max number of hosts to allow to be created in a single bulk action (integer, default=100)
  • BULK_HOST_MAX_DELETE: Max number of hosts to allow to be deleted in a single bulk action (integer, default=250)
  • UI_NEXT: Enable preview of new user interface. (boolean, default=False)
  • SUBSCRIPTION_USAGE_MODEL: (choice)
    • "": Default model for AWX - no subscription. Deletion of host_metrics will not be considered for purposes of managed host counting (default)
    • unique_managed_hosts: Usage based on unique managed nodes in a large historical time frame and delete functionality for no longer used managed nodes
  • CLEANUP_HOST_METRICS_LAST_TS: (datetime, required)
  • HOST_METRIC_SUMMARY_TASK_LAST_TS: (datetime, required)
  • AWX_CLEANUP_PATHS: Enable or Disable TMP Dir cleanup (boolean, default=True)
  • AWX_REQUEST_PROFILE: Debug web request python timing (boolean, default=False)
  • DEFAULT_CONTAINER_RUN_OPTIONS: List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug'] (list, default=[&#x27;--network&#x27;, &#x27;slirp4netns:enable_ipv6=true&#x27;])

  • RECEPTOR_RELEASE_WORK: Release receptor work (boolean, default=True)

  • SESSION_COOKIE_AGE: Number of seconds that a user is inactive before they will need to login again. (integer, required)

  • SESSIONS_PER_USER: Maximum number of simultaneous logged in sessions a user may have. To disable enter -1. (integer, required)
  • DISABLE_LOCAL_AUTH: Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration. (boolean, required)
  • AUTH_BASIC_ENABLED: Enable HTTP Basic Auth for the API Browser. (boolean, required)
  • OAUTH2_PROVIDER: Dictionary for customizing OAuth 2 timeouts, available items are ACCESS_TOKEN_EXPIRE_SECONDS, the duration of access tokens in the number of seconds, AUTHORIZATION_CODE_EXPIRE_SECONDS, the duration of authorization codes in the number of seconds, and REFRESH_TOKEN_EXPIRE_SECONDS, the duration of refresh tokens, after expired access tokens, in the number of seconds. (nested object, default={&#x27;ACCESS_TOKEN_EXPIRE_SECONDS&#x27;: 31536000000, &#x27;AUTHORIZATION_CODE_EXPIRE_SECONDS&#x27;: 600, &#x27;REFRESH_TOKEN_EXPIRE_SECONDS&#x27;: 2628000})
  • ALLOW_OAUTH2_FOR_EXTERNAL_USERS: For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off. (boolean, default=False)
  • LOGIN_REDIRECT_OVERRIDE: URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page. (string, default="")

  • ALLOW_METRICS_FOR_ANONYMOUS_USERS: If true, anonymous users are allowed to poll metrics. (boolean, default=False)

  • CUSTOM_LOGIN_INFO: If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported. (string, default="")

  • CUSTOM_LOGO: To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported. (string, default="")
  • MAX_UI_JOB_EVENTS: Maximum number of job events for the UI to retrieve within a single request. (integer, required)

  • UI_LIVE_UPDATES_ENABLED: If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details. (boolean, required)

  • SOCIAL_AUTH_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)
  • SOCIAL_AUTH_USER_FIELDS: When set to an empty list [], this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login. (list, default=None)
  • SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL: Enabling this setting will tell social auth to use the full Email as username instead of the full name (boolean, default=False)
  • AUTH_LDAP_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
  • AUTH_LDAP_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax. (string, default="")
  • AUTH_LDAP_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
  • AUTH_LDAP_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
  • AUTH_LDAP_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={&#x27;OPT_REFERRALS&#x27;: 0, &#x27;OPT_NETWORK_TIMEOUT&#x27;: 30})
  • AUTH_LDAP_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details. (list, default=[])
  • AUTH_LDAP_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
  • AUTH_LDAP_USER_ATTR_MAP: Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details. (nested object, default={})
  • AUTH_LDAP_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
  • AUTH_LDAP_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
    • PosixGroupType
    • GroupOfNamesType
    • GroupOfUniqueNamesType
    • ActiveDirectoryGroupType
    • OrganizationalRoleGroupType
    • MemberDNGroupType (default)
    • NestedGroupOfNamesType
    • NestedGroupOfUniqueNamesType
    • NestedActiveDirectoryGroupType
    • NestedOrganizationalRoleGroupType
    • NestedMemberDNGroupType
    • PosixUIDGroupType
  • AUTH_LDAP_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([(&#x27;member_attr&#x27;, &#x27;member&#x27;), (&#x27;name_attr&#x27;, &#x27;cn&#x27;)]))
  • AUTH_LDAP_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported. (string, default="")
  • AUTH_LDAP_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
  • AUTH_LDAP_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail. (nested object, default={})
  • AUTH_LDAP_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation. (nested object, default={})
  • AUTH_LDAP_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation. (nested object, default={})
  • AUTH_LDAP_1_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
  • AUTH_LDAP_1_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax. (string, default="")
  • AUTH_LDAP_1_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
  • AUTH_LDAP_1_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
  • AUTH_LDAP_1_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={&#x27;OPT_REFERRALS&#x27;: 0, &#x27;OPT_NETWORK_TIMEOUT&#x27;: 30})
  • AUTH_LDAP_1_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details. (list, default=[])
  • AUTH_LDAP_1_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
  • AUTH_LDAP_1_USER_ATTR_MAP: Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details. (nested object, default={})
  • AUTH_LDAP_1_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
  • AUTH_LDAP_1_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
    • PosixGroupType
    • GroupOfNamesType
    • GroupOfUniqueNamesType
    • ActiveDirectoryGroupType
    • OrganizationalRoleGroupType
    • MemberDNGroupType (default)
    • NestedGroupOfNamesType
    • NestedGroupOfUniqueNamesType
    • NestedActiveDirectoryGroupType
    • NestedOrganizationalRoleGroupType
    • NestedMemberDNGroupType
    • PosixUIDGroupType
  • AUTH_LDAP_1_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([(&#x27;member_attr&#x27;, &#x27;member&#x27;), (&#x27;name_attr&#x27;, &#x27;cn&#x27;)]))
  • AUTH_LDAP_1_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported. (string, default="")
  • AUTH_LDAP_1_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
  • AUTH_LDAP_1_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail. (nested object, default={})
  • AUTH_LDAP_1_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation. (nested object, default={})
  • AUTH_LDAP_1_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation. (nested object, default={})
  • AUTH_LDAP_2_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
  • AUTH_LDAP_2_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax. (string, default="")
  • AUTH_LDAP_2_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
  • AUTH_LDAP_2_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
  • AUTH_LDAP_2_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={&#x27;OPT_REFERRALS&#x27;: 0, &#x27;OPT_NETWORK_TIMEOUT&#x27;: 30})
  • AUTH_LDAP_2_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details. (list, default=[])
  • AUTH_LDAP_2_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
  • AUTH_LDAP_2_USER_ATTR_MAP: Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details. (nested object, default={})
  • AUTH_LDAP_2_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
  • AUTH_LDAP_2_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
    • PosixGroupType
    • GroupOfNamesType
    • GroupOfUniqueNamesType
    • ActiveDirectoryGroupType
    • OrganizationalRoleGroupType
    • MemberDNGroupType (default)
    • NestedGroupOfNamesType
    • NestedGroupOfUniqueNamesType
    • NestedActiveDirectoryGroupType
    • NestedOrganizationalRoleGroupType
    • NestedMemberDNGroupType
    • PosixUIDGroupType
  • AUTH_LDAP_2_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([(&#x27;member_attr&#x27;, &#x27;member&#x27;), (&#x27;name_attr&#x27;, &#x27;cn&#x27;)]))
  • AUTH_LDAP_2_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported. (string, default="")
  • AUTH_LDAP_2_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
  • AUTH_LDAP_2_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail. (nested object, default={})
  • AUTH_LDAP_2_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation. (nested object, default={})
  • AUTH_LDAP_2_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation. (nested object, default={})
  • AUTH_LDAP_3_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
  • AUTH_LDAP_3_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax. (string, default="")
  • AUTH_LDAP_3_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
  • AUTH_LDAP_3_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
  • AUTH_LDAP_3_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={&#x27;OPT_REFERRALS&#x27;: 0, &#x27;OPT_NETWORK_TIMEOUT&#x27;: 30})
  • AUTH_LDAP_3_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details. (list, default=[])
  • AUTH_LDAP_3_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
  • AUTH_LDAP_3_USER_ATTR_MAP: Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details. (nested object, default={})
  • AUTH_LDAP_3_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
  • AUTH_LDAP_3_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
    • PosixGroupType
    • GroupOfNamesType
    • GroupOfUniqueNamesType
    • ActiveDirectoryGroupType
    • OrganizationalRoleGroupType
    • MemberDNGroupType (default)
    • NestedGroupOfNamesType
    • NestedGroupOfUniqueNamesType
    • NestedActiveDirectoryGroupType
    • NestedOrganizationalRoleGroupType
    • NestedMemberDNGroupType
    • PosixUIDGroupType
  • AUTH_LDAP_3_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([(&#x27;member_attr&#x27;, &#x27;member&#x27;), (&#x27;name_attr&#x27;, &#x27;cn&#x27;)]))
  • AUTH_LDAP_3_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported. (string, default="")
  • AUTH_LDAP_3_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
  • AUTH_LDAP_3_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail. (nested object, default={})
  • AUTH_LDAP_3_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation. (nested object, default={})
  • AUTH_LDAP_3_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation. (nested object, default={})
  • AUTH_LDAP_4_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
  • AUTH_LDAP_4_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax. (string, default="")
  • AUTH_LDAP_4_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
  • AUTH_LDAP_4_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
  • AUTH_LDAP_4_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={&#x27;OPT_REFERRALS&#x27;: 0, &#x27;OPT_NETWORK_TIMEOUT&#x27;: 30})
  • AUTH_LDAP_4_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details. (list, default=[])
  • AUTH_LDAP_4_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
  • AUTH_LDAP_4_USER_ATTR_MAP: Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details. (nested object, default={})
  • AUTH_LDAP_4_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
  • AUTH_LDAP_4_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
    • PosixGroupType
    • GroupOfNamesType
    • GroupOfUniqueNamesType
    • ActiveDirectoryGroupType
    • OrganizationalRoleGroupType
    • MemberDNGroupType (default)
    • NestedGroupOfNamesType
    • NestedGroupOfUniqueNamesType
    • NestedActiveDirectoryGroupType
    • NestedOrganizationalRoleGroupType
    • NestedMemberDNGroupType
    • PosixUIDGroupType
  • AUTH_LDAP_4_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([(&#x27;member_attr&#x27;, &#x27;member&#x27;), (&#x27;name_attr&#x27;, &#x27;cn&#x27;)]))
  • AUTH_LDAP_4_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported. (string, default="")
  • AUTH_LDAP_4_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
  • AUTH_LDAP_4_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail. (nested object, default={})
  • AUTH_LDAP_4_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation. (nested object, default={})
  • AUTH_LDAP_4_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation. (nested object, default={})
  • AUTH_LDAP_5_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
  • AUTH_LDAP_5_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax. (string, default="")
  • AUTH_LDAP_5_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
  • AUTH_LDAP_5_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
  • AUTH_LDAP_5_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={&#x27;OPT_REFERRALS&#x27;: 0, &#x27;OPT_NETWORK_TIMEOUT&#x27;: 30})
  • AUTH_LDAP_5_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details. (list, default=[])
  • AUTH_LDAP_5_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
  • AUTH_LDAP_5_USER_ATTR_MAP: Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details. (nested object, default={})
  • AUTH_LDAP_5_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
  • AUTH_LDAP_5_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
    • PosixGroupType
    • GroupOfNamesType
    • GroupOfUniqueNamesType
    • ActiveDirectoryGroupType
    • OrganizationalRoleGroupType
    • MemberDNGroupType (default)
    • NestedGroupOfNamesType
    • NestedGroupOfUniqueNamesType
    • NestedActiveDirectoryGroupType
    • NestedOrganizationalRoleGroupType
    • NestedMemberDNGroupType
    • PosixUIDGroupType
  • AUTH_LDAP_5_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([(&#x27;member_attr&#x27;, &#x27;member&#x27;), (&#x27;name_attr&#x27;, &#x27;cn&#x27;)]))
  • AUTH_LDAP_5_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported. (string, default="")
  • AUTH_LDAP_5_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
  • AUTH_LDAP_5_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail. (nested object, default={})
  • AUTH_LDAP_5_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation. (nested object, default={})
  • AUTH_LDAP_5_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation. (nested object, default={})
  • RADIUS_SERVER: Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty. (string, default="")
  • RADIUS_PORT: Port of RADIUS server. (integer, default=1812)
  • RADIUS_SECRET: Shared secret for authenticating to RADIUS server. (string, default="")
  • TACACSPLUS_HOST: Hostname of TACACS+ server. (string, default="")
  • TACACSPLUS_PORT: Port number of TACACS+ server. (integer, default=49)
  • TACACSPLUS_SECRET: Shared secret for authenticating to TACACS+ server. (string, default="")
  • TACACSPLUS_SESSION_TIMEOUT: TACACS+ session timeout value in seconds, 0 disables timeout. (integer, default=5)
  • TACACSPLUS_AUTH_PROTOCOL: Choose the authentication protocol used by TACACS+ client. (choice)
    • ascii (default)
    • pap

  • TACACSPLUS_REM_ADDR: Enable the client address sending by TACACS+ client. (boolean, default=False)

  • SOCIAL_AUTH_GOOGLE_OAUTH2_KEY: The OAuth2 key from your web application. (string, default="")

  • SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET: The OAuth2 secret from your web application. (string, default="")
  • SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS: Update this setting to restrict the domains who are allowed to login using Google OAuth2. (list, default=[])
  • SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS: Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail. (nested object, default={})
  • SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_GITHUB_KEY: The OAuth2 key (Client ID) from your GitHub developer application. (string, default="")

  • SOCIAL_AUTH_GITHUB_SECRET: The OAuth2 secret (Client Secret) from your GitHub developer application. (string, default="")
  • SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_GITHUB_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_GITHUB_ORG_KEY: The OAuth2 key (Client ID) from your GitHub organization application. (string, default="")

  • SOCIAL_AUTH_GITHUB_ORG_SECRET: The OAuth2 secret (Client Secret) from your GitHub organization application. (string, default="")
  • SOCIAL_AUTH_GITHUB_ORG_NAME: The name of your GitHub organization, as used in your organization's URL: https://github.com/<yourorg>/. (string, default="")
  • SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_GITHUB_TEAM_KEY: The OAuth2 key (Client ID) from your GitHub organization application. (string, default="")

  • SOCIAL_AUTH_GITHUB_TEAM_SECRET: The OAuth2 secret (Client Secret) from your GitHub organization application. (string, default="")
  • SOCIAL_AUTH_GITHUB_TEAM_ID: Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/. (string, default="")
  • SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_GITHUB_ENTERPRISE_URL: The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details. (string, default="")

  • SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL: The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details. (string, default="")
  • SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY: The OAuth2 key (Client ID) from your GitHub Enterprise developer application. (string, default="")
  • SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET: The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application. (string, default="")
  • SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL: The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details. (string, default="")

  • SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL: The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details. (string, default="")
  • SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY: The OAuth2 key (Client ID) from your GitHub Enterprise organization application. (string, default="")
  • SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET: The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application. (string, default="")
  • SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME: The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com/<yourorg>/. (string, default="")
  • SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL: The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details. (string, default="")

  • SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL: The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details. (string, default="")
  • SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY: The OAuth2 key (Client ID) from your GitHub Enterprise organization application. (string, default="")
  • SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET: The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application. (string, default="")
  • SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID: Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/. (string, default="")
  • SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)

  • SOCIAL_AUTH_AZUREAD_OAUTH2_KEY: The OAuth2 key (Client ID) from your Azure AD application. (string, default="")

  • SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET: The OAuth2 secret (Client Secret) from your Azure AD application. (string, default="")
  • SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)
  • SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)
  • SOCIAL_AUTH_OIDC_KEY: The OIDC key (Client ID) from your IDP. (string, default="")
  • SOCIAL_AUTH_OIDC_SECRET: The OIDC secret (Client Secret) from your IDP. (string, default="")
  • SOCIAL_AUTH_OIDC_OIDC_ENDPOINT: The URL for your OIDC provider including the path up to /.well-known/openid-configuration (string, default="")
  • SOCIAL_AUTH_OIDC_VERIFY_SSL: Verify the OIDC provider ssl certificate. (boolean, default=True)

  • SAML_AUTO_CREATE_OBJECTS: When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login. (boolean, default=True)

  • SOCIAL_AUTH_SAML_SP_ENTITY_ID: The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service. (string, default="")

  • SOCIAL_AUTH_SAML_SP_PUBLIC_CERT: Create a keypair to use as a service provider (SP) and include the certificate content here. (string, required)
  • SOCIAL_AUTH_SAML_SP_PRIVATE_KEY: Create a keypair to use as a service provider (SP) and include the private key content here. (string, required)
  • SOCIAL_AUTH_SAML_ORG_INFO: Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax. (nested object, required)
  • SOCIAL_AUTH_SAML_TECHNICAL_CONTACT: Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax. (nested object, required)
  • SOCIAL_AUTH_SAML_SUPPORT_CONTACT: Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax. (nested object, required)
  • SOCIAL_AUTH_SAML_ENABLED_IDPS: Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax. (nested object, default={})
  • SOCIAL_AUTH_SAML_SECURITY_CONFIG: A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings (nested object, default={&#x27;requestedAuthnContext&#x27;: False})
  • SOCIAL_AUTH_SAML_SP_EXTRA: A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting. (nested object, default=None)
  • SOCIAL_AUTH_SAML_EXTRA_DATA: A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value. (list, default=None)
  • SOCIAL_AUTH_SAML_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation. (nested object, default=None)
  • SOCIAL_AUTH_SAML_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation. (nested object, default=None)
  • SOCIAL_AUTH_SAML_ORGANIZATION_ATTR: Used to translate user organization membership. (nested object, default={})
  • SOCIAL_AUTH_SAML_TEAM_ATTR: Used to translate user team membership. (nested object, default={})
  • SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR: Used to map super users and system auditors from SAML. (nested object, default={})
  • LOCAL_PASSWORD_MIN_LENGTH: Minimum number of characters required in a local password. 0 means no minimum (integer, default=0)
  • LOCAL_PASSWORD_MIN_DIGITS: Minimum number of digit characters required in a local password. 0 means no minimum (integer, default=0)
  • LOCAL_PASSWORD_MIN_UPPER: Minimum number of uppercase characters required in a local password. 0 means no minimum (integer, default=0)
  • LOCAL_PASSWORD_MIN_SPECIAL: Minimum number of special characters required in a local password. 0 means no minimum (integer, default=0)

For a PUT request, include all fields in the request.

Request

Supported Media Types
Path Parameters
Body ()
Root Schema : SettingSingleton
Type: object
Show Source
  • Title: Enable Activity Stream
    Default Value: true
    Enable capturing activity for the activity stream.
  • Title: Enable Activity Stream for Inventory Sync
    Enable capturing activity for the activity stream when running inventory sync.
  • AD_HOC_COMMANDS
    List of modules allowed to be used by ad-hoc jobs.
  • Title: When can extra variables contain Jinja templates?
    Default Value: template
    Allowed Values: [ "always", "never", "template" ]
    Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to "template" or "never".
  • Title: Allow anonymous users to poll metrics
    If true, anonymous users are allowed to poll metrics.
  • Title: Allow External Users to Create OAuth2 Tokens
    For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.
  • Title: Per-Host Ansible Fact Cache Timeout
    Minimum Value: 0
    Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.
  • Title: Log Format For API 4XX Errors
    Minimum Length: 1
    Default Value: status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}
    The format of logged messages when an API 4XX error occurs, the following variables will be substituted: status_code - The HTTP status code of the error user_name - The user name attempting to use the API url_path - The URL path to the API endpoint called remote_addr - The remote address seen for the user error - The error set by the api endpoint Variables need to be in the format {}.
  • Title: Enable HTTP Basic Auth
    Default Value: true
    Enable HTTP Basic Auth for the API Browser.
  • Title: LDAP Bind DN
    DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
  • Title: LDAP Bind Password
    Password used to bind LDAP user account.
  • LDAP Connection Options
    Title: LDAP Connection Options
    Additional Properties Allowed: additionalProperties
    Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
  • Title: LDAP Deny Group
    Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
  • AUTH_LDAP_1_GROUP_SEARCH
    Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
  • Title: LDAP Group Type
    Default Value: MemberDNGroupType
    Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]
    The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
  • LDAP Group Type Parameters
    Title: LDAP Group Type Parameters
    Additional Properties Allowed: additionalProperties
    Key value parameters to send the chosen group type init method.
  • LDAP Organization Map
    Title: LDAP Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
  • Title: LDAP Require Group
    Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
  • Title: LDAP Server URI
    URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
  • Title: LDAP Start TLS
    Whether to enable TLS when the LDAP connection is not using SSL.
  • LDAP Team Map
    Title: LDAP Team Map
    Additional Properties Allowed: additionalProperties
    Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
  • LDAP User Attribute Map
    Title: LDAP User Attribute Map
    Additional Properties Allowed: additionalProperties
    Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
  • Title: LDAP User DN Template
    Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
  • LDAP User Flags By Group
    Title: LDAP User Flags By Group
    Additional Properties Allowed: additionalProperties
    Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
  • AUTH_LDAP_1_USER_SEARCH
    LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
  • Title: LDAP Bind DN
    DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
  • Title: LDAP Bind Password
    Password used to bind LDAP user account.
  • LDAP Connection Options
    Title: LDAP Connection Options
    Additional Properties Allowed: additionalProperties
    Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
  • Title: LDAP Deny Group
    Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
  • AUTH_LDAP_2_GROUP_SEARCH
    Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
  • Title: LDAP Group Type
    Default Value: MemberDNGroupType
    Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]
    The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
  • LDAP Group Type Parameters
    Title: LDAP Group Type Parameters
    Additional Properties Allowed: additionalProperties
    Key value parameters to send the chosen group type init method.
  • LDAP Organization Map
    Title: LDAP Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
  • Title: LDAP Require Group
    Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
  • Title: LDAP Server URI
    URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
  • Title: LDAP Start TLS
    Whether to enable TLS when the LDAP connection is not using SSL.
  • LDAP Team Map
    Title: LDAP Team Map
    Additional Properties Allowed: additionalProperties
    Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
  • LDAP User Attribute Map
    Title: LDAP User Attribute Map
    Additional Properties Allowed: additionalProperties
    Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
  • Title: LDAP User DN Template
    Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
  • LDAP User Flags By Group
    Title: LDAP User Flags By Group
    Additional Properties Allowed: additionalProperties
    Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
  • AUTH_LDAP_2_USER_SEARCH
    LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
  • Title: LDAP Bind DN
    DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
  • Title: LDAP Bind Password
    Password used to bind LDAP user account.
  • LDAP Connection Options
    Title: LDAP Connection Options
    Additional Properties Allowed: additionalProperties
    Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
  • Title: LDAP Deny Group
    Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
  • AUTH_LDAP_3_GROUP_SEARCH
    Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
  • Title: LDAP Group Type
    Default Value: MemberDNGroupType
    Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]
    The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
  • LDAP Group Type Parameters
    Title: LDAP Group Type Parameters
    Additional Properties Allowed: additionalProperties
    Key value parameters to send the chosen group type init method.
  • LDAP Organization Map
    Title: LDAP Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
  • Title: LDAP Require Group
    Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
  • Title: LDAP Server URI
    URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
  • Title: LDAP Start TLS
    Whether to enable TLS when the LDAP connection is not using SSL.
  • LDAP Team Map
    Title: LDAP Team Map
    Additional Properties Allowed: additionalProperties
    Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
  • LDAP User Attribute Map
    Title: LDAP User Attribute Map
    Additional Properties Allowed: additionalProperties
    Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
  • Title: LDAP User DN Template
    Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
  • LDAP User Flags By Group
    Title: LDAP User Flags By Group
    Additional Properties Allowed: additionalProperties
    Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
  • AUTH_LDAP_3_USER_SEARCH
    LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
  • Title: LDAP Bind DN
    DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
  • Title: LDAP Bind Password
    Password used to bind LDAP user account.
  • LDAP Connection Options
    Title: LDAP Connection Options
    Additional Properties Allowed: additionalProperties
    Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
  • Title: LDAP Deny Group
    Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
  • AUTH_LDAP_4_GROUP_SEARCH
    Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
  • Title: LDAP Group Type
    Default Value: MemberDNGroupType
    Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]
    The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
  • LDAP Group Type Parameters
    Title: LDAP Group Type Parameters
    Additional Properties Allowed: additionalProperties
    Key value parameters to send the chosen group type init method.
  • LDAP Organization Map
    Title: LDAP Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
  • Title: LDAP Require Group
    Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
  • Title: LDAP Server URI
    URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
  • Title: LDAP Start TLS
    Whether to enable TLS when the LDAP connection is not using SSL.
  • LDAP Team Map
    Title: LDAP Team Map
    Additional Properties Allowed: additionalProperties
    Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
  • LDAP User Attribute Map
    Title: LDAP User Attribute Map
    Additional Properties Allowed: additionalProperties
    Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
  • Title: LDAP User DN Template
    Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
  • LDAP User Flags By Group
    Title: LDAP User Flags By Group
    Additional Properties Allowed: additionalProperties
    Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
  • AUTH_LDAP_4_USER_SEARCH
    LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
  • Title: LDAP Bind DN
    DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
  • Title: LDAP Bind Password
    Password used to bind LDAP user account.
  • LDAP Connection Options
    Title: LDAP Connection Options
    Additional Properties Allowed: additionalProperties
    Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
  • Title: LDAP Deny Group
    Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
  • AUTH_LDAP_5_GROUP_SEARCH
    Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
  • Title: LDAP Group Type
    Default Value: MemberDNGroupType
    Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]
    The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
  • LDAP Group Type Parameters
    Title: LDAP Group Type Parameters
    Additional Properties Allowed: additionalProperties
    Key value parameters to send the chosen group type init method.
  • LDAP Organization Map
    Title: LDAP Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
  • Title: LDAP Require Group
    Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
  • Title: LDAP Server URI
    URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
  • Title: LDAP Start TLS
    Whether to enable TLS when the LDAP connection is not using SSL.
  • LDAP Team Map
    Title: LDAP Team Map
    Additional Properties Allowed: additionalProperties
    Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
  • LDAP User Attribute Map
    Title: LDAP User Attribute Map
    Additional Properties Allowed: additionalProperties
    Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
  • Title: LDAP User DN Template
    Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
  • LDAP User Flags By Group
    Title: LDAP User Flags By Group
    Additional Properties Allowed: additionalProperties
    Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
  • AUTH_LDAP_5_USER_SEARCH
    LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
  • Title: LDAP Bind DN
    DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
  • Title: LDAP Bind Password
    Password used to bind LDAP user account.
  • LDAP Connection Options
    Title: LDAP Connection Options
    Additional Properties Allowed: additionalProperties
    Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
  • Title: LDAP Deny Group
    Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
  • AUTH_LDAP_GROUP_SEARCH
    Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
  • Title: LDAP Group Type
    Default Value: MemberDNGroupType
    Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]
    The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
  • LDAP Group Type Parameters
    Title: LDAP Group Type Parameters
    Additional Properties Allowed: additionalProperties
    Key value parameters to send the chosen group type init method.
  • LDAP Organization Map
    Title: LDAP Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
  • Title: LDAP Require Group
    Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
  • Title: LDAP Server URI
    URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
  • Title: LDAP Start TLS
    Whether to enable TLS when the LDAP connection is not using SSL.
  • LDAP Team Map
    Title: LDAP Team Map
    Additional Properties Allowed: additionalProperties
    Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
  • LDAP User Attribute Map
    Title: LDAP User Attribute Map
    Additional Properties Allowed: additionalProperties
    Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
  • Title: LDAP User DN Template
    Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
  • LDAP User Flags By Group
    Title: LDAP User Flags By Group
    Additional Properties Allowed: additionalProperties
    Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
  • AUTH_LDAP_USER_SEARCH
    LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
  • AUTHENTICATION_BACKENDS
    Read Only: true
    List of authentication backends that are enabled based on license features and other authentication settings.
  • Title: Automation Analytics Gather Interval
    Minimum Value: 1800
    Default Value: 14400
    Interval (in seconds) between data gathering.
  • Title: Last gathered entries from the data collection service of Automation Analytics
  • Title: Last gather date for Automation Analytics.
  • Title: Automation Analytics upload URL
    Minimum Length: 1
    Default Value: https://example.com
    This setting is used to to configure the upload URL for data collection for Automation Analytics.
  • AWX_ANSIBLE_CALLBACK_PLUGINS
    List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.
  • Title: Enable or Disable tmp dir cleanup
    Default Value: true
    Enable or Disable TMP Dir cleanup
  • Title: Enable Collection(s) Download
    Default Value: true
    Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.
  • Title: Job execution path
    Minimum Length: 1
    Default Value: /tmp
    The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).
  • AWX_ISOLATION_SHOW_PATHS
    List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]].
  • Title: Expose host paths for Container Groups
    Expose paths via hostPath for the Pods created by a Container Group. HostPath volumes present many security risks, and it is a best practice to avoid the use of HostPaths when possible.
  • Title: Debug Web Requests
    Debug web request python timing
  • Title: Enable Role Download
    Default Value: true
    Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.
  • Title: K8S Ansible Runner Keep-Alive Message Interval
    Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open.
  • Extra Environment Variables
    Title: Extra Environment Variables
    Additional Properties Allowed: additionalProperties
    Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.
  • Title: Max number of hosts to allow to be created in a single bulk action
    Default Value: 100
    Max number of hosts to allow to be created in a single bulk action
  • Title: Max number of hosts to allow to be deleted in a single bulk action
    Default Value: 250
    Max number of hosts to allow to be deleted in a single bulk action
  • Title: Max jobs to allow bulk jobs to launch
    Default Value: 100
    Max jobs to allow bulk jobs to launch
  • Title: Last cleanup date for HostMetrics
  • CSRF_TRUSTED_ORIGINS
    If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values.
  • Title: Custom Login Info
    If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.
  • Title: Custom Logo
    To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.
  • CUSTOM_VENV_PATHS
    Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.
  • DEFAULT_CONTAINER_RUN_OPTIONS
    List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']
  • Title: The instance group where control plane tasks run
    Read Only: true
    Minimum Length: 1
    Default Value: controlplane
  • Title: Global default execution environment
    The Execution Environment to be used when one has not been configured for a job template.
  • Title: The instance group where user jobs run (currently only on non-VM installs)
    Read Only: true
    Minimum Length: 1
    Default Value: default
  • Title: Default Inventory Update Timeout
    Minimum Value: 0
    Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.
  • Title: Default Job Idle Timeout
    Minimum Value: 0
    If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed.
  • Title: Default Job Timeout
    Minimum Value: 0
    Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.
  • Title: Default Project Update Timeout
    Minimum Value: 0
    Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.
  • Title: Disable the built-in authentication system
    Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.
  • Title: Job Event Standard Output Maximum Display Size
    Minimum Value: 0
    Default Value: 1024
    Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `???` when truncated.
  • Title: Ignore Ansible Galaxy SSL Certificate Verification
    If set to true, certificate validation will not be done when installing content from any Galaxy server.
  • Environment Variables for Galaxy Commands
    Title: Environment Variables for Galaxy Commands
    Additional Properties Allowed: additionalProperties
    Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.
  • Title: Last computing date of HostMetricSummaryMonthly
  • Title: Gather data for Automation Analytics
    Enables the service to gather data on automation and send it to Automation Analytics.
  • Title: Unique identifier for an installation
    Read Only: true
    Minimum Length: 1
    Default Value: 00000000-0000-0000-0000-000000000000
  • Title: Is k8s
    Read Only: true
    Indicates whether the instance is part of a kubernetes-based deployment.
  • License
    Title: License
    Read Only: true
    Additional Properties Allowed: additionalProperties
    The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.
  • Title: Minimum number of digit characters in local password
    Minimum Value: 0
    Minimum number of digit characters required in a local password. 0 means no minimum
  • Title: Minimum number of characters in local password
    Minimum Value: 0
    Minimum number of characters required in a local password. 0 means no minimum
  • Title: Minimum number of special characters in local password
    Minimum Value: 0
    Minimum number of special characters required in a local password. 0 means no minimum
  • Title: Minimum number of uppercase characters in local password
    Minimum Value: 0
    Minimum number of uppercase characters required in a local password. 0 means no minimum
  • Title: Maximum disk persistence for rsyslogd action queuing (in GB)
    Minimum Value: 1
    Default Value: 1
    Amount of data to store (in gigabytes) if an rsyslog action takes time to process an incoming message (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting on the action (e.g. omhttp). It stores files in the directory specified by LOG_AGGREGATOR_MAX_DISK_USAGE_PATH.
  • Title: Maximum number of messages that can be stored in the log action queue
    Minimum Value: 1
    Default Value: 131072
    Defines how large the rsyslog action queue can grow in number of messages stored. This can have an impact on memory utilization. When the queue reaches 75% of this number, the queue will start writing to disk (queue.highWatermark in rsyslog). When it reaches 90%, NOTICE, INFO, and DEBUG messages will start to be discarded (queue.discardMark with queue.discardSeverity=5).
  • Title: Enable External Logging
    Enable sending logs to external log aggregator.
  • Title: Logging Aggregator
    Minimum Length: 1
    Hostname/IP where external logs will be sent to.
  • Title: Log System Tracking Facts Individually
    If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.
  • Title: Logging Aggregator Level Threshold
    Default Value: INFO
    Allowed Values: [ "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL" ]
    Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)
  • LOG_AGGREGATOR_LOGGERS
    List of loggers that will send HTTP logs to the collector, these can include any or all of: awx - service logs activity_stream - activity stream records job_events - callback data from Ansible job events system_tracking - facts gathered from scan jobs broadcast_websocket - errors pertaining to websockets broadcast metrics
  • Title: File system location for rsyslogd disk persistence
    Minimum Length: 1
    Default Value: /var/lib/awx
    Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.
  • Title: Logging Aggregator Password/Token
    Password or authentication token for external log aggregator (if required; HTTP/s only).
  • Title: Logging Aggregator Port
    Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).
  • Title: Logging Aggregator Protocol
    Default Value: https
    Allowed Values: [ "https", "tcp", "udp" ]
    Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.
  • Title: Enable rsyslogd debugging
    Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.
  • Title: TCP Connection Timeout
    Default Value: 5
    Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.
  • Title: Cluster-wide unique identifier.
    Useful to uniquely identify instances.
  • Title: Logging Aggregator Type
    Allowed Values: [ "logstash", "splunk", "loggly", "sumologic", "other" ]
    Format messages for the chosen log aggregator.
  • Title: Logging Aggregator Username
    Username for external log aggregator (if required; HTTP/s only).
  • Title: Enable/disable HTTPS certificate verification
    Default Value: true
    Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is "https". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.
  • Title: Login redirect override URL
    URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.
  • Title: Organization Admins Can Manage Users and Teams
    Default Value: true
    Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.
  • Title: Maximum number of forks per job
    Default Value: 200
    Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.
  • Title: Max Job Events Retrieved by UI
    Minimum Value: 100
    Default Value: 4000
    Maximum number of job events for the UI to retrieve within a single request.
  • Title: Job Event Maximum Websocket Messages Per Second
    Minimum Value: 0
    Default Value: 30
    Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.
  • OAuth 2 Timeout Settings
    Title: OAuth 2 Timeout Settings
    Additional Properties Allowed: additionalProperties
    Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.
  • Title: All Users Visible to Organization Admins
    Default Value: true
    Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.
  • Title: User Analytics Tracking State
    Read Only: true
    Default Value: off
    Allowed Values: [ "off", "anonymous", "detailed" ]
    Enable or Disable User Analytics Tracking.
  • Title: Run Project Updates With Higher Verbosity
    Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.
  • PROXY_IP_ALLOWED_LIST
    If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')
  • Title: RADIUS Port
    Minimum Value: 1
    Maximum Value: 65535
    Default Value: 1812
    Port of RADIUS server.
  • Title: RADIUS Secret
    Shared secret for authenticating to RADIUS server.
  • Title: RADIUS Server
    Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.
  • Title: Receptor no sig
    Read Only: true
    Default Value: true
    Indicates whether signatures for receptor work requests should be enforced.
  • Title: Release Receptor Work
    Default Value: true
    Release receptor work
  • Title: Red Hat customer password
    This password is used to send data to Automation Analytics
  • Title: Red Hat customer username
    This username is used to send data to Automation Analytics
  • REMOTE_HOST_HEADERS
    HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the AAP Installation guide for more details.
  • Title: Automatically Create Organizations and Teams on SAML Login
    Default Value: true
    When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.
  • Title: Maximum Scheduled Jobs
    Minimum Value: 1
    Default Value: 10
    Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.
  • Title: Maximum number of simultaneous logged in sessions
    Minimum Value: -1
    Default Value: -1
    Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.
  • Title: Azure AD OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/azuread-oauth2/
    Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
  • Title: Azure AD OAuth2 Key
    The OAuth2 key (Client ID) from your Azure AD application.
  • Azure AD OAuth2 Organization Map
    Title: Azure AD OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: Azure AD OAuth2 Secret
    The OAuth2 secret (Client Secret) from your Azure AD application.
  • Azure AD OAuth2 Team Map
    Title: Azure AD OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • Title: GitHub OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/github/
    Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
  • Title: GitHub Enterprise API URL
    The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
  • Title: GitHub Enterprise OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/github-enterprise/
    Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
  • Title: GitHub Enterprise OAuth2 Key
    The OAuth2 key (Client ID) from your GitHub Enterprise developer application.
  • Title: GitHub Enterprise Organization API URL
    The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
  • Title: GitHub Enterprise Organization OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/github-enterprise-org/
    Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
  • Title: GitHub Enterprise Organization OAuth2 Key
    The OAuth2 key (Client ID) from your GitHub Enterprise organization application.
  • Title: GitHub Enterprise Organization Name
    The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com//.
  • GitHub Enterprise Organization OAuth2 Organization Map
    Title: GitHub Enterprise Organization OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: GitHub Enterprise Organization OAuth2 Secret
    The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.
  • GitHub Enterprise Organization OAuth2 Team Map
    Title: GitHub Enterprise Organization OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • Title: GitHub Enterprise Organization URL
    The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
  • GitHub Enterprise OAuth2 Organization Map
    Title: GitHub Enterprise OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: GitHub Enterprise OAuth2 Secret
    The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.
  • Title: GitHub Enterprise Team API URL
    The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
  • Title: GitHub Enterprise Team OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/github-enterprise-team/
    Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.
  • Title: GitHub Enterprise Team ID
    Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.
  • Title: GitHub Enterprise Team OAuth2 Key
    The OAuth2 key (Client ID) from your GitHub Enterprise organization application.
  • GitHub Enterprise OAuth2 Team Map
    Title: GitHub Enterprise OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • GitHub Enterprise Team OAuth2 Organization Map
    Title: GitHub Enterprise Team OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: GitHub Enterprise Team OAuth2 Secret
    The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.
  • GitHub Enterprise Team OAuth2 Team Map
    Title: GitHub Enterprise Team OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • Title: GitHub Enterprise Team URL
    The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
  • Title: GitHub Enterprise URL
    The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
  • Title: GitHub OAuth2 Key
    The OAuth2 key (Client ID) from your GitHub developer application.
  • Title: GitHub Organization OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/github-org/
    Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
  • Title: GitHub Organization OAuth2 Key
    The OAuth2 key (Client ID) from your GitHub organization application.
  • Title: GitHub Organization Name
    The name of your GitHub organization, as used in your organization's URL: https://github.com//.
  • GitHub Organization OAuth2 Organization Map
    Title: GitHub Organization OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: GitHub Organization OAuth2 Secret
    The OAuth2 secret (Client Secret) from your GitHub organization application.
  • GitHub Organization OAuth2 Team Map
    Title: GitHub Organization OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • GitHub OAuth2 Organization Map
    Title: GitHub OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: GitHub OAuth2 Secret
    The OAuth2 secret (Client Secret) from your GitHub developer application.
  • Title: GitHub Team OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/github-team/
    Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.
  • Title: GitHub Team ID
    Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.
  • Title: GitHub Team OAuth2 Key
    The OAuth2 key (Client ID) from your GitHub organization application.
  • GitHub OAuth2 Team Map
    Title: GitHub OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • GitHub Team OAuth2 Organization Map
    Title: GitHub Team OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: GitHub Team OAuth2 Secret
    The OAuth2 secret (Client Secret) from your GitHub organization application.
  • GitHub Team OAuth2 Team Map
    Title: GitHub Team OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • Google OAuth2 Extra Arguments
    Title: Google OAuth2 Extra Arguments
    Additional Properties Allowed: additionalProperties
    Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.
  • Title: Google OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/google-oauth2/
    Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
  • Title: Google OAuth2 Key
    The OAuth2 key from your web application.
  • Google OAuth2 Organization Map
    Title: Google OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: Google OAuth2 Secret
    The OAuth2 secret from your web application.
  • Google OAuth2 Team Map
    Title: Google OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS
    Update this setting to restrict the domains who are allowed to login using Google OAuth2.
  • Title: OIDC Key
    Minimum Length: 1
    The OIDC key (Client ID) from your IDP.
  • Title: OIDC Provider URL
    The URL for your OIDC provider including the path up to /.well-known/openid-configuration
  • Title: OIDC Secret
    The OIDC secret (Client Secret) from your IDP.
  • Title: Verify OIDC Provider Certificate
    Default Value: true
    Verify the OIDC provider ssl certificate.
  • Social Auth Organization Map
    Title: Social Auth Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: SAML Assertion Consumer Service (ACS) URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/saml/
    Register the service as a service provider (SP) with each identity provider (IdP) you have configured. Provide your SP Entity ID and this ACS URL for your application.
  • SAML Enabled Identity Providers
    Title: SAML Enabled Identity Providers
    Additional Properties Allowed: additionalProperties
    Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.
  • SOCIAL_AUTH_SAML_EXTRA_DATA
    A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.
  • Title: SAML Service Provider Metadata URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/metadata/saml/
    If your identity provider (IdP) allows uploading an XML metadata file, you can download one from this URL.
  • SAML Service Provider Organization Info
    Title: SAML Service Provider Organization Info
    Additional Properties Allowed: additionalProperties
    Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.
  • SAML Organization Attribute Mapping
    Title: SAML Organization Attribute Mapping
    Additional Properties Allowed: additionalProperties
    Used to translate user organization membership.
  • SAML Organization Map
    Title: SAML Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • SAML Security Config
    Title: SAML Security Config
    Additional Properties Allowed: additionalProperties
    A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings
  • Title: SAML Service Provider Entity ID
    The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.
  • SAML Service Provider extra configuration data
    Title: SAML Service Provider extra configuration data
    Additional Properties Allowed: additionalProperties
    A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.
  • Title: SAML Service Provider Private Key
    Create a keypair to use as a service provider (SP) and include the private key content here.
  • Title: SAML Service Provider Public Certificate
    Create a keypair to use as a service provider (SP) and include the certificate content here.
  • SAML Service Provider Support Contact
    Title: SAML Service Provider Support Contact
    Additional Properties Allowed: additionalProperties
    Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.
  • SAML Team Attribute Mapping
    Title: SAML Team Attribute Mapping
    Additional Properties Allowed: additionalProperties
    Used to translate user team membership.
  • SAML Team Map
    Title: SAML Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • SAML Service Provider Technical Contact
    Title: SAML Service Provider Technical Contact
    Additional Properties Allowed: additionalProperties
    Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.
  • SAML User Flags Attribute Mapping
    Title: SAML User Flags Attribute Mapping
    Additional Properties Allowed: additionalProperties
    Used to map super users and system auditors from SAML.
  • Social Auth Team Map
    Title: Social Auth Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • SOCIAL_AUTH_USER_FIELDS
    When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.
  • Title: Use Email address for usernames
    Enabling this setting will tell social auth to use the full Email as username instead of the full name
  • Title: Standard Output Maximum Display Size
    Minimum Value: 0
    Default Value: 1048576
    Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.
  • Title: Defines subscription usage model and shows Host Metrics
    Allowed Values: [ "", "unique_managed_hosts" ]
  • Title: Red Hat or Satellite password
    This password is used to retrieve subscription and content information
  • Title: Red Hat or Satellite username
    This username is used to retrieve subscription and content information
  • Title: TACACS+ Authentication Protocol
    Default Value: ascii
    Allowed Values: [ "ascii", "pap" ]
    Choose the authentication protocol used by TACACS+ client.
  • Title: TACACS+ Server
    Hostname of TACACS+ server.
  • Title: TACACS+ Port
    Minimum Value: 1
    Maximum Value: 65535
    Default Value: 49
    Port number of TACACS+ server.
  • Title: TACACS+ client address sending enabled
    Enable the client address sending by TACACS+ client.
  • Title: TACACS+ Secret
    Shared secret for authenticating to TACACS+ server.
  • Title: TACACS+ Auth Session Timeout
    Minimum Value: 0
    Default Value: 5
    TACACS+ session timeout value in seconds, 0 disables timeout.
  • Title: Base URL of the service
    Minimum Length: 1
    Default Value: https://olamhost
    This setting is used by services like notifications to render a valid url to the service.
  • Title: Enable Live Updates in the UI
    Default Value: true
    If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.
  • Title: Enable Preview of New User Interface
    Enable preview of new user interface.
Nested Schema : AD_HOC_COMMANDS
Type: array
List of modules allowed to be used by ad-hoc jobs.
Default Value: [ "command", "shell", "yum", "apt", "apt_key", "apt_repository", "apt_rpm", "service", "group", "user", "mount", "ping", "selinux", "setup", "win_ping", "win_service", "win_updates", "win_group", "win_user" ]
Show Source
Nested Schema : LDAP Connection Options
Type: object
Title: LDAP Connection Options
Additional Properties Allowed
Show Source
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Default Value: { "OPT_NETWORK_TIMEOUT":"30", "OPT_REFERRALS":"0" }
Nested Schema : LDAP Group Type Parameters
Type: object
Title: LDAP Group Type Parameters
Additional Properties Allowed
Show Source
Key value parameters to send the chosen group type init method.
Default Value: { "member_attr":"member", "name_attr":"cn" }
Nested Schema : LDAP Organization Map
Type: object
Title: LDAP Organization Map
Additional Properties Allowed
Show Source
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
Nested Schema : LDAP Team Map
Type: object
Title: LDAP Team Map
Additional Properties Allowed
Show Source
Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
Nested Schema : LDAP User Attribute Map
Type: object
Title: LDAP User Attribute Map
Additional Properties Allowed
Show Source
Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
Nested Schema : LDAP User Flags By Group
Type: object
Title: LDAP User Flags By Group
Additional Properties Allowed
Show Source
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
Nested Schema : LDAP Connection Options
Type: object
Title: LDAP Connection Options
Additional Properties Allowed
Show Source
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Default Value: { "OPT_NETWORK_TIMEOUT":"30", "OPT_REFERRALS":"0" }
Nested Schema : LDAP Group Type Parameters
Type: object
Title: LDAP Group Type Parameters
Additional Properties Allowed
Show Source
Key value parameters to send the chosen group type init method.
Default Value: { "member_attr":"member", "name_attr":"cn" }
Nested Schema : LDAP Organization Map
Type: object
Title: LDAP Organization Map
Additional Properties Allowed
Show Source
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
Nested Schema : LDAP Team Map
Type: object
Title: LDAP Team Map
Additional Properties Allowed
Show Source
Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
Nested Schema : LDAP User Attribute Map
Type: object
Title: LDAP User Attribute Map
Additional Properties Allowed
Show Source
Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
Nested Schema : LDAP User Flags By Group
Type: object
Title: LDAP User Flags By Group
Additional Properties Allowed
Show Source
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
Nested Schema : LDAP Connection Options
Type: object
Title: LDAP Connection Options
Additional Properties Allowed
Show Source
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Default Value: { "OPT_NETWORK_TIMEOUT":"30", "OPT_REFERRALS":"0" }
Nested Schema : LDAP Group Type Parameters
Type: object
Title: LDAP Group Type Parameters
Additional Properties Allowed
Show Source
Key value parameters to send the chosen group type init method.
Default Value: { "member_attr":"member", "name_attr":"cn" }
Nested Schema : LDAP Organization Map
Type: object
Title: LDAP Organization Map
Additional Properties Allowed
Show Source
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
Nested Schema : LDAP Team Map
Type: object
Title: LDAP Team Map
Additional Properties Allowed
Show Source
Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
Nested Schema : LDAP User Attribute Map
Type: object
Title: LDAP User Attribute Map
Additional Properties Allowed
Show Source
Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
Nested Schema : LDAP User Flags By Group
Type: object
Title: LDAP User Flags By Group
Additional Properties Allowed
Show Source
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
Nested Schema : LDAP Connection Options
Type: object
Title: LDAP Connection Options
Additional Properties Allowed
Show Source
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Default Value: { "OPT_NETWORK_TIMEOUT":"30", "OPT_REFERRALS":"0" }
Nested Schema : LDAP Group Type Parameters
Type: object
Title: LDAP Group Type Parameters
Additional Properties Allowed
Show Source
Key value parameters to send the chosen group type init method.
Default Value: { "member_attr":"member", "name_attr":"cn" }
Nested Schema : LDAP Organization Map
Type: object
Title: LDAP Organization Map
Additional Properties Allowed
Show Source
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
Nested Schema : LDAP Team Map
Type: object
Title: LDAP Team Map
Additional Properties Allowed
Show Source
Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
Nested Schema : LDAP User Attribute Map
Type: object
Title: LDAP User Attribute Map
Additional Properties Allowed
Show Source
Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
Nested Schema : LDAP User Flags By Group
Type: object
Title: LDAP User Flags By Group
Additional Properties Allowed
Show Source
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
Nested Schema : LDAP Connection Options
Type: object
Title: LDAP Connection Options
Additional Properties Allowed
Show Source
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Default Value: { "OPT_NETWORK_TIMEOUT":"30", "OPT_REFERRALS":"0" }
Nested Schema : LDAP Group Type Parameters
Type: object
Title: LDAP Group Type Parameters
Additional Properties Allowed
Show Source
Key value parameters to send the chosen group type init method.
Default Value: { "member_attr":"member", "name_attr":"cn" }
Nested Schema : LDAP Organization Map
Type: object
Title: LDAP Organization Map
Additional Properties Allowed
Show Source
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
Nested Schema : LDAP Team Map
Type: object
Title: LDAP Team Map
Additional Properties Allowed
Show Source
Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
Nested Schema : LDAP User Attribute Map
Type: object
Title: LDAP User Attribute Map
Additional Properties Allowed
Show Source
Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
Nested Schema : LDAP User Flags By Group
Type: object
Title: LDAP User Flags By Group
Additional Properties Allowed
Show Source
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
Nested Schema : LDAP Connection Options
Type: object
Title: LDAP Connection Options
Additional Properties Allowed
Show Source
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Default Value: { "OPT_NETWORK_TIMEOUT":"30", "OPT_REFERRALS":"0" }
Nested Schema : LDAP Group Type Parameters
Type: object
Title: LDAP Group Type Parameters
Additional Properties Allowed
Show Source
Key value parameters to send the chosen group type init method.
Default Value: { "member_attr":"member", "name_attr":"cn" }
Nested Schema : LDAP Organization Map
Type: object
Title: LDAP Organization Map
Additional Properties Allowed
Show Source
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
Nested Schema : LDAP Team Map
Type: object
Title: LDAP Team Map
Additional Properties Allowed
Show Source
Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
Nested Schema : LDAP User Attribute Map
Type: object
Title: LDAP User Attribute Map
Additional Properties Allowed
Show Source
Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
Nested Schema : LDAP User Flags By Group
Type: object
Title: LDAP User Flags By Group
Additional Properties Allowed
Show Source
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
Nested Schema : AUTHENTICATION_BACKENDS
Type: array
Read Only: true
List of authentication backends that are enabled based on license features and other authentication settings.
Default Value: [ "awx.sso.backends.TACACSPlusBackend", "awx.main.backends.AWXModelBackend" ]
Show Source
Nested Schema : AWX_ANSIBLE_CALLBACK_PLUGINS
Type: array
List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.
Show Source
Nested Schema : AWX_ISOLATION_SHOW_PATHS
Type: array
List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]].
Show Source
Nested Schema : Extra Environment Variables
Type: object
Title: Extra Environment Variables
Additional Properties Allowed
Show Source
Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.
Nested Schema : CSRF_TRUSTED_ORIGINS
Type: array
If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values.
Show Source
Nested Schema : CUSTOM_VENV_PATHS
Type: array
Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.
Show Source
Nested Schema : DEFAULT_CONTAINER_RUN_OPTIONS
Type: array
List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']
Default Value: [ "--network", "slirp4netns:enable_ipv6=true" ]
Show Source
Nested Schema : Environment Variables for Galaxy Commands
Type: object
Title: Environment Variables for Galaxy Commands
Additional Properties Allowed
Show Source
Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.
Default Value: { "ANSIBLE_FORCE_COLOR":"false", "GIT_SSH_COMMAND":"ssh -o StrictHostKeyChecking=no" }
Nested Schema : License
Type: object
Title: License
Read Only: true
Additional Properties Allowed
Show Source
The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.
Nested Schema : LOG_AGGREGATOR_LOGGERS
Type: array
List of loggers that will send HTTP logs to the collector, these can include any or all of: awx - service logs activity_stream - activity stream records job_events - callback data from Ansible job events system_tracking - facts gathered from scan jobs broadcast_websocket - errors pertaining to websockets broadcast metrics
Default Value: [ "awx", "activity_stream", "job_events", "system_tracking", "broadcast_websocket" ]
Show Source
Nested Schema : OAuth 2 Timeout Settings
Type: object
Title: OAuth 2 Timeout Settings
Additional Properties Allowed
Show Source
Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.
Default Value: { "ACCESS_TOKEN_EXPIRE_SECONDS":"31536000000", "AUTHORIZATION_CODE_EXPIRE_SECONDS":"600", "REFRESH_TOKEN_EXPIRE_SECONDS":"2628000" }
Nested Schema : PROXY_IP_ALLOWED_LIST
Type: array
If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')
Show Source
Nested Schema : REMOTE_HOST_HEADERS
Type: array
HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the AAP Installation guide for more details.
Default Value: [ "REMOTE_ADDR", "REMOTE_HOST" ]
Show Source
Nested Schema : Azure AD OAuth2 Organization Map
Type: object
Title: Azure AD OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : Azure AD OAuth2 Team Map
Type: object
Title: Azure AD OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : GitHub Enterprise Organization OAuth2 Organization Map
Type: object
Title: GitHub Enterprise Organization OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : GitHub Enterprise Organization OAuth2 Team Map
Type: object
Title: GitHub Enterprise Organization OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : GitHub Enterprise OAuth2 Organization Map
Type: object
Title: GitHub Enterprise OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : GitHub Enterprise OAuth2 Team Map
Type: object
Title: GitHub Enterprise OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : GitHub Enterprise Team OAuth2 Organization Map
Type: object
Title: GitHub Enterprise Team OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : GitHub Enterprise Team OAuth2 Team Map
Type: object
Title: GitHub Enterprise Team OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : GitHub Organization OAuth2 Organization Map
Type: object
Title: GitHub Organization OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : GitHub Organization OAuth2 Team Map
Type: object
Title: GitHub Organization OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : GitHub OAuth2 Organization Map
Type: object
Title: GitHub OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : GitHub OAuth2 Team Map
Type: object
Title: GitHub OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : GitHub Team OAuth2 Organization Map
Type: object
Title: GitHub Team OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : GitHub Team OAuth2 Team Map
Type: object
Title: GitHub Team OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : Google OAuth2 Extra Arguments
Type: object
Title: Google OAuth2 Extra Arguments
Additional Properties Allowed
Show Source
Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.
Nested Schema : Google OAuth2 Organization Map
Type: object
Title: Google OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : Google OAuth2 Team Map
Type: object
Title: Google OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS
Type: array
Update this setting to restrict the domains who are allowed to login using Google OAuth2.
Show Source
Nested Schema : Social Auth Organization Map
Type: object
Title: Social Auth Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : SAML Enabled Identity Providers
Type: object
Title: SAML Enabled Identity Providers
Additional Properties Allowed
Show Source
Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.
Nested Schema : SOCIAL_AUTH_SAML_EXTRA_DATA
Type: array
A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.
Show Source
Nested Schema : SAML Service Provider Organization Info
Type: object
Title: SAML Service Provider Organization Info
Additional Properties Allowed
Show Source
Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.
Nested Schema : SAML Organization Attribute Mapping
Type: object
Title: SAML Organization Attribute Mapping
Additional Properties Allowed
Show Source
Used to translate user organization membership.
Nested Schema : SAML Organization Map
Type: object
Title: SAML Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : SAML Security Config
Type: object
Title: SAML Security Config
Additional Properties Allowed
Show Source
A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings
Default Value: { "requestedAuthnContext":false }
Nested Schema : SAML Service Provider extra configuration data
Type: object
Title: SAML Service Provider extra configuration data
Additional Properties Allowed
Show Source
A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.
Nested Schema : SAML Service Provider Support Contact
Type: object
Title: SAML Service Provider Support Contact
Additional Properties Allowed
Show Source
Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.
Nested Schema : SAML Team Attribute Mapping
Type: object
Title: SAML Team Attribute Mapping
Additional Properties Allowed
Show Source
Used to translate user team membership.
Nested Schema : SAML Team Map
Type: object
Title: SAML Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : SAML Service Provider Technical Contact
Type: object
Title: SAML Service Provider Technical Contact
Additional Properties Allowed
Show Source
Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.
Nested Schema : SAML User Flags Attribute Mapping
Type: object
Title: SAML User Flags Attribute Mapping
Additional Properties Allowed
Show Source
Used to map super users and system auditors from SAML.
Nested Schema : Social Auth Team Map
Type: object
Title: Social Auth Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : SOCIAL_AUTH_USER_FIELDS
Type: array
When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: array
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: array
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: array
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: array
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: array
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: array
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Back to Top

Response

Supported Media Types

200 Response

Body ()
Root Schema : SettingSingleton
Type: object
Show Source
  • Title: Enable Activity Stream
    Default Value: true
    Enable capturing activity for the activity stream.
  • Title: Enable Activity Stream for Inventory Sync
    Enable capturing activity for the activity stream when running inventory sync.
  • AD_HOC_COMMANDS
    List of modules allowed to be used by ad-hoc jobs.
  • Title: When can extra variables contain Jinja templates?
    Default Value: template
    Allowed Values: [ "always", "never", "template" ]
    Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to "template" or "never".
  • Title: Allow anonymous users to poll metrics
    If true, anonymous users are allowed to poll metrics.
  • Title: Allow External Users to Create OAuth2 Tokens
    For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.
  • Title: Per-Host Ansible Fact Cache Timeout
    Minimum Value: 0
    Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.
  • Title: Log Format For API 4XX Errors
    Minimum Length: 1
    Default Value: status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}
    The format of logged messages when an API 4XX error occurs, the following variables will be substituted: status_code - The HTTP status code of the error user_name - The user name attempting to use the API url_path - The URL path to the API endpoint called remote_addr - The remote address seen for the user error - The error set by the api endpoint Variables need to be in the format {}.
  • Title: Enable HTTP Basic Auth
    Default Value: true
    Enable HTTP Basic Auth for the API Browser.
  • Title: LDAP Bind DN
    DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
  • Title: LDAP Bind Password
    Password used to bind LDAP user account.
  • LDAP Connection Options
    Title: LDAP Connection Options
    Additional Properties Allowed: additionalProperties
    Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
  • Title: LDAP Deny Group
    Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
  • AUTH_LDAP_1_GROUP_SEARCH
    Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
  • Title: LDAP Group Type
    Default Value: MemberDNGroupType
    Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]
    The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
  • LDAP Group Type Parameters
    Title: LDAP Group Type Parameters
    Additional Properties Allowed: additionalProperties
    Key value parameters to send the chosen group type init method.
  • LDAP Organization Map
    Title: LDAP Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
  • Title: LDAP Require Group
    Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
  • Title: LDAP Server URI
    URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
  • Title: LDAP Start TLS
    Whether to enable TLS when the LDAP connection is not using SSL.
  • LDAP Team Map
    Title: LDAP Team Map
    Additional Properties Allowed: additionalProperties
    Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
  • LDAP User Attribute Map
    Title: LDAP User Attribute Map
    Additional Properties Allowed: additionalProperties
    Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
  • Title: LDAP User DN Template
    Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
  • LDAP User Flags By Group
    Title: LDAP User Flags By Group
    Additional Properties Allowed: additionalProperties
    Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
  • AUTH_LDAP_1_USER_SEARCH
    LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
  • Title: LDAP Bind DN
    DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
  • Title: LDAP Bind Password
    Password used to bind LDAP user account.
  • LDAP Connection Options
    Title: LDAP Connection Options
    Additional Properties Allowed: additionalProperties
    Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
  • Title: LDAP Deny Group
    Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
  • AUTH_LDAP_2_GROUP_SEARCH
    Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
  • Title: LDAP Group Type
    Default Value: MemberDNGroupType
    Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]
    The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
  • LDAP Group Type Parameters
    Title: LDAP Group Type Parameters
    Additional Properties Allowed: additionalProperties
    Key value parameters to send the chosen group type init method.
  • LDAP Organization Map
    Title: LDAP Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
  • Title: LDAP Require Group
    Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
  • Title: LDAP Server URI
    URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
  • Title: LDAP Start TLS
    Whether to enable TLS when the LDAP connection is not using SSL.
  • LDAP Team Map
    Title: LDAP Team Map
    Additional Properties Allowed: additionalProperties
    Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
  • LDAP User Attribute Map
    Title: LDAP User Attribute Map
    Additional Properties Allowed: additionalProperties
    Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
  • Title: LDAP User DN Template
    Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
  • LDAP User Flags By Group
    Title: LDAP User Flags By Group
    Additional Properties Allowed: additionalProperties
    Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
  • AUTH_LDAP_2_USER_SEARCH
    LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
  • Title: LDAP Bind DN
    DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
  • Title: LDAP Bind Password
    Password used to bind LDAP user account.
  • LDAP Connection Options
    Title: LDAP Connection Options
    Additional Properties Allowed: additionalProperties
    Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
  • Title: LDAP Deny Group
    Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
  • AUTH_LDAP_3_GROUP_SEARCH
    Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
  • Title: LDAP Group Type
    Default Value: MemberDNGroupType
    Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]
    The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
  • LDAP Group Type Parameters
    Title: LDAP Group Type Parameters
    Additional Properties Allowed: additionalProperties
    Key value parameters to send the chosen group type init method.
  • LDAP Organization Map
    Title: LDAP Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
  • Title: LDAP Require Group
    Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
  • Title: LDAP Server URI
    URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
  • Title: LDAP Start TLS
    Whether to enable TLS when the LDAP connection is not using SSL.
  • LDAP Team Map
    Title: LDAP Team Map
    Additional Properties Allowed: additionalProperties
    Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
  • LDAP User Attribute Map
    Title: LDAP User Attribute Map
    Additional Properties Allowed: additionalProperties
    Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
  • Title: LDAP User DN Template
    Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
  • LDAP User Flags By Group
    Title: LDAP User Flags By Group
    Additional Properties Allowed: additionalProperties
    Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
  • AUTH_LDAP_3_USER_SEARCH
    LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
  • Title: LDAP Bind DN
    DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
  • Title: LDAP Bind Password
    Password used to bind LDAP user account.
  • LDAP Connection Options
    Title: LDAP Connection Options
    Additional Properties Allowed: additionalProperties
    Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
  • Title: LDAP Deny Group
    Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
  • AUTH_LDAP_4_GROUP_SEARCH
    Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
  • Title: LDAP Group Type
    Default Value: MemberDNGroupType
    Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]
    The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
  • LDAP Group Type Parameters
    Title: LDAP Group Type Parameters
    Additional Properties Allowed: additionalProperties
    Key value parameters to send the chosen group type init method.
  • LDAP Organization Map
    Title: LDAP Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
  • Title: LDAP Require Group
    Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
  • Title: LDAP Server URI
    URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
  • Title: LDAP Start TLS
    Whether to enable TLS when the LDAP connection is not using SSL.
  • LDAP Team Map
    Title: LDAP Team Map
    Additional Properties Allowed: additionalProperties
    Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
  • LDAP User Attribute Map
    Title: LDAP User Attribute Map
    Additional Properties Allowed: additionalProperties
    Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
  • Title: LDAP User DN Template
    Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
  • LDAP User Flags By Group
    Title: LDAP User Flags By Group
    Additional Properties Allowed: additionalProperties
    Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
  • AUTH_LDAP_4_USER_SEARCH
    LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
  • Title: LDAP Bind DN
    DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
  • Title: LDAP Bind Password
    Password used to bind LDAP user account.
  • LDAP Connection Options
    Title: LDAP Connection Options
    Additional Properties Allowed: additionalProperties
    Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
  • Title: LDAP Deny Group
    Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
  • AUTH_LDAP_5_GROUP_SEARCH
    Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
  • Title: LDAP Group Type
    Default Value: MemberDNGroupType
    Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]
    The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
  • LDAP Group Type Parameters
    Title: LDAP Group Type Parameters
    Additional Properties Allowed: additionalProperties
    Key value parameters to send the chosen group type init method.
  • LDAP Organization Map
    Title: LDAP Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
  • Title: LDAP Require Group
    Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
  • Title: LDAP Server URI
    URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
  • Title: LDAP Start TLS
    Whether to enable TLS when the LDAP connection is not using SSL.
  • LDAP Team Map
    Title: LDAP Team Map
    Additional Properties Allowed: additionalProperties
    Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
  • LDAP User Attribute Map
    Title: LDAP User Attribute Map
    Additional Properties Allowed: additionalProperties
    Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
  • Title: LDAP User DN Template
    Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
  • LDAP User Flags By Group
    Title: LDAP User Flags By Group
    Additional Properties Allowed: additionalProperties
    Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
  • AUTH_LDAP_5_USER_SEARCH
    LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
  • Title: LDAP Bind DN
    DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
  • Title: LDAP Bind Password
    Password used to bind LDAP user account.
  • LDAP Connection Options
    Title: LDAP Connection Options
    Additional Properties Allowed: additionalProperties
    Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
  • Title: LDAP Deny Group
    Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
  • AUTH_LDAP_GROUP_SEARCH
    Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
  • Title: LDAP Group Type
    Default Value: MemberDNGroupType
    Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]
    The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
  • LDAP Group Type Parameters
    Title: LDAP Group Type Parameters
    Additional Properties Allowed: additionalProperties
    Key value parameters to send the chosen group type init method.
  • LDAP Organization Map
    Title: LDAP Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
  • Title: LDAP Require Group
    Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
  • Title: LDAP Server URI
    URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
  • Title: LDAP Start TLS
    Whether to enable TLS when the LDAP connection is not using SSL.
  • LDAP Team Map
    Title: LDAP Team Map
    Additional Properties Allowed: additionalProperties
    Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
  • LDAP User Attribute Map
    Title: LDAP User Attribute Map
    Additional Properties Allowed: additionalProperties
    Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
  • Title: LDAP User DN Template
    Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
  • LDAP User Flags By Group
    Title: LDAP User Flags By Group
    Additional Properties Allowed: additionalProperties
    Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
  • AUTH_LDAP_USER_SEARCH
    LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
  • AUTHENTICATION_BACKENDS
    Read Only: true
    List of authentication backends that are enabled based on license features and other authentication settings.
  • Title: Automation Analytics Gather Interval
    Minimum Value: 1800
    Default Value: 14400
    Interval (in seconds) between data gathering.
  • Title: Last gathered entries from the data collection service of Automation Analytics
  • Title: Last gather date for Automation Analytics.
  • Title: Automation Analytics upload URL
    Minimum Length: 1
    Default Value: https://example.com
    This setting is used to to configure the upload URL for data collection for Automation Analytics.
  • AWX_ANSIBLE_CALLBACK_PLUGINS
    List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.
  • Title: Enable or Disable tmp dir cleanup
    Default Value: true
    Enable or Disable TMP Dir cleanup
  • Title: Enable Collection(s) Download
    Default Value: true
    Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.
  • Title: Job execution path
    Minimum Length: 1
    Default Value: /tmp
    The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).
  • AWX_ISOLATION_SHOW_PATHS
    List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]].
  • Title: Expose host paths for Container Groups
    Expose paths via hostPath for the Pods created by a Container Group. HostPath volumes present many security risks, and it is a best practice to avoid the use of HostPaths when possible.
  • Title: Debug Web Requests
    Debug web request python timing
  • Title: Enable Role Download
    Default Value: true
    Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.
  • Title: K8S Ansible Runner Keep-Alive Message Interval
    Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open.
  • Extra Environment Variables
    Title: Extra Environment Variables
    Additional Properties Allowed: additionalProperties
    Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.
  • Title: Max number of hosts to allow to be created in a single bulk action
    Default Value: 100
    Max number of hosts to allow to be created in a single bulk action
  • Title: Max number of hosts to allow to be deleted in a single bulk action
    Default Value: 250
    Max number of hosts to allow to be deleted in a single bulk action
  • Title: Max jobs to allow bulk jobs to launch
    Default Value: 100
    Max jobs to allow bulk jobs to launch
  • Title: Last cleanup date for HostMetrics
  • CSRF_TRUSTED_ORIGINS
    If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values.
  • Title: Custom Login Info
    If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.
  • Title: Custom Logo
    To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.
  • CUSTOM_VENV_PATHS
    Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.
  • DEFAULT_CONTAINER_RUN_OPTIONS
    List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']
  • Title: The instance group where control plane tasks run
    Read Only: true
    Minimum Length: 1
    Default Value: controlplane
  • Title: Global default execution environment
    The Execution Environment to be used when one has not been configured for a job template.
  • Title: The instance group where user jobs run (currently only on non-VM installs)
    Read Only: true
    Minimum Length: 1
    Default Value: default
  • Title: Default Inventory Update Timeout
    Minimum Value: 0
    Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.
  • Title: Default Job Idle Timeout
    Minimum Value: 0
    If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed.
  • Title: Default Job Timeout
    Minimum Value: 0
    Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.
  • Title: Default Project Update Timeout
    Minimum Value: 0
    Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.
  • Title: Disable the built-in authentication system
    Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.
  • Title: Job Event Standard Output Maximum Display Size
    Minimum Value: 0
    Default Value: 1024
    Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `???` when truncated.
  • Title: Ignore Ansible Galaxy SSL Certificate Verification
    If set to true, certificate validation will not be done when installing content from any Galaxy server.
  • Environment Variables for Galaxy Commands
    Title: Environment Variables for Galaxy Commands
    Additional Properties Allowed: additionalProperties
    Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.
  • Title: Last computing date of HostMetricSummaryMonthly
  • Title: Gather data for Automation Analytics
    Enables the service to gather data on automation and send it to Automation Analytics.
  • Title: Unique identifier for an installation
    Read Only: true
    Minimum Length: 1
    Default Value: 00000000-0000-0000-0000-000000000000
  • Title: Is k8s
    Read Only: true
    Indicates whether the instance is part of a kubernetes-based deployment.
  • License
    Title: License
    Read Only: true
    Additional Properties Allowed: additionalProperties
    The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.
  • Title: Minimum number of digit characters in local password
    Minimum Value: 0
    Minimum number of digit characters required in a local password. 0 means no minimum
  • Title: Minimum number of characters in local password
    Minimum Value: 0
    Minimum number of characters required in a local password. 0 means no minimum
  • Title: Minimum number of special characters in local password
    Minimum Value: 0
    Minimum number of special characters required in a local password. 0 means no minimum
  • Title: Minimum number of uppercase characters in local password
    Minimum Value: 0
    Minimum number of uppercase characters required in a local password. 0 means no minimum
  • Title: Maximum disk persistence for rsyslogd action queuing (in GB)
    Minimum Value: 1
    Default Value: 1
    Amount of data to store (in gigabytes) if an rsyslog action takes time to process an incoming message (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting on the action (e.g. omhttp). It stores files in the directory specified by LOG_AGGREGATOR_MAX_DISK_USAGE_PATH.
  • Title: Maximum number of messages that can be stored in the log action queue
    Minimum Value: 1
    Default Value: 131072
    Defines how large the rsyslog action queue can grow in number of messages stored. This can have an impact on memory utilization. When the queue reaches 75% of this number, the queue will start writing to disk (queue.highWatermark in rsyslog). When it reaches 90%, NOTICE, INFO, and DEBUG messages will start to be discarded (queue.discardMark with queue.discardSeverity=5).
  • Title: Enable External Logging
    Enable sending logs to external log aggregator.
  • Title: Logging Aggregator
    Minimum Length: 1
    Hostname/IP where external logs will be sent to.
  • Title: Log System Tracking Facts Individually
    If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.
  • Title: Logging Aggregator Level Threshold
    Default Value: INFO
    Allowed Values: [ "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL" ]
    Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)
  • LOG_AGGREGATOR_LOGGERS
    List of loggers that will send HTTP logs to the collector, these can include any or all of: awx - service logs activity_stream - activity stream records job_events - callback data from Ansible job events system_tracking - facts gathered from scan jobs broadcast_websocket - errors pertaining to websockets broadcast metrics
  • Title: File system location for rsyslogd disk persistence
    Minimum Length: 1
    Default Value: /var/lib/awx
    Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.
  • Title: Logging Aggregator Password/Token
    Password or authentication token for external log aggregator (if required; HTTP/s only).
  • Title: Logging Aggregator Port
    Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).
  • Title: Logging Aggregator Protocol
    Default Value: https
    Allowed Values: [ "https", "tcp", "udp" ]
    Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.
  • Title: Enable rsyslogd debugging
    Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.
  • Title: TCP Connection Timeout
    Default Value: 5
    Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.
  • Title: Cluster-wide unique identifier.
    Useful to uniquely identify instances.
  • Title: Logging Aggregator Type
    Allowed Values: [ "logstash", "splunk", "loggly", "sumologic", "other" ]
    Format messages for the chosen log aggregator.
  • Title: Logging Aggregator Username
    Username for external log aggregator (if required; HTTP/s only).
  • Title: Enable/disable HTTPS certificate verification
    Default Value: true
    Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is "https". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.
  • Title: Login redirect override URL
    URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.
  • Title: Organization Admins Can Manage Users and Teams
    Default Value: true
    Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.
  • Title: Maximum number of forks per job
    Default Value: 200
    Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.
  • Title: Max Job Events Retrieved by UI
    Minimum Value: 100
    Default Value: 4000
    Maximum number of job events for the UI to retrieve within a single request.
  • Title: Job Event Maximum Websocket Messages Per Second
    Minimum Value: 0
    Default Value: 30
    Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.
  • OAuth 2 Timeout Settings
    Title: OAuth 2 Timeout Settings
    Additional Properties Allowed: additionalProperties
    Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.
  • Title: All Users Visible to Organization Admins
    Default Value: true
    Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.
  • Title: User Analytics Tracking State
    Read Only: true
    Default Value: off
    Allowed Values: [ "off", "anonymous", "detailed" ]
    Enable or Disable User Analytics Tracking.
  • Title: Run Project Updates With Higher Verbosity
    Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.
  • PROXY_IP_ALLOWED_LIST
    If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')
  • Title: RADIUS Port
    Minimum Value: 1
    Maximum Value: 65535
    Default Value: 1812
    Port of RADIUS server.
  • Title: RADIUS Secret
    Shared secret for authenticating to RADIUS server.
  • Title: RADIUS Server
    Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.
  • Title: Receptor no sig
    Read Only: true
    Default Value: true
    Indicates whether signatures for receptor work requests should be enforced.
  • Title: Release Receptor Work
    Default Value: true
    Release receptor work
  • Title: Red Hat customer password
    This password is used to send data to Automation Analytics
  • Title: Red Hat customer username
    This username is used to send data to Automation Analytics
  • REMOTE_HOST_HEADERS
    HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the AAP Installation guide for more details.
  • Title: Automatically Create Organizations and Teams on SAML Login
    Default Value: true
    When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.
  • Title: Maximum Scheduled Jobs
    Minimum Value: 1
    Default Value: 10
    Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.
  • Title: Maximum number of simultaneous logged in sessions
    Minimum Value: -1
    Default Value: -1
    Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.
  • Title: Azure AD OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/azuread-oauth2/
    Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
  • Title: Azure AD OAuth2 Key
    The OAuth2 key (Client ID) from your Azure AD application.
  • Azure AD OAuth2 Organization Map
    Title: Azure AD OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: Azure AD OAuth2 Secret
    The OAuth2 secret (Client Secret) from your Azure AD application.
  • Azure AD OAuth2 Team Map
    Title: Azure AD OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • Title: GitHub OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/github/
    Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
  • Title: GitHub Enterprise API URL
    The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
  • Title: GitHub Enterprise OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/github-enterprise/
    Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
  • Title: GitHub Enterprise OAuth2 Key
    The OAuth2 key (Client ID) from your GitHub Enterprise developer application.
  • Title: GitHub Enterprise Organization API URL
    The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
  • Title: GitHub Enterprise Organization OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/github-enterprise-org/
    Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
  • Title: GitHub Enterprise Organization OAuth2 Key
    The OAuth2 key (Client ID) from your GitHub Enterprise organization application.
  • Title: GitHub Enterprise Organization Name
    The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com//.
  • GitHub Enterprise Organization OAuth2 Organization Map
    Title: GitHub Enterprise Organization OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: GitHub Enterprise Organization OAuth2 Secret
    The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.
  • GitHub Enterprise Organization OAuth2 Team Map
    Title: GitHub Enterprise Organization OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • Title: GitHub Enterprise Organization URL
    The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
  • GitHub Enterprise OAuth2 Organization Map
    Title: GitHub Enterprise OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: GitHub Enterprise OAuth2 Secret
    The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.
  • Title: GitHub Enterprise Team API URL
    The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
  • Title: GitHub Enterprise Team OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/github-enterprise-team/
    Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.
  • Title: GitHub Enterprise Team ID
    Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.
  • Title: GitHub Enterprise Team OAuth2 Key
    The OAuth2 key (Client ID) from your GitHub Enterprise organization application.
  • GitHub Enterprise OAuth2 Team Map
    Title: GitHub Enterprise OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • GitHub Enterprise Team OAuth2 Organization Map
    Title: GitHub Enterprise Team OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: GitHub Enterprise Team OAuth2 Secret
    The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.
  • GitHub Enterprise Team OAuth2 Team Map
    Title: GitHub Enterprise Team OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • Title: GitHub Enterprise Team URL
    The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
  • Title: GitHub Enterprise URL
    The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
  • Title: GitHub OAuth2 Key
    The OAuth2 key (Client ID) from your GitHub developer application.
  • Title: GitHub Organization OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/github-org/
    Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
  • Title: GitHub Organization OAuth2 Key
    The OAuth2 key (Client ID) from your GitHub organization application.
  • Title: GitHub Organization Name
    The name of your GitHub organization, as used in your organization's URL: https://github.com//.
  • GitHub Organization OAuth2 Organization Map
    Title: GitHub Organization OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: GitHub Organization OAuth2 Secret
    The OAuth2 secret (Client Secret) from your GitHub organization application.
  • GitHub Organization OAuth2 Team Map
    Title: GitHub Organization OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • GitHub OAuth2 Organization Map
    Title: GitHub OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: GitHub OAuth2 Secret
    The OAuth2 secret (Client Secret) from your GitHub developer application.
  • Title: GitHub Team OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/github-team/
    Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.
  • Title: GitHub Team ID
    Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.
  • Title: GitHub Team OAuth2 Key
    The OAuth2 key (Client ID) from your GitHub organization application.
  • GitHub OAuth2 Team Map
    Title: GitHub OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • GitHub Team OAuth2 Organization Map
    Title: GitHub Team OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: GitHub Team OAuth2 Secret
    The OAuth2 secret (Client Secret) from your GitHub organization application.
  • GitHub Team OAuth2 Team Map
    Title: GitHub Team OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • Google OAuth2 Extra Arguments
    Title: Google OAuth2 Extra Arguments
    Additional Properties Allowed: additionalProperties
    Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.
  • Title: Google OAuth2 Callback URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/google-oauth2/
    Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
  • Title: Google OAuth2 Key
    The OAuth2 key from your web application.
  • Google OAuth2 Organization Map
    Title: Google OAuth2 Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: Google OAuth2 Secret
    The OAuth2 secret from your web application.
  • Google OAuth2 Team Map
    Title: Google OAuth2 Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS
    Update this setting to restrict the domains who are allowed to login using Google OAuth2.
  • Title: OIDC Key
    Minimum Length: 1
    The OIDC key (Client ID) from your IDP.
  • Title: OIDC Provider URL
    The URL for your OIDC provider including the path up to /.well-known/openid-configuration
  • Title: OIDC Secret
    The OIDC secret (Client Secret) from your IDP.
  • Title: Verify OIDC Provider Certificate
    Default Value: true
    Verify the OIDC provider ssl certificate.
  • Social Auth Organization Map
    Title: Social Auth Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • Title: SAML Assertion Consumer Service (ACS) URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/complete/saml/
    Register the service as a service provider (SP) with each identity provider (IdP) you have configured. Provide your SP Entity ID and this ACS URL for your application.
  • SAML Enabled Identity Providers
    Title: SAML Enabled Identity Providers
    Additional Properties Allowed: additionalProperties
    Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.
  • SOCIAL_AUTH_SAML_EXTRA_DATA
    A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.
  • Title: SAML Service Provider Metadata URL
    Read Only: true
    Minimum Length: 1
    Default Value: https://olamhost/sso/metadata/saml/
    If your identity provider (IdP) allows uploading an XML metadata file, you can download one from this URL.
  • SAML Service Provider Organization Info
    Title: SAML Service Provider Organization Info
    Additional Properties Allowed: additionalProperties
    Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.
  • SAML Organization Attribute Mapping
    Title: SAML Organization Attribute Mapping
    Additional Properties Allowed: additionalProperties
    Used to translate user organization membership.
  • SAML Organization Map
    Title: SAML Organization Map
    Additional Properties Allowed: additionalProperties
    Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
  • SAML Security Config
    Title: SAML Security Config
    Additional Properties Allowed: additionalProperties
    A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings
  • Title: SAML Service Provider Entity ID
    The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.
  • SAML Service Provider extra configuration data
    Title: SAML Service Provider extra configuration data
    Additional Properties Allowed: additionalProperties
    A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.
  • Title: SAML Service Provider Private Key
    Create a keypair to use as a service provider (SP) and include the private key content here.
  • Title: SAML Service Provider Public Certificate
    Create a keypair to use as a service provider (SP) and include the certificate content here.
  • SAML Service Provider Support Contact
    Title: SAML Service Provider Support Contact
    Additional Properties Allowed: additionalProperties
    Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.
  • SAML Team Attribute Mapping
    Title: SAML Team Attribute Mapping
    Additional Properties Allowed: additionalProperties
    Used to translate user team membership.
  • SAML Team Map
    Title: SAML Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • SAML Service Provider Technical Contact
    Title: SAML Service Provider Technical Contact
    Additional Properties Allowed: additionalProperties
    Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.
  • SAML User Flags Attribute Mapping
    Title: SAML User Flags Attribute Mapping
    Additional Properties Allowed: additionalProperties
    Used to map super users and system auditors from SAML.
  • Social Auth Team Map
    Title: Social Auth Team Map
    Additional Properties Allowed: additionalProperties
    Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
  • SOCIAL_AUTH_USER_FIELDS
    When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.
  • Title: Use Email address for usernames
    Enabling this setting will tell social auth to use the full Email as username instead of the full name
  • Title: Standard Output Maximum Display Size
    Minimum Value: 0
    Default Value: 1048576
    Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.
  • Title: Defines subscription usage model and shows Host Metrics
    Allowed Values: [ "", "unique_managed_hosts" ]
  • Title: Red Hat or Satellite password
    This password is used to retrieve subscription and content information
  • Title: Red Hat or Satellite username
    This username is used to retrieve subscription and content information
  • Title: TACACS+ Authentication Protocol
    Default Value: ascii
    Allowed Values: [ "ascii", "pap" ]
    Choose the authentication protocol used by TACACS+ client.
  • Title: TACACS+ Server
    Hostname of TACACS+ server.
  • Title: TACACS+ Port
    Minimum Value: 1
    Maximum Value: 65535
    Default Value: 49
    Port number of TACACS+ server.
  • Title: TACACS+ client address sending enabled
    Enable the client address sending by TACACS+ client.
  • Title: TACACS+ Secret
    Shared secret for authenticating to TACACS+ server.
  • Title: TACACS+ Auth Session Timeout
    Minimum Value: 0
    Default Value: 5
    TACACS+ session timeout value in seconds, 0 disables timeout.
  • Title: Base URL of the service
    Minimum Length: 1
    Default Value: https://olamhost
    This setting is used by services like notifications to render a valid url to the service.
  • Title: Enable Live Updates in the UI
    Default Value: true
    If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.
  • Title: Enable Preview of New User Interface
    Enable preview of new user interface.
Nested Schema : AD_HOC_COMMANDS
Type: array
List of modules allowed to be used by ad-hoc jobs.
Default Value: [ "command", "shell", "yum", "apt", "apt_key", "apt_repository", "apt_rpm", "service", "group", "user", "mount", "ping", "selinux", "setup", "win_ping", "win_service", "win_updates", "win_group", "win_user" ]
Show Source
Nested Schema : LDAP Connection Options
Type: object
Title: LDAP Connection Options
Additional Properties Allowed
Show Source
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Default Value: { "OPT_NETWORK_TIMEOUT":"30", "OPT_REFERRALS":"0" }
Nested Schema : LDAP Group Type Parameters
Type: object
Title: LDAP Group Type Parameters
Additional Properties Allowed
Show Source
Key value parameters to send the chosen group type init method.
Default Value: { "member_attr":"member", "name_attr":"cn" }
Nested Schema : LDAP Organization Map
Type: object
Title: LDAP Organization Map
Additional Properties Allowed
Show Source
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
Nested Schema : LDAP Team Map
Type: object
Title: LDAP Team Map
Additional Properties Allowed
Show Source
Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
Nested Schema : LDAP User Attribute Map
Type: object
Title: LDAP User Attribute Map
Additional Properties Allowed
Show Source
Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
Nested Schema : LDAP User Flags By Group
Type: object
Title: LDAP User Flags By Group
Additional Properties Allowed
Show Source
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
Nested Schema : LDAP Connection Options
Type: object
Title: LDAP Connection Options
Additional Properties Allowed
Show Source
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Default Value: { "OPT_NETWORK_TIMEOUT":"30", "OPT_REFERRALS":"0" }
Nested Schema : LDAP Group Type Parameters
Type: object
Title: LDAP Group Type Parameters
Additional Properties Allowed
Show Source
Key value parameters to send the chosen group type init method.
Default Value: { "member_attr":"member", "name_attr":"cn" }
Nested Schema : LDAP Organization Map
Type: object
Title: LDAP Organization Map
Additional Properties Allowed
Show Source
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
Nested Schema : LDAP Team Map
Type: object
Title: LDAP Team Map
Additional Properties Allowed
Show Source
Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
Nested Schema : LDAP User Attribute Map
Type: object
Title: LDAP User Attribute Map
Additional Properties Allowed
Show Source
Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
Nested Schema : LDAP User Flags By Group
Type: object
Title: LDAP User Flags By Group
Additional Properties Allowed
Show Source
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
Nested Schema : LDAP Connection Options
Type: object
Title: LDAP Connection Options
Additional Properties Allowed
Show Source
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Default Value: { "OPT_NETWORK_TIMEOUT":"30", "OPT_REFERRALS":"0" }
Nested Schema : LDAP Group Type Parameters
Type: object
Title: LDAP Group Type Parameters
Additional Properties Allowed
Show Source
Key value parameters to send the chosen group type init method.
Default Value: { "member_attr":"member", "name_attr":"cn" }
Nested Schema : LDAP Organization Map
Type: object
Title: LDAP Organization Map
Additional Properties Allowed
Show Source
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
Nested Schema : LDAP Team Map
Type: object
Title: LDAP Team Map
Additional Properties Allowed
Show Source
Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
Nested Schema : LDAP User Attribute Map
Type: object
Title: LDAP User Attribute Map
Additional Properties Allowed
Show Source
Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
Nested Schema : LDAP User Flags By Group
Type: object
Title: LDAP User Flags By Group
Additional Properties Allowed
Show Source
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
Nested Schema : LDAP Connection Options
Type: object
Title: LDAP Connection Options
Additional Properties Allowed
Show Source
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Default Value: { "OPT_NETWORK_TIMEOUT":"30", "OPT_REFERRALS":"0" }
Nested Schema : LDAP Group Type Parameters
Type: object
Title: LDAP Group Type Parameters
Additional Properties Allowed
Show Source
Key value parameters to send the chosen group type init method.
Default Value: { "member_attr":"member", "name_attr":"cn" }
Nested Schema : LDAP Organization Map
Type: object
Title: LDAP Organization Map
Additional Properties Allowed
Show Source
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
Nested Schema : LDAP Team Map
Type: object
Title: LDAP Team Map
Additional Properties Allowed
Show Source
Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
Nested Schema : LDAP User Attribute Map
Type: object
Title: LDAP User Attribute Map
Additional Properties Allowed
Show Source
Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
Nested Schema : LDAP User Flags By Group
Type: object
Title: LDAP User Flags By Group
Additional Properties Allowed
Show Source
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
Nested Schema : LDAP Connection Options
Type: object
Title: LDAP Connection Options
Additional Properties Allowed
Show Source
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Default Value: { "OPT_NETWORK_TIMEOUT":"30", "OPT_REFERRALS":"0" }
Nested Schema : LDAP Group Type Parameters
Type: object
Title: LDAP Group Type Parameters
Additional Properties Allowed
Show Source
Key value parameters to send the chosen group type init method.
Default Value: { "member_attr":"member", "name_attr":"cn" }
Nested Schema : LDAP Organization Map
Type: object
Title: LDAP Organization Map
Additional Properties Allowed
Show Source
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
Nested Schema : LDAP Team Map
Type: object
Title: LDAP Team Map
Additional Properties Allowed
Show Source
Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
Nested Schema : LDAP User Attribute Map
Type: object
Title: LDAP User Attribute Map
Additional Properties Allowed
Show Source
Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
Nested Schema : LDAP User Flags By Group
Type: object
Title: LDAP User Flags By Group
Additional Properties Allowed
Show Source
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
Nested Schema : LDAP Connection Options
Type: object
Title: LDAP Connection Options
Additional Properties Allowed
Show Source
Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
Default Value: { "OPT_NETWORK_TIMEOUT":"30", "OPT_REFERRALS":"0" }
Nested Schema : LDAP Group Type Parameters
Type: object
Title: LDAP Group Type Parameters
Additional Properties Allowed
Show Source
Key value parameters to send the chosen group type init method.
Default Value: { "member_attr":"member", "name_attr":"cn" }
Nested Schema : LDAP Organization Map
Type: object
Title: LDAP Organization Map
Additional Properties Allowed
Show Source
Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
Nested Schema : LDAP Team Map
Type: object
Title: LDAP Team Map
Additional Properties Allowed
Show Source
Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
Nested Schema : LDAP User Attribute Map
Type: object
Title: LDAP User Attribute Map
Additional Properties Allowed
Show Source
Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
Nested Schema : LDAP User Flags By Group
Type: object
Title: LDAP User Flags By Group
Additional Properties Allowed
Show Source
Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
Nested Schema : AUTHENTICATION_BACKENDS
Type: array
Read Only: true
List of authentication backends that are enabled based on license features and other authentication settings.
Default Value: [ "awx.sso.backends.TACACSPlusBackend", "awx.main.backends.AWXModelBackend" ]
Show Source
Nested Schema : AWX_ANSIBLE_CALLBACK_PLUGINS
Type: array
List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.
Show Source
Nested Schema : AWX_ISOLATION_SHOW_PATHS
Type: array
List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]].
Show Source
Nested Schema : Extra Environment Variables
Type: object
Title: Extra Environment Variables
Additional Properties Allowed
Show Source
Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.
Nested Schema : CSRF_TRUSTED_ORIGINS
Type: array
If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values.
Show Source
Nested Schema : CUSTOM_VENV_PATHS
Type: array
Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.
Show Source
Nested Schema : DEFAULT_CONTAINER_RUN_OPTIONS
Type: array
List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']
Default Value: [ "--network", "slirp4netns:enable_ipv6=true" ]
Show Source
Nested Schema : Environment Variables for Galaxy Commands
Type: object
Title: Environment Variables for Galaxy Commands
Additional Properties Allowed
Show Source
Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.
Default Value: { "ANSIBLE_FORCE_COLOR":"false", "GIT_SSH_COMMAND":"ssh -o StrictHostKeyChecking=no" }
Nested Schema : License
Type: object
Title: License
Read Only: true
Additional Properties Allowed
Show Source
The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.
Nested Schema : LOG_AGGREGATOR_LOGGERS
Type: array
List of loggers that will send HTTP logs to the collector, these can include any or all of: awx - service logs activity_stream - activity stream records job_events - callback data from Ansible job events system_tracking - facts gathered from scan jobs broadcast_websocket - errors pertaining to websockets broadcast metrics
Default Value: [ "awx", "activity_stream", "job_events", "system_tracking", "broadcast_websocket" ]
Show Source
Nested Schema : OAuth 2 Timeout Settings
Type: object
Title: OAuth 2 Timeout Settings
Additional Properties Allowed
Show Source
Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.
Default Value: { "ACCESS_TOKEN_EXPIRE_SECONDS":"31536000000", "AUTHORIZATION_CODE_EXPIRE_SECONDS":"600", "REFRESH_TOKEN_EXPIRE_SECONDS":"2628000" }
Nested Schema : PROXY_IP_ALLOWED_LIST
Type: array
If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')
Show Source
Nested Schema : REMOTE_HOST_HEADERS
Type: array
HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the AAP Installation guide for more details.
Default Value: [ "REMOTE_ADDR", "REMOTE_HOST" ]
Show Source
Nested Schema : Azure AD OAuth2 Organization Map
Type: object
Title: Azure AD OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : Azure AD OAuth2 Team Map
Type: object
Title: Azure AD OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : GitHub Enterprise Organization OAuth2 Organization Map
Type: object
Title: GitHub Enterprise Organization OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : GitHub Enterprise Organization OAuth2 Team Map
Type: object
Title: GitHub Enterprise Organization OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : GitHub Enterprise OAuth2 Organization Map
Type: object
Title: GitHub Enterprise OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : GitHub Enterprise OAuth2 Team Map
Type: object
Title: GitHub Enterprise OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : GitHub Enterprise Team OAuth2 Organization Map
Type: object
Title: GitHub Enterprise Team OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : GitHub Enterprise Team OAuth2 Team Map
Type: object
Title: GitHub Enterprise Team OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : GitHub Organization OAuth2 Organization Map
Type: object
Title: GitHub Organization OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : GitHub Organization OAuth2 Team Map
Type: object
Title: GitHub Organization OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : GitHub OAuth2 Organization Map
Type: object
Title: GitHub OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : GitHub OAuth2 Team Map
Type: object
Title: GitHub OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : GitHub Team OAuth2 Organization Map
Type: object
Title: GitHub Team OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : GitHub Team OAuth2 Team Map
Type: object
Title: GitHub Team OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : Google OAuth2 Extra Arguments
Type: object
Title: Google OAuth2 Extra Arguments
Additional Properties Allowed
Show Source
Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.
Nested Schema : Google OAuth2 Organization Map
Type: object
Title: Google OAuth2 Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : Google OAuth2 Team Map
Type: object
Title: Google OAuth2 Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS
Type: array
Update this setting to restrict the domains who are allowed to login using Google OAuth2.
Show Source
Nested Schema : Social Auth Organization Map
Type: object
Title: Social Auth Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : SAML Enabled Identity Providers
Type: object
Title: SAML Enabled Identity Providers
Additional Properties Allowed
Show Source
Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.
Nested Schema : SOCIAL_AUTH_SAML_EXTRA_DATA
Type: array
A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.
Show Source
Nested Schema : SAML Service Provider Organization Info
Type: object
Title: SAML Service Provider Organization Info
Additional Properties Allowed
Show Source
Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.
Nested Schema : SAML Organization Attribute Mapping
Type: object
Title: SAML Organization Attribute Mapping
Additional Properties Allowed
Show Source
Used to translate user organization membership.
Nested Schema : SAML Organization Map
Type: object
Title: SAML Organization Map
Additional Properties Allowed
Show Source
Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
Nested Schema : SAML Security Config
Type: object
Title: SAML Security Config
Additional Properties Allowed
Show Source
A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings
Default Value: { "requestedAuthnContext":false }
Nested Schema : SAML Service Provider extra configuration data
Type: object
Title: SAML Service Provider extra configuration data
Additional Properties Allowed
Show Source
A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.
Nested Schema : SAML Service Provider Support Contact
Type: object
Title: SAML Service Provider Support Contact
Additional Properties Allowed
Show Source
Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.
Nested Schema : SAML Team Attribute Mapping
Type: object
Title: SAML Team Attribute Mapping
Additional Properties Allowed
Show Source
Used to translate user team membership.
Nested Schema : SAML Team Map
Type: object
Title: SAML Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : SAML Service Provider Technical Contact
Type: object
Title: SAML Service Provider Technical Contact
Additional Properties Allowed
Show Source
Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.
Nested Schema : SAML User Flags Attribute Mapping
Type: object
Title: SAML User Flags Attribute Mapping
Additional Properties Allowed
Show Source
Used to map super users and system auditors from SAML.
Nested Schema : Social Auth Team Map
Type: object
Title: Social Auth Team Map
Additional Properties Allowed
Show Source
Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
Nested Schema : SOCIAL_AUTH_USER_FIELDS
Type: array
When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: array
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: array
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: array
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: array
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: array
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: array
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Back to Top