Make a PUT or PATCH request to this resource to update this setting. The following fields may be modified:

• ACTIVITY_STREAM_ENABLED: Enable capturing activity for the activity stream. (boolean, required)
• ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC: Enable capturing activity for the activity stream when running inventory sync. (boolean, required)
• ORG_ADMINS_CAN_SEE_ALL_USERS: Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization. (boolean, required)
• MANAGE_ORGANIZATION_AUTH: Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration. (boolean, required)
• TOWER_URL_BASE: This setting is used by services like notifications to render a valid url to the Tower host. (string, required)
• REMOTE_HOST_HEADERS: HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the Adminstrator guide for more details. (list, required)

• PROXY_IP_ALLOWED_LIST: If Tower is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which Tower should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally') (list, required)

• REDHAT_USERNAME: This username is used to retrieve license information and to send Automation Analytics (string, default="")

• REDHAT_PASSWORD: This password is used to retrieve license information and to send Automation Analytics (string, default="")

• AUTOMATION_ANALYTICS_URL: This setting is used to to configure data collection for the Automation Analytics dashboard (string, default="https://example.com")

• CUSTOM_VENV_PATHS: Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line. (list, default=[])

• AD_HOC_COMMANDS: List of modules allowed to be used by ad-hoc jobs. (list, default=['command', 'shell', 'yum', 'apt', 'apt_key', 'apt_repository', 'apt_rpm', 'service', 'group', 'user', 'mount', 'ping', 'selinux', 'setup', 'win_ping', 'win_service', 'win_updates', 'win_group', 'win_user'])
• ALLOW_JINJA_IN_EXTRA_VARS: Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where Tower users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to "template" or "never". (choice, required)
  • always: Always
  • never: Never
  • template: Only On Job Template Definitions (default)
• AWX_PROOT_ENABLED: Isolates an Ansible job from protected parts of the system to prevent exposing sensitive information. (boolean, required)
• AWX_PROOT_BASE_PATH: The directory in which Tower will create new temporary directories for job execution and isolation (such as credential files and custom inventory scripts). (string, required)
• AWX_PROOT_HIDE_PATHS: Additional paths to hide from isolated processes. Enter one path per line. (list, default=[])
• AWX_PROOT_SHOW_PATHS: List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. (list, default=[])
• AWX_ISOLATED_CHECK_INTERVAL: The number of seconds to sleep between status checks for jobs running on isolated instances. (integer, required)
• AWX_ISOLATED_LAUNCH_TIMEOUT: The timeout (in seconds) for launching jobs on isolated instances. This includes the time needed to copy source control files (playbooks) to the isolated instance. (integer, required)
• AWX_ISOLATED_CONNECTION_TIMEOUT: Ansible SSH connection timeout (in seconds) to use when communicating with isolated instances. Value should be substantially greater than expected network latency. (integer, default=10)

• AWX_ISOLATED_HOST_KEY_CHECKING: When set to True, AWX will enforce strict host key checking for communication with isolated nodes. (boolean, default=False)

• AWX_RESOURCE_PROFILING_ENABLED: If set, detailed resource profiling data will be collected on all jobs. This data can be gathered with sosreport. (boolean, default=False)

• AWX_RESOURCE_PROFILING_CPU_POLL_INTERVAL: Interval (in seconds) between polls for cpu usage. Setting this lower than the default will affect playbook performance. (float, default=0.25)
• AWX_RESOURCE_PROFILING_MEMORY_POLL_INTERVAL: Interval (in seconds) between polls for memory usage. Setting this lower than the default will affect playbook performance. (float, default=0.25)
• AWX_RESOURCE_PROFILING_PID_POLL_INTERVAL: Interval (in seconds) between polls for PID count. Setting this lower than the default will affect playbook performance. (float, default=0.25)
• AWX_TASK_ENV: Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending. (nested object, default={})
• INSIGHTS_TRACKING_STATE: Enables Tower to gather data on automation and send it to Red Hat. (boolean, default=False)
• PROJECT_UPDATE_VVV: Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates. (boolean, required)
• AWX_ROLES_ENABLED: Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects. (boolean, default=True)
• AWX_COLLECTIONS_ENABLED: Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects. (boolean, default=True)
• AWX_SHOW_PLAYBOOK_LINKS: Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself. (boolean, default=False)
• GALAXY_IGNORE_CERTS: If set to true, certificate validation will not be done when installing content from any Galaxy server. (boolean, default=False)
• STDOUT_MAX_BYTES_DISPLAY: Maximum Size of Standard Output in bytes to display before requiring the output be downloaded. (integer, required)
• EVENT_STDOUT_MAX_BYTES_DISPLAY: Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. stdout will end with ??? when truncated. (integer, required)
• SCHEDULE_MAX_JOBS: Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created. (integer, required)
• AWX_ANSIBLE_CALLBACK_PLUGINS: List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line. (list, default=[])
• DEFAULT_JOB_TIMEOUT: Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this. (integer, default=0)
• DEFAULT_INVENTORY_UPDATE_TIMEOUT: Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this. (integer, default=0)
• DEFAULT_PROJECT_UPDATE_TIMEOUT: Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this. (integer, default=0)
• ANSIBLE_FACT_CACHE_TIMEOUT: Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed. (integer, default=0)
• MAX_FORKS: Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied. (integer, default=200)
• LOG_AGGREGATOR_HOST: Hostname/IP where external logs will be sent to. (string, default="")
• LOG_AGGREGATOR_PORT: Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator). (integer, default=None)
• LOG_AGGREGATOR_TYPE: Format messages for the chosen log aggregator. (choice)
  • None: --------- (default)
  • logstash
  • splunk
  • loggly
  • sumologic
  • other
• LOG_AGGREGATOR_USERNAME: Username for external log aggregator (if required; HTTP/s only). (string, default="")
• LOG_AGGREGATOR_PASSWORD: Password or authentication token for external log aggregator (if required; HTTP/s only). (string, default="")
• LOG_AGGREGATOR_LOGGERS: List of loggers that will send HTTP logs to the collector, these can include any or all of: awx - service logs activity_stream - activity stream records job_events - callback data from Ansible job events system_tracking - facts gathered from scan jobs. (list, default=['awx', 'activity_stream', 'job_events', 'system_tracking'])
• LOG_AGGREGATOR_INDIVIDUAL_FACTS: If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing. (boolean, default=False)
• LOG_AGGREGATOR_ENABLED: Enable sending logs to external log aggregator. (boolean, default=False)
• LOG_AGGREGATOR_TOWER_UUID: Useful to uniquely identify Tower instances. (string, default="")
• LOG_AGGREGATOR_PROTOCOL: Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname. (choice)
  • https: HTTPS/HTTP (default)
  • tcp: TCP
  • udp: UDP
• LOG_AGGREGATOR_TCP_TIMEOUT: Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols. (integer, default=5)
• LOG_AGGREGATOR_VERIFY_CERT: Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is "https". If enabled, Tower's log handler will verify certificate sent by external log aggregator before establishing connection. (boolean, default=True)
• LOG_AGGREGATOR_LEVEL: Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting) (choice)
  • DEBUG
  • INFO (default)
  • WARNING
  • ERROR
  • CRITICAL
• LOG_AGGREGATOR_MAX_DISK_USAGE_GB: Amount of data to store (in gigabytes) during an outage of the external log aggregator (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting. (integer, default=1)
• LOG_AGGREGATOR_MAX_DISK_USAGE_PATH: Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting. (string, default="/var/lib/awx")
• LOG_AGGREGATOR_RSYSLOGD_DEBUG: Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation. (boolean, default=False)
• AUTOMATION_ANALYTICS_LAST_GATHER: (datetime, required)
• AUTOMATION_ANALYTICS_GATHER_INTERVAL: Interval (in seconds) between data gathering. (integer, default=14400)
• SESSION_COOKIE_AGE: Number of seconds that a user is inactive before they will need to login again. (integer, required)
• SESSIONS_PER_USER: Maximum number of simultaneous logged in sessions a user may have. To disable enter -1. (integer, required)
• AUTH_BASIC_ENABLED: Enable HTTP Basic Auth for the API Browser. (boolean, required)
• OAUTH2_PROVIDER: Dictionary for customizing OAuth 2 timeouts, available items are ACCESS_TOKEN_EXPIRE_SECONDS, the duration of access tokens in the number of seconds, AUTHORIZATION_CODE_EXPIRE_SECONDS, the duration of authorization codes in the number of seconds, and REFRESH_TOKEN_EXPIRE_SECONDS, the duration of refresh tokens, after expired access tokens, in the number of seconds. (nested object, default={'ACCESS_TOKEN_EXPIRE_SECONDS': 31536000000, 'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600, 'REFRESH_TOKEN_EXPIRE_SECONDS': 2628000})
• ALLOW_OAUTH2_FOR_EXTERNAL_USERS: For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off. (boolean, default=False)

• LOGIN_REDIRECT_OVERRIDE: URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the Tower login page. (string, default="")

• CUSTOM_LOGIN_INFO: If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported. (string, default="")

• CUSTOM_LOGO: To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported. (string, default="")
• MAX_UI_JOB_EVENTS: Maximum number of job events for the UI to retrieve within a single request. (integer, required)

• UI_LIVE_UPDATES_ENABLED: If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details. (boolean, required)

• SOCIAL_AUTH_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which Tower organizations based on their username and email address. Configuration details are available in the Ansible Tower documentation. (nested object, default=None)

• SOCIAL_AUTH_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in Tower documentation. (nested object, default=None)
• SOCIAL_AUTH_USER_FIELDS: When set to an empty list [], this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login. (list, default=None)
• AUTH_LDAP_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
• AUTH_LDAP_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the Ansible Tower documentation for example syntax. (string, default="")
• AUTH_LDAP_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
• AUTH_LDAP_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
• AUTH_LDAP_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30})
• AUTH_LDAP_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details. (list, default=[])
• AUTH_LDAP_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
• AUTH_LDAP_USER_ATTR_MAP: Mapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details. (nested object, default={})
• AUTH_LDAP_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
• AUTH_LDAP_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
  • PosixGroupType
  • GroupOfNamesType
  • GroupOfUniqueNamesType
  • ActiveDirectoryGroupType
  • OrganizationalRoleGroupType
  • MemberDNGroupType (default)
  • NestedGroupOfNamesType
  • NestedGroupOfUniqueNamesType
  • NestedActiveDirectoryGroupType
  • NestedOrganizationalRoleGroupType
  • NestedMemberDNGroupType
  • PosixUIDGroupType
• AUTH_LDAP_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([('member_attr', 'member'), ('name_attr', 'cn')]))
• AUTH_LDAP_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login via Tower. Only one require group is supported. (string, default="")
• AUTH_LDAP_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
• AUTH_LDAP_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail. (nested object, default={})
• AUTH_LDAP_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation. (nested object, default={})
• AUTH_LDAP_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation. (nested object, default={})
• AUTH_LDAP_1_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
• AUTH_LDAP_1_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the Ansible Tower documentation for example syntax. (string, default="")
• AUTH_LDAP_1_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
• AUTH_LDAP_1_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
• AUTH_LDAP_1_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30})
• AUTH_LDAP_1_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details. (list, default=[])
• AUTH_LDAP_1_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
• AUTH_LDAP_1_USER_ATTR_MAP: Mapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details. (nested object, default={})
• AUTH_LDAP_1_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
• AUTH_LDAP_1_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
  • PosixGroupType
  • GroupOfNamesType
  • GroupOfUniqueNamesType
  • ActiveDirectoryGroupType
  • OrganizationalRoleGroupType
  • MemberDNGroupType (default)
  • NestedGroupOfNamesType
  • NestedGroupOfUniqueNamesType
  • NestedActiveDirectoryGroupType
  • NestedOrganizationalRoleGroupType
  • NestedMemberDNGroupType
  • PosixUIDGroupType
• AUTH_LDAP_1_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([('member_attr', 'member'), ('name_attr', 'cn')]))
• AUTH_LDAP_1_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login via Tower. Only one require group is supported. (string, default="")
• AUTH_LDAP_1_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
• AUTH_LDAP_1_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail. (nested object, default={})
• AUTH_LDAP_1_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation. (nested object, default={})
• AUTH_LDAP_1_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation. (nested object, default={})
• AUTH_LDAP_2_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
• AUTH_LDAP_2_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the Ansible Tower documentation for example syntax. (string, default="")
• AUTH_LDAP_2_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
• AUTH_LDAP_2_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
• AUTH_LDAP_2_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30})
• AUTH_LDAP_2_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details. (list, default=[])
• AUTH_LDAP_2_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
• AUTH_LDAP_2_USER_ATTR_MAP: Mapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details. (nested object, default={})
• AUTH_LDAP_2_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
• AUTH_LDAP_2_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
  • PosixGroupType
  • GroupOfNamesType
  • GroupOfUniqueNamesType
  • ActiveDirectoryGroupType
  • OrganizationalRoleGroupType
  • MemberDNGroupType (default)
  • NestedGroupOfNamesType
  • NestedGroupOfUniqueNamesType
  • NestedActiveDirectoryGroupType
  • NestedOrganizationalRoleGroupType
  • NestedMemberDNGroupType
  • PosixUIDGroupType
• AUTH_LDAP_2_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([('member_attr', 'member'), ('name_attr', 'cn')]))
• AUTH_LDAP_2_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login via Tower. Only one require group is supported. (string, default="")
• AUTH_LDAP_2_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
• AUTH_LDAP_2_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail. (nested object, default={})
• AUTH_LDAP_2_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation. (nested object, default={})
• AUTH_LDAP_2_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation. (nested object, default={})
• AUTH_LDAP_3_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
• AUTH_LDAP_3_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the Ansible Tower documentation for example syntax. (string, default="")
• AUTH_LDAP_3_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
• AUTH_LDAP_3_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
• AUTH_LDAP_3_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30})
• AUTH_LDAP_3_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details. (list, default=[])
• AUTH_LDAP_3_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
• AUTH_LDAP_3_USER_ATTR_MAP: Mapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details. (nested object, default={})
• AUTH_LDAP_3_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
• AUTH_LDAP_3_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
  • PosixGroupType
  • GroupOfNamesType
  • GroupOfUniqueNamesType
  • ActiveDirectoryGroupType
  • OrganizationalRoleGroupType
  • MemberDNGroupType (default)
  • NestedGroupOfNamesType
  • NestedGroupOfUniqueNamesType
  • NestedActiveDirectoryGroupType
  • NestedOrganizationalRoleGroupType
  • NestedMemberDNGroupType
  • PosixUIDGroupType
• AUTH_LDAP_3_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([('member_attr', 'member'), ('name_attr', 'cn')]))
• AUTH_LDAP_3_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login via Tower. Only one require group is supported. (string, default="")
• AUTH_LDAP_3_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
• AUTH_LDAP_3_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail. (nested object, default={})
• AUTH_LDAP_3_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation. (nested object, default={})
• AUTH_LDAP_3_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation. (nested object, default={})
• AUTH_LDAP_4_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
• AUTH_LDAP_4_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the Ansible Tower documentation for example syntax. (string, default="")
• AUTH_LDAP_4_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
• AUTH_LDAP_4_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
• AUTH_LDAP_4_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30})
• AUTH_LDAP_4_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details. (list, default=[])
• AUTH_LDAP_4_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
• AUTH_LDAP_4_USER_ATTR_MAP: Mapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details. (nested object, default={})
• AUTH_LDAP_4_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
• AUTH_LDAP_4_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
  • PosixGroupType
  • GroupOfNamesType
  • GroupOfUniqueNamesType
  • ActiveDirectoryGroupType
  • OrganizationalRoleGroupType
  • MemberDNGroupType (default)
  • NestedGroupOfNamesType
  • NestedGroupOfUniqueNamesType
  • NestedActiveDirectoryGroupType
  • NestedOrganizationalRoleGroupType
  • NestedMemberDNGroupType
  • PosixUIDGroupType
• AUTH_LDAP_4_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([('member_attr', 'member'), ('name_attr', 'cn')]))
• AUTH_LDAP_4_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login via Tower. Only one require group is supported. (string, default="")
• AUTH_LDAP_4_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
• AUTH_LDAP_4_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail. (nested object, default={})
• AUTH_LDAP_4_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation. (nested object, default={})
• AUTH_LDAP_4_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation. (nested object, default={})
• AUTH_LDAP_5_SERVER_URI: URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty. (string, default="")
• AUTH_LDAP_5_BIND_DN: DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the Ansible Tower documentation for example syntax. (string, default="")
• AUTH_LDAP_5_BIND_PASSWORD: Password used to bind LDAP user account. (string, default="")
• AUTH_LDAP_5_START_TLS: Whether to enable TLS when the LDAP connection is not using SSL. (boolean, default=False)
• AUTH_LDAP_5_CONNECTION_OPTIONS: Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set. (nested object, default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30})
• AUTH_LDAP_5_USER_SEARCH: LDAP search query to find users. Any user that matches the given pattern will be able to login to Tower. The user should also be mapped into a Tower organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See Tower documentation for details. (list, default=[])
• AUTH_LDAP_5_USER_DN_TEMPLATE: Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH. (string, default="")
• AUTH_LDAP_5_USER_ATTR_MAP: Mapping of LDAP user schema to Tower API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the Ansible Tower documentation for additional details. (nested object, default={})
• AUTH_LDAP_5_GROUP_SEARCH: Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion. (list, default=[])
• AUTH_LDAP_5_GROUP_TYPE: The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups (choice)
  • PosixGroupType
  • GroupOfNamesType
  • GroupOfUniqueNamesType
  • ActiveDirectoryGroupType
  • OrganizationalRoleGroupType
  • MemberDNGroupType (default)
  • NestedGroupOfNamesType
  • NestedGroupOfUniqueNamesType
  • NestedActiveDirectoryGroupType
  • NestedOrganizationalRoleGroupType
  • NestedMemberDNGroupType
  • PosixUIDGroupType
• AUTH_LDAP_5_GROUP_TYPE_PARAMS: Key value parameters to send the chosen group type init method. (nested object, default=OrderedDict([('member_attr', 'member'), ('name_attr', 'cn')]))
• AUTH_LDAP_5_REQUIRE_GROUP: Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login via Tower. Only one require group is supported. (string, default="")
• AUTH_LDAP_5_DENY_GROUP: Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported. (string, default="")
• AUTH_LDAP_5_USER_FLAGS_BY_GROUP: Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the Ansible Tower documentation for more detail. (nested object, default={})
• AUTH_LDAP_5_ORGANIZATION_MAP: Mapping between organization admins/users and LDAP groups. This controls which users are placed into which Tower organizations relative to their LDAP group memberships. Configuration details are available in the Ansible Tower documentation. (nested object, default={})
• AUTH_LDAP_5_TEAM_MAP: Mapping between team members (users) and LDAP groups. Configuration details are available in the Ansible Tower documentation. (nested object, default={})
• RADIUS_SERVER: Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty. (string, default="")
• RADIUS_PORT: Port of RADIUS server. (integer, default=1812)
• RADIUS_SECRET: Shared secret for authenticating to RADIUS server. (string, default="")
• TACACSPLUS_HOST: Hostname of TACACS+ server. (string, default="")
• TACACSPLUS_PORT: Port number of TACACS+ server. (integer, default=49)
• TACACSPLUS_SECRET: Shared secret for authenticating to TACACS+ server. (string, default="")
• TACACSPLUS_SESSION_TIMEOUT: TACACS+ session timeout value in seconds, 0 disables timeout. (integer, default=5)

• TACACSPLUS_AUTH_PROTOCOL: Choose the authentication protocol used by TACACS+ client. (choice)

  • ascii (default)
  • pap

• SOCIAL_AUTH_GOOGLE_OAUTH2_KEY: The OAuth2 key from your web application. (string, default="")

• SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET: The OAuth2 secret from your web application. (string, default="")
• SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS: Update this setting to restrict the domains who are allowed to login using Google OAuth2. (list, default=[])
• SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS: Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the Ansible Tower documentation for more detail. (nested object, default={})
• SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which Tower organizations based on their username and email address. Configuration details are available in the Ansible Tower documentation. (nested object, default=None)

• SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in Tower documentation. (nested object, default=None)

• SOCIAL_AUTH_GITHUB_KEY: The OAuth2 key (Client ID) from your GitHub developer application. (string, default="")

• SOCIAL_AUTH_GITHUB_SECRET: The OAuth2 secret (Client Secret) from your GitHub developer application. (string, default="")
• SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which Tower organizations based on their username and email address. Configuration details are available in the Ansible Tower documentation. (nested object, default=None)

• SOCIAL_AUTH_GITHUB_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in Tower documentation. (nested object, default=None)

• SOCIAL_AUTH_GITHUB_ORG_KEY: The OAuth2 key (Client ID) from your GitHub organization application. (string, default="")

• SOCIAL_AUTH_GITHUB_ORG_SECRET: The OAuth2 secret (Client Secret) from your GitHub organization application. (string, default="")
• SOCIAL_AUTH_GITHUB_ORG_NAME: The name of your GitHub organization, as used in your organization's URL: https://github.com/<yourorg>/. (string, default="")
• SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which Tower organizations based on their username and email address. Configuration details are available in the Ansible Tower documentation. (nested object, default=None)

• SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in Tower documentation. (nested object, default=None)

• SOCIAL_AUTH_GITHUB_TEAM_KEY: The OAuth2 key (Client ID) from your GitHub organization application. (string, default="")

• SOCIAL_AUTH_GITHUB_TEAM_SECRET: The OAuth2 secret (Client Secret) from your GitHub organization application. (string, default="")
• SOCIAL_AUTH_GITHUB_TEAM_ID: Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/. (string, default="")
• SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which Tower organizations based on their username and email address. Configuration details are available in the Ansible Tower documentation. (nested object, default=None)

• SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in Tower documentation. (nested object, default=None)

• SOCIAL_AUTH_AZUREAD_OAUTH2_KEY: The OAuth2 key (Client ID) from your Azure AD application. (string, default="")

• SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET: The OAuth2 secret (Client Secret) from your Azure AD application. (string, default="")
• SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which Tower organizations based on their username and email address. Configuration details are available in the Ansible Tower documentation. (nested object, default=None)
• SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in Tower documentation. (nested object, default=None)

• SAML_AUTO_CREATE_OBJECTS: When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login. (boolean, default=True)

• SOCIAL_AUTH_SAML_SP_ENTITY_ID: The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for Tower. (string, default="")

• SOCIAL_AUTH_SAML_SP_PUBLIC_CERT: Create a keypair for Tower to use as a service provider (SP) and include the certificate content here. (string, required)
• SOCIAL_AUTH_SAML_SP_PRIVATE_KEY: Create a keypair for Tower to use as a service provider (SP) and include the private key content here. (string, required)
• SOCIAL_AUTH_SAML_ORG_INFO: Provide the URL, display name, and the name of your app. Refer to the Ansible Tower documentation for example syntax. (nested object, required)
• SOCIAL_AUTH_SAML_TECHNICAL_CONTACT: Provide the name and email address of the technical contact for your service provider. Refer to the Ansible Tower documentation for example syntax. (nested object, required)
• SOCIAL_AUTH_SAML_SUPPORT_CONTACT: Provide the name and email address of the support contact for your service provider. Refer to the Ansible Tower documentation for example syntax. (nested object, required)
• SOCIAL_AUTH_SAML_ENABLED_IDPS: Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax. (nested object, default={})
• SOCIAL_AUTH_SAML_SECURITY_CONFIG: A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings (nested object, default={'requestedAuthnContext': False})
• SOCIAL_AUTH_SAML_SP_EXTRA: A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting. (nested object, default=None)
• SOCIAL_AUTH_SAML_EXTRA_DATA: A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value. (list, default=None)
• SOCIAL_AUTH_SAML_ORGANIZATION_MAP: Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which Tower organizations based on their username and email address. Configuration details are available in the Ansible Tower documentation. (nested object, default=None)
• SOCIAL_AUTH_SAML_TEAM_MAP: Mapping of team members (users) from social auth accounts. Configuration details are available in Tower documentation. (nested object, default=None)
• SOCIAL_AUTH_SAML_ORGANIZATION_ATTR: Used to translate user organization membership into Tower. (nested object, default={})
• SOCIAL_AUTH_SAML_TEAM_ATTR: Used to translate user team membership into Tower. (nested object, default={})

For a PATCH request, include only the fields that are being modified.