Skip to content

Commit

Permalink
Added url for LDAP to method_auth.
Browse files Browse the repository at this point in the history
Fixed ldap url a bit and cleaned up a few things.

Changed conditional back to adn rather than or and changed var back to password rather than username.

fix wsrelay connection in ipv6 environments

Fix: ansible#14511 Add alt-text codeblock to Images for Userguide: main_menu.rst

Signed-off-by: Ratan Gulati <[email protected]>

Revised the proposed Alt text for main_menu.rst

Update insights.rst

Update insights.rst

Revised proposed alt text for insights.rst

Updated images - Workflow Templates chapter of Userguide.

Removed references to images that were deleted.

Fix: ansible#14523 Add alt-text codeblock to Images for workflow_template.rst (ansible#14604)

* add alt to images in workflow_templates.rst

Signed-off-by: Ratan Gulati <[email protected]>

* add alt to images in workflow_templates.rst

Signed-off-by: Ratan Gulati <[email protected]>

* Update workflow_templates.rst

* Revised proposed alt text for workflow_templates.rst

---------

Signed-off-by: Ratan Gulati <[email protected]>
Co-authored-by: TVo <[email protected]>

Added alt text for settings-menu.rst (ansible#14639)

* Re-do for PR ansible#14595 to fix CI issues.

* Added alt text to settings-menu.rst

* Update docs/docsite/rst/common/settings-menu.rst

Co-authored-by: Don Naro <[email protected]>

---------

Co-authored-by: Hao Liu <[email protected]>
Co-authored-by: Don Naro <[email protected]>

Docs: Include REST API reference content from swagger.json (ansible#14607)

Setting credential_type as required (ansible#14651)

* Setting credential_type as required

* Added test for missing credential_type in credential module

* Corrected test assertion

---------

Co-authored-by: Lucas Benedito <[email protected]>

Replaced with larger graphic. (ansible#14647)

Correctly handle case where unpartitioned table does not exist (ansible#14648)

Set subscription type as developer for developer subscriptions. (ansible#14584)

* Set subscription type as developer for developer subscriptions.

Signed-off-by: Tong He <[email protected]>

* Set subscription type as developer for developer subscription manifests.

Signed-off-by: Tong He <[email protected]>

* Remedy the wrong character to assign value.

Signed-off-by: Tong He <[email protected]>

* Reformat licensing.py by black.

Signed-off-by: Tong He <[email protected]>

---------

Signed-off-by: Tong He <[email protected]>

issue ansible#14653 heading does not render correctly (ansible#14665)

Adding the possibility to decode base64 decoded strings to Delinea's Devops Secret Vault (DSV) (ansible#14646)

Adding the possibility to decode base64 decoded strings to Delinea's Devops Secret Vault (DSV).
This is necessary as uploading files to DSV is not possible (and not meant to be) and files should be added base64 encoded.
The commit is making sure to remain backward compatible (no secret decoding), as a default is supplied.

This has been tested with DSV and works for secrets that are base64 encoded and secrets that are not base64 encoded (which is the default).

Signed-off-by: Steffen Scheib <[email protected]>

Added missing pointers to release notes (ansible#14659)

* Replaced with larger graphic.

* Revert "Replaced with larger graphic."

This reverts commit 1214b00.

* Added missing pointers to release notes.

Make vault init more idempotent (ansible#14664)

Currently if you cleanup docker volume for vault and bring docker-compose development back up with vault enabled we will not initialize vault because the secret files still exist.

This change will attempt to initialize vault reguardless and update the secret file if vault is initialized

Remove unused methods we attach to user model (ansible#14668)

Update RBAC docs, remove unused get_permissions (ansible#14492)

* Update RBAC docs, remove unused get_permissions

* Add back in section for get_roles_on_resource

Upgrade doc requirements (ansible#14669)

* upgrade when pip compiling doc reqs

* upgrade doc requirements

allow pytest --migrations to succeed (ansible#14663)

* allow pytest --migrations to succeed

* We actually subvert migrations from running in test via pytest.ini
  --no-migrations option. This has led to bit rot for the sqlite
  migrations happy path. This changeset pays off that tech debt and
  allows for an sqlite migration happy path.
* This paves the way for programatic invocation of individual migrations
  and weaving of the creation of resources (i.e. Instance, Job Template,
  etc). With this, a developer can instantiate various database states,
  trigger a migration, assert the state of the db, and then have pytest
  rollback all of that.
* I will note that in practice, running these migrations is dog shit
  slow BUT this work also opens up the possibility of saving and
  re-using sqlite3 database files. Normally, caching is not THE answer
  and causes more harm than good. But in this case, our migrations are
  mostly write-once (I say mostly because this change set violates
  that :) so cache invalidation isn't a major issue.

* functional test for migrations on sqlite

* We commonly subvert running migrations in test land. Test land uses
  sqlite. By not constantly exercising this code path it atrophies. The
  smoke test here is to continuously exercise that code path.
* Add ci test to run migration tests separately, they take =~ 2-3
  minutes each on my laptop.
* The smoke tests also serves as an example of how to write migration
  tests.

* run migration tests in ci

Fix awx collection publishing on galaxy (ansible#14642)

--location (-L) parameter will prompt curl to submit a new request if the URL is a redirect.

After moving to galaxy-NG without -L the curl falsely return 302 for any version

Co-authored-by: John Barker <[email protected]>

Fixing wsrelay connection loop (ansible#14692)

* Fixing wsrelay connection loop

* The loop was being interrupted when reaching the return statements, causing a race condition that would make nodes remain disconnected from their websockets
* Added log messages for the previous return state to improve the logging from this state.

* Added logging for malformed payload

* Update awx/main/wsrelay.py

Co-authored-by: Rick Elrod <[email protected]>

* Moved logmsg outside condition

---------

Co-authored-by: Lucas Benedito <[email protected]>
Co-authored-by: Rick Elrod <[email protected]>

Fix the bulk Job Launch Integration test in awx collection (ansible#14702)

* fix the integration tests

[CI] Reduce GHA timeouts from 6h default (ansible#14704)

* [CI] Reduce GHA timeouts from 6h default

The goal here is to never interfere with a real run (so most of the
timeout-minutes values seem rather high) but to avoid having 6h long
runs if something goes crazy and never ends.

Signed-off-by: Rick Elrod <[email protected]>

* Do bash hackery instead

Signed-off-by: Rick Elrod <[email protected]>

---------

Signed-off-by: Rick Elrod <[email protected]>

separate tox calls in readthedocs config (ansible#14673)

Add TLS certificate auth for HashiCorp Vault (ansible#14534)

* Add TLS certificate auth for HashiCorp Vault

Add support for AWX to authenticate with HashiCorp Vault using
TLS client certificates.

Also updates the documentation for the HashiCorp Vault secret management
plugins to include both the new TLS options and the missing Kubernetes
auth method options.

Signed-off-by: Andrew Austin <[email protected]>

* Refactor docker-compose vault for TLS cert auth

Add TLS configuration to the docker-compose Vault configuration and
use that method by default in vault plumbing.

This ensures that the result of bringing up the docker-compose stack
with vault enabled and running the plumb-vault playbook is a fully
working credential retrieval setup using TLS client cert authentication.

Signed-off-by: Andrew Austin <[email protected]>

* Remove incorrect trailing space

Co-authored-by: Hao Liu <[email protected]>

* Make vault init idempotent

- improve error handling for vault_initialization
- ignore error if vault cert auth is already configured
- removed unused register

* Add VAULT_TLS option

Make TLS for HashiCorp Vault optional and configurable via VAULT_TLS env var

* Add retries for vault init

Sometime it took longer for vault to fully come up and init will fail

---------

Signed-off-by: Andrew Austin <[email protected]>
Co-authored-by: Hao Liu <[email protected]>
Co-authored-by: Hao Liu <[email protected]>

remove unnecessary required flags for saml backend (ansible#14666)

Signed-off-by: Tyler Muir <[email protected]>

Dependabot for docsite requirements (ansible#14670)

Add django-ansible-base (ansible#14705)

* add django-ansible-base

Signed-off-by: jessicamack <[email protected]>

* add licenses

* add django-ansible-base

Signed-off-by: jessicamack <[email protected]>

* add licenses

* apply patch to fix permissions issue

---------

Signed-off-by: jessicamack <[email protected]>

Remove incorrectly formatted line from requirements.txt (ansible#14714)

remove git+ line

Fix updater bug due to missing newline at EOF (ansible#14713)

Fix undefined error in settings/logging/edit form (ansible#14715)

Fix undefined error in logging settings edit form

Update setuptools-scm (ansible#14716)

* properly format requirement

* upgrade setuptools_scm

* Revert "properly format requirement"

This reverts commit 4c87929.

* test ansible-runner package upgrade

* Revert "test ansible-runner package upgrade"

This reverts commit ba4b74f.

Adding hosts bulk deletion feature (ansible#14462)

* Adding hosts bulk deletion feature

Signed-off-by: Avi Layani <[email protected]>

* fix the type of the argument

Signed-off-by: Avi Layani <[email protected]>

* fixing activity_entry tracking

Signed-off-by: Avi Layani <[email protected]>

* Revert "fixing activity_entry tracking"

This reverts commit c8eab52.
Since the bulk_delete is not related to an inventory, only hosts which
can be from different inventories.

* get only needed vars to reduce memory consumption

Signed-off-by: Avi Layani <[email protected]>

* filtering the data to reduce memory increase the number of queries

Signed-off-by: Avi Layani <[email protected]>

* update the activity stream for inventories

Signed-off-by: Avi Layani <[email protected]>

* fix the changes dict initialiazation

Signed-off-by: Avi Layani <[email protected]>

---------

Signed-off-by: Avi Layani <[email protected]>

Remove superwatcher from docker-compose dev (ansible#14708)

When making changes to the application sometime you can accidentally cause FATAL state and cause the dev container to crash which will remove any ephemeral changes that you have made and is ANNOYING!

Recover rsyslog from 4xx error

Due to ansible#7560

'omhttp' module for rsyslog will completely stop forwarding message to external log aggregator after receiving a 4xx error from the external log aggregator

This PR is an "workaround" for this problem by restarting rsyslogd after detecting that rsyslog received a 4xx error

Correct misuse of stdxxx_event_enabled

Not every log messages need to be emitted as a event!

Send SIGKILL to rsyslog if hard cancellation is needed

Simplify RBAC get_roles_on_resource method (ansible#14710)

* Simplify RBAC get_roles_on_resource method

* Fix bug

* Fix query type bug

Narrow the actor types accepted for RBAC evaluations (ansible#14709)

* Narrow the scope of RBAC evaluations

* Update tests for RBAC method changes

* Simplify querset for credentials in org

* Fix call pattern to pass in team role obj

Use filtering/sorting from django-ansible-base (ansible#14726)

* Move filtering to DAB

* add comment to trigger building a new image

Signed-off-by: jessicamack <[email protected]>

* remove unneeded comment

Signed-off-by: jessicamack <[email protected]>

* remove unused imports

Signed-off-by: jessicamack <[email protected]>

* change mock import

Signed-off-by: jessicamack <[email protected]>

---------

Signed-off-by: jessicamack <[email protected]>
Co-authored-by: jessicamack <[email protected]>

add awx collection export tests

* Basic export tests
* Added test that highlights a problem with running Schedule exports as
  non-root user. We rely on the POST key in the OPTIONS response to
  determine the fields to export for a resource. The POST key is not
  present if a user does NOT have create privileges.
* Fixed up forwarding all headers from the API server back to the test
  code. This was causing a problem in awxkit code that checks for
  allowed HTTP Verbs in the headers.

refactor awxkit import code

* Move awxkit import code into a pytest fixture to better control when
  the import happens
* Ensure /awx_devel/awxkit is added to sys path before awxkit import
  runs

Fix twilio_backend.py to send SMS to multiple destinations. (ansible#14656)

AWX only sends Twilio notifications to one destination with the current version of code, but this is a bug. Fixed this bug for sending SMS to multiple destinations.

Persist schedule prompt on launch fields when editing (ansible#14736)

* persist schedule prompt on launch fields when editing

* Merge job template default credentials with schedule overrides in schedule prompt

* rename vars for clarity

* handle undefined defaultCredentials

---------

Co-authored-by: Michael Abashian <[email protected]>
  • Loading branch information
djyasin and mabashian committed Jan 4, 2024
1 parent 2c8c491 commit 8c6da37
Show file tree
Hide file tree
Showing 153 changed files with 2,187 additions and 961 deletions.
12 changes: 8 additions & 4 deletions .github/actions/run_awx_devel/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,14 @@ runs:
- name: Update default AWX password
shell: bash
run: |
while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -k https://localhost:8043/api/v2/ping/)" != "200" ]]
do
echo "Waiting for AWX..."
sleep 5
SECONDS=0
while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' -k https://localhost:8043/api/v2/ping/)" != "200" ]]; do
if [[ $SECONDS -gt 600 ]]; then
echo "Timing out, AWX never came up"
exit 1
fi
echo "Waiting for AWX..."
sleep 5
done
echo "AWX is up, updating the password..."
docker exec -i tools_awx_1 sh <<-EOSH
Expand Down
10 changes: 10 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
version: 2
updates:
- package-ecosystem: "pip"
directory: "docs/docsite/"
schedule:
interval: "weekly"
open-pull-requests-limit: 2
labels:
- "docs"
- "dependencies"
8 changes: 8 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ jobs:
common-tests:
name: ${{ matrix.tests.name }}
runs-on: ubuntu-latest
timeout-minutes: 60
permissions:
packages: write
contents: read
Expand All @@ -20,6 +21,8 @@ jobs:
tests:
- name: api-test
command: /start_tests.sh
- name: api-migrations
command: /start_tests.sh test_migrations
- name: api-lint
command: /var/lib/awx/venv/awx/bin/tox -e linters
- name: api-swagger
Expand Down Expand Up @@ -47,6 +50,7 @@ jobs:

dev-env:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v3

Expand All @@ -61,6 +65,7 @@ jobs:

awx-operator:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Checkout awx
uses: actions/checkout@v3
Expand Down Expand Up @@ -110,6 +115,7 @@ jobs:
collection-sanity:
name: awx_collection sanity
runs-on: ubuntu-latest
timeout-minutes: 30
strategy:
fail-fast: false
steps:
Expand All @@ -129,6 +135,7 @@ jobs:
collection-integration:
name: awx_collection integration
runs-on: ubuntu-latest
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
Expand Down Expand Up @@ -180,6 +187,7 @@ jobs:
collection-integration-coverage-combine:
name: combine awx_collection integration coverage
runs-on: ubuntu-latest
timeout-minutes: 10
needs:
- collection-integration
strategy:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/devel_images.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ jobs:
push:
if: endsWith(github.repository, '/awx') || startsWith(github.ref, 'refs/heads/release_')
runs-on: ubuntu-latest
timeout-minutes: 60
permissions:
packages: write
contents: read
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ jobs:
docsite-build:
name: docsite test build
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@v3

Expand Down
1 change: 1 addition & 0 deletions .github/workflows/feature_branch_deletion.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ on:
jobs:
push:
runs-on: ubuntu-latest
timeout-minutes: 20
permissions:
packages: write
contents: read
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/label_issue.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ permissions:
jobs:
triage:
runs-on: ubuntu-latest
timeout-minutes: 20
name: Label Issue

steps:
Expand All @@ -26,6 +27,7 @@ jobs:

community:
runs-on: ubuntu-latest
timeout-minutes: 20
name: Label Issue - Community
steps:
- uses: actions/checkout@v3
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/label_pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ permissions:
jobs:
triage:
runs-on: ubuntu-latest
timeout-minutes: 20
name: Label PR

steps:
Expand All @@ -25,6 +26,7 @@ jobs:

community:
runs-on: ubuntu-latest
timeout-minutes: 20
name: Label PR - Community
steps:
- uses: actions/checkout@v3
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/pr_body_check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ jobs:
if: github.repository_owner == 'ansible' && endsWith(github.repository, 'awx')
name: Scan PR description for semantic versioning keywords
runs-on: ubuntu-latest
timeout-minutes: 20
permissions:
packages: write
contents: read
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/promote.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,9 @@ permissions:

jobs:
promote:
if: endsWith(github.repository, '/awx')
if: endsWith(github.repository, '/awx')
runs-on: ubuntu-latest
timeout-minutes: 90
steps:
- name: Checkout awx
uses: actions/checkout@v3
Expand Down Expand Up @@ -46,7 +47,7 @@ jobs:
COLLECTION_TEMPLATE_VERSION: true
run: |
make build_collection
if [ "$(curl --head -sw '%{http_code}' https://galaxy.ansible.com/download/${{ env.collection_namespace }}-awx-${{ github.event.release.tag_name }}.tar.gz | tail -1)" == "302" ] ; then \
if [ "$(curl -L --head -sw '%{http_code}' https://galaxy.ansible.com/download/${{ env.collection_namespace }}-awx-${{ github.event.release.tag_name }}.tar.gz | tail -1)" == "302" ] ; then \
echo "Galaxy release already done"; \
else \
ansible-galaxy collection publish \
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/stage.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ jobs:
stage:
if: endsWith(github.repository, '/awx')
runs-on: ubuntu-latest
timeout-minutes: 90
permissions:
packages: write
contents: write
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/update_dependabot_prs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ jobs:
name: Update Dependabot Prs
if: contains(github.event.pull_request.labels.*.name, 'dependencies') && contains(github.event.pull_request.labels.*.name, 'component:ui')
runs-on: ubuntu-latest
timeout-minutes: 20

steps:
- name: Checkout branch
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/upload_schema.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ on:
jobs:
push:
runs-on: ubuntu-latest
timeout-minutes: 60
permissions:
packages: write
contents: read
Expand Down
3 changes: 2 additions & 1 deletion .readthedocs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ build:
3.11
commands:
- pip install --user tox
- python3 -m tox -e docs
- python3 -m tox -e docs --notest -v
- python3 -m tox -e docs --skip-pkg-install -q
- mkdir -p _readthedocs/html/
- mv docs/docsite/build/html/* _readthedocs/html/
2 changes: 1 addition & 1 deletion MANIFEST.in
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ recursive-exclude awx/settings local_settings.py*
include tools/scripts/request_tower_configuration.sh
include tools/scripts/request_tower_configuration.ps1
include tools/scripts/automation-controller-service
include tools/scripts/failure-event-handler
include tools/scripts/rsyslog-4xx-recovery
include tools/scripts/awx-python
include awx/playbooks/library/mkfifo.py
include tools/sosreport/*
Expand Down
14 changes: 12 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ PROMETHEUS ?= false
GRAFANA ?= false
# If set to true docker-compose will also start a hashicorp vault instance
VAULT ?= false
# If set to true docker-compose will also start a hashicorp vault instance with TLS enabled
VAULT_TLS ?= false
# If set to true docker-compose will also start a tacacs+ instance
TACACS ?= false

Expand All @@ -61,7 +63,7 @@ RECEPTOR_IMAGE ?= quay.io/ansible/receptor:devel
SRC_ONLY_PKGS ?= cffi,pycparser,psycopg,twilio
# These should be upgraded in the AWX and Ansible venv before attempting
# to install the actual requirements
VENV_BOOTSTRAP ?= pip==21.2.4 setuptools==65.6.3 setuptools_scm[toml]==7.0.5 wheel==0.38.4
VENV_BOOTSTRAP ?= pip==21.2.4 setuptools==65.6.3 setuptools_scm[toml]==8.0.4 wheel==0.38.4

NAME ?= awx

Expand Down Expand Up @@ -324,6 +326,12 @@ test:
cd awxkit && $(VENV_BASE)/awx/bin/tox -re py3
awx-manage check_migrations --dry-run --check -n 'missing_migration_file'

test_migrations:
if [ "$(VENV_BASE)" ]; then \
. $(VENV_BASE)/awx/bin/activate; \
fi; \
PYTHONDONTWRITEBYTECODE=1 py.test -p no:cacheprovider --migrations -m migration_test $(PYTEST_ARGS) $(TEST_DIRS)

## Runs AWX_DOCKER_CMD inside a new docker container.
docker-runner:
docker run -u $(shell id -u) --rm -v $(shell pwd):/awx_devel/:Z --workdir=/awx_devel $(DEVEL_IMAGE_NAME) $(AWX_DOCKER_CMD)
Expand Down Expand Up @@ -522,13 +530,15 @@ docker-compose-sources: .git/hooks/pre-commit
-e enable_prometheus=$(PROMETHEUS) \
-e enable_grafana=$(GRAFANA) \
-e enable_vault=$(VAULT) \
-e vault_tls=$(VAULT_TLS) \
-e enable_tacacs=$(TACACS) \
$(EXTRA_SOURCES_ANSIBLE_OPTS)

docker-compose: awx/projects docker-compose-sources
ansible-galaxy install --ignore-certs -r tools/docker-compose/ansible/requirements.yml;
ansible-playbook -i tools/docker-compose/inventory tools/docker-compose/ansible/initialize_containers.yml \
-e enable_vault=$(VAULT);
-e enable_vault=$(VAULT) \
-e vault_tls=$(VAULT_TLS);
$(DOCKER_COMPOSE) -f tools/docker-compose/_sources/docker-compose.yml $(COMPOSE_OPTS) up $(COMPOSE_UP_OPTS) --remove-orphans

docker-compose-credential-plugins: awx/projects docker-compose-sources
Expand Down
Loading

0 comments on commit 8c6da37

Please sign in to comment.