Alan Rominger
db72c9d5b8
Fix permissions that come from an external auditor role ( #15291 )
...
* Add tests for external auditor
* Add assertion for unified JTs which fails
* Fix UJT listing bug
* Add test for ad hoc commands just to be sure
2024-06-27 15:57:39 -04:00
jamesmarshall24
4e0d19914f
LISTENER_DATABASES clobbers DATABASES OPTIONS ( #15306 )
...
Do not overwrite DATABASES OPTIONS with LISTENER_DATABASES
2024-06-27 13:26:30 -04:00
Hao Liu
6f2307f50e
Add TASK_MANAGER_LOCK_TIMEOUT ( #15300 )
...
* Add TASK_MANAGER_LOCK_TIMEOUT
`TASK_MANAGER_LOCK_TIMEOUT` controls the `idle_in_transaction_session_timeout` and `idle_session_timeout` configuration for task manager connections and lock in database
hope to prevent the situation that the task instance that holds the lock becomes unresponsive and preventing other instance to be able to run task manager
* Add session timeout to periodic scheduler and all sub task manager locks
2024-06-27 09:42:41 -04:00
Alan Rominger
dbc2215bb6
Make attached user models adhere to new API assignments ( #15298 )
2024-06-26 23:00:25 -04:00
Hao Liu
7c08b29827
Temporary workaround for CI failure ( #15305 )
...
Workaround
```
ERROR awx/main/tests/functional/test_licenses.py - pip._vendor.distlib.DistlibException: Unable to locate finder for 'pip._vendor.distlib'
```
2024-06-26 15:29:22 -04:00
TVo
407194d320
Added troubleshooting and tips tricks content ( #15212 )
...
* Added troubleshooting and tips tricks content
* Added troubleshooting and tips tricks content
* Moved DNS host entry override info to customize pod spec section of CG chapter.
* Added troubleshooting and tips tricks content
* Moved DNS host entry override info to customize pod spec section of CG chapter.
* Update docs/docsite/rst/administration/containers_instance_groups.rst
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
* Update docs/docsite/rst/administration/containers_instance_groups.rst
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
* Update docs/docsite/rst/administration/containers_instance_groups.rst
Co-authored-by: Sandra McCann <samccann@redhat.com>
* Incorp'd review feedback from @fosterseth and @samccann
* Update docs/docsite/rst/administration/containers_instance_groups.rst
Co-authored-by: Sandra McCann <samccann@redhat.com>
* Final revisions based on @fosterseth's inputs.
---------
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
Co-authored-by: Sandra McCann <samccann@redhat.com>
2024-06-24 12:17:31 -06:00
Alan Rominger
853af295d9
Various RBAC fixes related to managed RoleDefinitions ( #15287 )
...
* Add migration testing for certain managed roles
* Fix managed role bugs
* Add more tests
* Fix another bug with org workflow admin role reference
* Add test because another issue is fixed
* Mark reason for test
* Remove internal markers
* Reword failure message
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
---------
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
2024-06-21 09:29:34 -04:00
Alan Rominger
4738c8333a
Fix object-level permission bugs with DAB RBAC system ( #15284 )
...
* Fix object-level permission bugs with DAB RBAC system
* Fix NT organization change regression
* Mark tests to AAP number
2024-06-20 16:34:34 -04:00
Seth Foster
13dcea0afd
Check for admin_role in role_check.py ( #15283 )
...
Script was falsely identifying cross-linked
parents. It needs to check if parent roles if
content type is Team and role_field is
member_role OR admin_role.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
2024-06-20 14:04:04 -04:00
Chris Meyers
bc2d339981
Clarify the search for a proxy
2024-06-18 16:41:45 -04:00
Chris Meyers
bef9ef10bb
Rename delete
...
* Include a bit of context into the name of the delete function. The
HTTP_ added prepended string may be unexpected if Django's header
transformation isn't top of mind.
2024-06-18 16:41:45 -04:00
Chris Meyers
8645fe5c57
Add support for x-trusted-proxy
...
* Increase the surface area of the set of headers that the proxy list
feature looks at for the remote proxy IF x-trusted-proxy is valid.
2024-06-18 16:41:45 -04:00
Chris Meyers
b93aa20362
Revert "Trust proxy headers for host provision callback"
...
This reverts commit 49e3971cd577127705fc0fd1d3b4ab7e3a3c3c2b.
2024-06-18 16:41:45 -04:00
Chris Meyers
4bbfc8a946
Tests for trust proxy and existing explicit proxy
...
* Integration tests to ensure the integration of the two features.
2024-06-18 16:41:45 -04:00
Chris Meyers
2c8eef413b
Trust proxy headers for host provision callback
...
* Do not remove special header list if request is from a trusted proxy.
* Continue to remove headers if request if from a non-trusted proxy.
2024-06-18 16:41:45 -04:00
Alan Rominger
d5bad1a533
Pass the Makefile python exe to ansible-playbook ( #15282 )
2024-06-18 13:03:01 -04:00
Alan Rominger
f6c0effcb2
Use public methods to reference registered models ( #15277 )
2024-06-17 11:45:44 -04:00
Chad Ferman
31a086b11a
Add OpenShift Virtualization Inventory source option ( #15047 )
...
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
2024-06-14 13:38:37 -04:00
a_nackov
d94f766fcb
Fix notification name search ( #15231 )
...
Signed-off-by: Adrian Nackov <adrian.nackov@mail.schwarz>
2024-06-13 14:49:54 +00:00
Neev Geffen
6c1c33e47d
add HasCreate
2024-06-13 15:13:58 +03:00
Neev Geffen
e1d3ff152e
Remove unneccessery pass
2024-06-13 15:13:58 +03:00
neevnuv
1828a0090b
add to credential_input EXPORTABLE_RESOURCES
2024-06-13 15:13:58 +03:00
neevnuv
597e9bf1b5
adding credential_input_soucres
2024-06-13 15:13:58 +03:00
neevnuv
be8d7819b8
Remove NATURAL_KEY and change to dependant nonexport
2024-06-13 15:13:58 +03:00
Neev Geffen
14f02f3979
remove metadata from natural key ( #2 )
2024-06-13 15:13:58 +03:00
Neev Geffen
f9d0dbe6da
Awxkit add credential input sources output for credentials ( #1 )
...
* testing on credential_input_source output
* testing2
* change from usage of credential_input_source to related_input_source
* fix change
* Add natural key
* remove description from natural key
2024-06-13 15:13:58 +03:00
neevnuv
801c2fd2f3
Add CredentialInputSource
2024-06-13 15:13:58 +03:00
Viktor Varga
a7113549eb
Add 'Terraform State' inventory source support for collection ( #15258 )
2024-06-12 19:22:21 +00:00
Jake Jackson
bfd811f408
Upgrade aiohttp for cve 2024-23829 ( #15257 )
2024-06-12 19:20:40 +00:00
Jeff Bradberry
030704a9e1
Change all uses of ImplicitRoleField to do on_delete=SET_NULL
...
This will mitigate the problem where if any Role gets deleted for some
weird reason it could previously cascade delete important objects.
2024-06-12 13:08:03 -04:00
Seth Foster
c312d9bce3
Rename setting to allow local resource management ( #15269 )
...
rename AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED
to
ALLOW_LOCAL_RESOURCE_MANAGEMENT
- clearer meaning
- drop prefix so the same setting is used across the platform
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
2024-06-11 12:50:18 -04:00
Jeff Bradberry
aadcc217eb
This should deal correctly with the ancestor list mismatches
2024-06-10 16:36:22 -04:00
Jeff Bradberry
345c1c11e9
Guard against the role field not being populated
...
when doing the final reset of Role.implicit_parents.
2024-06-10 16:36:22 -04:00
Jeff Bradberry
2c3a7fafc5
Add a new test scenario
...
to trigger the implicit parent not being in the parents and ancestors lists.
2024-06-10 16:36:22 -04:00
Jeff Bradberry
dbcd32a1d9
Mark and rebuild the implicit_parents field for all affected roles
2024-06-10 16:36:22 -04:00
Jeff Bradberry
d45e258a78
Wait until the end of the fix script to clean up orphaned roles
2024-06-10 16:36:22 -04:00
Jeff Bradberry
d16b69a102
Add output of the update and deletion counts to fix.py
2024-06-10 16:36:22 -04:00
Jeff Bradberry
8b4efbc973
Do not throw away the container of cross-linked parents
...
Since we use it twice, the second time to get the id field of each.
2024-06-10 16:36:22 -04:00
Jeff Bradberry
4cb061e7db
Add a readme file with instructions
2024-06-10 16:36:22 -04:00
Jeff Bradberry
31db6a1447
Fix another instance where a bad resource->Role fk could throw a traceback
2024-06-10 16:36:22 -04:00
Jeff Bradberry
ad9d5904d8
Adjusted foreignkeys.sql for correctness
...
Some relationships known to be handled by the special mapping sql file
were being caught as false positives.
2024-06-10 16:36:22 -04:00
Jeff Bradberry
b837d549ff
Split the foreign key sql script into an 'into' and 'from' portion
...
Also, make use of up-front defined arrays of the tables involved, for
ease of editing in the future.
2024-06-10 16:36:22 -04:00
Jeff Bradberry
9e22865d2e
Filter out the relations within the known topology tables
2024-06-10 16:36:22 -04:00
Jeff Bradberry
ee3e3e1516
First cut at detecting which foreign keys enter and exit the topology tables
2024-06-10 16:36:22 -04:00
Jeff Bradberry
4a8f6e45f8
Move the "test" files into their own directory
2024-06-10 16:36:22 -04:00
Jeff Bradberry
6a317cca1b
Remove the role_chain.py module
...
it wound up being unworkable, and I think ultimately we only need to
check the immediate parentage of each role.
2024-06-10 16:36:22 -04:00
Jeff Bradberry
d67af79451
Attempt to correct any crosslinked parents
...
I think that rebuild_role_ancestor_list() will then correctly update
all of the affected Role.ancestors.
2024-06-10 16:36:22 -04:00
Jeff Bradberry
fe77fda7b2
Exclude more files in the .gitignore
2024-06-10 16:36:22 -04:00
Jeff Bradberry
f613b76baa
Modify the role parent check logic to stay in the roles as much as possible
...
since the foreign keys to the roles from the resources can make us go
wrong almost immediately.
2024-06-10 16:36:22 -04:00
Jeff Bradberry
054cbe69d7
Exclude the team grant false positives
...
The results in my test now look correct.
2024-06-10 16:36:22 -04:00