shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-10-26 16:25:06 +03:00
Code Releases Activity
34,125 Commits 40 Branches 19 Tags 380 MiB
87895f6b88
Commit Graph

34125 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alan Rominger
db72c9d5b8
Fix permissions that come from an external auditor role (#15291) 
* Add tests for external auditor

* Add assertion for unified JTs which fails

* Fix UJT listing bug

* Add test for ad hoc commands just to be sure
 2024-06-27 15:57:39 -04:00
jamesmarshall24
4e0d19914f
LISTENER_DATABASES clobbers DATABASES OPTIONS (#15306) 
Do not overwrite DATABASES OPTIONS with LISTENER_DATABASES
 2024-06-27 13:26:30 -04:00
Hao Liu
6f2307f50e
Add TASK_MANAGER_LOCK_TIMEOUT (#15300) 
* Add TASK_MANAGER_LOCK_TIMEOUT

`TASK_MANAGER_LOCK_TIMEOUT` controls the `idle_in_transaction_session_timeout` and `idle_session_timeout` configuration for task manager connections and lock in database

hope to prevent the situation that the task instance that holds the lock becomes unresponsive and preventing other instance to be able to run task manager

* Add session timeout to periodic scheduler and all sub task manager locks
 2024-06-27 09:42:41 -04:00
Alan Rominger
dbc2215bb6
Make attached user models adhere to new API assignments (#15298) 2024-06-26 23:00:25 -04:00
Hao Liu
7c08b29827
Temporary workaround for CI failure (#15305) 
Workaround
```
ERROR awx/main/tests/functional/test_licenses.py - pip._vendor.distlib.DistlibException: Unable to locate finder for 'pip._vendor.distlib'
```
 2024-06-26 15:29:22 -04:00
TVo
407194d320
Added troubleshooting and tips tricks content (#15212) 
* Added troubleshooting and tips tricks content

* Added troubleshooting and tips tricks content

* Moved DNS host entry override info to customize pod spec section of CG chapter.

* Added troubleshooting and tips tricks content

* Moved DNS host entry override info to customize pod spec section of CG chapter.

* Update docs/docsite/rst/administration/containers_instance_groups.rst

Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>

* Update docs/docsite/rst/administration/containers_instance_groups.rst

Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>

* Update docs/docsite/rst/administration/containers_instance_groups.rst

Co-authored-by: Sandra McCann <samccann@redhat.com>

* Incorp'd review feedback from @fosterseth and @samccann

* Update docs/docsite/rst/administration/containers_instance_groups.rst

Co-authored-by: Sandra McCann <samccann@redhat.com>

* Final revisions based on @fosterseth's inputs.

---------

Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
Co-authored-by: Sandra McCann <samccann@redhat.com>
 2024-06-24 12:17:31 -06:00
Alan Rominger
853af295d9
Various RBAC fixes related to managed RoleDefinitions (#15287) 
* Add migration testing for certain managed roles

* Fix managed role bugs

* Add more tests

* Fix another bug with org workflow admin role reference

* Add test because another issue is fixed

* Mark reason for test

* Remove internal markers

* Reword failure message

Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>

---------

Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
 2024-06-21 09:29:34 -04:00
Alan Rominger
4738c8333a
Fix object-level permission bugs with DAB RBAC system (#15284) 
* Fix object-level permission bugs with DAB RBAC system

* Fix NT organization change regression

* Mark tests to AAP number
 2024-06-20 16:34:34 -04:00
Seth Foster
13dcea0afd
Check for admin_role in role_check.py (#15283) 
Script was falsely identifying cross-linked
parents. It needs to check if parent roles if
content type is Team and role_field is
member_role OR admin_role.

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
 2024-06-20 14:04:04 -04:00
Chris Meyers
bc2d339981 Clarify the search for a proxy 2024-06-18 16:41:45 -04:00
Chris Meyers
bef9ef10bb Rename delete 
* Include a bit of context into the name of the delete function. The
  HTTP_ added prepended string may be unexpected if Django's header
  transformation isn't top of mind.
 2024-06-18 16:41:45 -04:00
Chris Meyers
8645fe5c57 Add support for x-trusted-proxy 
* Increase the surface area of the set of headers that the proxy list
  feature looks at for the remote proxy IF x-trusted-proxy is valid.
 2024-06-18 16:41:45 -04:00
Chris Meyers
b93aa20362 Revert "Trust proxy headers for host provision callback" 
This reverts commit 49e3971cd577127705fc0fd1d3b4ab7e3a3c3c2b.
 2024-06-18 16:41:45 -04:00
Chris Meyers
4bbfc8a946 Tests for trust proxy and existing explicit proxy 
* Integration tests to ensure the integration of the two features.
 2024-06-18 16:41:45 -04:00
Chris Meyers
2c8eef413b Trust proxy headers for host provision callback 
* Do not remove special header list if request is from a trusted proxy.
* Continue to remove headers if request if from a non-trusted proxy.
 2024-06-18 16:41:45 -04:00
Alan Rominger
d5bad1a533
Pass the Makefile python exe to ansible-playbook (#15282) 2024-06-18 13:03:01 -04:00
Alan Rominger
f6c0effcb2
Use public methods to reference registered models (#15277) 2024-06-17 11:45:44 -04:00
Chad Ferman
31a086b11a
Add OpenShift Virtualization Inventory source option (#15047) 
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
 2024-06-14 13:38:37 -04:00
a_nackov
d94f766fcb
Fix notification name search (#15231) 
Signed-off-by: Adrian Nackov <adrian.nackov@mail.schwarz>
 2024-06-13 14:49:54 +00:00
Neev Geffen
6c1c33e47d add HasCreate 2024-06-13 15:13:58 +03:00
Neev Geffen
e1d3ff152e Remove unneccessery pass 2024-06-13 15:13:58 +03:00
neevnuv
1828a0090b add to credential_input EXPORTABLE_RESOURCES 2024-06-13 15:13:58 +03:00
neevnuv
597e9bf1b5 adding credential_input_soucres 2024-06-13 15:13:58 +03:00
neevnuv
be8d7819b8 Remove NATURAL_KEY and change to dependant nonexport 2024-06-13 15:13:58 +03:00
Neev Geffen
14f02f3979 remove metadata from natural key (#2) 2024-06-13 15:13:58 +03:00
Neev Geffen
f9d0dbe6da Awxkit add credential input sources output for credentials (#1) 
* testing on credential_input_source output

* testing2

* change from usage of credential_input_source to related_input_source

* fix change

* Add natural key

* remove description from natural key
 2024-06-13 15:13:58 +03:00
neevnuv
801c2fd2f3 Add CredentialInputSource 2024-06-13 15:13:58 +03:00
Viktor Varga
a7113549eb
Add 'Terraform State' inventory source support for collection (#15258) 2024-06-12 19:22:21 +00:00
Jake Jackson
bfd811f408
Upgrade aiohttp for cve 2024-23829 (#15257) 2024-06-12 19:20:40 +00:00
Jeff Bradberry
030704a9e1 Change all uses of ImplicitRoleField to do on_delete=SET_NULL 
This will mitigate the problem where if any Role gets deleted for some
weird reason it could previously cascade delete important objects.
 2024-06-12 13:08:03 -04:00
Seth Foster
c312d9bce3
Rename setting to allow local resource management (#15269) 
rename AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED
to
ALLOW_LOCAL_RESOURCE_MANAGEMENT

- clearer meaning
- drop prefix so the same setting is used across the platform

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
 2024-06-11 12:50:18 -04:00
Jeff Bradberry
aadcc217eb This should deal correctly with the ancestor list mismatches 2024-06-10 16:36:22 -04:00
Jeff Bradberry
345c1c11e9 Guard against the role field not being populated 
when doing the final reset of Role.implicit_parents.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
2c3a7fafc5 Add a new test scenario 
to trigger the implicit parent not being in the parents and ancestors lists.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
dbcd32a1d9 Mark and rebuild the implicit_parents field for all affected roles 2024-06-10 16:36:22 -04:00
Jeff Bradberry
d45e258a78 Wait until the end of the fix script to clean up orphaned roles 2024-06-10 16:36:22 -04:00
Jeff Bradberry
d16b69a102 Add output of the update and deletion counts to fix.py 2024-06-10 16:36:22 -04:00
Jeff Bradberry
8b4efbc973 Do not throw away the container of cross-linked parents 
Since we use it twice, the second time to get the id field of each.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
4cb061e7db Add a readme file with instructions 2024-06-10 16:36:22 -04:00
Jeff Bradberry
31db6a1447 Fix another instance where a bad resource->Role fk could throw a traceback 2024-06-10 16:36:22 -04:00
Jeff Bradberry
ad9d5904d8 Adjusted foreignkeys.sql for correctness 
Some relationships known to be handled by the special mapping sql file
were being caught as false positives.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
b837d549ff Split the foreign key sql script into an 'into' and 'from' portion 
Also, make use of up-front defined arrays of the tables involved, for
ease of editing in the future.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
9e22865d2e Filter out the relations within the known topology tables 2024-06-10 16:36:22 -04:00
Jeff Bradberry
ee3e3e1516 First cut at detecting which foreign keys enter and exit the topology tables 2024-06-10 16:36:22 -04:00
Jeff Bradberry
4a8f6e45f8 Move the "test" files into their own directory 2024-06-10 16:36:22 -04:00
Jeff Bradberry
6a317cca1b Remove the role_chain.py module 
it wound up being unworkable, and I think ultimately we only need to
check the immediate parentage of each role.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
d67af79451 Attempt to correct any crosslinked parents 
I think that rebuild_role_ancestor_list() will then correctly update
all of the affected Role.ancestors.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
fe77fda7b2 Exclude more files in the .gitignore 2024-06-10 16:36:22 -04:00
Jeff Bradberry
f613b76baa Modify the role parent check logic to stay in the roles as much as possible 
since the foreign keys to the roles from the resources can make us go
wrong almost immediately.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
054cbe69d7 Exclude the team grant false positives 
The results in my test now look correct.
 2024-06-10 16:36:22 -04:00