IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
* Check upstream django-ansible-base releases. If the version upstream
does not match the version we are pinned to then submit a PR with the
upstream version.
A user needs to be a member of the org
in order to use a credential in that org.
We were incorrectly checking for "change"
permission of the org, instead of "member".
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Fix command to set db session timeout
Add quote around the value of the setting
Example failures
```
2024-07-10 13:33:29,237 ERROR [a7e55a64e6744a0e920bb1fd78615e5f] awx.main.dispatch Worker failed to run task awx.main.tasks.system.awx_periodic_scheduler(*[], **{}
Traceback (most recent call last):
File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/db/backends/utils.py", line 87, in _execute
return self.cursor.execute(sql)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/psycopg/cursor.py", line 732, in execute
raise ex.with_traceback(None)
psycopg.errors.SyntaxError: trailing junk after numeric literal at or near "1d"
LINE 1: SET idle_in_transaction_session_timeout = 1d
^
```
Timestamp for activity stream is not indexed result in slow query. switching to ID (which effectively will is order by created time) to improve performance
Validate role assignment if org defined
Check that organization is defined on credential
before running queries.
Fixes a "None type does not have attribute id" error.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
* Add test that we got all permissions right for every role
* Fix missing Org execute role and missing adhoc role permission
* Add in missing Organization Approval Role as well
* Remove Role from role names
Utilizes the `validate_role_assignment` callback
from dab (see dab PR #490) to prevent granting credential
access to a user of another organization.
This logic will work for role_user_assignments
and role_team_assignments endpoints.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
* Added new OpenShift Virtualization inventory source to docs.
* Incorporated review feedback from @fosterseth and @TheRealHaoLiu.
* Fixed link to correct kubevirt.core.kubevirt documentation.
* Add better 403 error message for Job template create
To create Job template u need access to projects and inventory
---------
Co-authored-by: Chris Meyers <chris.meyers.fsu@gmail.com>
* Add initial test for deletion of stale permission
* Delete existing EE view permission
* Hypothetically complete update of EE model permissions setup
* Tests passing locally
* Issue with user_capabilities was a test bug, fixed
* Add TASK_MANAGER_LOCK_TIMEOUT
`TASK_MANAGER_LOCK_TIMEOUT` controls the `idle_in_transaction_session_timeout` and `idle_session_timeout` configuration for task manager connections and lock in database
hope to prevent the situation that the task instance that holds the lock becomes unresponsive and preventing other instance to be able to run task manager
* Add session timeout to periodic scheduler and all sub task manager locks
Workaround
```
ERROR awx/main/tests/functional/test_licenses.py - pip._vendor.distlib.DistlibException: Unable to locate finder for 'pip._vendor.distlib'
```
* Add migration testing for certain managed roles
* Fix managed role bugs
* Add more tests
* Fix another bug with org workflow admin role reference
* Add test because another issue is fixed
* Mark reason for test
* Remove internal markers
* Reword failure message
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
---------
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
Script was falsely identifying cross-linked
parents. It needs to check if parent roles if
content type is Team and role_field is
member_role OR admin_role.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
* Include a bit of context into the name of the delete function. The
HTTP_ added prepended string may be unexpected if Django's header
transformation isn't top of mind.
rename AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED
to
ALLOW_LOCAL_RESOURCE_MANAGEMENT
- clearer meaning
- drop prefix so the same setting is used across the platform
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
