shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-10-27 17:55:10 +03:00
Code Releases Activity
16c7908adc
awx/requirements
History
Shane McDonald 16c7908adc Skip pytest 7.0.0 
A test was failing with:

    from importlib.readers import FileReader
E   ModuleNotFoundError: No module named 'importlib.readers'
2022-02-04 15:48:18 -05:00
..
README.md updates the implementation of the slack backend for notifications 2021-10-26 16:41:10 +02:00
requirements_dev.txt Skip pytest 7.0.0 2022-02-04 15:48:18 -05:00
requirements_git.txt Pass ident to "process" cmd and disable stdout file 2022-01-18 13:00:39 -05:00
requirements_tower_uninstall.txt Remove removal requirement that isn't actually in the requirements 2019-10-16 15:34:33 -04:00
requirements.in Merge pull request #11332 from shanemcd/bump-deps 2022-01-24 12:13:53 -05:00
requirements.txt Merge pull request #11332 from shanemcd/bump-deps 2022-01-24 12:13:53 -05:00
updater.sh Deal properly with comments in requirements_git.txt 2022-01-28 17:30:42 -05:00

README.md

Dependency Management

The requirements.txt file is generated from requirements.in, using pip-tools pip-compile.

How To Use

Commands should be run from inside the ./requirements directory of the awx repository.

Upgrading or Adding Select Libraries

If you need to add or upgrade one targeted library, then modify requirements.in, then run the script:

./updater.sh

NOTE: ./updater.sh uses /usr/bin/python3.6, to match the current python version (3.6) used to build releases.

Note - watch out for the updater script, using paths local to your machine instead of generalized paths; ie
    # via -r /awx_devel/requirements/requirements.in <-RIGHT
    # via -r /home/foo/bar/awx/requirements/requirements.in <-WRONG

Upgrading Unpinned Dependency

If you require a new version of a dependency that does not have a pinned version for a fix or feature, pin a minimum version and run ./updater.sh. For example, replace the line asgi-amqp with asgi-amqp>=1.1.4, and consider leaving a note.

Then next time that a general upgrade is performed, the minimum version specifiers can be removed, because *.txt files are upgraded to latest.

Upgrading Dependencies

You can upgrade (pip-compile --upgrade) the dependencies by running

./updater.sh upgrade.

Licenses and Source Files

If any library has a change to its license with the upgrade, then the license for that library inside of docs/licenses needs to be updated.

For libraries that have source distribution requirements (LGPL as an example), a tarball of the library is kept along with the license. To download the PyPI tarball, you can run this command:

pip download <pypi library name> -d docs/licenses/ --no-binary :all: --no-deps

Make sure to delete the old tarball if it is an upgrade.

UPGRADE BLOCKERs

Anything pinned in *.in files involves additional manual work in order to upgrade. Some information related to that work is outlined here.

django

For any upgrade of Django, it must be confirmed that we don't regress on FIPS support before merging.

See internal integration test knowledge base article how_to_test_FIPS for instructions.

If operating in a FIPS environment, hashlib.md5() will raise a ValueError, but will support the usedforsecurity keyword on RHEL and Centos systems.

Keep an eye on https://code.djangoproject.com/ticket/28401

The override of names_digest could easily be broken in a future version. Check that the import remains the same in the desired version.

af5ec222cc/django/db/backends/base/schema.py (L7)

social-auth-app-django

django-social keeps a list of backends in memory that it gathers based on the value of settings.AUTHENTICATION_BACKENDS at import time: c1e2795b00/social_django/utils.py (L13)

Our settings.AUTHENTICATION_BACKENDS can change dynamically as settings are changed (i.e., if somebody configures Github OAuth2 integration), so we need to overwrite this in-memory value at the top of every request so that we have the latest version

django-oauth-toolkit

Version 1.2.0 of this project has a bug that error when revoking tokens. This is fixed in the master branch but is not yet released.

When upgrading past 1.2.0 in the future, the 0025 migration needs to be edited, just like the old migration was edited in the project: 96538876d0 The field can simply have the validator method validate_uris removed.

azure-keyvault

Upgrading to 4.0.0 causes error because imports changed.

  File "/var/lib/awx/venv/awx/lib64/python3.6/site-packages/awx/main/credential_plugins/azure_kv.py", line 4, in <module>
  from azure.keyvault import KeyVaultClient, KeyVaultAuthentication
ImportError: cannot import name 'KeyVaultClient'

django-jsonfield

Instead of calling a loads() operation, the returned value is casted into a string in some cases, introduced in the change:

https://github.com/adamchainz/django-jsonfield/pull/14

This breaks a very large amount of AWX code that assumes these fields are returned as dicts. Upgrading this library will require a refactor to accomidate this change.

pip and setuptools

The offline installer needs to have functionality confirmed before upgrading these. Versions need to match the versions used in the pip bootstrapping step in the top-level Makefile.

cryptography

The offline installer needs to have functionality confirmed before upgrading these.

Library Notes

pexpect

Version 4.8 makes us a little bit nervous with changes to searchwindowsize https://github.com/pexpect/pexpect/pull/579/files Pin to pexpect==4.7.x until we have more time to move to 4.8 and test.