From 45937f0be3ac2759d5e480283f231d96779830de Mon Sep 17 00:00:00 2001 From: surbhijain1502 Date: Sat, 12 Dec 2020 01:19:15 +0530 Subject: [PATCH 01/13] Registering Centrify Plugin as entrypoint Register Plugin --- setup.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup.py b/setup.py index ef696c9deb..5f23de9052 100755 --- a/setup.py +++ b/setup.py @@ -130,7 +130,8 @@ setup( 'hashivault_kv = awx.main.credential_plugins.hashivault:hashivault_kv_plugin', 'hashivault_ssh = awx.main.credential_plugins.hashivault:hashivault_ssh_plugin', 'azure_kv = awx.main.credential_plugins.azure_kv:azure_keyvault_plugin', - 'aim = awx.main.credential_plugins.aim:aim_plugin' + 'aim = awx.main.credential_plugins.aim:aim_plugin', + 'centrify_vault_kv=awx.main.credential_plugins.centrify_vault:centrify_plugin' ] }, data_files = proc_data_files([ From 2d0eae26bcc1f435d60631cf5ccb36c808661e4c Mon Sep 17 00:00:00 2001 From: surbhijain1502 Date: Sat, 12 Dec 2020 01:42:06 +0530 Subject: [PATCH 02/13] Adding Centrify plugin namespace to test --- awx/main/tests/functional/test_credential.py | 1 + 1 file changed, 1 insertion(+) diff --git a/awx/main/tests/functional/test_credential.py b/awx/main/tests/functional/test_credential.py index 4f87c249be..abcd234676 100644 --- a/awx/main/tests/functional/test_credential.py +++ b/awx/main/tests/functional/test_credential.py @@ -98,6 +98,7 @@ def test_default_cred_types(): 'tower', 'vault', 'vmware', + 'centrify_vault_kv', ] for type_ in CredentialType.defaults.values(): assert type_().managed_by_tower is True From f062554e82992ad9a9034610721956ff85b25da9 Mon Sep 17 00:00:00 2001 From: surbhijain1502 Date: Sat, 12 Dec 2020 01:55:33 +0530 Subject: [PATCH 03/13] To test Centrify Vault Credential Source --- .../test/awx/test_credential_input_source.py | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/awx_collection/test/awx/test_credential_input_source.py b/awx_collection/test/awx/test_credential_input_source.py index 703ad4adb3..8984fdfb12 100644 --- a/awx_collection/test/awx/test_credential_input_source.py +++ b/awx_collection/test/awx/test_credential_input_source.py @@ -332,3 +332,52 @@ def test_aim_credential_source(run_module, admin_user, organization, source_cred assert cis.source_credential.name == source_cred_aim_alt.name assert cis.target_credential.name == tgt_cred.name assert cis.input_field_name == 'password' + + + # Test Centrify Vault secret credential source +@pytest.fixture +def source_cred_centrify_secret(organization): + # Make a credential type which will be used by the credential + ct = CredentialType.defaults['centrify_vault_kv']() + ct.save() + return Credential.objects.create( + name='Centrify vault secret Cred', + credential_type=ct, + inputs={ + "url": "https://tenant_id.my.centrify-dev.net", + "client_id": "secretuser@tenant", + "client_password": "secretuserpassword", + } + ) + + +@pytest.mark.django_db +def test_centrify_vault_credential_source(run_module, admin_user, organization, source_cred_centrify_secret, silence_deprecation): + ct = CredentialType.defaults['ssh']() + ct.save() + tgt_cred = Credential.objects.create( + name='Test Machine Credential', + organization=organization, + credential_type=ct, + inputs={'username': 'bob'} + ) + + result = run_module('tower_credential_input_source', dict( + source_credential=source_cred_centrify_secret.name, + target_credential=tgt_cred.name, + input_field_name='password', + metadata={"system-name": "systemname", "account-name": "accountname"}, + state='present' + ), admin_user) + + assert not result.get('failed', False), result.get('msg', result) + assert result.get('changed'), result + assert CredentialInputSource.objects.count() == 1 + cis = CredentialInputSource.objects.first() + + assert cis.metadata['system-name'] == "systemname" + assert cis.metadata['account-name'] == "accountname" + assert cis.source_credential.name == source_cred_centrify_secret.name + assert cis.target_credential.name == tgt_cred.name + assert cis.input_field_name == 'password' + assert result['id'] == cis.pk From d913d622d3a76d590eb4ca6717802bfa278f6579 Mon Sep 17 00:00:00 2001 From: surbhijain1502 Date: Sat, 12 Dec 2020 02:12:58 +0530 Subject: [PATCH 04/13] Centrify Vault Plugin To read Inputs and fetch the data from PAS Portal --- awx/main/credential_plugins/centrify_vault.py | 136 ++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 awx/main/credential_plugins/centrify_vault.py diff --git a/awx/main/credential_plugins/centrify_vault.py b/awx/main/credential_plugins/centrify_vault.py new file mode 100644 index 0000000000..61da193596 --- /dev/null +++ b/awx/main/credential_plugins/centrify_vault.py @@ -0,0 +1,136 @@ +from .plugin import CredentialPlugin, raise_for_status +from django.utils.translation import ugettext_lazy as _ +from urllib.parse import urljoin +import requests +import base64 +import json +pas_inputs = { + 'fields': [{ + 'id': 'url', + 'label': _('Centrify Tenant URL'), + 'type': 'string', + 'help_text': _('Centrify Tenant URL'), + 'format': 'url', + }, { + 'id':'client_id', + 'label':_('Centrify API User'), + 'type':'string', + 'help_text': _('Centrify API User, having necessary permissions as mentioned in support doc'), + + }, { + 'id':'client_password', + 'label':_('Centrify API Password'), + 'type':'string', + 'help_text': _('Password of Centrify API User with necessary permissions'), + 'secret':True, + }], + 'metadata': [{ + 'id': 'account-name', + 'label': _('Account Name'), + 'type': 'string', + 'help_text': _('Local system account or Domain account name enrolled in Centrify Vault. eg. (root or DOMAIN/Administrator)'), + 'secret': True, + },{ + 'id': 'system-name', + 'label': _('System Name'), + 'type': 'string', + 'help_text': _('Machine Name enrolled with in Centrify Portal'), + }], + 'required': ['url', 'account-name', 'system-name','client_id','client_password'], +} + + +# generate bearer token to authenticate with PAS portal, Input : Client ID, Client Secret +def handle_auth(**kwargs): + tokens = None + post_data = { + "grant_type": "client_credentials", + "scope":"siem" + } + post_header = { + "Authorization": 'Basic ' + base64.b64encode(bytes(kwargs['client_id'] + ":" + kwargs['client_password'], 'ascii')).decode('ascii') + } + response = requests.post( + kwargs['endpoint'], + data = post_data, + headers = post_header, + verify = True, + timeout = (5, 30) + ) + raise_for_status(response) + tokens = json.loads(response.text) + try: + return tokens['access_token'] + except KeyError: + raise RuntimeError('OAuth request to tenant was unsuccessful') + + +# fetch the ID of system with RedRock query, Input : System Name, Account Name +def get_ID(**kwargs): + endpoint = urljoin(kwargs['url'],'/Redrock/query') + name=" Name='{0}' and User='{1}'".format(kwargs['system_name'],kwargs['acc_name']) + query = 'Select * from VaultAccount where {0}'.format(name) + post_data = json.dumps({'Script': query}) + post_headers = { + "Authorization": "Bearer " + kwargs['access_token'], + "X-CENTRIFY-NATIVE-CLIENT":"true" + } + response = requests.post( + endpoint, + data = post_data, + headers = post_headers, + timeout = (5, 30) + ) + raise_for_status(response) + tokens = json.loads(response.text) + result_str=tokens["Result"]["Results"] + try: + acc_ID=result_str[0]["Row"]["ID"] + return acc_ID + except IndexError: + raise RuntimeError("Error Detected!! Check the Inputs") + + +# CheckOut Password from Centrify Vault, Input : ID +def get_passwd(**kwargs): + endpoint = urljoin(kwargs['url'],'/ServerManage/CheckoutPassword') + post_data = json.dumps({'ID': kwargs['acc_id']}) + post_headers = { + "Authorization": "Bearer " + kwargs['access_token'], + "X-CENTRIFY-NATIVE-CLIENT":"true" + } + response = requests.post( + endpoint, + data = post_data, + headers = post_headers, + timeout = (5, 30) + ) + raise_for_status(response) + tokens=json.loads(response.text) + try: + result_str=tokens["Result"]["Password"] + return result_str + except TypeError: + raise RuntimeError("Password Not Found") + + +def centrify_backend(**kwargs): + url = kwargs.get('url') # + acc_name = kwargs.get('account-name') + system_name = kwargs.get('system-name') + client_id = kwargs.get('client_id') + client_password = kwargs.get('client_password') + endpoint = urljoin(url,'/oauth2/token/oauthsiem') + endpoint = {'endpoint':endpoint,'client_id':client_id,'client_password':client_password} + token = handle_auth(**endpoint) + get_id_args = {'system_name':system_name,'acc_name':acc_name,'url':url,'access_token':token} + acc_id = get_ID(**get_id_args) + get_pwd_args = {'url':url,'acc_id':acc_id,'access_token':token} + return get_passwd(**get_pwd_args) + + +centrify_plugin = CredentialPlugin( + 'Centrify Vault Credential Provider Lookup', + inputs=pas_inputs, + backend=centrify_backend +) From f83126643ae536d79e3f8966fec01fe6f58b59f5 Mon Sep 17 00:00:00 2001 From: surbhijain1502 Date: Wed, 16 Dec 2020 23:00:38 +0530 Subject: [PATCH 05/13] Removed account name as secret, query changed --- awx/main/credential_plugins/centrify_vault.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/awx/main/credential_plugins/centrify_vault.py b/awx/main/credential_plugins/centrify_vault.py index 61da193596..77c49dc482 100644 --- a/awx/main/credential_plugins/centrify_vault.py +++ b/awx/main/credential_plugins/centrify_vault.py @@ -29,7 +29,6 @@ pas_inputs = { 'label': _('Account Name'), 'type': 'string', 'help_text': _('Local system account or Domain account name enrolled in Centrify Vault. eg. (root or DOMAIN/Administrator)'), - 'secret': True, },{ 'id': 'system-name', 'label': _('System Name'), @@ -69,7 +68,7 @@ def handle_auth(**kwargs): def get_ID(**kwargs): endpoint = urljoin(kwargs['url'],'/Redrock/query') name=" Name='{0}' and User='{1}'".format(kwargs['system_name'],kwargs['acc_name']) - query = 'Select * from VaultAccount where {0}'.format(name) + query = 'Select ID from VaultAccount where {0}'.format(name) post_data = json.dumps({'Script': query}) post_headers = { "Authorization": "Bearer " + kwargs['access_token'], From bbf283d1fd4847165bdbf6d3abb0ec873ca666b8 Mon Sep 17 00:00:00 2001 From: surbhijain1502 Date: Sat, 19 Dec 2020 23:34:10 +0530 Subject: [PATCH 06/13] Change namespace placing in the array --- awx/main/tests/functional/test_credential.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/awx/main/tests/functional/test_credential.py b/awx/main/tests/functional/test_credential.py index abcd234676..f2bfa92dac 100644 --- a/awx/main/tests/functional/test_credential.py +++ b/awx/main/tests/functional/test_credential.py @@ -79,6 +79,7 @@ def test_default_cred_types(): 'aws', 'azure_kv', 'azure_rm', + 'centrify_vault_kv', 'conjur', 'galaxy_api_token', 'gce', @@ -98,7 +99,6 @@ def test_default_cred_types(): 'tower', 'vault', 'vmware', - 'centrify_vault_kv', ] for type_ in CredentialType.defaults.values(): assert type_().managed_by_tower is True From 18752a637faaed88772eb0f4fc1782fee660ad2a Mon Sep 17 00:00:00 2001 From: Asharma-bhavna Date: Fri, 22 Jan 2021 17:12:22 +0530 Subject: [PATCH 07/13] Code changes suggested by AWX repo reviewer team --- awx/main/credential_plugins/centrify_vault.py | 24 +++++++------------ 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/awx/main/credential_plugins/centrify_vault.py b/awx/main/credential_plugins/centrify_vault.py index 77c49dc482..19a5bd5ad8 100644 --- a/awx/main/credential_plugins/centrify_vault.py +++ b/awx/main/credential_plugins/centrify_vault.py @@ -46,20 +46,16 @@ def handle_auth(**kwargs): "grant_type": "client_credentials", "scope":"siem" } - post_header = { - "Authorization": 'Basic ' + base64.b64encode(bytes(kwargs['client_id'] + ":" + kwargs['client_password'], 'ascii')).decode('ascii') - } response = requests.post( kwargs['endpoint'], data = post_data, - headers = post_header, + auth = (kwargs['client_id'],kwargs['client_password']), verify = True, timeout = (5, 30) ) raise_for_status(response) - tokens = json.loads(response.text) try: - return tokens['access_token'] + return response.json()['access_token'] except KeyError: raise RuntimeError('OAuth request to tenant was unsuccessful') @@ -81,12 +77,10 @@ def get_ID(**kwargs): timeout = (5, 30) ) raise_for_status(response) - tokens = json.loads(response.text) - result_str=tokens["Result"]["Results"] try: - acc_ID=result_str[0]["Row"]["ID"] - return acc_ID - except IndexError: + result_str = response.json()["Result"]["Results"] + return result_str[0]["Row"]["ID"] + except (IndexError, KeyError): raise RuntimeError("Error Detected!! Check the Inputs") @@ -105,16 +99,14 @@ def get_passwd(**kwargs): timeout = (5, 30) ) raise_for_status(response) - tokens=json.loads(response.text) try: - result_str=tokens["Result"]["Password"] - return result_str - except TypeError: + return response.json()["Result"]["Password"] + except KeyError: raise RuntimeError("Password Not Found") def centrify_backend(**kwargs): - url = kwargs.get('url') # + url = kwargs.get('url') acc_name = kwargs.get('account-name') system_name = kwargs.get('system-name') client_id = kwargs.get('client_id') From cccd021d8b0254e96c42ace41182e820e24a1254 Mon Sep 17 00:00:00 2001 From: Asharma-bhavna Date: Fri, 22 Jan 2021 17:35:08 +0530 Subject: [PATCH 08/13] Removed explicitly calling of python json module --- awx/main/credential_plugins/centrify_vault.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/awx/main/credential_plugins/centrify_vault.py b/awx/main/credential_plugins/centrify_vault.py index 19a5bd5ad8..76ded50016 100644 --- a/awx/main/credential_plugins/centrify_vault.py +++ b/awx/main/credential_plugins/centrify_vault.py @@ -3,7 +3,6 @@ from django.utils.translation import ugettext_lazy as _ from urllib.parse import urljoin import requests import base64 -import json pas_inputs = { 'fields': [{ 'id': 'url', @@ -65,14 +64,13 @@ def get_ID(**kwargs): endpoint = urljoin(kwargs['url'],'/Redrock/query') name=" Name='{0}' and User='{1}'".format(kwargs['system_name'],kwargs['acc_name']) query = 'Select ID from VaultAccount where {0}'.format(name) - post_data = json.dumps({'Script': query}) post_headers = { "Authorization": "Bearer " + kwargs['access_token'], "X-CENTRIFY-NATIVE-CLIENT":"true" } response = requests.post( endpoint, - data = post_data, + json = {'Script': query}, headers = post_headers, timeout = (5, 30) ) @@ -87,14 +85,13 @@ def get_ID(**kwargs): # CheckOut Password from Centrify Vault, Input : ID def get_passwd(**kwargs): endpoint = urljoin(kwargs['url'],'/ServerManage/CheckoutPassword') - post_data = json.dumps({'ID': kwargs['acc_id']}) post_headers = { "Authorization": "Bearer " + kwargs['access_token'], "X-CENTRIFY-NATIVE-CLIENT":"true" } response = requests.post( endpoint, - data = post_data, + json = {'ID': kwargs['acc_id']}, headers = post_headers, timeout = (5, 30) ) From 51005c034255ec6766ff5fe804d30e0c385dfdfc Mon Sep 17 00:00:00 2001 From: Asharma-bhavna Date: Mon, 1 Feb 2021 19:27:07 +0530 Subject: [PATCH 09/13] Bugs identified during flake8 testing --- awx/main/credential_plugins/centrify_vault.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/awx/main/credential_plugins/centrify_vault.py b/awx/main/credential_plugins/centrify_vault.py index 76ded50016..5e71b23d4d 100644 --- a/awx/main/credential_plugins/centrify_vault.py +++ b/awx/main/credential_plugins/centrify_vault.py @@ -2,7 +2,6 @@ from .plugin import CredentialPlugin, raise_for_status from django.utils.translation import ugettext_lazy as _ from urllib.parse import urljoin import requests -import base64 pas_inputs = { 'fields': [{ 'id': 'url', @@ -40,7 +39,6 @@ pas_inputs = { # generate bearer token to authenticate with PAS portal, Input : Client ID, Client Secret def handle_auth(**kwargs): - tokens = None post_data = { "grant_type": "client_credentials", "scope":"siem" From 764322b87b7e928389c2c239db7a5ba54a8b1f6b Mon Sep 17 00:00:00 2001 From: Ryan Petrello Date: Wed, 3 Mar 2021 09:03:04 -0500 Subject: [PATCH 10/13] more centrify fixes --- awx/main/credential_plugins/centrify_vault.py | 24 ++++++++++++++++--- .../0124_centrify_vault_credtype.py | 20 ++++++++++++++++ setup.py | 2 +- 3 files changed, 42 insertions(+), 4 deletions(-) create mode 100644 awx/main/migrations/0124_centrify_vault_credtype.py diff --git a/awx/main/credential_plugins/centrify_vault.py b/awx/main/credential_plugins/centrify_vault.py index 5e71b23d4d..02be552634 100644 --- a/awx/main/credential_plugins/centrify_vault.py +++ b/awx/main/credential_plugins/centrify_vault.py @@ -21,6 +21,18 @@ pas_inputs = { 'type':'string', 'help_text': _('Password of Centrify API User with necessary permissions'), 'secret':True, + },{ + 'id':'oauth_application_id', + 'label':_('OAuth2 Application ID'), + 'type':'string', + 'help_text': _('Application ID of the configured OAuth2 Client (defaults to \'awx\')'), + 'default': 'awx', + },{ + 'id':'oauth_scope', + 'label':_('OAuth2 Scope'), + 'type':'string', + 'help_text': _('Scope of the configured OAuth2 Client (defaults to \'awx\')'), + 'default': 'awx', }], 'metadata': [{ 'id': 'account-name', @@ -41,7 +53,7 @@ pas_inputs = { def handle_auth(**kwargs): post_data = { "grant_type": "client_credentials", - "scope":"siem" + "scope": kwargs['oauth_scope'] } response = requests.post( kwargs['endpoint'], @@ -106,8 +118,14 @@ def centrify_backend(**kwargs): system_name = kwargs.get('system-name') client_id = kwargs.get('client_id') client_password = kwargs.get('client_password') - endpoint = urljoin(url,'/oauth2/token/oauthsiem') - endpoint = {'endpoint':endpoint,'client_id':client_id,'client_password':client_password} + app_id = kwargs.get('oauth_application_id', 'awx') + endpoint = urljoin(url, f'/oauth2/token/{app_id}') + endpoint = { + 'endpoint': endpoint, + 'client_id': client_id, + 'client_password': client_password + 'oauth_scope': kwargs.get('oauth_scope', 'awx') + } token = handle_auth(**endpoint) get_id_args = {'system_name':system_name,'acc_name':acc_name,'url':url,'access_token':token} acc_id = get_ID(**get_id_args) diff --git a/awx/main/migrations/0124_centrify_vault_credtype.py b/awx/main/migrations/0124_centrify_vault_credtype.py new file mode 100644 index 0000000000..ff65ad9b75 --- /dev/null +++ b/awx/main/migrations/0124_centrify_vault_credtype.py @@ -0,0 +1,20 @@ +from django.db import migrations + +from awx.main.models import CredentialType +from awx.main.utils.common import set_current_apps + + +def setup_tower_managed_defaults(apps, schema_editor): + set_current_apps(apps) + CredentialType.setup_tower_managed_defaults() + + +class Migration(migrations.Migration): + + dependencies = [ + ('main', '0123_drop_hg_support'), + ] + + operations = [ + migrations.RunPython(setup_tower_managed_defaults), + ] diff --git a/setup.py b/setup.py index 5f23de9052..55fcff6785 100755 --- a/setup.py +++ b/setup.py @@ -131,7 +131,7 @@ setup( 'hashivault_ssh = awx.main.credential_plugins.hashivault:hashivault_ssh_plugin', 'azure_kv = awx.main.credential_plugins.azure_kv:azure_keyvault_plugin', 'aim = awx.main.credential_plugins.aim:aim_plugin', - 'centrify_vault_kv=awx.main.credential_plugins.centrify_vault:centrify_plugin' + 'centrify_vault_kv = awx.main.credential_plugins.centrify_vault:centrify_plugin' ] }, data_files = proc_data_files([ From 1b2d45709051f14d29b5c1f784c615daee153d61 Mon Sep 17 00:00:00 2001 From: Ryan Petrello Date: Wed, 10 Mar 2021 10:09:01 -0500 Subject: [PATCH 11/13] fix a bug in the Centrify Vault plugin --- awx/main/credential_plugins/centrify_vault.py | 4 ++-- ...rify_vault_credtype.py => 0130_centrify_vault_credtype.py} | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) rename awx/main/migrations/{0124_centrify_vault_credtype.py => 0130_centrify_vault_credtype.py} (87%) diff --git a/awx/main/credential_plugins/centrify_vault.py b/awx/main/credential_plugins/centrify_vault.py index 02be552634..e5b7949c13 100644 --- a/awx/main/credential_plugins/centrify_vault.py +++ b/awx/main/credential_plugins/centrify_vault.py @@ -89,7 +89,7 @@ def get_ID(**kwargs): result_str = response.json()["Result"]["Results"] return result_str[0]["Row"]["ID"] except (IndexError, KeyError): - raise RuntimeError("Error Detected!! Check the Inputs") + raise RuntimeError("Error Detected!! Check the Inputs") # CheckOut Password from Centrify Vault, Input : ID @@ -123,7 +123,7 @@ def centrify_backend(**kwargs): endpoint = { 'endpoint': endpoint, 'client_id': client_id, - 'client_password': client_password + 'client_password': client_password, 'oauth_scope': kwargs.get('oauth_scope', 'awx') } token = handle_auth(**endpoint) diff --git a/awx/main/migrations/0124_centrify_vault_credtype.py b/awx/main/migrations/0130_centrify_vault_credtype.py similarity index 87% rename from awx/main/migrations/0124_centrify_vault_credtype.py rename to awx/main/migrations/0130_centrify_vault_credtype.py index ff65ad9b75..5133efa310 100644 --- a/awx/main/migrations/0124_centrify_vault_credtype.py +++ b/awx/main/migrations/0130_centrify_vault_credtype.py @@ -12,7 +12,7 @@ def setup_tower_managed_defaults(apps, schema_editor): class Migration(migrations.Migration): dependencies = [ - ('main', '0123_drop_hg_support'), + ('main', '0129_unifiedjob_installed_collections'), ] operations = [ From 6f0f56f4f664f73eae83f5c8d38d45ab6e6dd297 Mon Sep 17 00:00:00 2001 From: Ryan Petrello Date: Wed, 10 Mar 2021 12:12:35 -0500 Subject: [PATCH 12/13] verify all Centrify HTTPS requests --- awx/main/credential_plugins/centrify_vault.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/awx/main/credential_plugins/centrify_vault.py b/awx/main/credential_plugins/centrify_vault.py index e5b7949c13..dc4db1fe22 100644 --- a/awx/main/credential_plugins/centrify_vault.py +++ b/awx/main/credential_plugins/centrify_vault.py @@ -81,7 +81,8 @@ def get_ID(**kwargs): response = requests.post( endpoint, json = {'Script': query}, - headers = post_headers, + headers = post_headers, + verify = True, timeout = (5, 30) ) raise_for_status(response) @@ -103,6 +104,7 @@ def get_passwd(**kwargs): endpoint, json = {'ID': kwargs['acc_id']}, headers = post_headers, + verify = True, timeout = (5, 30) ) raise_for_status(response) From dc8115681acd529dde355d6391d3ee75a65915cb Mon Sep 17 00:00:00 2001 From: Ryan Petrello Date: Wed, 17 Mar 2021 10:19:23 -0400 Subject: [PATCH 13/13] bump the migration version number for Centrify --- ...ntrify_vault_credtype.py => 0133_centrify_vault_credtype.py} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename awx/main/migrations/{0130_centrify_vault_credtype.py => 0133_centrify_vault_credtype.py} (87%) diff --git a/awx/main/migrations/0130_centrify_vault_credtype.py b/awx/main/migrations/0133_centrify_vault_credtype.py similarity index 87% rename from awx/main/migrations/0130_centrify_vault_credtype.py rename to awx/main/migrations/0133_centrify_vault_credtype.py index 5133efa310..eee9507691 100644 --- a/awx/main/migrations/0130_centrify_vault_credtype.py +++ b/awx/main/migrations/0133_centrify_vault_credtype.py @@ -12,7 +12,7 @@ def setup_tower_managed_defaults(apps, schema_editor): class Migration(migrations.Migration): dependencies = [ - ('main', '0129_unifiedjob_installed_collections'), + ('main', '0132_instancegroup_is_container_group'), ] operations = [