mirror of
https://github.com/ansible/awx.git
synced 2026-01-11 01:57:35 -03:30
Add the ability to specify K8S/OCP credentials on a Job Template
see: https://github.com/ansible/awx/issues/5735
This commit is contained in:
Ryan Petrello
parent
cd6df9299f
commit
0b221a42c0
@ -4100,7 +4100,8 @@ class JobLaunchSerializer(BaseSerializer):
|
||||
errors.setdefault('credentials', []).append(_(
|
||||
'Cannot assign multiple {} credentials.'
|
||||
).format(cred.unique_hash(display=True)))
|
||||
if cred.credential_type.kind not in ('ssh', 'vault', 'cloud', 'net'):
|
||||
if cred.credential_type.kind not in ('ssh', 'vault', 'cloud',
|
||||
'net', 'kubernetes'):
|
||||
errors.setdefault('credentials', []).append(_(
|
||||
'Cannot assign a Credential of kind `{}`'
|
||||
).format(cred.credential_type.kind))
|
||||
|
||||
@ -2657,7 +2657,7 @@ class JobTemplateCredentialsList(SubListCreateAttachDetachAPIView):
|
||||
return {"error": _("Cannot assign multiple {credential_type} credentials.").format(
|
||||
credential_type=sub.unique_hash(display=True))}
|
||||
kind = sub.credential_type.kind
|
||||
if kind not in ('ssh', 'vault', 'cloud', 'net'):
|
||||
if kind not in ('ssh', 'vault', 'cloud', 'net', 'kubernetes'):
|
||||
return {'error': _('Cannot assign a Credential of kind `{}`.').format(kind)}
|
||||
|
||||
return super(JobTemplateCredentialsList, self).is_valid_relation(parent, sub, created)
|
||||
|
||||
@ -1169,7 +1169,18 @@ ManagedCredentialType(
|
||||
'multiline': True,
|
||||
}],
|
||||
'required': ['host', 'bearer_token'],
|
||||
}
|
||||
},
|
||||
injectors={
|
||||
'file': {
|
||||
'template': '{{ ssl_ca_cert }}'
|
||||
},
|
||||
'env': {
|
||||
'K8S_AUTH_HOST': '{{ host }}',
|
||||
'K8S_AUTH_API_KEY': '{{ bearer_token }}',
|
||||
'K8S_AUTH_VERIFY_SSL': '{{ verify_ssl }}',
|
||||
'K8S_AUTH_SSL_CA_CERT': '{{ tower.filename }}',
|
||||
},
|
||||
},
|
||||
)
|
||||
|
||||
|
||||
|
||||
@ -67,6 +67,10 @@
|
||||
&--external:before {
|
||||
content: '\f14c'
|
||||
}
|
||||
|
||||
&--kubernetes_bearer_token:before {
|
||||
content: '\f0c2';
|
||||
}
|
||||
}
|
||||
|
||||
.TagComponent-button {
|
||||
|
||||
@ -111,7 +111,7 @@ function multiCredentialModalController(GetBasePath, qs, MultiCredentialService)
|
||||
|
||||
scope.credentialTypes.forEach((credentialType => {
|
||||
if(credentialType.kind
|
||||
.match(/^(machine|cloud|net|ssh|vault)$/)) {
|
||||
.match(/^(machine|cloud|net|ssh|vault|kubernetes)$/)) {
|
||||
scope.displayedCredentialTypes.push(credentialType);
|
||||
}
|
||||
}));
|
||||
|
||||
@ -32,8 +32,8 @@ django-oauth-toolkit==1.1.3 # via -r /awx_devel/requirements/requirements.in
|
||||
django-pglocks==1.0.4 # via -r /awx_devel/requirements/requirements.in
|
||||
django-polymorphic==2.1.2 # via -r /awx_devel/requirements/requirements.in
|
||||
django-qsstats-magic==1.1.0 # via -r /awx_devel/requirements/requirements.in
|
||||
django-redis==4.5.0
|
||||
django-radius==1.3.3 # via -r /awx_devel/requirements/requirements.in
|
||||
django-redis==4.5.0 # via -r /awx_devel/requirements/requirements.in
|
||||
django-solo==1.1.3 # via -r /awx_devel/requirements/requirements.in
|
||||
django-split-settings==1.0.0 # via -r /awx_devel/requirements/requirements.in
|
||||
django-taggit==1.2.0 # via -r /awx_devel/requirements/requirements.in
|
||||
@ -100,7 +100,7 @@ python3-openid==3.1.0 # via social-auth-core
|
||||
python3-saml==1.9.0 # via -r /awx_devel/requirements/requirements.in
|
||||
pytz==2019.3 # via django, irc, tempora, twilio
|
||||
pyyaml==5.3.1 # via -r /awx_devel/requirements/requirements.in, ansible-runner, djangorestframework-yaml, kubernetes
|
||||
redis==3.4.1 # via -r /awx_devel/requirements/requirements.in
|
||||
redis==3.4.1 # via -r /awx_devel/requirements/requirements.in, django-redis
|
||||
requests-oauthlib==1.3.0 # via kubernetes, msrest, social-auth-core
|
||||
requests==2.23.0 # via -r /awx_devel/requirements/requirements.in, adal, azure-keyvault, django-oauth-toolkit, kubernetes, msrest, requests-oauthlib, slackclient, social-auth-core, twilio
|
||||
rsa==4.0 # via google-auth
|
||||
|
||||
@ -62,5 +62,7 @@ requests
|
||||
requests-credssp==1.0.2 # For windows authentication awx/issues/1144
|
||||
# OpenStack
|
||||
openstacksdk==0.37.0
|
||||
# Openshift/k8s
|
||||
openshift>=0.11.0 # minimum version to pull in new pyyaml for CVE-2017-18342
|
||||
pip==19.3.1 # see upgrade blockers
|
||||
setuptools==41.6.0 # see upgrade blockers
|
||||
setuptools==41.6.0 # see upgrade blockers
|
||||
|
||||
@ -26,7 +26,7 @@ azure-mgmt-loganalytics==0.2.0 # via -r /awx_devel/requirements/requirements_an
|
||||
azure-mgmt-marketplaceordering==0.1.0 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
azure-mgmt-monitor==0.5.2 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
azure-mgmt-network==2.3.0 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
azure-mgmt-nspkg==2.0.0 # via -r /awx_devel/requirements/requirements_ansible.in, azure-mgmt-authorization, azure-mgmt-automation, azure-mgmt-batch, azure-mgmt-cdn, azure-mgmt-compute, azure-mgmt-containerinstance, azure-mgmt-containerregistry, azure-mgmt-containerservice, azure-mgmt-cosmosdb, azure-mgmt-devtestlabs, azure-mgmt-dns, azure-mgmt-hdinsight, azure-mgmt-iothub, azure-mgmt-keyvault, azure-mgmt-loganalytics, azure-mgmt-marketplaceordering, azure-mgmt-monitor, azure-mgmt-network, azure-mgmt-rdbms, azure-mgmt-redis, azure-mgmt-resource, azure-mgmt-servicebus, azure-mgmt-sql, azure-mgmt-storage, azure-mgmt-trafficmanager, azure-mgmt-web
|
||||
azure-mgmt-nspkg==2.0.0; python_version < "3" # via -r /awx_devel/requirements/requirements_ansible.in, azure-mgmt-authorization, azure-mgmt-automation, azure-mgmt-batch, azure-mgmt-cdn, azure-mgmt-compute, azure-mgmt-containerinstance, azure-mgmt-containerregistry, azure-mgmt-containerservice, azure-mgmt-cosmosdb, azure-mgmt-devtestlabs, azure-mgmt-dns, azure-mgmt-hdinsight, azure-mgmt-iothub, azure-mgmt-keyvault, azure-mgmt-loganalytics, azure-mgmt-marketplaceordering, azure-mgmt-monitor, azure-mgmt-network, azure-mgmt-rdbms, azure-mgmt-redis, azure-mgmt-resource, azure-mgmt-servicebus, azure-mgmt-sql, azure-mgmt-storage, azure-mgmt-trafficmanager, azure-mgmt-web
|
||||
azure-mgmt-rdbms==1.4.1 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
azure-mgmt-redis==5.0.0 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
azure-mgmt-resource==2.1.0 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
@ -43,7 +43,7 @@ boto3==1.9.223 # via -r /awx_devel/requirements/requirements_ansible.
|
||||
boto==2.47.0 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
botocore==1.12.253 # via boto3, s3transfer
|
||||
cachetools==3.1.1 # via google-auth
|
||||
certifi==2019.11.28 # via msrest, requests
|
||||
certifi==2019.11.28 # via kubernetes, msrest, requests
|
||||
cffi==1.13.2 # via bcrypt, cryptography, pynacl
|
||||
chardet==3.0.4 # via requests
|
||||
colorama==0.4.3 # via azure-cli-core, knack
|
||||
@ -53,18 +53,19 @@ docutils==0.15.2 # via botocore
|
||||
dogpile.cache==0.9.0 # via openstacksdk
|
||||
enum34==1.1.6; python_version < "3" # via cryptography, knack, msrest, ovirt-engine-sdk-python
|
||||
futures==3.3.0; python_version < "3" # via openstacksdk, s3transfer
|
||||
google-auth==1.6.2 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
google-auth==1.6.2 # via -r /awx_devel/requirements/requirements_ansible.in, kubernetes
|
||||
humanfriendly==4.18 # via azure-cli-core
|
||||
idna==2.8 # via requests
|
||||
ipaddress==1.0.23; python_version < "3" # via cryptography, openstacksdk
|
||||
ipaddress==1.0.23; python_version < "3" # via cryptography, kubernetes, openstacksdk
|
||||
iso8601==0.1.12 # via keystoneauth1, openstacksdk
|
||||
isodate==0.6.0 # via msrest
|
||||
jinja2==2.10.1 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
jinja2==2.10.1 # via -r /awx_devel/requirements/requirements_ansible.in, openshift
|
||||
jmespath==0.9.4 # via azure-cli-core, boto3, botocore, knack, openstacksdk
|
||||
jsonpatch==1.24 # via openstacksdk
|
||||
jsonpointer==2.0 # via jsonpatch
|
||||
keystoneauth1==3.18.0 # via openstacksdk
|
||||
knack==0.3.3 # via azure-cli-core
|
||||
kubernetes==11.0.0 # via openshift
|
||||
lxml==4.4.2 # via ncclient
|
||||
markupsafe==1.1.1 # via jinja2
|
||||
monotonic==1.5; python_version < "3" # via humanfriendly
|
||||
@ -76,6 +77,7 @@ netaddr==0.7.19 # via -r /awx_devel/requirements/requirements_ansible.
|
||||
netifaces==0.10.9 # via openstacksdk
|
||||
ntlm-auth==1.4.0 # via requests-credssp, requests-ntlm
|
||||
oauthlib==3.1.0 # via requests-oauthlib
|
||||
openshift==0.11.2 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
openstacksdk==0.37.0 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
os-service-types==1.7.0 # via keystoneauth1, openstacksdk
|
||||
ovirt-engine-sdk-python==4.3.0 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
@ -93,27 +95,32 @@ pykerberos==1.2.1 # via requests-kerberos
|
||||
pynacl==1.3.0 # via paramiko
|
||||
pyopenssl==19.1.0 # via azure-cli-core, requests-credssp
|
||||
pyparsing==2.4.5 # via packaging
|
||||
python-dateutil==2.8.1 # via adal, azure-storage, botocore
|
||||
python-dateutil==2.8.1 # via adal, azure-storage, botocore, kubernetes
|
||||
python-string-utils==0.6.0; python_version < "3" # via openshift
|
||||
pyvmomi==6.7.3 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
pywinrm[kerberos]==0.3.0 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
pyyaml==5.2 # via azure-cli-core, knack, openstacksdk
|
||||
pyyaml==5.2 # via azure-cli-core, knack, kubernetes, openstacksdk
|
||||
requests-credssp==1.0.2 # via -r /awx_devel/requirements/requirements_ansible.in
|
||||
requests-kerberos==0.12.0 # via pywinrm
|
||||
requests-ntlm==1.1.0 # via pywinrm
|
||||
requests-oauthlib==1.3.0 # via msrest
|
||||
requests==2.22.0 # via -r /awx_devel/requirements/requirements_ansible.in, adal, apache-libcloud, azure-cli-core, azure-keyvault, azure-storage, keystoneauth1, msrest, pyvmomi, pywinrm, requests-credssp, requests-kerberos, requests-ntlm, requests-oauthlib
|
||||
requests-oauthlib==1.3.0 # via kubernetes, msrest
|
||||
requests==2.22.0 # via -r /awx_devel/requirements/requirements_ansible.in, adal, apache-libcloud, azure-cli-core, azure-keyvault, azure-storage, keystoneauth1, kubernetes, msrest, pyvmomi, pywinrm, requests-credssp, requests-kerberos, requests-ntlm, requests-oauthlib
|
||||
requestsexceptions==1.4.0 # via openstacksdk
|
||||
rsa==4.0 # via google-auth
|
||||
ruamel.ordereddict==0.4.14; python_version < "3" # via ruamel.yaml
|
||||
ruamel.yaml.clib==0.2.0 # via ruamel.yaml
|
||||
ruamel.yaml==0.16.10 # via openshift
|
||||
s3transfer==0.2.1 # via boto3
|
||||
selectors2==2.0.1 # via ncclient
|
||||
six==1.13.0 # via azure-cli-core, bcrypt, cryptography, google-auth, isodate, keystoneauth1, knack, munch, ncclient, openstacksdk, ovirt-engine-sdk-python, packaging, pynacl, pyopenssl, python-dateutil, pyvmomi, pywinrm, requests-credssp, stevedore
|
||||
six==1.13.0 # via azure-cli-core, bcrypt, cryptography, google-auth, isodate, keystoneauth1, knack, kubernetes, munch, ncclient, openshift, openstacksdk, ovirt-engine-sdk-python, packaging, pynacl, pyopenssl, python-dateutil, pyvmomi, pywinrm, requests-credssp, stevedore, websocket-client
|
||||
stevedore==1.31.0 # via keystoneauth1
|
||||
tabulate==0.8.2 # via azure-cli-core, knack
|
||||
typing==3.7.4.1; python_version < "3" # via msrest
|
||||
urllib3==1.25.7 # via botocore, requests
|
||||
urllib3==1.25.7 # via botocore, kubernetes, requests
|
||||
websocket-client==0.57.0 # via kubernetes
|
||||
wheel==0.33.6 # via azure-cli-core (overriden, see upgrade blockers)
|
||||
xmltodict==0.12.0 # via pywinrm
|
||||
|
||||
# The following packages are considered to be unsafe in a requirements file:
|
||||
pip==19.3.1 # via -r /awx_devel/requirements/requirements_ansible.in, azure-cli-core
|
||||
setuptools==41.6.0 # via -r /awx_devel/requirements/requirements_ansible.in, ncclient
|
||||
setuptools==41.6.0 # via -r /awx_devel/requirements/requirements_ansible.in, kubernetes, ncclient
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user