diff --git a/awx/api/views/analytics.py b/awx/api/views/analytics.py index 097617e6f1..2a4c734084 100644 --- a/awx/api/views/analytics.py +++ b/awx/api/views/analytics.py @@ -10,7 +10,7 @@ from awx.api.generics import APIView, Response from awx.api.permissions import AnalyticsPermission from awx.api.versioning import reverse from awx.main.utils import get_awx_version -from awx.main.utils.analytics_proxy import OIDCClient, DEFAULT_OIDC_ENDPOINT +from awx.main.utils.analytics_proxy import OIDCClient, DEFAULT_OIDC_TOKEN_ENDPOINT from rest_framework import status from collections import OrderedDict @@ -205,7 +205,7 @@ class AnalyticsGenericView(APIView): try: rh_user = self._get_setting('REDHAT_USERNAME', None, ERROR_MISSING_USER) rh_password = self._get_setting('REDHAT_PASSWORD', None, ERROR_MISSING_PASSWORD) - client = OIDCClient(rh_user, rh_password, DEFAULT_OIDC_ENDPOINT, ['api.console']) + client = OIDCClient(rh_user, rh_password, DEFAULT_OIDC_TOKEN_ENDPOINT, ['api.console']) response = client.make_request( method, url, diff --git a/awx/main/analytics/core.py b/awx/main/analytics/core.py index 43ee36df33..30eec4e503 100644 --- a/awx/main/analytics/core.py +++ b/awx/main/analytics/core.py @@ -22,7 +22,7 @@ from ansible_base.lib.utils.db import advisory_lock from awx.main.models import Job from awx.main.access import access_registry from awx.main.utils import get_awx_http_client_headers, set_environ, datetime_hook -from awx.main.utils.analytics_proxy import OIDCClient, DEFAULT_OIDC_ENDPOINT +from awx.main.utils.analytics_proxy import OIDCClient, DEFAULT_OIDC_TOKEN_ENDPOINT __all__ = ['register', 'gather', 'ship'] @@ -379,7 +379,7 @@ def ship(path): with set_environ(**settings.AWX_TASK_ENV): if rh_user and rh_password: try: - client = OIDCClient(rh_user, rh_password, DEFAULT_OIDC_ENDPOINT, ['api.console']) + client = OIDCClient(rh_user, rh_password, DEFAULT_OIDC_TOKEN_ENDPOINT, ['api.console']) response = client.make_request("POST", url, headers=s.headers, files=files, verify=settings.INSIGHTS_CERT_PATH, timeout=(31, 31)) except requests.RequestException: logger.error("Automation Analytics API request failed, trying base auth method") diff --git a/awx/main/models/credential.py b/awx/main/models/credential.py index 7dfe8315c9..9026b73313 100644 --- a/awx/main/models/credential.py +++ b/awx/main/models/credential.py @@ -550,10 +550,10 @@ class CredentialType(CommonModelNameNotUnique): # TODO: User "side-loaded" credential custom_injectors isn't supported ManagedCredentialType.registry[ns] = SimpleNamespace(namespace=ns, name=plugin.name, kind='external', inputs=plugin.inputs, backend=plugin.backend) - def inject_credential(self, credential, env, safe_env, args, private_data_dir): + def inject_credential(self, credential, env, safe_env, args, private_data_dir, container_root=None): from awx_plugins.interfaces._temporary_private_inject_api import inject_credential - inject_credential(self, credential, env, safe_env, args, private_data_dir) + inject_credential(self, credential, env, safe_env, args, private_data_dir, container_root=container_root) class CredentialTypeHelper: diff --git a/awx/main/tasks/jobs.py b/awx/main/tasks/jobs.py index ad9ceb016b..b8d1338ac4 100644 --- a/awx/main/tasks/jobs.py +++ b/awx/main/tasks/jobs.py @@ -522,9 +522,13 @@ class BaseTask(object): credentials = self.build_credentials_list(self.instance) + container_root = None + if settings.IS_K8S and isinstance(self.instance, ProjectUpdate): + container_root = private_data_dir + for credential in credentials: if credential: - credential.credential_type.inject_credential(credential, env, self.safe_cred_env, args, private_data_dir) + credential.credential_type.inject_credential(credential, env, self.safe_cred_env, args, private_data_dir, container_root=container_root) self.runner_callback.safe_env.update(self.safe_cred_env) diff --git a/awx/main/utils/analytics_proxy.py b/awx/main/utils/analytics_proxy.py index cf75d31c02..6e3219b326 100644 --- a/awx/main/utils/analytics_proxy.py +++ b/awx/main/utils/analytics_proxy.py @@ -10,7 +10,7 @@ from typing import Optional, Any import requests -DEFAULT_OIDC_ENDPOINT = 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token' +DEFAULT_OIDC_TOKEN_ENDPOINT = 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token' class TokenError(requests.RequestException):