mirror of
https://github.com/ansible/awx.git
synced 2026-05-07 17:37:37 -02:30
add a data migration for Galaxy credentials
see: https://github.com/ansible/awx/issues/7813
This commit is contained in:
Ryan Petrello
@@ -1,9 +1,89 @@
|
|||||||
# Generated by Django 2.2.11 on 2020-08-04 15:19
|
# Generated by Django 2.2.11 on 2020-08-04 15:19
|
||||||
|
|
||||||
|
import logging
|
||||||
|
|
||||||
import awx.main.fields
|
import awx.main.fields
|
||||||
|
from awx.main.utils.encryption import encrypt_field, decrypt_field
|
||||||
|
|
||||||
from django.db import migrations, models
|
from django.db import migrations, models
|
||||||
|
from django.utils.timezone import now
|
||||||
import django.db.models.deletion
|
import django.db.models.deletion
|
||||||
|
|
||||||
|
from awx.main.models import CredentialType as ModernCredentialType
|
||||||
|
from awx.main.utils.common import set_current_apps
|
||||||
|
|
||||||
|
logger = logging.getLogger('awx.main.migrations')
|
||||||
|
|
||||||
|
|
||||||
|
def migrate_galaxy_settings(apps, schema_editor):
|
||||||
|
set_current_apps(apps)
|
||||||
|
ModernCredentialType.setup_tower_managed_defaults()
|
||||||
|
Organization = apps.get_model('main', 'Organization')
|
||||||
|
CredentialType = apps.get_model('main', 'CredentialType')
|
||||||
|
Credential = apps.get_model('main', 'Credential')
|
||||||
|
Setting = apps.get_model('conf', 'Setting')
|
||||||
|
|
||||||
|
galaxy_type = CredentialType.objects.get(kind='galaxy')
|
||||||
|
private_galaxy_url = Setting.objects.filter(key='PRIMARY_GALAXY_URL').first()
|
||||||
|
|
||||||
|
# by default, prior versions of AWX/Tower automatically pulled content
|
||||||
|
# from galaxy.ansible.com
|
||||||
|
public_galaxy_enabled = True
|
||||||
|
public_galaxy_setting = Setting.objects.filter(key='PUBLIC_GALAXY_ENABLED').first()
|
||||||
|
if public_galaxy_setting and public_galaxy_setting is False:
|
||||||
|
# ...UNLESS this behavior was explicitly disabled via this setting
|
||||||
|
public_galaxy_enabled = False
|
||||||
|
|
||||||
|
for org in Organization.objects.all():
|
||||||
|
if private_galaxy_url and private_galaxy_url.value:
|
||||||
|
# If a setting exists for a private Galaxy URL, make a credential for it
|
||||||
|
username = Setting.objects.filter(key='PRIMARY_GALAXY_USERNAME').first()
|
||||||
|
password = Setting.objects.filter(key='PRIMARY_GALAXY_PASSWORD').first()
|
||||||
|
if (username and username.value) or (password and password.value):
|
||||||
|
logger.error(
|
||||||
|
f'Specifying HTTP basic auth for the Ansible Galaxy API '
|
||||||
|
f'({private_galaxy_url.value}) is no longer supported. '
|
||||||
|
'Please provide an API token instead after your upgrade '
|
||||||
|
'has completed',
|
||||||
|
)
|
||||||
|
inputs = {
|
||||||
|
'url': private_galaxy_url.value
|
||||||
|
}
|
||||||
|
token = Setting.objects.filter(key='PRIMARY_GALAXY_TOKEN').first()
|
||||||
|
if token and token.value:
|
||||||
|
inputs['token'] = decrypt_field(token, 'value')
|
||||||
|
auth_url = Setting.objects.filter(key='PRIMARY_GALAXY_AUTH_URL').first()
|
||||||
|
if auth_url and auth_url.value:
|
||||||
|
inputs['auth_url'] = auth_url.value
|
||||||
|
cred = Credential(
|
||||||
|
created=now(),
|
||||||
|
modified=now(),
|
||||||
|
name=f'Private Galaxy ({private_galaxy_url.value})',
|
||||||
|
organization=org,
|
||||||
|
credential_type=galaxy_type,
|
||||||
|
inputs=inputs
|
||||||
|
)
|
||||||
|
cred.save()
|
||||||
|
if token and token.value:
|
||||||
|
# encrypt based on the primary key from the prior save
|
||||||
|
cred.inputs['token'] = encrypt_field(cred, 'token')
|
||||||
|
cred.save()
|
||||||
|
org.galaxy_credentials.add(cred)
|
||||||
|
if public_galaxy_enabled:
|
||||||
|
# If public Galaxy was enabled, make a credential for it
|
||||||
|
cred = Credential(
|
||||||
|
created=now(),
|
||||||
|
modified=now(),
|
||||||
|
name='Ansible Galaxy',
|
||||||
|
organization=org,
|
||||||
|
credential_type=galaxy_type,
|
||||||
|
inputs = {
|
||||||
|
'url': 'https://galaxy.ansible.com/'
|
||||||
|
}
|
||||||
|
)
|
||||||
|
cred.save()
|
||||||
|
org.galaxy_credentials.add(cred)
|
||||||
|
|
||||||
|
|
||||||
class Migration(migrations.Migration):
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
@@ -31,4 +111,5 @@ class Migration(migrations.Migration):
|
|||||||
name='galaxy_credentials',
|
name='galaxy_credentials',
|
||||||
field=awx.main.fields.OrderedManyToManyField(blank=True, related_name='organization_galaxy_credentials', through='main.OrganizationGalaxyCredentialMembership', to='main.Credential'),
|
field=awx.main.fields.OrderedManyToManyField(blank=True, related_name='organization_galaxy_credentials', through='main.OrganizationGalaxyCredentialMembership', to='main.Credential'),
|
||||||
),
|
),
|
||||||
|
migrations.RunPython(migrate_galaxy_settings)
|
||||||
]
|
]
|
||||||
|
|||||||
@@ -1177,13 +1177,13 @@ ManagedCredentialType(
|
|||||||
ManagedCredentialType(
|
ManagedCredentialType(
|
||||||
namespace='galaxy_api_token',
|
namespace='galaxy_api_token',
|
||||||
kind='galaxy',
|
kind='galaxy',
|
||||||
name=ugettext_noop('Ansible Galaxy Automation Hub API Token'),
|
name=ugettext_noop('Ansible Galaxy/Automation Hub API Token'),
|
||||||
inputs={
|
inputs={
|
||||||
'fields': [{
|
'fields': [{
|
||||||
'id': 'url',
|
'id': 'url',
|
||||||
'label': ugettext_noop('Galaxy Server URL'),
|
'label': ugettext_noop('Galaxy Server URL'),
|
||||||
'type': 'string',
|
'type': 'string',
|
||||||
'help_text': ugettext_noop('The URL of the galaxy instance to connect to.')
|
'help_text': ugettext_noop('The URL of the Galaxy instance to connect to.')
|
||||||
},{
|
},{
|
||||||
'id': 'auth_url',
|
'id': 'auth_url',
|
||||||
'label': ugettext_noop('Auth Server URL'),
|
'label': ugettext_noop('Auth Server URL'),
|
||||||
|
|||||||
Reference in New Issue
Block a user