fix: invalid f-string and oidc url for insights plugin

2026-02-24 06:26:00 -03:30 · 2025-01-20 17:34:04 +01:00
parent 492c7a1af6
commit 46403e4312
2 changed files with 10 additions and 5 deletions
--- a/awx/playbooks/action_plugins/insights.py
+++ b/awx/playbooks/action_plugins/insights.py
@@ -6,10 +6,11 @@ import os
 import re

 import requests
-from urllib.parse import urljoin

 from ansible.plugins.action import ActionBase

+DEFAULT_OIDC_ENDPOINT = 'https://sso.redhat.com/auth/realms/redhat-external'
+

 class ActionModule(ActionBase):
    def save_playbook(self, proj_path, remediation, content):
@@ -36,7 +37,9 @@ class ActionModule(ActionBase):
            f.write(etag)

    def _obtain_auth_token(self, oidc_endpoint, client_id, client_secret):
-        main_url = urljoin(oidc_endpoint, '/.well-known/openid-configuration')
+        if oidc_endpoint.endswith('/'):
+            oidc_endpoint = oidc_endpoint.rstrip('/')
+        main_url = oidc_endpoint + '/.well-known/openid-configuration'
        response = requests.get(url=main_url, headers={'Accept': 'application/json'})
        data = {}
        if response.status_code != 200:
@@ -80,7 +83,7 @@ class ActionModule(ActionBase):
        password = self._task.args.get('password', None)
        client_id = self._task.args.get('client_id', None)
        client_secret = self._task.args.get('client_secret', None)
-        oidc_endpoint = self._task.args.get('oidc_endpoint', None)
+        oidc_endpoint = self._task.args.get('oidc_endpoint', DEFAULT_OIDC_ENDPOINT)

        session.headers.update(
            {
@@ -95,7 +98,7 @@ class ActionModule(ActionBase):
                result['failed'] = data['failed']
                result['msg'] = data['msg']
                return result
-            session.headers.update({'Authorization': f'{result['token_type']} {result['token']}'})
+            session.headers.update({'Authorization': f'{data["token_type"]} {data["token"]}'})
        elif authentication == 'basic' or (username and password):
            session.auth = requests.auth.HTTPBasicAuth(username, password)

--- a/awx/playbooks/project_update.yml
+++ b/awx/playbooks/project_update.yml
@@ -21,7 +21,9 @@
 # gpg_pubkey: the GPG public key to use for validation, when enabled
 # client_id: Red Hat service account client ID; required for the 'service_account' authentication method used against the Insights API
 # client_secret: Red Hat service account client secret; required for the 'service_account' authentication method used against the Insights API
-# oidc_endpoint: OpenID Connect URL for 'service_account' authentication method.
+# authentication: The authentication method to use against the Insights API
+# client_id and client_secret are required for the 'service_account' authentication method
+# scm_username and scm_password are required for the 'basic' authentication method

 - hosts: localhost
  gather_facts: false