External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-10 15:32:07 -03:30
Code Issues Packages Projects Releases Wiki Activity

Add opa_query_path to Organization/Inventory/JobTemplate (#15863)

Browse Source
This commit is contained in:
Hao Liu 2025-03-18 09:06:14 -04:00 committed by GitHub
parent 8fb5862223
commit 628a0e6a36
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 73 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
awx/main/migrations/0197_add_opa_query_path.py Normal file
View File

@ -0,0 +1,46 @@
# Generated by Django 4.2.18 on 2025-03-17 16:10
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('main', '0196_indirect_managed_node_audit'),
]
operations = [
migrations.AddField(
model_name='inventory',
name='opa_query_path',
field=models.CharField(
blank=True,
default=None,
help_text='The query path for the OPA policy to evaluate prior to job execution. The query path should be formatted as package/rule.',
max_length=128,
null=True,
),
),
migrations.AddField(
model_name='jobtemplate',
name='opa_query_path',
field=models.CharField(
blank=True,
default=None,
help_text='The query path for the OPA policy to evaluate prior to job execution. The query path should be formatted as package/rule.',
max_length=128,
null=True,
),
),
migrations.AddField(
model_name='organization',
name='opa_query_path',
field=models.CharField(
blank=True,
default=None,
help_text='The query path for the OPA policy to evaluate prior to job execution. The query path should be formatted as package/rule.',
max_length=128,
null=True,
),
),
]

2
awx/main/migrations/0197_delete_profile.py → awx/main/migrations/0198_delete_profile.py
View File

@ -5,7 +5,7 @@ from django.db import migrations
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('main', '0196_indirect_managed_node_audit'), ('main', '0197_add_opa_query_path'),
] ]
operations = [ operations = [

2
awx/main/migrations/0198_remove_sso_app_content.py → awx/main/migrations/0199_remove_sso_app_content.py
View File

@ -5,7 +5,7 @@ from django.db import migrations
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('main', '0197_delete_profile'), ('main', '0198_delete_profile'),
] ]
operations = [ operations = [

2
awx/main/migrations/0199_alter_inventorysource_source_and_more.py → awx/main/migrations/0200_alter_inventorysource_source_and_more.py
View File

@ -6,7 +6,7 @@ from django.db import migrations, models
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('main', '0198_remove_sso_app_content'), ('main', '0199_remove_sso_app_content'),
] ]
operations = [ operations = [

2
awx/main/migrations/0200_alter_oauth2application_unique_together_and_more.py → awx/main/migrations/0201_alter_oauth2application_unique_together_and_more.py
View File

@ -6,7 +6,7 @@ from django.db import migrations
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('main', '0199_alter_inventorysource_source_and_more'), ('main', '0200_alter_inventorysource_source_and_more'),
] ]
operations = [ operations = [

2
awx/main/migrations/0201_delete_token_cleanup_job.py → awx/main/migrations/0202_delete_token_cleanup_job.py
View File

@ -8,7 +8,7 @@ from awx.main.migrations._create_system_jobs import delete_clear_tokens_sjt
class Migration(migrations.Migration): class Migration(migrations.Migration):
dependencies = [ dependencies = [
('main', '0200_alter_oauth2application_unique_together_and_more'), ('main', '0201_alter_oauth2application_unique_together_and_more'),
] ]
operations = [ operations = [

3
awx/main/models/inventory.py
View File

@ -43,6 +43,7 @@ from awx.main.models.mixins import (
TaskManagerInventoryUpdateMixin, TaskManagerInventoryUpdateMixin,
RelatedJobsMixin, RelatedJobsMixin,
CustomVirtualEnvMixin, CustomVirtualEnvMixin,
OpaQueryPathMixin,
) )
from awx.main.models.notifications import ( from awx.main.models.notifications import (
NotificationTemplate, NotificationTemplate,
@ -68,7 +69,7 @@ class InventoryConstructedInventoryMembership(models.Model):
) )
class Inventory(CommonModelNameNotUnique, ResourceMixin, RelatedJobsMixin): class Inventory(CommonModelNameNotUnique, ResourceMixin, RelatedJobsMixin, OpaQueryPathMixin):
""" """
an inventory source contains lists and hosts. an inventory source contains lists and hosts.
""" """

5
awx/main/models/jobs.py
View File

@ -51,6 +51,7 @@ from awx.main.models.mixins import (
RelatedJobsMixin, RelatedJobsMixin,
WebhookMixin, WebhookMixin,
WebhookTemplateMixin, WebhookTemplateMixin,
OpaQueryPathMixin,
) )
from awx.main.constants import JOB_VARIABLE_PREFIXES from awx.main.constants import JOB_VARIABLE_PREFIXES
@ -192,7 +193,9 @@ class JobOptions(BaseModel):
return needed return needed
class JobTemplate(UnifiedJobTemplate, JobOptions, SurveyJobTemplateMixin, ResourceMixin, CustomVirtualEnvMixin, RelatedJobsMixin, WebhookTemplateMixin): class JobTemplate(
UnifiedJobTemplate, JobOptions, SurveyJobTemplateMixin, ResourceMixin, CustomVirtualEnvMixin, RelatedJobsMixin, WebhookTemplateMixin, OpaQueryPathMixin
):
""" """
A job template is a reusable job definition for applying a project (with A job template is a reusable job definition for applying a project (with
playbook) to an inventory source with a given credential. playbook) to an inventory source with a given credential.

14
awx/main/models/mixins.py
View File

@ -42,6 +42,7 @@ __all__ = [
'TaskManagerInventoryUpdateMixin', 'TaskManagerInventoryUpdateMixin',
'ExecutionEnvironmentMixin', 'ExecutionEnvironmentMixin',
'CustomVirtualEnvMixin', 'CustomVirtualEnvMixin',
'OpaQueryPathMixin',
] ]
@ -692,3 +693,16 @@ class WebhookMixin(models.Model):
logger.debug("Webhook status update sent.") logger.debug("Webhook status update sent.")
else: else:
logger.error("Posting webhook status failed, code: {}\n" "{}\nPayload sent: {}".format(response.status_code, response.text, json.dumps(data))) logger.error("Posting webhook status failed, code: {}\n" "{}\nPayload sent: {}".format(response.status_code, response.text, json.dumps(data)))
class OpaQueryPathMixin(models.Model):
class Meta:
abstract = True
opa_query_path = models.CharField(
max_length=128,
blank=True,
null=True,
default=None,
help_text=_("The query path for the OPA policy to evaluate prior to job execution. The query path should be formatted as package/rule."),
)

4
awx/main/models/organization.py
View File

@ -22,12 +22,12 @@ from awx.main.models.rbac import (
ROLE_SINGLETON_SYSTEM_AUDITOR, ROLE_SINGLETON_SYSTEM_AUDITOR,
) )
from awx.main.models.unified_jobs import UnifiedJob from awx.main.models.unified_jobs import UnifiedJob
from awx.main.models.mixins import ResourceMixin, CustomVirtualEnvMixin, RelatedJobsMixin from awx.main.models.mixins import ResourceMixin, CustomVirtualEnvMixin, RelatedJobsMixin, OpaQueryPathMixin
__all__ = ['Organization', 'Team', 'UserSessionMembership'] __all__ = ['Organization', 'Team', 'UserSessionMembership']
class Organization(CommonModel, NotificationFieldsModel, ResourceMixin, CustomVirtualEnvMixin, RelatedJobsMixin): class Organization(CommonModel, NotificationFieldsModel, ResourceMixin, CustomVirtualEnvMixin, RelatedJobsMixin, OpaQueryPathMixin):
""" """
An organization is the basic unit of multi-tenancy divisions An organization is the basic unit of multi-tenancy divisions
""" """