From a733a59b8d502bfff6c67d1433c1a980a74a6d4d Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Thu, 10 Oct 2019 14:29:08 -0400
Subject: [PATCH 01/57] prevent the creation of Host names that contain Jinja

---
 awx/main/management/commands/inventory_import.py | 5 +++++
 awx/main/models/inventory.py                     | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/awx/main/management/commands/inventory_import.py b/awx/main/management/commands/inventory_import.py
index 7a23c1a63f..7bd60e3402 100644
--- a/awx/main/management/commands/inventory_import.py
+++ b/awx/main/management/commands/inventory_import.py
@@ -28,6 +28,7 @@ from awx.main.models.inventory import (
     Host
 )
 from awx.main.utils.mem_inventory import MemInventory, dict_to_mem_data
+from awx.main.utils.safe_yaml import sanitize_jinja
 
 # other AWX imports
 from awx.main.models.rbac import batch_role_ancestor_rebuilding
@@ -795,6 +796,10 @@ class Command(BaseCommand):
             if self.instance_id_var:
                 instance_id = self._get_instance_id(mem_host.variables)
                 host_attrs['instance_id'] = instance_id
+            try:
+                sanitize_jinja(mem_host_name)
+            except ValueError as e:
+                raise ValueError(str(e) + ': {}'.format(mem_host_name))
             db_host = self.inventory.hosts.update_or_create(name=mem_host_name, defaults=host_attrs)[0]
             if enabled is False:
                 logger.debug('Host "%s" added (disabled)', mem_host_name)
diff --git a/awx/main/models/inventory.py b/awx/main/models/inventory.py
index 7618b36eb3..baf4624726 100644
--- a/awx/main/models/inventory.py
+++ b/awx/main/models/inventory.py
@@ -61,6 +61,7 @@ from awx.main.models.notifications import (
 )
 from awx.main.models.credential.injectors import _openstack_data
 from awx.main.utils import _inventory_updates, region_sorting, get_licenser
+from awx.main.utils.safe_yaml import sanitize_jinja
 
 
 __all__ = ['Inventory', 'Host', 'Group', 'InventorySource', 'InventoryUpdate',
@@ -754,6 +755,13 @@ class Host(CommonModelNameNotUnique, RelatedJobsMixin):
                 update_host_smart_inventory_memberships.delay()
             connection.on_commit(on_commit)
 
+    def clean_name(self):
+        try:
+            sanitize_jinja(self.name)
+        except ValueError as e:
+            raise ValidationError(str(e) + ": {}".format(self.name))
+        return self.name
+
     def save(self, *args, **kwargs):
         self._update_host_smart_inventory_memeberships()
         super(Host, self).save(*args, **kwargs)

From c013d656c8967c4b8444bdb5df0b3114f62c74df Mon Sep 17 00:00:00 2001
From: Graham Mainwaring <gmainwaring@ansible.com>
Date: Mon, 21 Oct 2019 16:10:25 -0400
Subject: [PATCH 02/57] Add UI toggle to disable public Galaxy (#3867)

---
 awx/main/conf.py                              | 10 +++++++++
 awx/main/redact.py                            |  8 ++++---
 awx/main/tasks.py                             | 12 +++++++---
 awx/settings/defaults.py                      | 22 ++++++++++---------
 .../jobs-form/configuration-jobs.form.js      |  3 +++
 5 files changed, 39 insertions(+), 16 deletions(-)

diff --git a/awx/main/conf.py b/awx/main/conf.py
index cce5e0a5de..f63fee564f 100644
--- a/awx/main/conf.py
+++ b/awx/main/conf.py
@@ -513,6 +513,16 @@ register(
     category_slug='jobs'
 )
 
+register(
+    'PUBLIC_GALAXY_ENABLED',
+    field_class=fields.BooleanField,
+    default=True,
+    label=_('Allow Access to Public Galaxy'),
+    help_text=_('Allow or deny access to the public Ansible Galaxy during project updates.'),
+    category=_('Jobs'),
+    category_slug='jobs'
+)
+
 register(
     'STDOUT_MAX_BYTES_DISPLAY',
     field_class=fields.IntegerField,
diff --git a/awx/main/redact.py b/awx/main/redact.py
index ae60684377..77fc062135 100644
--- a/awx/main/redact.py
+++ b/awx/main/redact.py
@@ -12,10 +12,12 @@ class UriCleaner(object):
 
     @staticmethod
     def remove_sensitive(cleartext):
+        # exclude_list contains the items that will _not_ be redacted
+        exclude_list = [settings.PUBLIC_GALAXY_SERVER['url']]
         if settings.PRIMARY_GALAXY_URL:
-            exclude_list = [settings.PRIMARY_GALAXY_URL] + [server['url'] for server in settings.FALLBACK_GALAXY_SERVERS]
-        else:
-            exclude_list = [server['url'] for server in settings.FALLBACK_GALAXY_SERVERS]
+            exclude_list += [settings.PRIMARY_GALAXY_URL]
+        if settings.FALLBACK_GALAXY_SERVERS:
+            exclude_list += [server['url'] for server in settings.FALLBACK_GALAXY_SERVERS]
         redactedtext = cleartext
         text_index = 0
         while True:
diff --git a/awx/main/tasks.py b/awx/main/tasks.py
index ff53cd00ac..a91a4cf4b2 100644
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@@ -1959,9 +1959,15 @@ class RunProjectUpdate(BaseTask):
         env['PROJECT_UPDATE_ID'] = str(project_update.pk)
         env['ANSIBLE_CALLBACK_PLUGINS'] = self.get_path_to('..', 'plugins', 'callback')
         env['ANSIBLE_GALAXY_IGNORE'] = True
-        # Set up the fallback server, which is the normal Ansible Galaxy by default
-        galaxy_servers = list(settings.FALLBACK_GALAXY_SERVERS)
-        # If private galaxy URL is non-blank, that means this feature is enabled
+        # Set up the public Galaxy server, if enabled
+        if settings.PUBLIC_GALAXY_ENABLED:
+            galaxy_servers = [settings.PUBLIC_GALAXY_SERVER]
+        else:
+            galaxy_servers = []
+        # Set up fallback Galaxy servers, if configured
+        if settings.FALLBACK_GALAXY_SERVERS:
+            galaxy_servers = settings.FALLBACK_GALAXY_SERVERS + galaxy_servers
+        # Set up the primary Galaxy server, if configured
         if settings.PRIMARY_GALAXY_URL:
             galaxy_servers = [{'id': 'primary_galaxy'}] + galaxy_servers
             for key in GALAXY_SERVER_FIELDS:
diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index 658d41d6b3..ab8a5492e8 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -635,16 +635,18 @@ PRIMARY_GALAXY_USERNAME = ''
 PRIMARY_GALAXY_TOKEN = ''
 PRIMARY_GALAXY_PASSWORD = ''
 PRIMARY_GALAXY_AUTH_URL = ''
-# Settings for the fallback galaxy server(s), normally this is the
-# actual Ansible Galaxy site.
-# server options: 'id', 'url', 'username', 'password', 'token', 'auth_url'
-# To not use any fallback servers set this to []
-FALLBACK_GALAXY_SERVERS = [
-    {
-        'id': 'galaxy',
-        'url': 'https://galaxy.ansible.com'
-    }
-]
+
+# Settings for the public galaxy server(s).
+PUBLIC_GALAXY_ENABLED = True
+PUBLIC_GALAXY_SERVER = {
+    'id': 'galaxy',
+    'url': 'https://galaxy.ansible.com'
+}
+
+# List of dicts of fallback (additional) Galaxy servers.  If configured, these
+# will be higher precedence than public Galaxy, but lower than primary Galaxy.
+# Available options: 'id', 'url', 'username', 'password', 'token', 'auth_url'
+FALLBACK_GALAXY_SERVERS = []
 
 # Enable bubblewrap support for running jobs (playbook runs only).
 # Note: This setting may be overridden by database settings.
diff --git a/awx/ui/client/src/configuration/forms/jobs-form/configuration-jobs.form.js b/awx/ui/client/src/configuration/forms/jobs-form/configuration-jobs.form.js
index 445b0864a2..ab3aa7404c 100644
--- a/awx/ui/client/src/configuration/forms/jobs-form/configuration-jobs.form.js
+++ b/awx/ui/client/src/configuration/forms/jobs-form/configuration-jobs.form.js
@@ -89,6 +89,9 @@ export default ['i18n', function(i18n) {
                 type: 'text',
                 reset: 'PRIMARY_GALAXY_AUTH_URL',
             },
+            PUBLIC_GALAXY_ENABLED: {
+                type: 'toggleSwitch',
+            },
             AWX_TASK_ENV: {
                 type: 'textarea',
                 reset: 'AWX_TASK_ENV',

From 9c9bf0ed8479e79ea40ea40d76eb654be11c722b Mon Sep 17 00:00:00 2001
From: Marliana Lara <mlara@redhat.com>
Date: Mon, 21 Oct 2019 16:13:52 -0400
Subject: [PATCH 03/57] Handle undefined schedule value in job detail component

---
 awx/ui/client/features/output/details.component.js | 4 +++-
 awx/ui/client/features/output/details.partial.html | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/awx/ui/client/features/output/details.component.js b/awx/ui/client/features/output/details.component.js
index 532b04055a..de76ee669e 100644
--- a/awx/ui/client/features/output/details.component.js
+++ b/awx/ui/client/features/output/details.component.js
@@ -282,10 +282,12 @@ function getLaunchedByDetails () {
         tooltip = strings.get('tooltips.SCHEDULE');
         link = `/#/templates/job_template/${jobTemplate.id}/schedules/${schedule.id}`;
         value = $filter('sanitize')(schedule.name);
-    } else {
+    } else if (schedule) {
         tooltip = null;
         link = null;
         value = $filter('sanitize')(schedule.name);
+    } else {
+        return null;
     }
 
     return { label, link, tooltip, value };
diff --git a/awx/ui/client/features/output/details.partial.html b/awx/ui/client/features/output/details.partial.html
index 14bf856269..7264059b49 100644
--- a/awx/ui/client/features/output/details.partial.html
+++ b/awx/ui/client/features/output/details.partial.html
@@ -5,7 +5,7 @@
     <!-- LEFT PANE HEADER ACTIONS -->
     <div class="JobResults-panelHeaderButtonActions">
         <!-- RELAUNCH ACTION -->
-        <at-relaunch job="vm.job"></at-relaunch>
+        <at-relaunch ng-if="vm.job" job="vm.job"></at-relaunch>
 
         <!-- CANCEL ACTION -->
         <button

From 812d00f490d9e116499b07cb80cbcbb5da508290 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Mon, 21 Oct 2019 11:18:44 -0400
Subject: [PATCH 04/57] reap k8s-based jobs when the dispatcher restarts

---
 awx/main/scheduler/task_manager.py | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/awx/main/scheduler/task_manager.py b/awx/main/scheduler/task_manager.py
index 4c8ca36960..e7ffb21487 100644
--- a/awx/main/scheduler/task_manager.py
+++ b/awx/main/scheduler/task_manager.py
@@ -252,19 +252,25 @@ class TaskManager():
                 logger.debug('Submitting isolated {} to queue {} controlled by {}.'.format(
                              task.log_format, task.execution_node, controller_node))
             elif rampart_group.is_containerized:
+                # find one real, non-containerized instance with capacity to
+                # act as the controller for k8s API interaction
+                match = None
+                for group in InstanceGroup.objects.all():
+                    if group.is_containerized or group.controller_id:
+                        continue
+                    match = group.find_largest_idle_instance()
+                    if match:
+                        break
                 task.instance_group = rampart_group
-                if not task.supports_isolation():
+                if task.supports_isolation():
+                    task.controller_node = match.hostname
+                else:
                     # project updates and inventory updates don't *actually* run in pods,
                     # so just pick *any* non-isolated, non-containerized host and use it
-                    for group in InstanceGroup.objects.all():
-                        if group.is_containerized or group.controller_id:
-                            continue
-                        match = group.find_largest_idle_instance()
-                        if match:
-                            task.execution_node = match.hostname
-                            logger.debug('Submitting containerized {} to queue {}.'.format(
-                                         task.log_format, task.execution_node))
-                            break
+                    # as the execution node
+                    task.execution_node = match.hostname
+                    logger.debug('Submitting containerized {} to queue {}.'.format(
+                                 task.log_format, task.execution_node))
             else:
                 task.instance_group = rampart_group
                 if instance is not None:

From facec0fe767265f08466a15f44ff35579964c17d Mon Sep 17 00:00:00 2001
From: Martin Juhl <m@rtinjuhl.dk>
Date: Tue, 22 Oct 2019 01:02:31 +0200
Subject: [PATCH 05/57] Update handlers.py

The setFormatter tries to create the external.log file.. So we should check if LOG_AGGREGATOR_AUDIT is active here as well
---
 awx/main/utils/handlers.py | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/awx/main/utils/handlers.py b/awx/main/utils/handlers.py
index 249c16a119..82d3a285bb 100644
--- a/awx/main/utils/handlers.py
+++ b/awx/main/utils/handlers.py
@@ -294,18 +294,19 @@ class AWXProxyHandler(logging.Handler):
         super(AWXProxyHandler, self).__init__(**kwargs)
         self._handler = None
         self._old_kwargs = {}
-        self._auditor = logging.handlers.RotatingFileHandler(
-            filename='/var/log/tower/external.log',
-            maxBytes=1024 * 1024 * 50, # 50 MB
-            backupCount=5,
-        )
+        if settings.LOG_AGGREGATOR_AUDIT:
+            self._auditor = logging.handlers.RotatingFileHandler(
+                filename='/var/log/tower/external.log',
+                maxBytes=1024 * 1024 * 50, # 50 MB
+                backupCount=5,
+            )
 
-        class WritableLogstashFormatter(LogstashFormatter):
-            @classmethod
-            def serialize(cls, message):
-                return json.dumps(message)
+            class WritableLogstashFormatter(LogstashFormatter):
+                @classmethod
+                def serialize(cls, message):
+                    return json.dumps(message)
 
-        self._auditor.setFormatter(WritableLogstashFormatter())
+            self._auditor.setFormatter(WritableLogstashFormatter())
 
     def get_handler_class(self, protocol):
         return HANDLER_MAPPING.get(protocol, AWXNullHandler)

From 7344ee23ef87ea3df16969eaab1c40b47512b02e Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Tue, 22 Oct 2019 08:44:16 -0400
Subject: [PATCH 06/57] fix a bug that breaks webhook launches when a survey is
 in use

see: https://github.com/ansible/awx/issues/5062
---
 awx/api/views/webhooks.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/awx/api/views/webhooks.py b/awx/api/views/webhooks.py
index e3ed6e64c9..6be88a316b 100644
--- a/awx/api/views/webhooks.py
+++ b/awx/api/views/webhooks.py
@@ -1,6 +1,5 @@
 from hashlib import sha1
 import hmac
-import json
 import logging
 import urllib.parse
 
@@ -151,13 +150,13 @@ class WebhookReceiverBase(APIView):
                 'webhook_credential': obj.webhook_credential,
                 'webhook_guid': event_guid,
             },
-            'extra_vars': json.dumps({
+            'extra_vars': {
                 'tower_webhook_event_type': event_type,
                 'tower_webhook_event_guid': event_guid,
                 'tower_webhook_event_ref': event_ref,
                 'tower_webhook_status_api': status_api,
                 'tower_webhook_payload': request.data,
-            })
+            }
         }
 
         new_job = obj.create_unified_job(**kwargs)

From 8701f839227ea2fcd6c2722e40d319c74c9e0eac Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Tue, 22 Oct 2019 12:12:22 -0400
Subject: [PATCH 07/57] fix a bug introduced upstream with
 settings.LOG_AGGREGATOR_AUDIT

---
 awx/main/utils/handlers.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/awx/main/utils/handlers.py b/awx/main/utils/handlers.py
index 82d3a285bb..289f64d064 100644
--- a/awx/main/utils/handlers.py
+++ b/awx/main/utils/handlers.py
@@ -288,13 +288,17 @@ class AWXProxyHandler(logging.Handler):
     '''
 
     thread_local = threading.local()
+    _auditor = None
 
     def __init__(self, **kwargs):
         # TODO: process 'level' kwarg
         super(AWXProxyHandler, self).__init__(**kwargs)
         self._handler = None
         self._old_kwargs = {}
-        if settings.LOG_AGGREGATOR_AUDIT:
+
+    @property
+    def auditor(self):
+        if not self._auditor:
             self._auditor = logging.handlers.RotatingFileHandler(
                 filename='/var/log/tower/external.log',
                 maxBytes=1024 * 1024 * 50, # 50 MB
@@ -307,6 +311,7 @@ class AWXProxyHandler(logging.Handler):
                     return json.dumps(message)
 
             self._auditor.setFormatter(WritableLogstashFormatter())
+        return self._auditor
 
     def get_handler_class(self, protocol):
         return HANDLER_MAPPING.get(protocol, AWXNullHandler)
@@ -341,8 +346,8 @@ class AWXProxyHandler(logging.Handler):
         if AWXProxyHandler.thread_local.enabled:
             actual_handler = self.get_handler()
             if settings.LOG_AGGREGATOR_AUDIT:
-                self._auditor.setLevel(settings.LOG_AGGREGATOR_LEVEL)
-                self._auditor.emit(record)
+                self.auditor.setLevel(settings.LOG_AGGREGATOR_LEVEL)
+                self.auditor.emit(record)
             return actual_handler.emit(record)
 
     def perform_test(self, custom_settings):

From 53cf6cf17c33fbead58d0739e637601fbe41dd8f Mon Sep 17 00:00:00 2001
From: Alex Corey <acorey@redhat.com>
Date: Tue, 22 Oct 2019 13:31:53 -0400
Subject: [PATCH 08/57] Instance Groups Instances List styling fixes (#3846)

* Instance Groups Instances slider renders properly, and that list wraps properly.

* Instance Groups responds properly

* assorted container groups ui fixes
updated responsiveness of instance groups and instances list
fix layout of container group form
update help text for container group form elements
update text for tech preview top bar

* update container group doclink

* list styling updates based on feedback
---
 awx/ui/client/legacy/styles/forms.less        |   1 +
 .../code-mirror/code-mirror.partial.html      |   4 +-
 awx/ui/client/lib/components/list/_index.less |  27 +--
 .../capacity-adjuster.block.less              |   4 +-
 .../capacity-bar/capacity-bar.block.less      |  10 +-
 .../add-container-group.controller.js         |   3 +
 .../add-container-group.view.html             |   5 +-
 .../edit-container-group.controller.js        |   8 +-
 .../instance-groups/instance-group.block.less | 189 +++++++-----------
 .../instance-groups.strings.js                |   5 +-
 .../instances/instances-list.partial.html     |  62 +++---
 .../list/instance-groups-list.partial.html    |  64 +++---
 12 files changed, 178 insertions(+), 204 deletions(-)

diff --git a/awx/ui/client/legacy/styles/forms.less b/awx/ui/client/legacy/styles/forms.less
index f36914df31..ccfc95f412 100644
--- a/awx/ui/client/legacy/styles/forms.less
+++ b/awx/ui/client/legacy/styles/forms.less
@@ -208,6 +208,7 @@
     max-width: none !important;
     width: 100% !important;
     padding-right: 0px !important;
+    margin-top: 10px;
 }
 
 .Form-formGroup--checkbox{
diff --git a/awx/ui/client/lib/components/code-mirror/code-mirror.partial.html b/awx/ui/client/lib/components/code-mirror/code-mirror.partial.html
index b235ab5a5d..df8a141fd9 100644
--- a/awx/ui/client/lib/components/code-mirror/code-mirror.partial.html
+++ b/awx/ui/client/lib/components/code-mirror/code-mirror.partial.html
@@ -15,7 +15,9 @@
                 title="{{ label || vm.strings.get('code_mirror.label.VARIABLES') }}"
                 tabindex="-1"
                 ng-if="tooltip">
-                 <i class="fa fa-question-circle"></i>
+                <span class="at-Popover-icon" ng-class="{ 'at-Popover-icon--defaultCursor': popover.on === 'mouseenter' && !popover.click }">
+                    <i class="fa  fa-question-circle"></i>
+                </span>
              </a>
              <div class="atCodeMirror-toggleContainer FormToggle-container">
                  <div id="{{ name }}_parse_type" class="btn-group">
diff --git a/awx/ui/client/lib/components/list/_index.less b/awx/ui/client/lib/components/list/_index.less
index b84d220809..ae88096a62 100644
--- a/awx/ui/client/lib/components/list/_index.less
+++ b/awx/ui/client/lib/components/list/_index.less
@@ -202,6 +202,7 @@
 .at-Row-toggle {
     align-self: flex-start;
     margin-right: @at-space-4x;
+    margin-left: 15px;
 }
 
 .at-Row-actions {
@@ -385,29 +386,3 @@
         margin-right: @at-margin-right-list-row-item-inline-label;
     }
 }
-
-@media screen and (max-width: @at-breakpoint-instances-wrap) {
-    .at-Row-items--instances {
-        margin-bottom: @at-padding-bottom-instances-wrap;
-    }
-}
-
-@media screen and (max-width: @at-breakpoint-compact-list) {
-    .at-Row-actions {
-        align-items: center;
-    }
-
-    .at-RowAction {
-        margin: @at-margin-list-row-action-mobile;
-    }
-
-    .at-RowItem--inline {
-        display: flex;
-        margin-right: inherit;
-
-        .at-RowItem-label {
-            width: @at-width-list-row-item-label;
-            margin-right: inherit;
-        }
-    }
-}
diff --git a/awx/ui/client/src/instance-groups/capacity-adjuster/capacity-adjuster.block.less b/awx/ui/client/src/instance-groups/capacity-adjuster/capacity-adjuster.block.less
index a524c3b1a8..0417101a73 100644
--- a/awx/ui/client/src/instance-groups/capacity-adjuster/capacity-adjuster.block.less
+++ b/awx/ui/client/src/instance-groups/capacity-adjuster/capacity-adjuster.block.less
@@ -1,9 +1,11 @@
 .CapacityAdjuster {
     margin-right: @at-space-4x;
+    margin-top: 15px;
+    margin-left: -10px;
     position: relative;
 
     &-valueLabel {
-        bottom: @at-space-5x;
+        top: -10px;
         color: @at-color-body-text;
         font-size: @at-font-size;
         position: absolute;
diff --git a/awx/ui/client/src/instance-groups/capacity-bar/capacity-bar.block.less b/awx/ui/client/src/instance-groups/capacity-bar/capacity-bar.block.less
index daee752b84..03b5464195 100644
--- a/awx/ui/client/src/instance-groups/capacity-bar/capacity-bar.block.less
+++ b/awx/ui/client/src/instance-groups/capacity-bar/capacity-bar.block.less
@@ -5,6 +5,8 @@ capacity-bar {
     font-size: @at-font-size;
     min-width: 100px;
     white-space: nowrap;
+    margin-top: 5px;
+    margin-bottom: 5px;
 
     .CapacityBar {
         background-color: @default-bg;
@@ -42,12 +44,4 @@ capacity-bar {
         text-align: right;
         text-transform: uppercase;
     }
-
-    .Capacity-details--percentage {
-        width: 40px;
-    }
-
-    &:only-child {
-        margin-right: 50px;
-    }
 }
\ No newline at end of file
diff --git a/awx/ui/client/src/instance-groups/container-groups/add-container-group.controller.js b/awx/ui/client/src/instance-groups/container-groups/add-container-group.controller.js
index f23cc223f1..fc6bfaf846 100644
--- a/awx/ui/client/src/instance-groups/container-groups/add-container-group.controller.js
+++ b/awx/ui/client/src/instance-groups/container-groups/add-container-group.controller.js
@@ -12,6 +12,7 @@ function AddContainerGroupController(ToJSON, $scope, $state, models, strings, i1
 
   vm.form = instanceGroup.createFormSchema('post');
   vm.form.name.required = true;
+  delete vm.form.name.help_text;
 
   vm.form.credential = {
     type: 'field',
@@ -22,6 +23,7 @@ function AddContainerGroupController(ToJSON, $scope, $state, models, strings, i1
   vm.form.credential._route = "instanceGroups.addContainerGroup.credentials";
   vm.form.credential._model = credential;
   vm.form.credential._placeholder = strings.get('container.CREDENTIAL_PLACEHOLDER');
+  vm.form.credential.help_text = strings.get('container.CREDENTIAL_HELP_TEXT');
   vm.form.credential.required = true;
 
   vm.form.extraVars = {
@@ -29,6 +31,7 @@ function AddContainerGroupController(ToJSON, $scope, $state, models, strings, i1
     value: DataSet.data.actions.POST.pod_spec_override.default,
     name: 'extraVars',
     toggleLabel: strings.get('container.POD_SPEC_TOGGLE'),
+    tooltip: strings.get('container.EXTRA_VARS_HELP_TEXT')
   };
 
   vm.tab = {
diff --git a/awx/ui/client/src/instance-groups/container-groups/add-container-group.view.html b/awx/ui/client/src/instance-groups/container-groups/add-container-group.view.html
index df8e6afee7..a7c3dcb446 100644
--- a/awx/ui/client/src/instance-groups/container-groups/add-container-group.view.html
+++ b/awx/ui/client/src/instance-groups/container-groups/add-container-group.view.html
@@ -1,8 +1,8 @@
 <div ui-view="credentials"></div>
-<a class="containerGroups-messageBar-link" href="https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#container-group-considerations" target="_blank" style="color: white">
+<a class="containerGroups-messageBar-link" href="https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html#container-groups" target="_blank" style="color: white">
   <div class="Section-messageBar">
       <i class="Section-messageBar-warning fa fa-warning"></i>
-      <span class="Section-messageBar-text">This feature is tech preview, and is subject to change in a future release. Click here for documentation.</span>
+      <span class="Section-messageBar-text">This feature is currently in tech preview and is subject to change in a future release.  Click here for documentation.</span>
   </div>
 </a>
 <at-panel>
@@ -34,6 +34,7 @@
         variables="vm.form.extraVars.value"
         label="{{ vm.form.extraVars.label }}"
         name="{{ vm.form.extraVars.name }}"
+        tooltip="{{ vm.form.extraVars.tooltip }}"
       >
       </at-code-mirror>
     </div>
diff --git a/awx/ui/client/src/instance-groups/container-groups/edit-container-group.controller.js b/awx/ui/client/src/instance-groups/container-groups/edit-container-group.controller.js
index 33d50cb758..62740a559d 100644
--- a/awx/ui/client/src/instance-groups/container-groups/edit-container-group.controller.js
+++ b/awx/ui/client/src/instance-groups/container-groups/edit-container-group.controller.js
@@ -27,6 +27,7 @@ function EditContainerGroupController($rootScope, $scope, $state, models, string
   vm.switchDisabled = false;
   vm.form.disabled = !instanceGroup.has('options', 'actions.PUT');
   vm.form.name.required = true;
+  delete vm.form.name.help_text;
   vm.form.credential = {
     type: 'field',
     label: i18n._('Credential'),
@@ -38,6 +39,7 @@ function EditContainerGroupController($rootScope, $scope, $state, models, string
   vm.form.credential._displayValue = EditContainerGroupDataset.data.summary_fields.credential.name;
   vm.form.credential.required = true;
   vm.form.credential._value = EditContainerGroupDataset.data.summary_fields.credential.id;
+  vm.form.credential.help_text = strings.get('container.CREDENTIAL_HELP_TEXT');
 
   vm.tab = {
     details: {
@@ -59,7 +61,8 @@ function EditContainerGroupController($rootScope, $scope, $state, models, string
       label: strings.get('container.POD_SPEC_LABEL'),
       value: EditContainerGroupDataset.data.pod_spec_override || "---",
       name: 'extraVars',
-      disabled: true
+      disabled: true,
+      tooltip: strings.get('container.EXTRA_VARS_HELP_TEXT')
     };
     vm.switchDisabled = true;
   } else {
@@ -67,7 +70,8 @@ function EditContainerGroupController($rootScope, $scope, $state, models, string
       label: strings.get('container.POD_SPEC_LABEL'),
       value: EditContainerGroupDataset.data.pod_spec_override || instanceGroup.model.OPTIONS.actions.PUT.pod_spec_override.default,
       name: 'extraVars',
-      toggleLabel: strings.get('container.POD_SPEC_TOGGLE')
+      toggleLabel: strings.get('container.POD_SPEC_TOGGLE'),
+      tooltip: strings.get('container.EXTRA_VARS_HELP_TEXT')
     };
   }
 
diff --git a/awx/ui/client/src/instance-groups/instance-group.block.less b/awx/ui/client/src/instance-groups/instance-group.block.less
index 6b4d1c9d54..9634b97b69 100644
--- a/awx/ui/client/src/instance-groups/instance-group.block.less
+++ b/awx/ui/client/src/instance-groups/instance-group.block.less
@@ -1,135 +1,100 @@
-.InstanceGroups {
-    .at-Row-actions{
-        justify-content: flex-start;
-        width: 300px;
-       & > capacity-bar:only-child{
-            margin-left: 0px;
-            margin-top: 5px
-        }
-    }
-    .at-RowAction{
-        margin: 0;
-    }
-    .at-Row-links{
-        justify-content: flex-start;
+.at-Row--instances {
+    .at-Row-content {
+        flex-wrap: nowrap;
     }
 
-    .BreadCrumb-menuLinkImage:hover {
-        color: @default-link;
+    .at-Row-toggle {
+        align-self: auto;
+        flex: initial;
     }
 
-    .List-details {
-        align-self: flex-end;
-        color: @default-interface-txt;
+    .at-Row-itemGroup {
         display: flex;
-        flex: 0 0 auto;
-        font-size: 12px;
-        margin-right:20px;
-        text-transform: uppercase;
+        flex: 1;
+        flex-wrap: wrap;
     }
 
-    .Capacity-details {
+    .at-Row-items--instances {
         display: flex;
-        margin-right: 20px;
+        flex-wrap: wrap;
         align-items: center;
-
-        .Capacity-details--label {
-            color: @default-interface-txt;
-            margin: 0 10px 0 0;
-            width: 100px;
-        }
+        align-content: center;
+        flex: 1;
     }
 
-    .RunningJobs-details {
-        align-items: center;
-        display: flex;
-
-        .RunningJobs-details--label {
-            margin: 0 10px 0 0;
-        }
+    .at-RowItem--isHeader {
+        min-width: 250px;
     }
 
-    .List-tableCell--capacityColumn {
+    .at-Row-items--capacity {
         display: flex;
-        height: 40px;
+        flex-wrap: wrap;
         align-items: center;
     }
 
-    .List-noItems {
-        margin-top: 20px;
-    }
-
-    .List-tableRow .List-titleBadge {
-            margin: 0 0 0 5px;
-    }
-
-    .Panel-docsLink {
-        cursor: pointer;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        padding: 7px;
-        background: @at-white;
-        border-radius: @at-border-radius;
-        height: 30px;
-        width: 30px;
-        margin: 0 20px 0 auto;
-
-        i {
-            font-size: @at-font-size-icon;
-            color: @at-gray-646972;
-        }
-    }
-
-    .Panel-docsLink:hover {
-        background-color: @at-blue;
-
-        i {
-            color: @at-white;
-        }
-    }
-    .at-Row-toggle{
-        margin-top: 20px;
-        padding-left: 15px;
-    }
-
-    .ContainerGroups-codeMirror{
-        margin-bottom: 10px;
-    }
-
-    .at-Row-container{
-    flex-wrap: wrap;
-    }
-
-    .containerGroups-messageBar-link:hover{
-        text-decoration: underline;
-    }
-
-    @media screen and (max-width: 1060px) and (min-width: 769px){
-        .at-Row-links {
-            justify-content: flex-start;
-            flex-wrap: wrap;
-        }
-    }
-
-    @media screen and (min-width: 1061px){
-        .at-Row-actions{
-            justify-content: flex-end;
-            & > capacity-bar:only-child {
-                margin-right: 30px;
-            }
-        }
-        .instanceGroupsList-details{
-            display: flex;
-        }
-        .at-Row-links {
-            justify-content: flex-end;
-            display: flex;
-            width: 445px;
-        }
+    .CapacityAdjuster {
+        padding-bottom: 15px;
     }
 }
 
+.at-Row--instanceGroups {
+    .at-Row-content {
+        flex-wrap: nowrap;
+    }
 
+    .at-Row-itemGroup {
+        display: flex;
+        flex: 1;
+        flex-wrap: wrap;
+    }
 
+    .at-Row-items--instanceGroups {
+        display: flex;
+        flex-wrap: wrap;
+        align-items: center;
+        flex: 1;
+        max-width: 100%;
+    }
 
+    .at-Row-itemHeaderGroup {
+        min-width: 320px;
+        display: flex;
+    }
+
+    .at-Row-items--capacity {
+        display: flex;
+        flex-wrap: wrap;
+        align-items: center;
+        margin-right: 5px;
+        min-width: 215px;
+    }
+
+    .at-Row--instanceSpacer {
+        width: 140px;
+    }
+
+    .at-Row--capacitySpacer {
+        flex: .6;
+    }
+
+    .at-Row-actions {
+        min-width: 50px;
+    }
+}
+
+@media screen and (max-width: 1260px) {
+    .at-Row--instances .at-Row-items--capacity {
+        flex: 1
+    }
+
+    .at-Row--instances .CapacityAdjuster {
+        padding-bottom: 5px;
+    }
+}
+
+@media screen and (max-width: 600px) {
+    .at-Row--instanceGroups .at-Row-itemHeaderGroup,
+    .at-Row--instanceGroups .at-Row-itemGroup {
+        max-width: 270px;
+    }
+}
diff --git a/awx/ui/client/src/instance-groups/instance-groups.strings.js b/awx/ui/client/src/instance-groups/instance-groups.strings.js
index 4821b72065..6e1e118f08 100644
--- a/awx/ui/client/src/instance-groups/instance-groups.strings.js
+++ b/awx/ui/client/src/instance-groups/instance-groups.strings.js
@@ -72,8 +72,9 @@ function InstanceGroupsStrings(BaseString) {
         CREDENTIAL_PLACEHOLDER: t.s('SELECT A CREDENTIAL'),
         POD_SPEC_LABEL: t.s('Pod Spec Override'),
         BADGE_TEXT: t.s('Container Group'),
-        POD_SPEC_TOGGLE: t.s('Customize Pod Spec')
-
+        POD_SPEC_TOGGLE: t.s('Customize Pod Spec'),
+        CREDENTIAL_HELP_TEXT: t.s('Credential to authenticate with Kubernetes or OpenShift.  Must be of type \"Kubernetes/OpenShift API Bearer Token\”.'),
+        EXTRA_VARS_HELP_TEXT: t.s('Field for passing a custom Kubernetes or OpenShift Pod specification.')
     };
 }
 
diff --git a/awx/ui/client/src/instance-groups/instances/instances-list.partial.html b/awx/ui/client/src/instance-groups/instances/instances-list.partial.html
index e540d45b5a..08d2e28dc3 100644
--- a/awx/ui/client/src/instance-groups/instances/instances-list.partial.html
+++ b/awx/ui/client/src/instance-groups/instances/instances-list.partial.html
@@ -43,35 +43,45 @@
         </at-list-toolbar>
         <at-list results='vm.instances'>
             <at-row ng-repeat="instance in vm.instances"
-                ng-class="{'at-Row--active': (instance.id === vm.activeId)}">
+                ng-class="{'at-Row--active': (instance.id === vm.activeId)}"
+                class="at-Row--instances">
                 <div class="at-Row-toggle">
                     <at-switch on-toggle="vm.toggle(instance)" switch-on="instance.enabled" switch-disabled="vm.rowAction.toggle._disabled"></at-switch>
                 </div>
-
-                <div class="at-Row-items at-Row-items--instances">
-                    <at-row-item
-                        header-value="{{ instance.hostname }}"
-                        header-tag="{{ instance.managed_by_policy ? '' : vm.strings.get('list.MANUAL') }}">
-                    </at-row-item>
-                    <at-row-item
-                        label-value="{{:: vm.strings.get('list.ROW_ITEM_LABEL_RUNNING_JOBS') }}"
-                        label-state="instanceGroups.instanceJobs({instance_group_id: {{vm.instance_group_id}}, instance_id: {{instance.id}}, job_search: {status__in: ['running,waiting']}})"
-                        value="{{ instance.jobs_running }}"
-                        inline="true"
-                        badge="true">
-                    </at-row-item>
-                    <at-row-item
-                        label-value="{{:: vm.strings.get('list.ROW_ITEM_LABEL_TOTAL_JOBS') }}"
-                        label-state="instanceGroups.instanceJobs({instance_group_id: {{vm.instance_group_id}}, instance_id: {{instance.id}}})"
-                        value="{{ instance.jobs_total }}"
-                        inline="true"
-                        badge="true">
-                    </at-row-item>
-                </div>
-
-                <div class="at-Row-actions">
-                    <capacity-adjuster state="instance" disabled="{{vm.rowAction.capacity_adjustment._disabled}}"></capacity-adjuster>
-                    <capacity-bar label-value="{{:: vm.strings.get('list.ROW_ITEM_LABEL_USED_CAPACITY') }}" capacity="instance.consumed_capacity" total-capacity="instance.capacity"></capacity-bar>
+                <div class="at-Row-itemGroup">
+                    <div class="at-Row-items at-Row-items--instances">
+                        <at-row-item
+                            header-value="{{ instance.hostname }}"
+                            header-tag="{{ instance.managed_by_policy ? '' : vm.strings.get('list.MANUAL') }}">
+                        </at-row-item>
+                        <div class="at-Row-nonHeaderItems">
+                            <at-row-item
+                                label-value="{{:: vm.strings.get('list.ROW_ITEM_LABEL_RUNNING_JOBS') }}"
+                                label-state="instanceGroups.instanceJobs({instance_group_id: {{vm.instance_group_id}}, instance_id: {{instance.id}}, job_search: {status__in: ['running,waiting']}})"
+                                value="{{ instance.jobs_running }}"
+                                inline="true"
+                                badge="true">
+                            </at-row-item>
+                            <at-row-item
+                                label-value="{{:: vm.strings.get('list.ROW_ITEM_LABEL_TOTAL_JOBS') }}"
+                                label-state="instanceGroups.instanceJobs({instance_group_id: {{vm.instance_group_id}}, instance_id: {{instance.id}}})"
+                                value="{{ instance.jobs_total }}"
+                                inline="true"
+                                badge="true">
+                            </at-row-item>
+                        </div>
+                    </div>
+                    <div class="at-Row-items--capacity">
+                        <capacity-adjuster
+                            state="instance"
+                            disabled="{{vm.rowAction.capacity_adjustment._disabled}}">
+                        </capacity-adjuster>
+                        <capacity-bar
+                            label-value="{{:: vm.strings.get('list.ROW_ITEM_LABEL_USED_CAPACITY') }}"
+                            capacity="instance.consumed_capacity"
+                            total-capacity="instance.capacity">
+                        </capacity-bar>
+                    </div>
                 </div>
             </at-row>
         </at-list>
diff --git a/awx/ui/client/src/instance-groups/list/instance-groups-list.partial.html b/awx/ui/client/src/instance-groups/list/instance-groups-list.partial.html
index b8d5fdfbc3..892d0874c9 100644
--- a/awx/ui/client/src/instance-groups/list/instance-groups-list.partial.html
+++ b/awx/ui/client/src/instance-groups/list/instance-groups-list.partial.html
@@ -41,10 +41,11 @@
         </at-list-toolbar>
         <at-list results="instance_groups">
             <at-row ng-repeat="instance_group in instance_groups"
-                ng-class="{'at-Row--active': (instance_group.id === vm.activeId)}" >
-                <div class="at-Row-items">
-                    <div class="at-Row-container">
-                        <div class="at-Row-content">
+                ng-class="{'at-Row--active': (instance_group.id === vm.activeId)}"
+                class="at-Row--instanceGroups">
+                <div class="at-Row-itemGroup">
+                    <div class="at-Row-items at-Row-items--instanceGroups">
+                        <div class="at-Row-itemHeaderGroup">
                             <at-row-item
                                 ng-if="!instance_group.credential"
                                 header-value="{{ instance_group.name }}"
@@ -67,23 +68,14 @@
                                 </div>
                             </div>
                             <div class="at-RowItem--labels" ng-if="!instance_group.credential">
-                                    <div class="LabelList-tagContainer">
-                                        <div class="LabelList-tag" ng-class="{'LabelList-tag--deletable' : (showDelete && template.summary_fields.user_capabilities.edit)}">
-                                            <span class="LabelList-name">{{vm.strings.get('instance.BADGE_TEXT') }}</span>
-                                        </div>
+                                <div class="LabelList-tagContainer">
+                                    <div class="LabelList-tag" ng-class="{'LabelList-tag--deletable' : (showDelete && template.summary_fields.user_capabilities.edit)}">
+                                        <span class="LabelList-name">{{vm.strings.get('instance.BADGE_TEXT') }}</span>
                                     </div>
                                 </div>
+                            </div>
                         </div>
-                        <div class="instanceGroupsList-details">
-                        <div class="at-Row-links">
-                            <at-row-item
-                                ng-if="!instance_group.credential"
-                                label-value="{{:: vm.strings.get('list.ROW_ITEM_LABEL_INSTANCES') }}"
-                                label-state="instanceGroups.instances({instance_group_id: {{ instance_group.id }}})"
-                                value="{{ instance_group.instances }}"
-                                inline="true"
-                                badge="true">
-                            </at-row-item>
+                        <div class="at-Row-nonHeaderItems">
                             <at-row-item
                                 label-value="{{:: vm.strings.get('list.ROW_ITEM_LABEL_RUNNING_JOBS') }}"
                                 label-state="instanceGroups.jobs({instance_group_id: {{ instance_group.id }}, job_search: {status__in: ['running,waiting']}})"
@@ -98,14 +90,38 @@
                                 inline="true"
                                 badge="true">
                             </at-row-item>
-                        </div>
-                        <div class="at-Row-actions" >
-                            <capacity-bar ng-show="!instance_group.credential" label-value="{{:: vm.strings.get('list.ROW_ITEM_LABEL_USED_CAPACITY') }}" capacity="instance_group.consumed_capacity" total-capacity="instance_group.capacity"></capacity-bar>
-                            <at-row-action icon="fa-trash" ng-click="vm.deleteInstanceGroup(instance_group)" ng-if="vm.rowAction.trash(instance_group)">
-                            </at-row-action>
-                        </div>
+                            <at-row-item
+                                ng-if="!instance_group.credential"
+                                label-value="{{:: vm.strings.get('list.ROW_ITEM_LABEL_INSTANCES') }}"
+                                label-state="instanceGroups.instances({instance_group_id: {{ instance_group.id }}})"
+                                value="{{ instance_group.instances }}"
+                                inline="true"
+                                badge="true">
+                            </at-row-item>
+                            <div
+                                ng-if="instance_group.credential"
+                                class="at-Row--instanceSpacer">
+                            </div>
                         </div>
                     </div>
+                    <div class="at-Row-items--capacity" ng-if="!instance_group.credential">
+                        <capacity-bar
+                            label-value="{{:: vm.strings.get('list.ROW_ITEM_LABEL_USED_CAPACITY') }}"
+                            capacity="instance_group.consumed_capacity"
+                            total-capacity="instance_group.capacity">
+                        </capacity-bar>
+                    </div>
+                    <div
+                        ng-if="instance_group.credential"
+                        class="at-Row--capacitySpacer">
+                    </div>
+                </div>
+                <div class="at-Row-actions" >
+                    <at-row-action
+                        icon="fa-trash"
+                        ng-click="vm.deleteInstanceGroup(instance_group)"
+                        ng-if="vm.rowAction.trash(instance_group)">
+                    </at-row-action>
                 </div>
             </at-row>
         </at-list>

From fb67b8edf9ec4eb9c273a1208cc51b0e53562afc Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Tue, 22 Oct 2019 14:39:27 -0400
Subject: [PATCH 09/57] Add support for credential_type in tower_credential
 module (#3820)

* Add support for credential_type

* Finish up credential_type parameter with tests

* make inputs mutually exclusive with other params

* Test credential type with dict input
---
 awx_collection/README.md                      |   2 +-
 .../plugins/module_utils/ansible_tower.py     |   4 +-
 .../plugins/modules/tower_credential.py       |  80 ++++++++--
 awx_collection/test/awx/conftest.py           |   3 +
 awx_collection/test/awx/test_credential.py    | 151 ++++++++++++++++++
 5 files changed, 223 insertions(+), 17 deletions(-)
 create mode 100644 awx_collection/test/awx/test_credential.py

diff --git a/awx_collection/README.md b/awx_collection/README.md
index fe65d0d013..31fd683c5c 100644
--- a/awx_collection/README.md
+++ b/awx_collection/README.md
@@ -34,7 +34,7 @@ in the `awx_collection_test_venv` folder so that `make test_collection` can
 be ran to actually run the tests. A single test can be ran via:
 
 ```
-make test_collection MODULE_TEST_DIRS=awx_collection/test/awx/test_organization.py
+make test_collection COLLECTION_TEST_DIRS=awx_collection/test/awx/test_organization.py
 ```
 
 ## Building
diff --git a/awx_collection/plugins/module_utils/ansible_tower.py b/awx_collection/plugins/module_utils/ansible_tower.py
index ef687a669c..c71f096455 100644
--- a/awx_collection/plugins/module_utils/ansible_tower.py
+++ b/awx_collection/plugins/module_utils/ansible_tower.py
@@ -98,8 +98,8 @@ class TowerModule(AnsibleModule):
         )
         args.update(argument_spec)
 
-        mutually_exclusive = kwargs.get('mutually_exclusive', [])
-        kwargs['mutually_exclusive'] = mutually_exclusive.extend((
+        kwargs.setdefault('mutually_exclusive', [])
+        kwargs['mutually_exclusive'].extend((
             ('tower_config_file', 'tower_host'),
             ('tower_config_file', 'tower_username'),
             ('tower_config_file', 'tower_password'),
diff --git a/awx_collection/plugins/modules/tower_credential.py b/awx_collection/plugins/modules/tower_credential.py
index 7ac08b28d6..587d8205dd 100644
--- a/awx_collection/plugins/modules/tower_credential.py
+++ b/awx_collection/plugins/modules/tower_credential.py
@@ -53,9 +53,23 @@ options:
       description:
         - Type of credential being added.
         - The ssh choice refers to a Tower Machine credential.
-      required: True
+      required: False
       type: str
       choices: ["ssh", "vault", "net", "scm", "aws", "vmware", "satellite6", "cloudforms", "gce", "azure_rm", "openstack", "rhv", "insights", "tower"]
+    credential_type:
+      description:
+        - Name of credential type.
+      required: False
+      version_added: "2.10"
+      type: str
+    inputs:
+      description:
+        - >-
+          Credential inputs where the keys are var names used in templating.
+          Refer to the Ansible Tower documentation for example syntax.
+      required: False
+      version_added: "2.9"
+      type: dict
     host:
       description:
         - Host for this credential.
@@ -185,6 +199,15 @@ EXAMPLES = '''
     tower_host: https://localhost
   run_once: true
   delegate_to: localhost
+
+- name: Add Credential with Custom Credential Type
+  tower_credential:
+    name: Workshop Credential
+    credential_type: MyCloudCredential
+    organization: Default
+    tower_username: admin
+    tower_password: ansible
+    tower_host: https://localhost
 '''
 
 import os
@@ -219,7 +242,17 @@ KIND_CHOICES = {
 }
 
 
-def credential_type_for_v1_kind(params, module):
+OLD_INPUT_NAMES = (
+    'authorize', 'authorize_password', 'client',
+    'security_token', 'secret', 'tenant', 'subscription',
+    'domain', 'become_method', 'become_username',
+    'become_password', 'vault_password', 'project', 'host',
+    'username', 'password', 'ssh_key_data', 'vault_id',
+    'ssh_key_unlock'
+)
+
+
+def credential_type_for_kind(params):
     credential_type_res = tower_cli.get_resource('credential_type')
     kind = params.pop('kind')
     arguments = {'managed_by_tower': True}
@@ -244,8 +277,9 @@ def main():
         name=dict(required=True),
         user=dict(),
         team=dict(),
-        kind=dict(required=True,
-                  choices=KIND_CHOICES.keys()),
+        kind=dict(choices=KIND_CHOICES.keys()),
+        credential_type=dict(),
+        inputs=dict(type='dict'),
         host=dict(),
         username=dict(),
         password=dict(no_log=True),
@@ -270,7 +304,14 @@ def main():
         vault_id=dict(),
     )
 
-    module = TowerModule(argument_spec=argument_spec, supports_check_mode=True)
+    mutually_exclusive = [
+        ('kind', 'credential_type')
+    ]
+    for input_name in OLD_INPUT_NAMES:
+        mutually_exclusive.append(('inputs', input_name))
+
+    module = TowerModule(argument_spec=argument_spec, supports_check_mode=True,
+                         mutually_exclusive=mutually_exclusive)
 
     name = module.params.get('name')
     organization = module.params.get('organization')
@@ -298,10 +339,26 @@ def main():
                 # /api/v1/ backwards compat
                 # older versions of tower-cli don't *have* a credential_type
                 # resource
-                params['kind'] = module.params['kind']
+                params['kind'] = module.params.get('kind')
             else:
-                credential_type = credential_type_for_v1_kind(module.params, module)
-                params['credential_type'] = credential_type['id']
+                if module.params.get('credential_type'):
+                    credential_type_res = tower_cli.get_resource('credential_type')
+                    try:
+                        credential_type = credential_type_res.get(name=module.params['credential_type'])
+                    except (exc.NotFound) as excinfo:
+                        module.fail_json(msg=(
+                            'Failed to update credential, credential_type not found: {0}'
+                        ).format(excinfo), changed=False)
+                    params['credential_type'] = credential_type['id']
+
+                    if module.params.get('inputs'):
+                        params['inputs'] = module.params.get('inputs')
+
+                elif module.params.get('kind'):
+                    credential_type = credential_type_for_kind(module.params)
+                    params['credential_type'] = credential_type['id']
+                else:
+                    module.fail_json(msg='must either specify credential_type or kind', changed=False)
 
             if module.params.get('description'):
                 params['description'] = module.params.get('description')
@@ -333,12 +390,7 @@ def main():
             if module.params.get('vault_id', None) and module.params.get('kind') != 'vault':
                 module.fail_json(msg="Parameter 'vault_id' is only valid if parameter 'kind' is specified as 'vault'")
 
-            for key in ('authorize', 'authorize_password', 'client',
-                        'security_token', 'secret', 'tenant', 'subscription',
-                        'domain', 'become_method', 'become_username',
-                        'become_password', 'vault_password', 'project', 'host',
-                        'username', 'password', 'ssh_key_data', 'vault_id',
-                        'ssh_key_unlock'):
+            for key in OLD_INPUT_NAMES:
                 if 'kind' in params:
                     params[key] = module.params.get(key)
                 elif module.params.get(key):
diff --git a/awx_collection/test/awx/conftest.py b/awx_collection/test/awx/conftest.py
index bdaa0db3bf..3cf7295246 100644
--- a/awx_collection/test/awx/conftest.py
+++ b/awx_collection/test/awx/conftest.py
@@ -62,6 +62,9 @@ def run_module():
         # We should consider supporting that in the future
         resource_module = importlib.import_module('plugins.modules.{}'.format(module_name))
 
+        if not isinstance(module_params, dict):
+            raise RuntimeError('Module params must be dict, got {}'.format(type(module_params)))
+
         # Ansible params can be passed as an invocation argument or over stdin
         # this short circuits within the AnsibleModule interface
         def mock_load_params(self):
diff --git a/awx_collection/test/awx/test_credential.py b/awx_collection/test/awx/test_credential.py
new file mode 100644
index 0000000000..12b4935ff7
--- /dev/null
+++ b/awx_collection/test/awx/test_credential.py
@@ -0,0 +1,151 @@
+import pytest
+
+from awx.main.models import Credential, CredentialType, Organization
+
+
+@pytest.mark.django_db
+def test_create_machine_credential(run_module, admin_user):
+    Organization.objects.create(name='test-org')
+    # create the ssh credential type
+    CredentialType.defaults['ssh']().save()
+    # Example from docs
+    result = run_module('tower_credential', dict(
+        name='Team Name',
+        description='Team Description',
+        organization='test-org',
+        kind='ssh',
+        state='present'
+    ), admin_user)
+
+    cred = Credential.objects.get(name='Team Name')
+    result.pop('invocation')
+    assert result == {
+        "credential": "Team Name",
+        "state": "present",
+        "id": cred.pk,
+        "changed": True
+    }
+
+
+@pytest.mark.django_db
+def test_create_custom_credential_type(run_module, admin_user):
+    # Example from docs
+    result = run_module('tower_credential_type', dict(
+        name='Nexus',
+        description='Credentials type for Nexus',
+        kind='cloud',
+        inputs={"fields": [{"id": "server", "type": "string", "default": "", "label": ""}], "required": []},
+        injectors={'extra_vars': {'nexus_credential': 'test'}},
+        state='present',
+        validate_certs='false'
+    ), admin_user)
+
+    ct = CredentialType.objects.get(name='Nexus')
+    result.pop('invocation')
+    assert result == {
+        "credential_type": "Nexus",
+        "state": "present",
+        "id": ct.pk,
+        "changed": True
+    }
+
+    assert ct.inputs == {"fields": [{"id": "server", "type": "string", "default": "", "label": ""}], "required": []}
+    assert ct.injectors == {'extra_vars': {'nexus_credential': 'test'}}
+
+
+@pytest.mark.django_db
+def test_kind_ct_exclusivity(run_module, admin_user):
+    result = run_module('tower_credential', dict(
+        name='A credential',
+        organization='test-org',
+        kind='ssh',
+        credential_type='foobar',  # cannot specify if kind is also specified
+        state='present'
+    ), admin_user)
+
+    result.pop('invocation')
+    assert result == {
+        'failed': True,
+        'msg': 'parameters are mutually exclusive: kind|credential_type'
+    }
+
+
+@pytest.mark.django_db
+def test_input_exclusivity(run_module, admin_user):
+    result = run_module('tower_credential', dict(
+        name='A credential',
+        organization='test-org',
+        kind='ssh',
+        inputs={'token': '7rEZK38DJl58A7RxA6EC7lLvUHbBQ1'},
+        security_token='7rEZK38DJl58A7RxA6EC7lLvUHbBQ1',
+        state='present'
+    ), admin_user)
+
+    result.pop('invocation')
+    assert result == {
+        'failed': True,
+        'msg': 'parameters are mutually exclusive: inputs|security_token'
+    }
+
+
+@pytest.mark.django_db
+def test_missing_credential_type(run_module, admin_user):
+    Organization.objects.create(name='test-org')
+    result = run_module('tower_credential', dict(
+        name='A credential',
+        organization='test-org',
+        credential_type='foobar',
+        state='present'
+    ), admin_user)
+
+    result.pop('invocation')
+    assert result == {
+        "changed": False,
+        "failed": True,
+        'msg': 'Failed to update credential, credential_type not found: The requested object could not be found.'
+    }
+
+
+@pytest.mark.django_db
+def test_make_use_of_custom_credential_type(run_module, admin_user):
+    Organization.objects.create(name='test-org')
+    # Make a credential type which will be used by the credential
+    ct = CredentialType.objects.create(
+        name='Ansible Galaxy Token',
+        inputs={
+            "fields": [
+                {
+                    "id": "token",
+                    "type": "string",
+                    "secret": True,
+                    "label": "Ansible Galaxy Secret Token Value"
+                }
+            ],
+            "required": ["token"]
+        },
+        injectors={
+            "extra_vars": {
+                "galaxy_token": "{{token}}",
+            }
+        }
+    )
+    result = run_module('tower_credential', dict(
+        name='Galaxy Token for Steve',
+        organization='test-org',
+        credential_type='Ansible Galaxy Token',
+        inputs={'token': '7rEZK38DJl58A7RxA6EC7lLvUHbBQ1'},
+        state='present'
+    ), admin_user)
+
+    cred = Credential.objects.get(name='Galaxy Token for Steve')
+    assert cred.credential_type_id == ct.id
+    assert list(cred.inputs.keys()) == ['token']
+    assert cred.inputs['token'].startswith('$encrypted$')
+    assert len(cred.inputs['token']) >= len('$encrypted$') + len('7rEZK38DJl58A7RxA6EC7lLvUHbBQ1')
+    result.pop('invocation')
+    assert result == {
+        "credential": "Galaxy Token for Steve",
+        "state": "present",
+        "id": cred.pk,
+        "changed": True
+    }

From cfd7946097f7b0169ce00225b566b5a1aed647cc Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Tue, 22 Oct 2019 16:40:54 -0400
Subject: [PATCH 10/57] improve cleanup of anonymous kubeconfig files

---
 awx/main/isolated/manager.py                  | 12 ++++++++-
 awx/main/scheduler/kubernetes.py              | 25 +++++++++----------
 awx/main/tasks.py                             |  1 -
 .../task_management/test_container_groups.py  |  4 +--
 4 files changed, 24 insertions(+), 18 deletions(-)

diff --git a/awx/main/isolated/manager.py b/awx/main/isolated/manager.py
index 5a0555ed72..642ba373a4 100644
--- a/awx/main/isolated/manager.py
+++ b/awx/main/isolated/manager.py
@@ -6,6 +6,7 @@ import stat
 import tempfile
 import time
 import logging
+import yaml
 
 from django.conf import settings
 import ansible_runner
@@ -48,10 +49,17 @@ class IsolatedManager(object):
     def build_inventory(self, hosts):
         if self.instance and self.instance.is_containerized:
             inventory = {'all': {'hosts': {}}}
+            fd, path = tempfile.mkstemp(
+                prefix='.kubeconfig', dir=self.private_data_dir
+            )
+            with open(path, 'wb') as temp:
+                temp.write(yaml.dump(self.pod_manager.kube_config).encode())
+                temp.flush()
+                os.chmod(temp.name, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
             for host in hosts:
                 inventory['all']['hosts'][host] = {
                     "ansible_connection": "kubectl",
-                    "ansible_kubectl_config": self.pod_manager.kube_config
+                    "ansible_kubectl_config": path,
                 }
         else:
             inventory = '\n'.join([
@@ -143,6 +151,8 @@ class IsolatedManager(object):
             '- /artifacts/job_events/*-partial.json.tmp',
             # don't rsync the ssh_key FIFO
             '- /env/ssh_key',
+            # don't rsync kube config files
+            '- .kubeconfig*'
         ]
 
         for filename, data in (
diff --git a/awx/main/scheduler/kubernetes.py b/awx/main/scheduler/kubernetes.py
index 00f82a3859..68a95e2fc2 100644
--- a/awx/main/scheduler/kubernetes.py
+++ b/awx/main/scheduler/kubernetes.py
@@ -1,9 +1,5 @@
 import collections
-import os
-import stat
 import time
-import yaml
-import tempfile
 import logging
 from base64 import b64encode
 
@@ -88,8 +84,17 @@ class PodManager(object):
 
     @cached_property
     def kube_api(self):
-        my_client = config.new_client_from_config(config_file=self.kube_config)
-        return client.CoreV1Api(api_client=my_client)
+        # this feels a little janky, but it's what k8s' own code does
+        # internally when it reads kube config files from disk:
+        # https://github.com/kubernetes-client/python-base/blob/0b208334ef0247aad9afcaae8003954423b61a0d/config/kube_config.py#L643
+        loader = config.kube_config.KubeConfigLoader(
+            config_dict=self.kube_config
+        )
+        cfg = type.__call__(client.Configuration)
+        loader.load_and_set(cfg)
+        return client.CoreV1Api(api_client=client.ApiClient(
+            configuration=cfg
+        ))
 
     @property
     def pod_name(self):
@@ -174,10 +179,4 @@ def generate_tmp_kube_config(credential, namespace):
         ).decode() # decode the base64 data into a str
     else:
         config["clusters"][0]["cluster"]["insecure-skip-tls-verify"] = True
-
-    fd, path = tempfile.mkstemp(prefix='kubeconfig')
-    with open(path, 'wb') as temp:
-        temp.write(yaml.dump(config).encode())
-        temp.flush()
-        os.chmod(temp.name, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
-    return path
+    return config
diff --git a/awx/main/tasks.py b/awx/main/tasks.py
index a91a4cf4b2..fc3d466d39 100644
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@@ -1423,7 +1423,6 @@ class BaseTask(object):
     def deploy_container_group_pod(self, task):
         from awx.main.scheduler.kubernetes import PodManager # Avoid circular import
         pod_manager = PodManager(self.instance)
-        self.cleanup_paths.append(pod_manager.kube_config)
         try:
             log_name = task.log_format
             logger.debug(f"Launching pod for {log_name}.")
diff --git a/awx/main/tests/functional/task_management/test_container_groups.py b/awx/main/tests/functional/task_management/test_container_groups.py
index c1a1695bc9..47d982a725 100644
--- a/awx/main/tests/functional/task_management/test_container_groups.py
+++ b/awx/main/tests/functional/task_management/test_container_groups.py
@@ -1,5 +1,4 @@
 import subprocess
-import yaml
 import base64
 
 from unittest import mock # noqa
@@ -51,6 +50,5 @@ def test_kubectl_ssl_verification(containerized_job):
     cred.inputs['ssl_ca_cert'] = cert.stdout
     cred.save()
     pm = PodManager(containerized_job)
-    config = yaml.load(open(pm.kube_config), Loader=yaml.FullLoader)
-    ca_data = config['clusters'][0]['cluster']['certificate-authority-data']
+    ca_data = pm.kube_config['clusters'][0]['cluster']['certificate-authority-data']
     assert cert.stdout == base64.b64decode(ca_data.encode())

From 28228a3b577a217f3a799347daea8d6b1a747be6 Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Wed, 23 Oct 2019 08:25:00 -0400
Subject: [PATCH 11/57] Disable activity stream and speed up host group bulk
 deletion (#3817)

---
 awx/api/views/__init__.py | 38 +++++++++++++++++++++++++++-----------
 awx/main/models/base.py   |  5 ++++-
 2 files changed, 31 insertions(+), 12 deletions(-)

diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py
index f337345df9..63325abe2a 100644
--- a/awx/api/views/__init__.py
+++ b/awx/api/views/__init__.py
@@ -2136,12 +2136,21 @@ class InventorySourceHostsList(HostRelatedSearchMixin, SubListDestroyAPIView):
     def perform_list_destroy(self, instance_list):
         inv_source = self.get_parent_object()
         with ignore_inventory_computed_fields():
-            # Activity stream doesn't record disassociation here anyway
-            # no signals-related reason to not bulk-delete
-            models.Host.groups.through.objects.filter(
-                host__inventory_sources=inv_source
-            ).delete()
-            r = super(InventorySourceHostsList, self).perform_list_destroy(instance_list)
+            if not settings.ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC:
+                from awx.main.signals import disable_activity_stream
+                with disable_activity_stream():
+                    # job host summary deletion necessary to avoid deadlock
+                    models.JobHostSummary.objects.filter(host__inventory_sources=inv_source).update(host=None)
+                    models.Host.objects.filter(inventory_sources=inv_source).delete()
+                    r = super(InventorySourceHostsList, self).perform_list_destroy([])
+            else:
+                # Advance delete of group-host memberships to prevent deadlock
+                # Activity stream doesn't record disassociation here anyway
+                # no signals-related reason to not bulk-delete
+                models.Host.groups.through.objects.filter(
+                    host__inventory_sources=inv_source
+                ).delete()
+                r = super(InventorySourceHostsList, self).perform_list_destroy(instance_list)
         update_inventory_computed_fields.delay(inv_source.inventory_id, True)
         return r
 
@@ -2157,11 +2166,18 @@ class InventorySourceGroupsList(SubListDestroyAPIView):
     def perform_list_destroy(self, instance_list):
         inv_source = self.get_parent_object()
         with ignore_inventory_computed_fields():
-            # Same arguments for bulk delete as with host list
-            models.Group.hosts.through.objects.filter(
-                group__inventory_sources=inv_source
-            ).delete()
-            r = super(InventorySourceGroupsList, self).perform_list_destroy(instance_list)
+            if not settings.ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC:
+                from awx.main.signals import disable_activity_stream
+                with disable_activity_stream():
+                    models.Group.objects.filter(inventory_sources=inv_source).delete()
+                    r = super(InventorySourceGroupsList, self).perform_list_destroy([])
+            else:
+                # Advance delete of group-host memberships to prevent deadlock
+                # Same arguments for bulk delete as with host list
+                models.Group.hosts.through.objects.filter(
+                    group__inventory_sources=inv_source
+                ).delete()
+                r = super(InventorySourceGroupsList, self).perform_list_destroy(instance_list)
         update_inventory_computed_fields.delay(inv_source.inventory_id, True)
         return r
 
diff --git a/awx/main/models/base.py b/awx/main/models/base.py
index 70fa92cf0a..915b18977f 100644
--- a/awx/main/models/base.py
+++ b/awx/main/models/base.py
@@ -295,7 +295,10 @@ class PrimordialModel(HasEditsMixin, CreatedModifiedModel):
 
     def __init__(self, *args, **kwargs):
         r = super(PrimordialModel, self).__init__(*args, **kwargs)
-        self._prior_values_store = self._get_fields_snapshot()
+        if self.pk:
+            self._prior_values_store = self._get_fields_snapshot()
+        else:
+            self._prior_values_store = {}
         return r
 
     def save(self, *args, **kwargs):

From 653ec0ffabcb362c106f5a0f57ae7cf91628e33d Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Wed, 23 Oct 2019 10:59:35 -0400
Subject: [PATCH 12/57] RBAC relaunch 403 updates (#3835)

* RBAC relaunch 403 updates

Addresses 2 things

1. If WFJ relaunch is attempted, and relaunch is denied
  because the WFJ had encrypted survey answers,
  a generic message was shown, this changes it to show
  a specific error message

2. Org admins are banned from relaunching a job
  if the job has encrypted survey answers

* update tests to raises access pattern

* catch PermissionDenied for user_capabilities
---
 awx/main/access.py                            | 50 ++++++++-----------
 awx/main/tests/functional/test_rbac_job.py    |  5 +-
 .../tests/functional/test_rbac_workflow.py    |  5 +-
 3 files changed, 28 insertions(+), 32 deletions(-)

diff --git a/awx/main/access.py b/awx/main/access.py
index 3eefb08723..7f9be65333 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -465,7 +465,7 @@ class BaseAccess(object):
                 else:
                     relationship = 'members'
                 return access_method(obj, parent_obj, relationship, skip_sub_obj_read_check=True, data={})
-        except (ParseError, ObjectDoesNotExist):
+        except (ParseError, ObjectDoesNotExist, PermissionDenied):
             return False
         return False
 
@@ -1660,26 +1660,19 @@ class JobAccess(BaseAccess):
         except JobLaunchConfig.DoesNotExist:
             config = None
 
+        if obj.job_template and (self.user not in obj.job_template.execute_role):
+            return False
+
         # Check if JT execute access (and related prompts) is sufficient
-        if obj.job_template is not None:
-            if config is None:
-                prompts_access = False
-            elif not config.has_user_prompts(obj.job_template):
-                prompts_access = True
-            elif obj.created_by_id != self.user.pk and vars_are_encrypted(config.extra_data):
-                prompts_access = False
-                if self.save_messages:
-                    self.messages['detail'] = _('Job was launched with secret prompts provided by another user.')
-            else:
-                prompts_access = (
-                    JobLaunchConfigAccess(self.user).can_add({'reference_obj': config}) and
-                    not config.has_unprompted(obj.job_template)
-                )
-            jt_access = self.user in obj.job_template.execute_role
-            if prompts_access and jt_access:
+        if config and obj.job_template:
+            if not config.has_user_prompts(obj.job_template):
                 return True
-            elif not jt_access:
-                return False
+            elif obj.created_by_id != self.user.pk and vars_are_encrypted(config.extra_data):
+                # never allowed, not even for org admins
+                raise PermissionDenied(_('Job was launched with secret prompts provided by another user.'))
+            elif not config.has_unprompted(obj.job_template):
+                if JobLaunchConfigAccess(self.user).can_add({'reference_obj': config}):
+                    return True
 
         org_access = bool(obj.inventory) and self.user in obj.inventory.organization.inventory_admin_role
         project_access = obj.project is None or self.user in obj.project.admin_role
@@ -2098,23 +2091,20 @@ class WorkflowJobAccess(BaseAccess):
                 self.messages['detail'] = _('Workflow Job was launched with unknown prompts.')
             return False
 
+        # execute permission to WFJT is mandatory for any relaunch
+        if self.user not in template.execute_role:
+            return False
+
         # Check if access to prompts to prevent relaunch
         if config.prompts_dict():
             if obj.created_by_id != self.user.pk and vars_are_encrypted(config.extra_data):
-                if self.save_messages:
-                    self.messages['detail'] = _('Job was launched with secret prompts provided by another user.')
-                return False
+                raise PermissionDenied(_("Job was launched with secret prompts provided by another user."))
             if not JobLaunchConfigAccess(self.user).can_add({'reference_obj': config}):
-                if self.save_messages:
-                    self.messages['detail'] = _('Job was launched with prompts you lack access to.')
-                return False
+                raise PermissionDenied(_('Job was launched with prompts you lack access to.'))
             if config.has_unprompted(template):
-                if self.save_messages:
-                    self.messages['detail'] = _('Job was launched with prompts no longer accepted.')
-                return False
+                raise PermissionDenied(_('Job was launched with prompts no longer accepted.'))
 
-        # execute permission to WFJT is mandatory for any relaunch
-        return (self.user in template.execute_role)
+        return True  # passed config checks
 
     def can_recreate(self, obj):
         node_qs = obj.workflow_job_nodes.all().prefetch_related('inventory', 'credentials', 'unified_job_template')
diff --git a/awx/main/tests/functional/test_rbac_job.py b/awx/main/tests/functional/test_rbac_job.py
index 13866565fa..5dbe797f6c 100644
--- a/awx/main/tests/functional/test_rbac_job.py
+++ b/awx/main/tests/functional/test_rbac_job.py
@@ -19,6 +19,8 @@ from awx.main.models import (
     Credential
 )
 
+from rest_framework.exceptions import PermissionDenied
+
 from crum import impersonate
 
 
@@ -252,7 +254,8 @@ class TestJobRelaunchAccess:
 
         assert 'job_var' in job.launch_config.extra_data
         assert bob.can_access(Job, 'start', job, validate_license=False)
-        assert not alice.can_access(Job, 'start', job, validate_license=False)
+        with pytest.raises(PermissionDenied):
+            alice.can_access(Job, 'start', job, validate_license=False)
 
 
 @pytest.mark.django_db
diff --git a/awx/main/tests/functional/test_rbac_workflow.py b/awx/main/tests/functional/test_rbac_workflow.py
index 04926385c0..a53d769324 100644
--- a/awx/main/tests/functional/test_rbac_workflow.py
+++ b/awx/main/tests/functional/test_rbac_workflow.py
@@ -7,6 +7,8 @@ from awx.main.access import (
     # WorkflowJobNodeAccess
 )
 
+from rest_framework.exceptions import PermissionDenied
+
 from awx.main.models import InventorySource, JobLaunchConfig
 
 
@@ -169,7 +171,8 @@ class TestWorkflowJobAccess:
         wfjt.ask_inventory_on_launch = True
         wfjt.save()
         JobLaunchConfig.objects.create(job=workflow_job, inventory=inventory)
-        assert not WorkflowJobAccess(rando).can_start(workflow_job)
+        with pytest.raises(PermissionDenied):
+            WorkflowJobAccess(rando).can_start(workflow_job)
         inventory.use_role.members.add(rando)
         assert WorkflowJobAccess(rando).can_start(workflow_job)
 

From 9f4d65891c7e86d9957258b9aebbec17f131bd3c Mon Sep 17 00:00:00 2001
From: Jim Ladd <jladd@redhat.com>
Date: Mon, 7 Oct 2019 16:55:34 -0700
Subject: [PATCH 13/57] Remove unused build_notification_message method

---
 awx/main/models/notifications.py | 19 -------------------
 1 file changed, 19 deletions(-)

diff --git a/awx/main/models/notifications.py b/awx/main/models/notifications.py
index ef428bcdfa..75fab26fd1 100644
--- a/awx/main/models/notifications.py
+++ b/awx/main/models/notifications.py
@@ -92,25 +92,6 @@ class NotificationTemplate(CommonModelNameNotUnique):
     def get_message(self, condition):
         return self.messages.get(condition, {})
 
-    def build_notification_message(self, event_type, context):
-        env = sandbox.ImmutableSandboxedEnvironment()
-        templates = self.get_message(event_type)
-        msg_template = templates.get('message', {})
-
-        try:
-            notification_subject = env.from_string(msg_template).render(**context)
-        except (TemplateSyntaxError, UndefinedError, SecurityError):
-            notification_subject = ''
-
-
-        msg_body = templates.get('body', {})
-        try:
-            notification_body = env.from_string(msg_body).render(**context)
-        except (TemplateSyntaxError, UndefinedError, SecurityError):
-            notification_body = ''
-
-        return (notification_subject, notification_body)
-
     def get_absolute_url(self, request=None):
         return reverse('api:notification_template_detail', kwargs={'pk': self.pk}, request=request)
 

From d3132820a54d50a1deed73c5f619593b704c884c Mon Sep 17 00:00:00 2001
From: Jim Ladd <jladd@redhat.com>
Date: Mon, 7 Oct 2019 16:57:57 -0700
Subject: [PATCH 14/57] Render default notifications using Jinja templates

---
 awx/main/models/notifications.py              | 45 +++++++++----------
 awx/main/notifications/base.py                | 13 +-----
 awx/main/notifications/email_backend.py       | 20 +++------
 awx/main/notifications/grafana_backend.py     |  8 ++--
 awx/main/notifications/hipchat_backend.py     |  8 ++--
 awx/main/notifications/irc_backend.py         |  8 ++--
 awx/main/notifications/mattermost_backend.py  |  8 ++--
 awx/main/notifications/pagerduty_backend.py   | 19 ++++++--
 awx/main/notifications/rocketchat_backend.py  |  8 ++--
 awx/main/notifications/slack_backend.py       |  8 ++--
 awx/main/notifications/twilio_backend.py      |  8 ++--
 awx/main/notifications/webhook_backend.py     | 16 +++----
 .../functional/models/test_notifications.py   |  2 -
 13 files changed, 78 insertions(+), 93 deletions(-)

diff --git a/awx/main/models/notifications.py b/awx/main/models/notifications.py
index 75fab26fd1..9585a404ec 100644
--- a/awx/main/models/notifications.py
+++ b/awx/main/models/notifications.py
@@ -150,12 +150,12 @@ class NotificationTemplate(CommonModelNameNotUnique):
     def recipients(self):
         return self.notification_configuration[self.notification_class.recipient_parameter]
 
-    def generate_notification(self, subject, message):
+    def generate_notification(self, msg, body):
         notification = Notification(notification_template=self,
                                     notification_type=self.notification_type,
                                     recipients=smart_str(self.recipients),
-                                    subject=subject,
-                                    body=message)
+                                    subject=msg,
+                                    body=body)
         notification.save()
         return notification
 
@@ -415,32 +415,32 @@ class JobNotificationMixin(object):
         context = self.context(job_serialization)
 
         msg_template = body_template = None
+        msg = body = ''
 
+        # Use custom template if available
         if nt.messages:
             templates = nt.messages.get(self.STATUS_TO_TEMPLATE_TYPE[status], {}) or {}
-            msg_template = templates.get('message', {})
-            body_template = templates.get('body', {})
+            msg_template = templates.get('message', None)
+            body_template = templates.get('body', None)
+        # If custom template not provided, look up default template
+        if not msg_template:
+            msg_template = getattr(nt.notification_class, 'DEFAULT_MSG', None)
+        if not body_template:
+            body_template = getattr(nt.notification_class, 'DEFAULT_BODY', None)
 
         if msg_template:
             try:
-                notification_subject = env.from_string(msg_template).render(**context)
+                msg = env.from_string(msg_template).render(**context)
             except (TemplateSyntaxError, UndefinedError, SecurityError):
-                notification_subject = ''
-        else:
-            notification_subject = u"{} #{} '{}' {}: {}".format(self.get_notification_friendly_name(),
-                                                                self.id,
-                                                                self.name,
-                                                                status,
-                                                                self.get_ui_url())
-        notification_body = self.notification_data()
-        notification_body['friendly_name'] = self.get_notification_friendly_name()
+                msg = ''
+
         if body_template:
             try:
-                notification_body['body'] = env.from_string(body_template).render(**context)
+                body = env.from_string(body_template).render(**context)
             except (TemplateSyntaxError, UndefinedError, SecurityError):
-                notification_body['body'] = ''
+                body = ''
 
-        return (notification_subject, notification_body)
+        return (msg, body)
 
     def send_notification_templates(self, status):
         from awx.main.tasks import send_notifications  # avoid circular import
@@ -456,16 +456,13 @@ class JobNotificationMixin(object):
             return
 
         for nt in set(notification_templates.get(self.STATUS_TO_TEMPLATE_TYPE[status], [])):
-            try:
-                (notification_subject, notification_body) = self.build_notification_message(nt, status)
-            except AttributeError:
-                raise NotImplementedError("build_notification_message() does not exist" % status)
+            (msg, body) = self.build_notification_message(nt, status)
 
             # Use kwargs to force late-binding
             # https://stackoverflow.com/a/3431699/10669572
-            def send_it(local_nt=nt, local_subject=notification_subject, local_body=notification_body):
+            def send_it(local_nt=nt, local_msg=msg, local_body=body):
                 def _func():
-                    send_notifications.delay([local_nt.generate_notification(local_subject, local_body).id],
+                    send_notifications.delay([local_nt.generate_notification(local_msg, local_body).id],
                                              job_id=self.id)
                 return _func
             connection.on_commit(send_it())
diff --git a/awx/main/notifications/base.py b/awx/main/notifications/base.py
index bb5ac7a9ca..66ac369cbc 100644
--- a/awx/main/notifications/base.py
+++ b/awx/main/notifications/base.py
@@ -1,21 +1,10 @@
 # Copyright (c) 2016 Ansible, Inc.
 # All Rights Reserved.
 
-import json
-
-from django.utils.encoding import smart_text
 from django.core.mail.backends.base import BaseEmailBackend
-from django.utils.translation import ugettext_lazy as _
 
 
 class AWXBaseEmailBackend(BaseEmailBackend):
 
     def format_body(self, body):
-        if "body" in body:
-            body_actual = body['body']
-        else:
-            body_actual = smart_text(_("{} #{} had status {}, view details at {}\n\n").format(
-                body['friendly_name'], body['id'], body['status'], body['url'])
-            )
-            body_actual += json.dumps(body, indent=4)
-        return body_actual
+        return body
diff --git a/awx/main/notifications/email_backend.py b/awx/main/notifications/email_backend.py
index 8abce4fff1..4ae70ef376 100644
--- a/awx/main/notifications/email_backend.py
+++ b/awx/main/notifications/email_backend.py
@@ -1,8 +1,6 @@
 # Copyright (c) 2016 Ansible, Inc.
 # All Rights Reserved.
 
-import json
-
 from django.utils.encoding import smart_text
 from django.core.mail.backends.smtp import EmailBackend
 from django.utils.translation import ugettext_lazy as _
@@ -20,21 +18,15 @@ class CustomEmailBackend(EmailBackend):
                        "recipients": {"label": "Recipient List", "type": "list"},
                        "timeout": {"label": "Timeout", "type": "int", "default": 30}}
 
-    DEFAULT_SUBJECT = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
+    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
     DEFAULT_BODY = smart_text(_("{{ job_friendly_name }} #{{ job.id }} had status {{ job.status }}, view details at {{ url }}\n\n{{ job_summary_dict }}"))
-    default_messages = {"started": {"message": DEFAULT_SUBJECT, "body": DEFAULT_BODY},
-                        "success": {"message": DEFAULT_SUBJECT, "body": DEFAULT_BODY},
-                        "error": {"message": DEFAULT_SUBJECT, "body": DEFAULT_BODY}}
+    default_messages = {"started": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                        "success": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                        "error": {"message": DEFAULT_MSG, "body": DEFAULT_BODY}}
     recipient_parameter = "recipients"
     sender_parameter = "sender"
 
 
     def format_body(self, body):
-        if "body" in body:
-            body_actual = body['body']
-        else:
-            body_actual = smart_text(_("{} #{} had status {}, view details at {}\n\n").format(
-                body['friendly_name'], body['id'], body['status'], body['url'])
-            )
-            body_actual += json.dumps(body, indent=4)
-        return body_actual
+        # leave body unchanged (expect a string)
+        return body
diff --git a/awx/main/notifications/grafana_backend.py b/awx/main/notifications/grafana_backend.py
index ccd176e4f4..5c6759399d 100644
--- a/awx/main/notifications/grafana_backend.py
+++ b/awx/main/notifications/grafana_backend.py
@@ -21,10 +21,10 @@ class GrafanaBackend(AWXBaseEmailBackend):
     recipient_parameter = "grafana_url"
     sender_parameter = None
 
-    DEFAULT_SUBJECT = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    default_messages = {"started": {"message": DEFAULT_SUBJECT},
-                        "success": {"message": DEFAULT_SUBJECT},
-                        "error": {"message": DEFAULT_SUBJECT}}
+    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
+    default_messages = {"started": {"message": DEFAULT_MSG},
+                        "success": {"message": DEFAULT_MSG},
+                        "error": {"message": DEFAULT_MSG}}
 
     def __init__(self, grafana_key,dashboardId=None, panelId=None, annotation_tags=None, grafana_no_verify_ssl=False, isRegion=True,
                  fail_silently=False, **kwargs):
diff --git a/awx/main/notifications/hipchat_backend.py b/awx/main/notifications/hipchat_backend.py
index 0fa53b4471..e187852722 100644
--- a/awx/main/notifications/hipchat_backend.py
+++ b/awx/main/notifications/hipchat_backend.py
@@ -23,10 +23,10 @@ class HipChatBackend(AWXBaseEmailBackend):
     recipient_parameter = "rooms"
     sender_parameter = "message_from"
 
-    DEFAULT_SUBJECT = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    default_messages = {"started": {"message": DEFAULT_SUBJECT},
-                        "success": {"message": DEFAULT_SUBJECT},
-                        "error": {"message": DEFAULT_SUBJECT}}
+    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
+    default_messages = {"started": {"message": DEFAULT_MSG},
+                        "success": {"message": DEFAULT_MSG},
+                        "error": {"message": DEFAULT_MSG}}
 
     def __init__(self, token, color, api_url, notify, fail_silently=False, **kwargs):
         super(HipChatBackend, self).__init__(fail_silently=fail_silently)
diff --git a/awx/main/notifications/irc_backend.py b/awx/main/notifications/irc_backend.py
index 037293a0d3..bbdaefaf56 100644
--- a/awx/main/notifications/irc_backend.py
+++ b/awx/main/notifications/irc_backend.py
@@ -25,10 +25,10 @@ class IrcBackend(AWXBaseEmailBackend):
     recipient_parameter = "targets"
     sender_parameter = None
 
-    DEFAULT_SUBJECT = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    default_messages = {"started": {"message": DEFAULT_SUBJECT},
-                        "success": {"message": DEFAULT_SUBJECT},
-                        "error": {"message": DEFAULT_SUBJECT}}
+    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
+    default_messages = {"started": {"message": DEFAULT_MSG},
+                        "success": {"message": DEFAULT_MSG},
+                        "error": {"message": DEFAULT_MSG}}
 
     def __init__(self, server, port, nickname, password, use_ssl, fail_silently=False, **kwargs):
         super(IrcBackend, self).__init__(fail_silently=fail_silently)
diff --git a/awx/main/notifications/mattermost_backend.py b/awx/main/notifications/mattermost_backend.py
index 41b3c4caa4..096bff9428 100644
--- a/awx/main/notifications/mattermost_backend.py
+++ b/awx/main/notifications/mattermost_backend.py
@@ -19,10 +19,10 @@ class MattermostBackend(AWXBaseEmailBackend):
     recipient_parameter = "mattermost_url"
     sender_parameter = None
 
-    DEFAULT_SUBJECT = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    default_messages = {"started": {"message": DEFAULT_SUBJECT},
-                        "success": {"message": DEFAULT_SUBJECT},
-                        "error": {"message": DEFAULT_SUBJECT}}
+    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
+    default_messages = {"started": {"message": DEFAULT_MSG},
+                        "success": {"message": DEFAULT_MSG},
+                        "error": {"message": DEFAULT_MSG}}
 
     def __init__(self, mattermost_no_verify_ssl=False, mattermost_channel=None, mattermost_username=None,
                  mattermost_icon_url=None, fail_silently=False, **kwargs):
diff --git a/awx/main/notifications/pagerduty_backend.py b/awx/main/notifications/pagerduty_backend.py
index 55827a67de..6e76974f3c 100644
--- a/awx/main/notifications/pagerduty_backend.py
+++ b/awx/main/notifications/pagerduty_backend.py
@@ -1,6 +1,7 @@
 # Copyright (c) 2016 Ansible, Inc.
 # All Rights Reserved.
 
+import json
 import logging
 import pygerduty
 
@@ -20,11 +21,11 @@ class PagerDutyBackend(AWXBaseEmailBackend):
     recipient_parameter = "service_key"
     sender_parameter = "client_name"
 
-    DEFAULT_SUBJECT = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
+    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
     DEFAULT_BODY = "{{ job_summary_dict }}"
-    default_messages = {"started": { "message": DEFAULT_SUBJECT, "body": DEFAULT_BODY},
-                        "success": { "message": DEFAULT_SUBJECT, "body": DEFAULT_BODY},
-                        "error": { "message": DEFAULT_SUBJECT, "body": DEFAULT_BODY}}
+    default_messages = {"started": { "message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                        "success": { "message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                        "error": { "message": DEFAULT_MSG, "body": DEFAULT_BODY}}
 
     def __init__(self, subdomain, token, fail_silently=False, **kwargs):
         super(PagerDutyBackend, self).__init__(fail_silently=fail_silently)
@@ -32,6 +33,16 @@ class PagerDutyBackend(AWXBaseEmailBackend):
         self.token = token
 
     def format_body(self, body):
+        # cast to dict if possible  # TODO: is it true that this can be a dict or str?
+        try:
+            potential_body = json.loads(body)
+            if isinstance(potential_body, dict):
+                body = potential_body
+        except json.JSONDecodeError:
+            pass
+
+        # but it's okay if this is also just a string
+
         return body
 
     def send_messages(self, messages):
diff --git a/awx/main/notifications/rocketchat_backend.py b/awx/main/notifications/rocketchat_backend.py
index e211708a8c..e5c6246f11 100644
--- a/awx/main/notifications/rocketchat_backend.py
+++ b/awx/main/notifications/rocketchat_backend.py
@@ -19,10 +19,10 @@ class RocketChatBackend(AWXBaseEmailBackend):
     recipient_parameter = "rocketchat_url"
     sender_parameter = None
 
-    DEFAULT_SUBJECT = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    default_messages = {"started": {"message": DEFAULT_SUBJECT},
-                        "success": {"message": DEFAULT_SUBJECT},
-                        "error": {"message": DEFAULT_SUBJECT}}
+    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
+    default_messages = {"started": {"message": DEFAULT_MSG},
+                        "success": {"message": DEFAULT_MSG},
+                        "error": {"message": DEFAULT_MSG}}
 
     def __init__(self, rocketchat_no_verify_ssl=False, rocketchat_username=None, rocketchat_icon_url=None, fail_silently=False, **kwargs):
         super(RocketChatBackend, self).__init__(fail_silently=fail_silently)
diff --git a/awx/main/notifications/slack_backend.py b/awx/main/notifications/slack_backend.py
index 24b7876708..7c5ee60628 100644
--- a/awx/main/notifications/slack_backend.py
+++ b/awx/main/notifications/slack_backend.py
@@ -19,10 +19,10 @@ class SlackBackend(AWXBaseEmailBackend):
     recipient_parameter = "channels"
     sender_parameter = None
 
-    DEFAULT_SUBJECT = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    default_messages = {"started": {"message": DEFAULT_SUBJECT},
-                        "success": {"message": DEFAULT_SUBJECT},
-                        "error": {"message": DEFAULT_SUBJECT}}
+    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
+    default_messages = {"started": {"message": DEFAULT_MSG},
+                        "success": {"message": DEFAULT_MSG},
+                        "error": {"message": DEFAULT_MSG}}
 
     def __init__(self, token, hex_color="", fail_silently=False, **kwargs):
         super(SlackBackend, self).__init__(fail_silently=fail_silently)
diff --git a/awx/main/notifications/twilio_backend.py b/awx/main/notifications/twilio_backend.py
index 21e98e6882..9dc68a0d97 100644
--- a/awx/main/notifications/twilio_backend.py
+++ b/awx/main/notifications/twilio_backend.py
@@ -21,10 +21,10 @@ class TwilioBackend(AWXBaseEmailBackend):
     recipient_parameter = "to_numbers"
     sender_parameter = "from_number"
 
-    DEFAULT_SUBJECT = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    default_messages = {"started": {"message": DEFAULT_SUBJECT},
-                        "success": {"message": DEFAULT_SUBJECT},
-                        "error": {"message": DEFAULT_SUBJECT}}
+    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
+    default_messages = {"started": {"message": DEFAULT_MSG},
+                        "success": {"message": DEFAULT_MSG},
+                        "error": {"message": DEFAULT_MSG}}
 
     def __init__(self, account_sid, account_token, fail_silently=False, **kwargs):
         super(TwilioBackend, self).__init__(fail_silently=fail_silently)
diff --git a/awx/main/notifications/webhook_backend.py b/awx/main/notifications/webhook_backend.py
index 92cddf4b3b..be273b125a 100644
--- a/awx/main/notifications/webhook_backend.py
+++ b/awx/main/notifications/webhook_backend.py
@@ -38,15 +38,13 @@ class WebhookBackend(AWXBaseEmailBackend):
         super(WebhookBackend, self).__init__(fail_silently=fail_silently)
 
     def format_body(self, body):
-        # If `body` has body field, attempt to use this as the main body,
-        # otherwise, leave it as a sub-field
-        if isinstance(body, dict) and 'body' in body and isinstance(body['body'], str):
-            try:
-                potential_body = json.loads(body['body'])
-                if isinstance(potential_body, dict):
-                    body = potential_body
-            except json.JSONDecodeError:
-                pass
+        # expect body to be a string representing a dict
+        try:
+            potential_body = json.loads(body)
+            if isinstance(potential_body, dict):
+                body = potential_body
+        except json.JSONDecodeError:
+            body = {}
         return body
 
     def send_messages(self, messages):
diff --git a/awx/main/tests/functional/models/test_notifications.py b/awx/main/tests/functional/models/test_notifications.py
index e835f2d2dd..2ebbcca71a 100644
--- a/awx/main/tests/functional/models/test_notifications.py
+++ b/awx/main/tests/functional/models/test_notifications.py
@@ -144,5 +144,3 @@ class TestJobNotificationMixin(object):
 
         context_stub = JobNotificationMixin.context_stub()
         check_structure_and_completeness(TestJobNotificationMixin.CONTEXT_STRUCTURE, context_stub)
-
-

From 1754076a564224f873331d37e8bd2ddb05550129 Mon Sep 17 00:00:00 2001
From: Jim Ladd <jladd@redhat.com>
Date: Tue, 15 Oct 2019 17:30:56 -0700
Subject: [PATCH 15/57] Refactor notification backends to use
 CustomNotificationBase

---
 .../notifications/custom_notification_base.py    | 14 ++++++++++++++
 awx/main/notifications/email_backend.py          | 16 +++++++---------
 awx/main/notifications/grafana_backend.py        |  9 +++------
 awx/main/notifications/hipchat_backend.py        |  9 +++------
 awx/main/notifications/irc_backend.py            |  9 +++------
 awx/main/notifications/mattermost_backend.py     |  9 +++------
 awx/main/notifications/pagerduty_backend.py      |  6 ++++--
 awx/main/notifications/rocketchat_backend.py     |  8 +++-----
 awx/main/notifications/slack_backend.py          |  9 +++------
 awx/main/notifications/twilio_backend.py         |  9 +++------
 awx/main/notifications/webhook_backend.py        |  4 +++-
 11 files changed, 49 insertions(+), 53 deletions(-)
 create mode 100644 awx/main/notifications/custom_notification_base.py

diff --git a/awx/main/notifications/custom_notification_base.py b/awx/main/notifications/custom_notification_base.py
new file mode 100644
index 0000000000..58443cd5d7
--- /dev/null
+++ b/awx/main/notifications/custom_notification_base.py
@@ -0,0 +1,14 @@
+# Copyright (c) 2019 Ansible, Inc.
+# All Rights Reserved.
+
+from django.utils.encoding import smart_text
+from django.utils.translation import ugettext_lazy as _
+
+
+class CustomNotificationBase(object):
+    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
+    DEFAULT_BODY = smart_text(_("{{ job_friendly_name }} #{{ job.id }} had status {{ job.status }}, view details at {{ url }}\n\n{{ job_summary_dict }}"))
+
+    default_messages = {"started": {"message": DEFAULT_MSG, "body": None},
+                        "success": {"message": DEFAULT_MSG, "body": None},
+                        "error": {"message": DEFAULT_MSG, "body": None}}
diff --git a/awx/main/notifications/email_backend.py b/awx/main/notifications/email_backend.py
index 4ae70ef376..b8210c86b0 100644
--- a/awx/main/notifications/email_backend.py
+++ b/awx/main/notifications/email_backend.py
@@ -1,12 +1,13 @@
 # Copyright (c) 2016 Ansible, Inc.
 # All Rights Reserved.
 
-from django.utils.encoding import smart_text
 from django.core.mail.backends.smtp import EmailBackend
-from django.utils.translation import ugettext_lazy as _
+
+from awx.main.notifications.custom_notification_base import CustomNotificationBase
+from CustomNotificationBase import DEFAULT_MSG, DEFAULT_BODY
 
 
-class CustomEmailBackend(EmailBackend):
+class CustomEmailBackend(EmailBackend, CustomNotificationBase):
 
     init_parameters = {"host": {"label": "Host", "type": "string"},
                        "port": {"label": "Port", "type": "int"},
@@ -17,15 +18,12 @@ class CustomEmailBackend(EmailBackend):
                        "sender": {"label": "Sender Email", "type": "string"},
                        "recipients": {"label": "Recipient List", "type": "list"},
                        "timeout": {"label": "Timeout", "type": "int", "default": 30}}
-
-    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    DEFAULT_BODY = smart_text(_("{{ job_friendly_name }} #{{ job.id }} had status {{ job.status }}, view details at {{ url }}\n\n{{ job_summary_dict }}"))
-    default_messages = {"started": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
-                        "success": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
-                        "error": {"message": DEFAULT_MSG, "body": DEFAULT_BODY}}
     recipient_parameter = "recipients"
     sender_parameter = "sender"
 
+    default_messages = {"started": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                        "success": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                        "error": {"message": DEFAULT_MSG, "body": DEFAULT_BODY}}
 
     def format_body(self, body):
         # leave body unchanged (expect a string)
diff --git a/awx/main/notifications/grafana_backend.py b/awx/main/notifications/grafana_backend.py
index 5c6759399d..58137f27aa 100644
--- a/awx/main/notifications/grafana_backend.py
+++ b/awx/main/notifications/grafana_backend.py
@@ -8,24 +8,21 @@ import dateutil.parser as dp
 
 from django.utils.encoding import smart_text
 from django.utils.translation import ugettext_lazy as _
+
 from awx.main.notifications.base import AWXBaseEmailBackend
+from awx.main.notifications.custom_notification_base import CustomNotificationBase
 
 
 logger = logging.getLogger('awx.main.notifications.grafana_backend')
 
 
-class GrafanaBackend(AWXBaseEmailBackend):
+class GrafanaBackend(AWXBaseEmailBackend, CustomNotificationBase):
 
     init_parameters = {"grafana_url": {"label": "Grafana URL", "type": "string"},
                        "grafana_key": {"label": "Grafana API Key", "type": "password"}}
     recipient_parameter = "grafana_url"
     sender_parameter = None
 
-    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    default_messages = {"started": {"message": DEFAULT_MSG},
-                        "success": {"message": DEFAULT_MSG},
-                        "error": {"message": DEFAULT_MSG}}
-
     def __init__(self, grafana_key,dashboardId=None, panelId=None, annotation_tags=None, grafana_no_verify_ssl=False, isRegion=True,
                  fail_silently=False, **kwargs):
         super(GrafanaBackend, self).__init__(fail_silently=fail_silently)
diff --git a/awx/main/notifications/hipchat_backend.py b/awx/main/notifications/hipchat_backend.py
index e187852722..16790644a3 100644
--- a/awx/main/notifications/hipchat_backend.py
+++ b/awx/main/notifications/hipchat_backend.py
@@ -7,12 +7,14 @@ import requests
 
 from django.utils.encoding import smart_text
 from django.utils.translation import ugettext_lazy as _
+
 from awx.main.notifications.base import AWXBaseEmailBackend
+from awx.main.notifications.custom_notification_base import CustomNotificationBase
 
 logger = logging.getLogger('awx.main.notifications.hipchat_backend')
 
 
-class HipChatBackend(AWXBaseEmailBackend):
+class HipChatBackend(AWXBaseEmailBackend, CustomNotificationBase):
 
     init_parameters = {"token": {"label": "Token", "type": "password"},
                        "rooms": {"label": "Destination Rooms", "type": "list"},
@@ -23,11 +25,6 @@ class HipChatBackend(AWXBaseEmailBackend):
     recipient_parameter = "rooms"
     sender_parameter = "message_from"
 
-    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    default_messages = {"started": {"message": DEFAULT_MSG},
-                        "success": {"message": DEFAULT_MSG},
-                        "error": {"message": DEFAULT_MSG}}
-
     def __init__(self, token, color, api_url, notify, fail_silently=False, **kwargs):
         super(HipChatBackend, self).__init__(fail_silently=fail_silently)
         self.token = token
diff --git a/awx/main/notifications/irc_backend.py b/awx/main/notifications/irc_backend.py
index bbdaefaf56..b9a056f479 100644
--- a/awx/main/notifications/irc_backend.py
+++ b/awx/main/notifications/irc_backend.py
@@ -9,12 +9,14 @@ import irc.client
 
 from django.utils.encoding import smart_text
 from django.utils.translation import ugettext_lazy as _
+
 from awx.main.notifications.base import AWXBaseEmailBackend
+from awx.main.notifications.custom_notification_base import CustomNotificationBase
 
 logger = logging.getLogger('awx.main.notifications.irc_backend')
 
 
-class IrcBackend(AWXBaseEmailBackend):
+class IrcBackend(AWXBaseEmailBackend, CustomNotificationBase):
 
     init_parameters = {"server": {"label": "IRC Server Address", "type": "string"},
                        "port": {"label": "IRC Server Port", "type": "int"},
@@ -25,11 +27,6 @@ class IrcBackend(AWXBaseEmailBackend):
     recipient_parameter = "targets"
     sender_parameter = None
 
-    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    default_messages = {"started": {"message": DEFAULT_MSG},
-                        "success": {"message": DEFAULT_MSG},
-                        "error": {"message": DEFAULT_MSG}}
-
     def __init__(self, server, port, nickname, password, use_ssl, fail_silently=False, **kwargs):
         super(IrcBackend, self).__init__(fail_silently=fail_silently)
         self.server = server
diff --git a/awx/main/notifications/mattermost_backend.py b/awx/main/notifications/mattermost_backend.py
index 096bff9428..7a759d41a3 100644
--- a/awx/main/notifications/mattermost_backend.py
+++ b/awx/main/notifications/mattermost_backend.py
@@ -7,23 +7,20 @@ import json
 
 from django.utils.encoding import smart_text
 from django.utils.translation import ugettext_lazy as _
+
 from awx.main.notifications.base import AWXBaseEmailBackend
+from awx.main.notifications.custom_notification_base import CustomNotificationBase
 
 logger = logging.getLogger('awx.main.notifications.mattermost_backend')
 
 
-class MattermostBackend(AWXBaseEmailBackend):
+class MattermostBackend(AWXBaseEmailBackend, CustomNotificationBase):
 
     init_parameters = {"mattermost_url": {"label": "Target URL", "type": "string"},
                        "mattermost_no_verify_ssl": {"label": "Verify SSL", "type": "bool"}}
     recipient_parameter = "mattermost_url"
     sender_parameter = None
 
-    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    default_messages = {"started": {"message": DEFAULT_MSG},
-                        "success": {"message": DEFAULT_MSG},
-                        "error": {"message": DEFAULT_MSG}}
-
     def __init__(self, mattermost_no_verify_ssl=False, mattermost_channel=None, mattermost_username=None,
                  mattermost_icon_url=None, fail_silently=False, **kwargs):
         super(MattermostBackend, self).__init__(fail_silently=fail_silently)
diff --git a/awx/main/notifications/pagerduty_backend.py b/awx/main/notifications/pagerduty_backend.py
index 6e76974f3c..c1625523f4 100644
--- a/awx/main/notifications/pagerduty_backend.py
+++ b/awx/main/notifications/pagerduty_backend.py
@@ -7,12 +7,15 @@ import pygerduty
 
 from django.utils.encoding import smart_text
 from django.utils.translation import ugettext_lazy as _
+
 from awx.main.notifications.base import AWXBaseEmailBackend
+from awx.main.notifications.custom_notification_base import CustomNotificationBase
+from CustomNotificationBase import DEFAULT_MSG
 
 logger = logging.getLogger('awx.main.notifications.pagerduty_backend')
 
 
-class PagerDutyBackend(AWXBaseEmailBackend):
+class PagerDutyBackend(AWXBaseEmailBackend, CustomNotificationBase):
 
     init_parameters = {"subdomain": {"label": "Pagerduty subdomain", "type": "string"},
                        "token": {"label": "API Token", "type": "password"},
@@ -21,7 +24,6 @@ class PagerDutyBackend(AWXBaseEmailBackend):
     recipient_parameter = "service_key"
     sender_parameter = "client_name"
 
-    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
     DEFAULT_BODY = "{{ job_summary_dict }}"
     default_messages = {"started": { "message": DEFAULT_MSG, "body": DEFAULT_BODY},
                         "success": { "message": DEFAULT_MSG, "body": DEFAULT_BODY},
diff --git a/awx/main/notifications/rocketchat_backend.py b/awx/main/notifications/rocketchat_backend.py
index e5c6246f11..1ad367fb57 100644
--- a/awx/main/notifications/rocketchat_backend.py
+++ b/awx/main/notifications/rocketchat_backend.py
@@ -7,22 +7,20 @@ import json
 
 from django.utils.encoding import smart_text
 from django.utils.translation import ugettext_lazy as _
+
 from awx.main.notifications.base import AWXBaseEmailBackend
+from awx.main.notifications.custom_notification_base import CustomNotificationBase
 
 logger = logging.getLogger('awx.main.notifications.rocketchat_backend')
 
 
-class RocketChatBackend(AWXBaseEmailBackend):
+class RocketChatBackend(AWXBaseEmailBackend, CustomNotificationBase):
 
     init_parameters = {"rocketchat_url": {"label": "Target URL", "type": "string"},
                        "rocketchat_no_verify_ssl": {"label": "Verify SSL", "type": "bool"}}
     recipient_parameter = "rocketchat_url"
     sender_parameter = None
 
-    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    default_messages = {"started": {"message": DEFAULT_MSG},
-                        "success": {"message": DEFAULT_MSG},
-                        "error": {"message": DEFAULT_MSG}}
 
     def __init__(self, rocketchat_no_verify_ssl=False, rocketchat_username=None, rocketchat_icon_url=None, fail_silently=False, **kwargs):
         super(RocketChatBackend, self).__init__(fail_silently=fail_silently)
diff --git a/awx/main/notifications/slack_backend.py b/awx/main/notifications/slack_backend.py
index 7c5ee60628..d1c5ae5d29 100644
--- a/awx/main/notifications/slack_backend.py
+++ b/awx/main/notifications/slack_backend.py
@@ -6,24 +6,21 @@ from slackclient import SlackClient
 
 from django.utils.encoding import smart_text
 from django.utils.translation import ugettext_lazy as _
+
 from awx.main.notifications.base import AWXBaseEmailBackend
+from awx.main.notifications.custom_notification_base import CustomNotificationBase
 
 logger = logging.getLogger('awx.main.notifications.slack_backend')
 WEBSOCKET_TIMEOUT = 30
 
 
-class SlackBackend(AWXBaseEmailBackend):
+class SlackBackend(AWXBaseEmailBackend, CustomNotificationBase):
 
     init_parameters = {"token": {"label": "Token", "type": "password"},
                        "channels": {"label": "Destination Channels", "type": "list"}}
     recipient_parameter = "channels"
     sender_parameter = None
 
-    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    default_messages = {"started": {"message": DEFAULT_MSG},
-                        "success": {"message": DEFAULT_MSG},
-                        "error": {"message": DEFAULT_MSG}}
-
     def __init__(self, token, hex_color="", fail_silently=False, **kwargs):
         super(SlackBackend, self).__init__(fail_silently=fail_silently)
         self.token = token
diff --git a/awx/main/notifications/twilio_backend.py b/awx/main/notifications/twilio_backend.py
index 9dc68a0d97..38a364e00b 100644
--- a/awx/main/notifications/twilio_backend.py
+++ b/awx/main/notifications/twilio_backend.py
@@ -7,12 +7,14 @@ from twilio.rest import Client
 
 from django.utils.encoding import smart_text
 from django.utils.translation import ugettext_lazy as _
+
 from awx.main.notifications.base import AWXBaseEmailBackend
+from awx.main.notifications.custom_notification_base import CustomNotificationBase
 
 logger = logging.getLogger('awx.main.notifications.twilio_backend')
 
 
-class TwilioBackend(AWXBaseEmailBackend):
+class TwilioBackend(AWXBaseEmailBackend, CustomNotificationBase):
 
     init_parameters = {"account_sid": {"label": "Account SID", "type": "string"},
                        "account_token": {"label": "Account Token", "type": "password"},
@@ -21,11 +23,6 @@ class TwilioBackend(AWXBaseEmailBackend):
     recipient_parameter = "to_numbers"
     sender_parameter = "from_number"
 
-    DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    default_messages = {"started": {"message": DEFAULT_MSG},
-                        "success": {"message": DEFAULT_MSG},
-                        "error": {"message": DEFAULT_MSG}}
-
     def __init__(self, account_sid, account_token, fail_silently=False, **kwargs):
         super(TwilioBackend, self).__init__(fail_silently=fail_silently)
         self.account_sid = account_sid
diff --git a/awx/main/notifications/webhook_backend.py b/awx/main/notifications/webhook_backend.py
index be273b125a..b10f6557d3 100644
--- a/awx/main/notifications/webhook_backend.py
+++ b/awx/main/notifications/webhook_backend.py
@@ -7,13 +7,15 @@ import requests
 
 from django.utils.encoding import smart_text
 from django.utils.translation import ugettext_lazy as _
+
 from awx.main.notifications.base import AWXBaseEmailBackend
 from awx.main.utils import get_awx_version
+from awx.main.notifications.custom_notification_base import CustomNotificationBase
 
 logger = logging.getLogger('awx.main.notifications.webhook_backend')
 
 
-class WebhookBackend(AWXBaseEmailBackend):
+class WebhookBackend(AWXBaseEmailBackend, CustomNotificationBase):
 
     init_parameters = {"url": {"label": "Target URL", "type": "string"},
                        "http_method": {"label": "HTTP Method", "type": "string", "default": "POST"},

From 157bec1777a391da5be7e39753665ae69577d002 Mon Sep 17 00:00:00 2001
From: Jim Ladd <jladd@redhat.com>
Date: Tue, 15 Oct 2019 23:19:12 -0700
Subject: [PATCH 16/57] Render WF approval notifications w/ custom templates

---
 awx/api/serializers.py                        | 49 ++++++++++------
 awx/main/models/notifications.py              | 46 ++++++++++-----
 awx/main/models/workflow.py                   | 57 ++++++++++++++-----
 .../notifications/custom_notification_base.py | 11 +++-
 awx/main/notifications/email_backend.py       | 10 +++-
 awx/main/notifications/pagerduty_backend.py   | 14 +++--
 awx/main/notifications/webhook_backend.py     |  8 ++-
 7 files changed, 141 insertions(+), 54 deletions(-)

diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 818160ac3b..3931654a95 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -4338,13 +4338,30 @@ class NotificationTemplateSerializer(BaseSerializer):
         error_list = []
         collected_messages = []
 
+        def check_messages(messages):
+            for message_type in messages:
+                if message_type not in ('message', 'body'):
+                    error_list.append(_("Message type '{}' invalid, must be either 'message' or 'body'").format(message_type))
+                    continue
+                message = messages[message_type]
+                if message is None:
+                    continue
+                if not isinstance(message, str):
+                    error_list.append(_("Expected string for '{}', found {}, ").format(message_type, type(message)))
+                    continue
+                if message_type == 'message':
+                    if '\n' in message:
+                        error_list.append(_("Messages cannot contain newlines (found newline in {} event)".format(event)))
+                        continue
+                collected_messages.append(message)
+
         # Validate structure / content types
         if not isinstance(messages, dict):
             error_list.append(_("Expected dict for 'messages' field, found {}".format(type(messages))))
         else:
             for event in messages:
-                if event not in ['started', 'success', 'error']:
-                    error_list.append(_("Event '{}' invalid, must be one of 'started', 'success', or 'error'").format(event))
+                if event not in ('started', 'success', 'error', 'workflow_approval'):
+                    error_list.append(_("Event '{}' invalid, must be one of 'started', 'success', 'error', or 'workflow_approval'").format(event))
                     continue
                 event_messages = messages[event]
                 if event_messages is None:
@@ -4352,21 +4369,21 @@ class NotificationTemplateSerializer(BaseSerializer):
                 if not isinstance(event_messages, dict):
                     error_list.append(_("Expected dict for event '{}', found {}").format(event, type(event_messages)))
                     continue
-                for message_type in event_messages:
-                    if message_type not in ['message', 'body']:
-                        error_list.append(_("Message type '{}' invalid, must be either 'message' or 'body'").format(message_type))
-                        continue
-                    message = event_messages[message_type]
-                    if message is None:
-                        continue
-                    if not isinstance(message, str):
-                        error_list.append(_("Expected string for '{}', found {}, ").format(message_type, type(message)))
-                        continue
-                    if message_type == 'message':
-                        if '\n' in message:
-                            error_list.append(_("Messages cannot contain newlines (found newline in {} event)".format(event)))
+                if event == 'workflow_approval':
+                    for subevent in event_messages:
+                        if subevent not in ('running', 'approved', 'timed_out', 'denied'):
+                            error_list.append(_("Workflow Approval event '{}' invalid, must be one of "
+                                                "'running', 'approved', 'timed_out', or 'denied'").format(subevent))
                             continue
-                    collected_messages.append(message)
+                        subevent_messages = event_messages[subevent]
+                        if subevent_messages is None:
+                            continue
+                        if not isinstance(subevent_messages, dict):
+                            error_list.append(_("Expected dict for workflow approval event '{}', found {}").format(subevent, type(subevent_messages)))
+                            continue
+                        check_messages(subevent_messages)
+                else:
+                    check_messages(event_messages)
 
         # Subclass to return name of undefined field
         class DescriptiveUndefined(StrictUndefined):
diff --git a/awx/main/models/notifications.py b/awx/main/models/notifications.py
index 9585a404ec..3d422d5e25 100644
--- a/awx/main/models/notifications.py
+++ b/awx/main/models/notifications.py
@@ -73,7 +73,7 @@ class NotificationTemplate(CommonModelNameNotUnique):
     notification_configuration = prevent_search(JSONField(blank=False))
 
     def default_messages():
-        return {'started': None, 'success': None, 'error': None}
+        return {'started': None, 'success': None, 'error': None, 'workflow_approval': None}
 
     messages = JSONField(
         null=True,
@@ -109,19 +109,34 @@ class NotificationTemplate(CommonModelNameNotUnique):
             old_messages = old_nt.messages
             new_messages = self.messages
 
+            def merge_messages(local_old_messages, local_new_messages, local_event):
+                if local_new_messages.get(local_event, {}) and local_old_messages.get(local_event, {}):
+                    local_old_event_msgs = local_old_messages[local_event]
+                    local_new_event_msgs = local_new_messages[local_event]
+                    for msg_type in ['message', 'body']:
+                        if msg_type not in local_new_event_msgs and local_old_event_msgs.get(msg_type, None):
+                            local_new_event_msgs[msg_type] = local_old_event_msgs[msg_type]
             if old_messages is not None and new_messages is not None:
-                for event in ['started', 'success', 'error']:
+                for event in ('started', 'success', 'error', 'workflow_approval'):
                     if not new_messages.get(event, {}) and old_messages.get(event, {}):
                         new_messages[event] = old_messages[event]
                         continue
-                    if new_messages.get(event, {}) and old_messages.get(event, {}):
-                        old_event_msgs = old_messages[event]
-                        new_event_msgs = new_messages[event]
-                        for msg_type in ['message', 'body']:
-                            if msg_type not in new_event_msgs and old_event_msgs.get(msg_type, None):
-                                new_event_msgs[msg_type] = old_event_msgs[msg_type]
+
+                    if event == 'workflow_approval' and old_messages.get('workflow_approval', None):
+                        new_messages.setdefault('workflow_approval', {})
+                        for subevent in ('running', 'approved', 'timed_out', 'denied'):
+                            old_wfa_messages = old_messages['workflow_approval']
+                            new_wfa_messages = new_messages['workflow_approval']
+                            if not new_wfa_messages.get(subevent, {}) and old_wfa_messages.get(subevent, {}):
+                                new_wfa_messages[subevent] = old_wfa_messages[subevent]
+                                continue
+                            if old_wfa_messages:
+                                merge_messages(old_wfa_messages, new_wfa_messages, subevent)
+                    else:
+                        merge_messages(old_messages, new_messages, event)
                     new_messages.setdefault(event, None)
 
+
         for field in filter(lambda x: self.notification_class.init_parameters[x]['type'] == "password",
                             self.notification_class.init_parameters):
             if self.notification_configuration[field].startswith("$encrypted$"):
@@ -370,8 +385,8 @@ class JobNotificationMixin(object):
         return context
 
     def context(self, serialized_job):
-        """Returns a context that can be used for rendering notification messages.
-        Context contains whitelisted content retrieved from a serialized job object
+        """Returns a dictionary that can be used for rendering notification messages.
+        The context will contain whitelisted content retrieved from a serialized job object
         (see JobNotificationMixin.JOB_FIELDS_WHITELIST), the job's friendly name,
         and a url to the job run."""
         context = {'job': {},
@@ -419,14 +434,15 @@ class JobNotificationMixin(object):
 
         # Use custom template if available
         if nt.messages:
-            templates = nt.messages.get(self.STATUS_TO_TEMPLATE_TYPE[status], {}) or {}
-            msg_template = templates.get('message', None)
-            body_template = templates.get('body', None)
+            template = nt.messages.get(self.STATUS_TO_TEMPLATE_TYPE[status], {}) or {}
+            msg_template = template.get('message', None)
+            body_template = template.get('body', None)
         # If custom template not provided, look up default template
+        default_template = nt.notification_class.default_messages[self.STATUS_TO_TEMPLATE_TYPE[status]]
         if not msg_template:
-            msg_template = getattr(nt.notification_class, 'DEFAULT_MSG', None)
+            msg_template = default_template.get('message', None)
         if not body_template:
-            body_template = getattr(nt.notification_class, 'DEFAULT_BODY', None)
+            body_template = default_template.get('body', None)
 
         if msg_template:
             try:
diff --git a/awx/main/models/workflow.py b/awx/main/models/workflow.py
index bcfee585b8..83a7c91ad3 100644
--- a/awx/main/models/workflow.py
+++ b/awx/main/models/workflow.py
@@ -2,6 +2,7 @@
 # All Rights Reserved.
 
 # Python
+import json
 import logging
 from copy import copy
 from urllib.parse import urljoin
@@ -16,6 +17,9 @@ from django.core.exceptions import ObjectDoesNotExist
 # Django-CRUM
 from crum import get_current_user
 
+from jinja2 import sandbox
+from jinja2.exceptions import TemplateSyntaxError, UndefinedError, SecurityError
+
 # AWX
 from awx.api.versioning import reverse
 from awx.main.models import (prevent_search, accepts_json, UnifiedJobTemplate,
@@ -763,22 +767,45 @@ class WorkflowApproval(UnifiedJob, JobNotificationMixin):
             connection.on_commit(send_it())
 
     def build_approval_notification_message(self, nt, approval_status):
-        subject = []
-        workflow_url = urljoin(settings.TOWER_URL_BASE, '/#/workflows/{}'.format(self.workflow_job.id))
-        subject.append(('The approval node "{}"').format(self.workflow_approval_template.name))
-        if approval_status == 'running':
-            subject.append(('needs review. This node can be viewed at: {}').format(workflow_url))
-        if approval_status == 'approved':
-            subject.append(('was approved. {}').format(workflow_url))
-        if approval_status == 'timed_out':
-            subject.append(('has timed out. {}').format(workflow_url))
-        elif approval_status == 'denied':
-            subject.append(('was denied. {}').format(workflow_url))
-        subject = " ".join(subject)
-        body = self.notification_data()
-        body['body'] = subject
+        env = sandbox.ImmutableSandboxedEnvironment()
 
-        return subject, body
+        context = self.context(approval_status)
+
+        msg_template = body_template = None
+        msg = body = ''
+
+        # Use custom template if available
+        if nt.messages and nt.messages.get('workflow_approval', None):
+            template = nt.messages['workflow_approval'].get(approval_status, {})
+            msg_template = template.get('message', None)
+            body_template = template.get('body', None)
+        # If custom template not provided, look up default template
+        default_template = nt.notification_class.default_messages['workflow_approval'][approval_status]
+        if not msg_template:
+            msg_template = default_template.get('message', None)
+        if not body_template:
+            body_template = default_template.get('body', None)
+
+        if msg_template:
+            try:
+                msg = env.from_string(msg_template).render(**context)
+            except (TemplateSyntaxError, UndefinedError, SecurityError):
+                msg = ''
+
+        if body_template:
+            try:
+                body = env.from_string(body_template).render(**context)
+            except (TemplateSyntaxError, UndefinedError, SecurityError):
+                body = ''
+
+        return (msg, body)
+
+    def context(self, approval_status):
+        workflow_url = urljoin(settings.TOWER_URL_BASE, '/#/workflows/{}'.format(self.workflow_job.id))
+        return {'approval_status': approval_status,
+                'approval_node_name': self.workflow_approval_template.name,
+                'workflow_url': workflow_url,
+                'job_summary_dict': json.dumps(self.notification_data(), indent=4)}
 
     @property
     def workflow_job_template(self):
diff --git a/awx/main/notifications/custom_notification_base.py b/awx/main/notifications/custom_notification_base.py
index 58443cd5d7..a99c710e95 100644
--- a/awx/main/notifications/custom_notification_base.py
+++ b/awx/main/notifications/custom_notification_base.py
@@ -11,4 +11,13 @@ class CustomNotificationBase(object):
 
     default_messages = {"started": {"message": DEFAULT_MSG, "body": None},
                         "success": {"message": DEFAULT_MSG, "body": None},
-                        "error": {"message": DEFAULT_MSG, "body": None}}
+                        "error": {"message": DEFAULT_MSG, "body": None},
+                        "workflow_approval": {"running": {"message": 'The approval node "{{ approval_node_name }}" needs review. '
+                                                                     'This node can be viewed at: {{ workflow_url }}',
+                                                                     "body": None},
+                                              "approved": {"message": 'The approval node "{{ approval_node_name }}" was approved. {{ workflow_url }}',
+                                                           "body": None},
+                                              "timed_out": {"message": 'The approval node "{{ approval_node_name }}" has timed out. {{ workflow_url }}',
+                                                            "body": None},
+                                              "denied": {"message": 'The approval node "{{ approval_node_name }}" was denied. {{ workflow_url }}',
+                                                         "body": None}}}
diff --git a/awx/main/notifications/email_backend.py b/awx/main/notifications/email_backend.py
index b8210c86b0..2b9c7d8d58 100644
--- a/awx/main/notifications/email_backend.py
+++ b/awx/main/notifications/email_backend.py
@@ -4,7 +4,9 @@
 from django.core.mail.backends.smtp import EmailBackend
 
 from awx.main.notifications.custom_notification_base import CustomNotificationBase
-from CustomNotificationBase import DEFAULT_MSG, DEFAULT_BODY
+
+DEFAULT_MSG = CustomNotificationBase.DEFAULT_MSG
+DEFAULT_BODY = CustomNotificationBase.DEFAULT_BODY
 
 
 class CustomEmailBackend(EmailBackend, CustomNotificationBase):
@@ -23,7 +25,11 @@ class CustomEmailBackend(EmailBackend, CustomNotificationBase):
 
     default_messages = {"started": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
                         "success": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
-                        "error": {"message": DEFAULT_MSG, "body": DEFAULT_BODY}}
+                        "error": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                        "workflow_approval": {"running": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                                              "approved": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                                              "timed_out": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                                              "denied": {"message": DEFAULT_MSG, "body": DEFAULT_BODY}}}
 
     def format_body(self, body):
         # leave body unchanged (expect a string)
diff --git a/awx/main/notifications/pagerduty_backend.py b/awx/main/notifications/pagerduty_backend.py
index c1625523f4..a2399b9777 100644
--- a/awx/main/notifications/pagerduty_backend.py
+++ b/awx/main/notifications/pagerduty_backend.py
@@ -10,7 +10,9 @@ from django.utils.translation import ugettext_lazy as _
 
 from awx.main.notifications.base import AWXBaseEmailBackend
 from awx.main.notifications.custom_notification_base import CustomNotificationBase
-from CustomNotificationBase import DEFAULT_MSG
+
+DEFAULT_BODY = CustomNotificationBase.DEFAULT_BODY
+DEFAULT_MSG = CustomNotificationBase.DEFAULT_MSG
 
 logger = logging.getLogger('awx.main.notifications.pagerduty_backend')
 
@@ -25,9 +27,13 @@ class PagerDutyBackend(AWXBaseEmailBackend, CustomNotificationBase):
     sender_parameter = "client_name"
 
     DEFAULT_BODY = "{{ job_summary_dict }}"
-    default_messages = {"started": { "message": DEFAULT_MSG, "body": DEFAULT_BODY},
-                        "success": { "message": DEFAULT_MSG, "body": DEFAULT_BODY},
-                        "error": { "message": DEFAULT_MSG, "body": DEFAULT_BODY}}
+    default_messages = {"started": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                        "success": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                        "error": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                        "workflow_approval": {"running": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                                              "approved": {"message": DEFAULT_MSG,"body": DEFAULT_BODY},
+                                              "timed_out": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
+                                              "denied": {"message": DEFAULT_MSG, "body": DEFAULT_BODY}}}
 
     def __init__(self, subdomain, token, fail_silently=False, **kwargs):
         super(PagerDutyBackend, self).__init__(fail_silently=fail_silently)
diff --git a/awx/main/notifications/webhook_backend.py b/awx/main/notifications/webhook_backend.py
index b10f6557d3..f05012c4d6 100644
--- a/awx/main/notifications/webhook_backend.py
+++ b/awx/main/notifications/webhook_backend.py
@@ -29,7 +29,13 @@ class WebhookBackend(AWXBaseEmailBackend, CustomNotificationBase):
     DEFAULT_BODY = "{{ job_summary_dict }}"
     default_messages = {"started": {"body": DEFAULT_BODY},
                         "success": {"body": DEFAULT_BODY},
-                        "error": {"body": DEFAULT_BODY}}
+                        "error": {"body": DEFAULT_BODY},
+                        "workflow_approval": {
+                            "running": {"body": '{"body": "The approval node \\"{{ approval_node_name }}\\" needs review. '
+                                                'This node can be viewed at: {{ workflow_url }}"}'},
+                            "approved": {"body": '{"body": "The approval node \\"{{ approval_node_name }}\\" was approved. {{ workflow_url }}"}'},
+                            "timed_out": {"body": '{"body": "The approval node \\"{{ approval_node_name }}\\" has timed out. {{ workflow_url }}"}'},
+                            "denied": {"body": '{"body": "The approval node \\"{{ approval_node_name }}\\" was denied. {{ workflow_url }}"}'}}}
 
     def __init__(self, http_method, headers, disable_ssl_verification=False, fail_silently=False, username=None, password=None, **kwargs):
         self.http_method = http_method

From d985b1215a2a7024ff49ee5904d46f572670d3df Mon Sep 17 00:00:00 2001
From: Jim Ladd <jladd@redhat.com>
Date: Wed, 16 Oct 2019 21:26:02 -0700
Subject: [PATCH 17/57] In awxkit, add support for wf approval notification
 templates

---
 awxkit/awxkit/api/mixins/has_notifications.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/awxkit/awxkit/api/mixins/has_notifications.py b/awxkit/awxkit/api/mixins/has_notifications.py
index e75c01b098..aced603af2 100644
--- a/awxkit/awxkit/api/mixins/has_notifications.py
+++ b/awxkit/awxkit/api/mixins/has_notifications.py
@@ -4,19 +4,26 @@ import awxkit.exceptions as exc
 
 notification_endpoints = ("notification_templates", "notification_templates_started", "notification_templates_error",
                           "notification_templates_success")
+wfjt_notification_endpoints = notification_endpoints + ('notification_templates_approvals',)
 
 
 class HasNotifications(object):
 
     def add_notification_template(self, notification_template, endpoint="notification_templates_success"):
-        if endpoint not in notification_endpoints:
+        from awxkit.api.pages.workflow_job_templates import WorkflowJobTemplate
+        supported_endpoints = wfjt_notification_endpoints if isinstance(self, WorkflowJobTemplate) \
+            else notification_endpoints
+        if endpoint not in supported_endpoints:
             raise ValueError('Unsupported notification endpoint "{0}". Please use one of {1}.'
                              .format(endpoint, notification_endpoints))
         with suppress(exc.NoContent):
             self.related[endpoint].post(dict(id=notification_template.id))
 
     def remove_notification_template(self, notification_template, endpoint="notification_templates_success"):
-        if endpoint not in notification_endpoints:
+        from awxkit.api.pages.workflow_job_templates import WorkflowJobTemplate
+        supported_endpoints = wfjt_notification_endpoints if isinstance(self, WorkflowJobTemplate) \
+            else notification_endpoints
+        if endpoint not in supported_endpoints:
             raise ValueError('Unsupported notification endpoint "{0}". Please use one of {1}.'
                              .format(endpoint, notification_endpoints))
         with suppress(exc.NoContent):

From 81e545b720c39cabca3894fe8067868e1f3f4a31 Mon Sep 17 00:00:00 2001
From: Jim Ladd <jladd@redhat.com>
Date: Thu, 17 Oct 2019 23:51:55 -0700
Subject: [PATCH 18/57] NotificationSerializer should gracefully handle
 webhook/pagerduty bodies

---
 awx/api/serializers.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 3931654a95..eaa5ec7e4c 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -4514,8 +4514,18 @@ class NotificationSerializer(BaseSerializer):
                   'notification_type', 'recipients', 'subject', 'body')
 
     def get_body(self, obj):
-        if obj.notification_type == 'webhook' and 'body' in obj.body:
-            return obj.body['body']
+        if obj.notification_type in ('webhook', 'pagerduty'):
+            if isinstance(obj.body, dict):
+                if 'body' in obj.body:
+                    return obj.body['body']
+            elif isinstance(obj.body, str):
+                # attempt to load json string
+                try:
+                    potential_body = json.loads(obj.body)
+                    if isinstance(potential_body, dict) and 'body' in potential_body:
+                        return potential_body['body']
+                except json.JSONDecodeError:
+                    pass
         return obj.body
 
     def get_related(self, obj):

From 76711febd14cf781506ce1bf9b774ca0a5442678 Mon Sep 17 00:00:00 2001
From: Keith Grant <keithjgrant@redhat.com>
Date: Mon, 21 Oct 2019 10:41:39 -0700
Subject: [PATCH 19/57] Add notification custom message fields for workflow
 pause/approval

---
 .../notificationTemplates.form.js             |  92 ++++++++++++
 .../shared/message-utils.service.js           | 136 ++++++++++++++----
 2 files changed, 204 insertions(+), 24 deletions(-)

diff --git a/awx/ui/client/src/notifications/notificationTemplates.form.js b/awx/ui/client/src/notifications/notificationTemplates.form.js
index cfed7fc3d7..92ad403101 100644
--- a/awx/ui/client/src/notifications/notificationTemplates.form.js
+++ b/awx/ui/client/src/notifications/notificationTemplates.form.js
@@ -671,6 +671,98 @@ export default ['i18n', function(i18n) {
                   "|| notification_type.value == 'webhook')",
                 ngDisabled: '!(notification_template.summary_fields.user_capabilities.edit || canAdd)',
             },
+            approved_message: {
+                label: i18n._('Workflow Approved Message'),
+                class: 'Form-formGroup--fullWidth',
+                type: 'syntax_highlight',
+                mode: 'jinja2',
+                default: '',
+                ngShow: "customize_messages && notification_type.value != 'webhook'",
+                rows: 2,
+                oneLine: 'true',
+                ngDisabled: '!(notification_template.summary_fields.user_capabilities.edit || canAdd)',
+            },
+            approved_body: {
+                label: i18n._('Workflow Approved Message Body'),
+                class: 'Form-formGroup--fullWidth',
+                type: 'syntax_highlight',
+                mode: 'jinja2',
+                default: '',
+                ngShow: "customize_messages && " +
+                  "(notification_type.value == 'email' " +
+                  "|| notification_type.value == 'pagerduty' " +
+                  "|| notification_type.value == 'webhook')",
+                ngDisabled: '!(notification_template.summary_fields.user_capabilities.edit || canAdd)',
+            },
+            denied_message: {
+                label: i18n._('Workflow Denied Message'),
+                class: 'Form-formGroup--fullWidth',
+                type: 'syntax_highlight',
+                mode: 'jinja2',
+                default: '',
+                ngShow: "customize_messages && notification_type.value != 'webhook'",
+                rows: 2,
+                oneLine: 'true',
+                ngDisabled: '!(notification_template.summary_fields.user_capabilities.edit || canAdd)',
+            },
+            denied_body: {
+                label: i18n._('Workflow Denied Message Body'),
+                class: 'Form-formGroup--fullWidth',
+                type: 'syntax_highlight',
+                mode: 'jinja2',
+                default: '',
+                ngShow: "customize_messages && " +
+                  "(notification_type.value == 'email' " +
+                  "|| notification_type.value == 'pagerduty' " +
+                  "|| notification_type.value == 'webhook')",
+                ngDisabled: '!(notification_template.summary_fields.user_capabilities.edit || canAdd)',
+            },
+            running_message: {
+                label: i18n._('Workflow Running Message'),
+                class: 'Form-formGroup--fullWidth',
+                type: 'syntax_highlight',
+                mode: 'jinja2',
+                default: '',
+                ngShow: "customize_messages && notification_type.value != 'webhook'",
+                rows: 2,
+                oneLine: 'true',
+                ngDisabled: '!(notification_template.summary_fields.user_capabilities.edit || canAdd)',
+            },
+            running_body: {
+                label: i18n._('Workflow Running Message Body'),
+                class: 'Form-formGroup--fullWidth',
+                type: 'syntax_highlight',
+                mode: 'jinja2',
+                default: '',
+                ngShow: "customize_messages && " +
+                  "(notification_type.value == 'email' " +
+                  "|| notification_type.value == 'pagerduty' " +
+                  "|| notification_type.value == 'webhook')",
+                ngDisabled: '!(notification_template.summary_fields.user_capabilities.edit || canAdd)',
+            },
+            timed_out_message: {
+                label: i18n._('Workflow Timed Out Message'),
+                class: 'Form-formGroup--fullWidth',
+                type: 'syntax_highlight',
+                mode: 'jinja2',
+                default: '',
+                ngShow: "customize_messages && notification_type.value != 'webhook'",
+                rows: 2,
+                oneLine: 'true',
+                ngDisabled: '!(notification_template.summary_fields.user_capabilities.edit || canAdd)',
+            },
+            timed_out_body: {
+                label: i18n._('Workflow Timed Out Message Body'),
+                class: 'Form-formGroup--fullWidth',
+                type: 'syntax_highlight',
+                mode: 'jinja2',
+                default: '',
+                ngShow: "customize_messages && " +
+                  "(notification_type.value == 'email' " +
+                  "|| notification_type.value == 'pagerduty' " +
+                  "|| notification_type.value == 'webhook')",
+                ngDisabled: '!(notification_template.summary_fields.user_capabilities.edit || canAdd)',
+            },
         },
 
         buttons: { //for now always generates <button> tags
diff --git a/awx/ui/client/src/notifications/shared/message-utils.service.js b/awx/ui/client/src/notifications/shared/message-utils.service.js
index f49b96f0ed..6cc5b39978 100644
--- a/awx/ui/client/src/notifications/shared/message-utils.service.js
+++ b/awx/ui/client/src/notifications/shared/message-utils.service.js
@@ -1,19 +1,20 @@
 
 const emptyDefaults = {
-    started: {
-        message: '',
-        body: '',
-    },
-    success: {
-        message: '',
-        body: '',
-    },
-    error: {
-        message: '',
-        body: '',
-    },
+    started: { message: '', body: '' },
+    success: { message: '', body: '' },
+    error: { message: '', body: '' },
+    workflow_approval: {
+      approved: { message: '', body: '' },
+      denied: { message: '', body: '' },
+      running: { message: '', body: '' },
+      timed_out: { message: '', body: '' },
+    }
 };
 
+function getMessageIfUpdated(message, defaultValue) {
+  return message === defaultValue ? null : message;
+}
+
 export default [function() {
     return {
         getMessagesObj: function ($scope, defaultMessages) {
@@ -23,22 +24,34 @@ export default [function() {
             const defaults = defaultMessages[$scope.notification_type.value] || {};
             return {
                 started: {
-                    message: $scope.started_message === defaults.started.message ?
-                        null : $scope.started_message,
-                    body: $scope.started_body === defaults.started.body ?
-                        null : $scope.started_body,
+                    message: getMessageIfUpdated($scope.started_message, defaults.started.message),
+                    body: getMessageIfUpdated($scope.started_body, defaults.started.body),
                 },
                 success: {
-                    message: $scope.success_message === defaults.success.message ?
-                        null : $scope.success_message,
-                    body: $scope.success_body === defaults.success.body ?
-                        null : $scope.success_body,
+                    message: getMessageIfUpdated($scope.success_message, defaults.success.message),
+                    body: getMessageIfUpdated($scope.success_body, defaults.success.body),
                 },
                 error: {
-                    message: $scope.error_message === defaults.error.message ?
-                        null : $scope.error_message,
-                    body: $scope.error_body === defaults.error.body ?
-                        null : $scope.error_body,
+                    message: getMessageIfUpdated($scope.error_message, defaults.error.message),
+                    body: getMessageIfUpdated($scope.error_body, defaults.error.body),
+                },
+                workflow_approval: {
+                  approved: {
+                    message: getMessageIfUpdated($scope.approved_message, defaults.workflow_approval.approved.message),
+                    body: getMessageIfUpdated($scope.approved_body, defaults.workflow_approval.approved.body),
+                  },
+                  denied: {
+                    message: getMessageIfUpdated($scope.denied_message, defaults.workflow_approval.denied.message),
+                    body: getMessageIfUpdated($scope.denied_body, defaults.workflow_approval.denied.body),
+                  },
+                  running: {
+                    message: getMessageIfUpdated($scope.running_message, defaults.workflow_approval.running.message),
+                    body: getMessageIfUpdated($scope.running_body, defaults.workflow_approval.running.body),
+                  },
+                  timed_out: {
+                    message: getMessageIfUpdated($scope.timed_out_message, defaults.workflow_approval.timed_out.message),
+                    body: getMessageIfUpdated($scope.timed_out_body, defaults.workflow_approval.timed_out.body),
+                  },
                 }
             };
         },
@@ -56,6 +69,15 @@ export default [function() {
             $scope.success_body = defaults.success.body;
             $scope.error_message = defaults.error.message;
             $scope.error_body = defaults.error.body;
+            $scope.approved_message = defaults.workflow_approval.approved.message;
+            $scope.approved_body = defaults.workflow_approval.approved.body;
+            $scope.denied_message = defaults.workflow_approval.denied.message;
+            $scope.denied_body = defaults.workflow_approval.denied.body;
+            $scope.running_message = defaults.workflow_approval.running.message;
+            $scope.running_body = defaults.workflow_approval.running.body;
+            $scope.timed_out_message = defaults.workflow_approval.timed_out.message;
+            $scope.timed_out_body = defaults.workflow_approval.timed_out.body;
+
             if (!messages) {
                 return;
             }
@@ -84,6 +106,48 @@ export default [function() {
                 isCustomized = true;
                 $scope.error_body = messages.error.body;
             }
+            if (messages.workflow_approval) {
+                if (messages.workflow_approval.approved
+                    && messages.workflow_approval.approved.message) {
+                    isCustomized = true;
+                    $scope.approved_message = messages.workflow_approval.approved.message;
+                }
+                if (messages.workflow_approval.approved
+                    && messages.workflow_approval.approved.body) {
+                    isCustomized = true;
+                    $scope.approved_body = messages.workflow_approval.approved.body;
+                }
+                if (messages.workflow_approval.denied
+                    && messages.workflow_approval.denied.message) {
+                    isCustomized = true;
+                    $scope.denied_message = messages.workflow_approval.denied.message;
+                }
+                if (messages.workflow_approval.denied
+                    && messages.workflow_approval.denied.body) {
+                    isCustomized = true;
+                    $scope.denied_body = messages.workflow_approval.denied.body;
+                }
+                if (messages.workflow_approval.running
+                    && messages.workflow_approval.running.message) {
+                    isCustomized = true;
+                    $scope.running_message = messages.workflow_approval.running.message;
+                }
+                if (messages.workflow_approval.running
+                    && messages.workflow_approval.running.body) {
+                    isCustomized = true;
+                    $scope.running_body = messages.workflow_approval.running.body;
+                }
+                if (messages.workflow_approval.timed_out
+                    && messages.workflow_approval.timed_out.message) {
+                    isCustomized = true;
+                    $scope.timed_out_message = messages.workflow_approval.timed_out.message;
+                }
+                if (messages.workflow_approval.timed_out
+                    && messages.workflow_approval.timed_out.body) {
+                    isCustomized = true;
+                    $scope.timed_out_body = messages.workflow_approval.timed_out.body;
+                }
+            }
             $scope.customize_messages = isCustomized;
         },
 
@@ -110,6 +174,30 @@ export default [function() {
             if ($scope.error_body === oldDefaults.error.body) {
                 $scope.error_body = newDefaults.error.body;
             }
+            if ($scope.approved_message === oldDefaults.workflow_approval.approved.message) {
+                $scope.approved_message = newDefaults.workflow_approval.approved.message;
+            }
+            if ($scope.approved_body === oldDefaults.workflow_approval.approved.body) {
+                $scope.approved_body = newDefaults.workflow_approval.approved.body;
+            }
+            if ($scope.denied_message === oldDefaults.workflow_approval.denied.message) {
+                $scope.denied_message = newDefaults.workflow_approval.denied.message;
+            }
+            if ($scope.denied_body === oldDefaults.workflow_approval.denied.body) {
+                $scope.denied_body = newDefaults.workflow_approval.denied.body;
+            }
+            if ($scope.running_message === oldDefaults.workflow_approval.running.message) {
+                $scope.running_message = newDefaults.workflow_approval.running.message;
+            }
+            if ($scope.running_body === oldDefaults.workflow_approval.running.body) {
+                $scope.running_body = newDefaults.workflow_approval.running.body;
+            }
+            if ($scope.timed_out_message === oldDefaults.workflow_approval.timed_out.message) {
+                $scope.timed_out_message = newDefaults.workflow_approval.timed_out.message;
+            }
+            if ($scope.timed_out_body === oldDefaults.workflow_approval.timed_out.body) {
+                $scope.timed_out_body = newDefaults.workflow_approval.timed_out.body;
+            }
         }
     };
 }];

From 0af79b729ec05935c97caa60397dc0618b3d7463 Mon Sep 17 00:00:00 2001
From: Keith Grant <keithjgrant@redhat.com>
Date: Mon, 21 Oct 2019 15:01:24 -0700
Subject: [PATCH 20/57] fix lint errors

---
 .../shared/message-utils.service.js           | 32 +++++++++----------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/awx/ui/client/src/notifications/shared/message-utils.service.js b/awx/ui/client/src/notifications/shared/message-utils.service.js
index 6cc5b39978..1e94c5c901 100644
--- a/awx/ui/client/src/notifications/shared/message-utils.service.js
+++ b/awx/ui/client/src/notifications/shared/message-utils.service.js
@@ -107,43 +107,43 @@ export default [function() {
                 $scope.error_body = messages.error.body;
             }
             if (messages.workflow_approval) {
-                if (messages.workflow_approval.approved
-                    && messages.workflow_approval.approved.message) {
+                if (messages.workflow_approval.approved &&
+                    messages.workflow_approval.approved.message) {
                     isCustomized = true;
                     $scope.approved_message = messages.workflow_approval.approved.message;
                 }
-                if (messages.workflow_approval.approved
-                    && messages.workflow_approval.approved.body) {
+                if (messages.workflow_approval.approved &&
+                    messages.workflow_approval.approved.body) {
                     isCustomized = true;
                     $scope.approved_body = messages.workflow_approval.approved.body;
                 }
-                if (messages.workflow_approval.denied
-                    && messages.workflow_approval.denied.message) {
+                if (messages.workflow_approval.denied &&
+                    messages.workflow_approval.denied.message) {
                     isCustomized = true;
                     $scope.denied_message = messages.workflow_approval.denied.message;
                 }
-                if (messages.workflow_approval.denied
-                    && messages.workflow_approval.denied.body) {
+                if (messages.workflow_approval.denied &&
+                    messages.workflow_approval.denied.body) {
                     isCustomized = true;
                     $scope.denied_body = messages.workflow_approval.denied.body;
                 }
-                if (messages.workflow_approval.running
-                    && messages.workflow_approval.running.message) {
+                if (messages.workflow_approval.running &&
+                    messages.workflow_approval.running.message) {
                     isCustomized = true;
                     $scope.running_message = messages.workflow_approval.running.message;
                 }
-                if (messages.workflow_approval.running
-                    && messages.workflow_approval.running.body) {
+                if (messages.workflow_approval.running &&
+                    messages.workflow_approval.running.body) {
                     isCustomized = true;
                     $scope.running_body = messages.workflow_approval.running.body;
                 }
-                if (messages.workflow_approval.timed_out
-                    && messages.workflow_approval.timed_out.message) {
+                if (messages.workflow_approval.timed_out &&
+                    messages.workflow_approval.timed_out.message) {
                     isCustomized = true;
                     $scope.timed_out_message = messages.workflow_approval.timed_out.message;
                 }
-                if (messages.workflow_approval.timed_out
-                    && messages.workflow_approval.timed_out.body) {
+                if (messages.workflow_approval.timed_out &&
+                    messages.workflow_approval.timed_out.body) {
                     isCustomized = true;
                     $scope.timed_out_body = messages.workflow_approval.timed_out.body;
                 }

From ff1a618a9370627fb990b236981778860da3a7a8 Mon Sep 17 00:00:00 2001
From: Jim Ladd <jladd@redhat.com>
Date: Mon, 21 Oct 2019 13:52:36 -0700
Subject: [PATCH 21/57] Don't use i18n for NT body string

---
 awx/main/notifications/custom_notification_base.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/awx/main/notifications/custom_notification_base.py b/awx/main/notifications/custom_notification_base.py
index a99c710e95..2abff26f62 100644
--- a/awx/main/notifications/custom_notification_base.py
+++ b/awx/main/notifications/custom_notification_base.py
@@ -1,13 +1,10 @@
 # Copyright (c) 2019 Ansible, Inc.
 # All Rights Reserved.
 
-from django.utils.encoding import smart_text
-from django.utils.translation import ugettext_lazy as _
-
 
 class CustomNotificationBase(object):
     DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    DEFAULT_BODY = smart_text(_("{{ job_friendly_name }} #{{ job.id }} had status {{ job.status }}, view details at {{ url }}\n\n{{ job_summary_dict }}"))
+    DEFAULT_BODY = "{{ job_friendly_name }} #{{ job.id }} had status {{ job.status }}, view details at {{ url }}\n\n{{ job_summary_dict }}"
 
     default_messages = {"started": {"message": DEFAULT_MSG, "body": None},
                         "success": {"message": DEFAULT_MSG, "body": None},

From 32deca2e92feeac1d28c7afbe52b4e4d0a43794d Mon Sep 17 00:00:00 2001
From: Jim Ladd <jladd@redhat.com>
Date: Mon, 21 Oct 2019 16:16:10 -0700
Subject: [PATCH 22/57] Use correct notif. bodies when sending test notifs

* Notification backends now handle body of notifications differently
* .. depending on their type (webhook, email, and pagerduty) are
  currently the only three notification types that use body
* email and pagerduty expect a string
* webhooks expects a dict in string format
---
 awx/api/views/__init__.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py
index 63325abe2a..23e66810fe 100644
--- a/awx/api/views/__init__.py
+++ b/awx/api/views/__init__.py
@@ -4313,8 +4313,15 @@ class NotificationTemplateTest(GenericAPIView):
 
     def post(self, request, *args, **kwargs):
         obj = self.get_object()
-        notification = obj.generate_notification("Tower Notification Test {} {}".format(obj.id, settings.TOWER_URL_BASE),
-                                                 {"body": "Ansible Tower Test Notification {} {}".format(obj.id, settings.TOWER_URL_BASE)})
+        msg = "Tower Notification Test {} {}".format(obj.id, settings.TOWER_URL_BASE)
+        if obj.notification_type in ('email', 'pagerduty'):
+            body = "Ansible Tower Test Notification {} {}".format(obj.id, settings.TOWER_URL_BASE)
+        elif obj.notification_type == 'webhook':
+            body = '{{"body": "Ansible Tower Test Notification {} {}"}}'.format(obj.id, settings.TOWER_URL_BASE)
+        else:
+            body = {"body": "Ansible Tower Test Notification {} {}".format(obj.id, settings.TOWER_URL_BASE)}
+        notification = obj.generate_notification(msg, body)
+
         if not notification:
             return Response({}, status=status.HTTP_400_BAD_REQUEST)
         else:

From fc941eda98e857be804048553a28e399486279ad Mon Sep 17 00:00:00 2001
From: Jim Ladd <jladd@redhat.com>
Date: Mon, 21 Oct 2019 16:44:03 -0700
Subject: [PATCH 23/57] Return full webhook dict when serializing notif.

---
 awx/api/serializers.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index eaa5ec7e4c..09066a4871 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -4522,8 +4522,8 @@ class NotificationSerializer(BaseSerializer):
                 # attempt to load json string
                 try:
                     potential_body = json.loads(obj.body)
-                    if isinstance(potential_body, dict) and 'body' in potential_body:
-                        return potential_body['body']
+                    if isinstance(potential_body, dict):
+                        return potential_body
                 except json.JSONDecodeError:
                     pass
         return obj.body

From b13009b9a32bd630443ee29810e5f28a56afa6dc Mon Sep 17 00:00:00 2001
From: Jim Ladd <jladd@redhat.com>
Date: Tue, 22 Oct 2019 17:45:46 -0700
Subject: [PATCH 24/57] Update unit tests

---
 awx/main/tests/functional/test_notifications.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/main/tests/functional/test_notifications.py b/awx/main/tests/functional/test_notifications.py
index 4059d0b9a9..e147445f18 100644
--- a/awx/main/tests/functional/test_notifications.py
+++ b/awx/main/tests/functional/test_notifications.py
@@ -43,7 +43,7 @@ def test_basic_parameterization(get, post, user, organization):
     assert 'url' in response.data['notification_configuration']
     assert 'headers' in response.data['notification_configuration']
     assert 'messages' in response.data
-    assert response.data['messages'] == {'started': None, 'success': None, 'error': None}
+    assert response.data['messages'] == {'started': None, 'success': None, 'error': None, 'workflow_approval': None}
 
 
 @pytest.mark.django_db

From 93bd1e67052b0c2c3230d6f96dfaf33f43574d34 Mon Sep 17 00:00:00 2001
From: Rebeccah <rhunter@redhat.com>
Date: Tue, 15 Oct 2019 17:36:55 -0400
Subject: [PATCH 25/57] Added in validation for each of the 3 fields that
 should not be changed if the instance is a container group, defaults in the
 textarea persist with these 3 options

---
 awx/api/generics.py      |  9 ++++++++-
 awx/api/serializers.py   | 12 ++++++++++++
 awx/main/utils/common.py |  4 ++++
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/awx/api/generics.py b/awx/api/generics.py
index 8b8fb55894..ee6db9634d 100644
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -46,7 +46,7 @@ from awx.main.utils import (
     decrypt_field
 )
 from awx.main.utils.db import get_all_field_names
-from awx.api.serializers import ResourceAccessListElementSerializer, CopySerializer, UserSerializer
+from awx.api.serializers import ResourceAccessListElementSerializer, CopySerializer, UserSerializer, InstanceGroupSerializer
 from awx.api.versioning import URLPathVersioning
 from awx.api.metadata import SublistAttachDetatchMetadata, Metadata
 
@@ -317,6 +317,13 @@ class GenericAPIView(generics.GenericAPIView, APIView):
             for name, field in list(serializer.fields.items()):
                 if getattr(field, 'read_only', None):
                     del serializer.fields[name]
+                # Additionally, remove the following fields if an instance group is containerized.
+                if name == 'is_containerized':
+                    import sdb
+                    sdb.set_trace()
+                    del serializer.fields['policy_instance_percentage']
+                    del serializer.fields['policy_instance_minimum']
+                    del serializer.fields['policy_instance_list']
             serializer._data = self.update_raw_data(serializer.data)
         return serializer
 
diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 09066a4871..c4f86a9842 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -4801,6 +4801,18 @@ class InstanceGroupSerializer(BaseSerializer):
                 raise serializers.ValidationError(_('Isolated instances may not be added or removed from instances groups via the API.'))
             if self.instance and self.instance.controller_id is not None:
                 raise serializers.ValidationError(_('Isolated instance group membership may not be managed via the API.'))
+        if self.instance.is_containerized:
+                raise serializers.ValidationError(_('Containerized instances may not be managed via the API'))
+        return value
+
+    def validate_policy_instance_percentage(self, value):
+        if value and self.instance.is_containerized:
+            raise serializers.ValidationError(_('Containerized instances may not be managed via the API'))
+        return value
+
+    def validate_policy_instance_minimum(self, value):
+        if value and self.instance.is_containerized:
+            raise serializers.ValidationError(_('Containerized instances may not be managed via the API'))
         return value
 
     def validate_name(self, value):
diff --git a/awx/main/utils/common.py b/awx/main/utils/common.py
index 11e4722f5f..e7603fb037 100644
--- a/awx/main/utils/common.py
+++ b/awx/main/utils/common.py
@@ -366,6 +366,10 @@ def get_allowed_fields(obj, serializer_mapping):
     field_blacklist = ACTIVITY_STREAM_FIELD_EXCLUSIONS.get(obj._meta.model_name, [])
     if field_blacklist:
         allowed_fields = [f for f in allowed_fields if f not in field_blacklist]
+    # raise Exception(_("please render this"))
+    # if obj.__class__.__name__ == 'InstanceGroup' and obj.is_containerized:
+    #     container_group_blacklist = ["policy_instance_percentage", "policy_instance_minimum", "policy_instance_list"]
+    #     allowed_fields = [f for f in allowed_fields if f not in container_group_blacklist]
     return allowed_fields
 
 

From ef7b3fec94a8a80a9a79ec2e48fbadeac1ecff26 Mon Sep 17 00:00:00 2001
From: Rebeccah <rhunter@redhat.com>
Date: Tue, 22 Oct 2019 15:57:06 -0400
Subject: [PATCH 26/57] removed policy_instance variables from container groups
 default values in the API put/patch view

---
 awx/api/generics.py      | 11 +++++------
 awx/api/serializers.py   |  2 +-
 awx/main/utils/common.py |  4 ----
 3 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/awx/api/generics.py b/awx/api/generics.py
index ee6db9634d..4f595cb384 100644
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -318,12 +318,11 @@ class GenericAPIView(generics.GenericAPIView, APIView):
                 if getattr(field, 'read_only', None):
                     del serializer.fields[name]
                 # Additionally, remove the following fields if an instance group is containerized.
-                if name == 'is_containerized':
-                    import sdb
-                    sdb.set_trace()
-                    del serializer.fields['policy_instance_percentage']
-                    del serializer.fields['policy_instance_minimum']
-                    del serializer.fields['policy_instance_list']
+                if name == 'is_containerized' and type(serializer) == InstanceGroupSerializer:
+                    if serializer.instance is not None and serializer.instance.is_containerized:
+                        del serializer.fields['policy_instance_percentage']
+                        del serializer.fields['policy_instance_minimum']
+                        del serializer.fields['policy_instance_list']
             serializer._data = self.update_raw_data(serializer.data)
         return serializer
 
diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index c4f86a9842..816a7bf4e0 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -4802,7 +4802,7 @@ class InstanceGroupSerializer(BaseSerializer):
             if self.instance and self.instance.controller_id is not None:
                 raise serializers.ValidationError(_('Isolated instance group membership may not be managed via the API.'))
         if self.instance.is_containerized:
-                raise serializers.ValidationError(_('Containerized instances may not be managed via the API'))
+            raise serializers.ValidationError(_('Containerized instances may not be managed via the API'))
         return value
 
     def validate_policy_instance_percentage(self, value):
diff --git a/awx/main/utils/common.py b/awx/main/utils/common.py
index e7603fb037..11e4722f5f 100644
--- a/awx/main/utils/common.py
+++ b/awx/main/utils/common.py
@@ -366,10 +366,6 @@ def get_allowed_fields(obj, serializer_mapping):
     field_blacklist = ACTIVITY_STREAM_FIELD_EXCLUSIONS.get(obj._meta.model_name, [])
     if field_blacklist:
         allowed_fields = [f for f in allowed_fields if f not in field_blacklist]
-    # raise Exception(_("please render this"))
-    # if obj.__class__.__name__ == 'InstanceGroup' and obj.is_containerized:
-    #     container_group_blacklist = ["policy_instance_percentage", "policy_instance_minimum", "policy_instance_list"]
-    #     allowed_fields = [f for f in allowed_fields if f not in container_group_blacklist]
     return allowed_fields
 
 

From 4c199b0ab21d1998a96ee497f6b79cfee445b2af Mon Sep 17 00:00:00 2001
From: Rebeccah <rhunter@redhat.com>
Date: Wed, 23 Oct 2019 17:15:40 -0400
Subject: [PATCH 27/57] moved filterint out policy instance values in the api
 browser input box into the instanceGroupDetail class where I overrode the
 update_raw_data function to parse out the unneeded data. Additionally added
 the fix for checking the value in the serializer.

---
 awx/api/generics.py       | 8 +-------
 awx/api/serializers.py    | 2 +-
 awx/api/views/__init__.py | 7 +++++++
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/awx/api/generics.py b/awx/api/generics.py
index 4f595cb384..8b8fb55894 100644
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -46,7 +46,7 @@ from awx.main.utils import (
     decrypt_field
 )
 from awx.main.utils.db import get_all_field_names
-from awx.api.serializers import ResourceAccessListElementSerializer, CopySerializer, UserSerializer, InstanceGroupSerializer
+from awx.api.serializers import ResourceAccessListElementSerializer, CopySerializer, UserSerializer
 from awx.api.versioning import URLPathVersioning
 from awx.api.metadata import SublistAttachDetatchMetadata, Metadata
 
@@ -317,12 +317,6 @@ class GenericAPIView(generics.GenericAPIView, APIView):
             for name, field in list(serializer.fields.items()):
                 if getattr(field, 'read_only', None):
                     del serializer.fields[name]
-                # Additionally, remove the following fields if an instance group is containerized.
-                if name == 'is_containerized' and type(serializer) == InstanceGroupSerializer:
-                    if serializer.instance is not None and serializer.instance.is_containerized:
-                        del serializer.fields['policy_instance_percentage']
-                        del serializer.fields['policy_instance_minimum']
-                        del serializer.fields['policy_instance_list']
             serializer._data = self.update_raw_data(serializer.data)
         return serializer
 
diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 816a7bf4e0..00a90b2653 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -4801,7 +4801,7 @@ class InstanceGroupSerializer(BaseSerializer):
                 raise serializers.ValidationError(_('Isolated instances may not be added or removed from instances groups via the API.'))
             if self.instance and self.instance.controller_id is not None:
                 raise serializers.ValidationError(_('Isolated instance group membership may not be managed via the API.'))
-        if self.instance.is_containerized:
+        if value and self.instance.is_containerized:
             raise serializers.ValidationError(_('Containerized instances may not be managed via the API'))
         return value
 
diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py
index 23e66810fe..dd31948acf 100644
--- a/awx/api/views/__init__.py
+++ b/awx/api/views/__init__.py
@@ -383,6 +383,13 @@ class InstanceGroupDetail(RelatedJobsPreventDeleteMixin, RetrieveUpdateDestroyAP
     serializer_class = serializers.InstanceGroupSerializer
     permission_classes = (InstanceGroupTowerPermission,)
 
+    def update_raw_data(self, data):
+        if self.get_object().is_containerized:
+            data.pop('policy_instance_percentage', None)
+            data.pop('policy_instance_minimum', None)
+            data.pop('policy_instance_list', None)
+        return super(InstanceGroupDetail, self).update_raw_data(data)
+
     def destroy(self, request, *args, **kwargs):
         instance = self.get_object()
         if instance.controller is not None:

From 8f5d25a5dfd74fc0d138461779ebb05b8d30c3dd Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Wed, 23 Oct 2019 19:26:10 -0400
Subject: [PATCH 28/57] Fix bug where SCM inventory did not have a collections
 destination (#3795)

* update inventory path to be in tmp project clone

* copy project folder for inventory scm launch type

* Optionally accept inventory collection paths from ansible.cfg
---
 awx/main/tasks.py                             | 40 ++++++++++++++++---
 .../test_inventory_source_injectors.py        |  1 +
 2 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/awx/main/tasks.py b/awx/main/tasks.py
index fc3d466d39..8e0149648a 100644
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@@ -1451,7 +1451,7 @@ class BaseTask(object):
         self.update_model(task.pk, execution_node=pod_manager.pod_name)
         return pod_manager
 
-        
+
 
 
 
@@ -2359,6 +2359,27 @@ class RunInventoryUpdate(BaseTask):
                     env[str(env_k)] = str(inventory_update.source_vars_dict[env_k])
         elif inventory_update.source == 'file':
             raise NotImplementedError('Cannot update file sources through the task system.')
+
+        if inventory_update.source == 'scm' and inventory_update.source_project_update:
+            env_key = 'ANSIBLE_COLLECTIONS_PATHS'
+            config_setting = 'collections_paths'
+            folder = 'requirements_collections'
+            default = '~/.ansible/collections:/usr/share/ansible/collections'
+
+            config_values = read_ansible_config(os.path.join(private_data_dir, 'project'), [config_setting])
+
+            paths = default.split(':')
+            if env_key in env:
+                for path in env[env_key].split(':'):
+                    if path not in paths:
+                        paths = [env[env_key]] + paths
+            elif config_setting in config_values:
+                for path in config_values[config_setting].split(':'):
+                    if path not in paths:
+                        paths = [config_values[config_setting]] + paths
+            paths = [os.path.join(private_data_dir, folder)] + paths
+            env[env_key] = os.pathsep.join(paths)
+
         return env
 
     def write_args_file(self, private_data_dir, args):
@@ -2457,7 +2478,7 @@ class RunInventoryUpdate(BaseTask):
                 # Use the vendored script path
                 inventory_path = self.get_path_to('..', 'plugins', 'inventory', injector.script_name)
         elif src == 'scm':
-            inventory_path = inventory_update.get_actual_source_path()
+            inventory_path = os.path.join(private_data_dir, 'project', inventory_update.source_path)
         elif src == 'custom':
             handle, inventory_path = tempfile.mkstemp(dir=private_data_dir)
             f = os.fdopen(handle, 'w')
@@ -2478,7 +2499,7 @@ class RunInventoryUpdate(BaseTask):
         '''
         src = inventory_update.source
         if src == 'scm' and inventory_update.source_project_update:
-            return inventory_update.source_project_update.get_project_path(check_if_exists=False)
+            return os.path.join(private_data_dir, 'project')
         if src in CLOUD_PROVIDERS:
             injector = None
             if src in InventorySource.injectors:
@@ -2514,8 +2535,10 @@ class RunInventoryUpdate(BaseTask):
 
             project_update_task = local_project_sync._get_task_class()
             try:
-                project_update_task().run(local_project_sync.id)
-                inventory_update.inventory_source.scm_last_revision = local_project_sync.project.scm_revision
+                sync_task = project_update_task(job_private_data_dir=private_data_dir)
+                sync_task.run(local_project_sync.id)
+                local_project_sync.refresh_from_db()
+                inventory_update.inventory_source.scm_last_revision = local_project_sync.scm_revision
                 inventory_update.inventory_source.save(update_fields=['scm_last_revision'])
             except Exception:
                 inventory_update = self.update_model(
@@ -2523,6 +2546,13 @@ class RunInventoryUpdate(BaseTask):
                     job_explanation=('Previous Task Failed: {"job_type": "%s", "job_name": "%s", "job_id": "%s"}' %
                                      ('project_update', local_project_sync.name, local_project_sync.id)))
                 raise
+        elif inventory_update.source == 'scm' and inventory_update.launch_type == 'scm' and source_project:
+            # This follows update, not sync, so make copy here
+            project_path = source_project.get_project_path(check_if_exists=False)
+            RunProjectUpdate.make_local_copy(
+                project_path, os.path.join(private_data_dir, 'project'),
+                source_project.scm_type, source_project.scm_revision
+            )
 
 
 @task()
diff --git a/awx/main/tests/functional/test_inventory_source_injectors.py b/awx/main/tests/functional/test_inventory_source_injectors.py
index 7f7e43c993..729658a58d 100644
--- a/awx/main/tests/functional/test_inventory_source_injectors.py
+++ b/awx/main/tests/functional/test_inventory_source_injectors.py
@@ -264,6 +264,7 @@ def test_inventory_update_injected_content(this_kind, script_or_plugin, inventor
         assert envvars.pop('ANSIBLE_INVENTORY_ENABLED') == ('auto' if use_plugin else 'script')
         set_files = bool(os.getenv("MAKE_INVENTORY_REFERENCE_FILES", 'false').lower()[0] not in ['f', '0'])
         env, content = read_content(private_data_dir, envvars, inventory_update)
+        env.pop('ANSIBLE_COLLECTIONS_PATHS', None)  # collection paths not relevant to this test
         base_dir = os.path.join(DATA, script_or_plugin)
         if not os.path.exists(base_dir):
             os.mkdir(base_dir)

From b2557c6fd884b417e77f05b408312c359c131391 Mon Sep 17 00:00:00 2001
From: Jim Ladd <jladd@redhat.com>
Date: Wed, 23 Oct 2019 12:41:17 -0700
Subject: [PATCH 29/57] Rename job_summary_dict to job_metadata

* Clarifies purpose of notification template variable
---
 awx/main/models/notifications.py                              | 4 ++--
 awx/main/models/workflow.py                                   | 2 +-
 awx/main/notifications/custom_notification_base.py            | 2 +-
 awx/main/notifications/pagerduty_backend.py                   | 2 +-
 awx/main/notifications/webhook_backend.py                     | 2 +-
 awx/main/tests/functional/models/test_notifications.py        | 2 +-
 .../api/serializers/test_notification_template_serializers.py | 2 +-
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/awx/main/models/notifications.py b/awx/main/models/notifications.py
index 3d422d5e25..9163e57e92 100644
--- a/awx/main/models/notifications.py
+++ b/awx/main/models/notifications.py
@@ -366,7 +366,7 @@ class JobNotificationMixin(object):
                            'verbosity': 0},
                    'job_friendly_name': 'Job',
                    'url': 'https://towerhost/#/jobs/playbook/1010',
-                   'job_summary_dict': """{'url': 'https://towerhost/$/jobs/playbook/13',
+                   'job_metadata': """{'url': 'https://towerhost/$/jobs/playbook/13',
  'traceback': '',
  'status': 'running',
  'started': '2019-08-07T21:46:38.362630+00:00',
@@ -392,7 +392,7 @@ class JobNotificationMixin(object):
         context = {'job': {},
                    'job_friendly_name': self.get_notification_friendly_name(),
                    'url': self.get_ui_url(),
-                   'job_summary_dict': json.dumps(self.notification_data(), indent=4)}
+                   'job_metadata': json.dumps(self.notification_data(), indent=4)}
 
         def build_context(node, fields, whitelisted_fields):
             for safe_field in whitelisted_fields:
diff --git a/awx/main/models/workflow.py b/awx/main/models/workflow.py
index 83a7c91ad3..100ba1c323 100644
--- a/awx/main/models/workflow.py
+++ b/awx/main/models/workflow.py
@@ -805,7 +805,7 @@ class WorkflowApproval(UnifiedJob, JobNotificationMixin):
         return {'approval_status': approval_status,
                 'approval_node_name': self.workflow_approval_template.name,
                 'workflow_url': workflow_url,
-                'job_summary_dict': json.dumps(self.notification_data(), indent=4)}
+                'job_metadata': json.dumps(self.notification_data(), indent=4)}
 
     @property
     def workflow_job_template(self):
diff --git a/awx/main/notifications/custom_notification_base.py b/awx/main/notifications/custom_notification_base.py
index 2abff26f62..b7038ec867 100644
--- a/awx/main/notifications/custom_notification_base.py
+++ b/awx/main/notifications/custom_notification_base.py
@@ -4,7 +4,7 @@
 
 class CustomNotificationBase(object):
     DEFAULT_MSG = "{{ job_friendly_name }} #{{ job.id }} '{{ job.name }}' {{ job.status }}: {{ url }}"
-    DEFAULT_BODY = "{{ job_friendly_name }} #{{ job.id }} had status {{ job.status }}, view details at {{ url }}\n\n{{ job_summary_dict }}"
+    DEFAULT_BODY = "{{ job_friendly_name }} #{{ job.id }} had status {{ job.status }}, view details at {{ url }}\n\n{{ job_metadata }}"
 
     default_messages = {"started": {"message": DEFAULT_MSG, "body": None},
                         "success": {"message": DEFAULT_MSG, "body": None},
diff --git a/awx/main/notifications/pagerduty_backend.py b/awx/main/notifications/pagerduty_backend.py
index a2399b9777..45869a34db 100644
--- a/awx/main/notifications/pagerduty_backend.py
+++ b/awx/main/notifications/pagerduty_backend.py
@@ -26,7 +26,7 @@ class PagerDutyBackend(AWXBaseEmailBackend, CustomNotificationBase):
     recipient_parameter = "service_key"
     sender_parameter = "client_name"
 
-    DEFAULT_BODY = "{{ job_summary_dict }}"
+    DEFAULT_BODY = "{{ job_metadata }}"
     default_messages = {"started": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
                         "success": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
                         "error": {"message": DEFAULT_MSG, "body": DEFAULT_BODY},
diff --git a/awx/main/notifications/webhook_backend.py b/awx/main/notifications/webhook_backend.py
index f05012c4d6..b9c2c35d22 100644
--- a/awx/main/notifications/webhook_backend.py
+++ b/awx/main/notifications/webhook_backend.py
@@ -26,7 +26,7 @@ class WebhookBackend(AWXBaseEmailBackend, CustomNotificationBase):
     recipient_parameter = "url"
     sender_parameter = None
 
-    DEFAULT_BODY = "{{ job_summary_dict }}"
+    DEFAULT_BODY = "{{ job_metadata }}"
     default_messages = {"started": {"body": DEFAULT_BODY},
                         "success": {"body": DEFAULT_BODY},
                         "error": {"body": DEFAULT_BODY},
diff --git a/awx/main/tests/functional/models/test_notifications.py b/awx/main/tests/functional/models/test_notifications.py
index 2ebbcca71a..1b671efdcb 100644
--- a/awx/main/tests/functional/models/test_notifications.py
+++ b/awx/main/tests/functional/models/test_notifications.py
@@ -87,7 +87,7 @@ class TestJobNotificationMixin(object):
                                  'use_fact_cache': bool,
                                  'verbosity': int},
                          'job_friendly_name': str,
-                         'job_summary_dict': str,
+                         'job_metadata': str,
                          'url': str}
 
 
diff --git a/awx/main/tests/unit/api/serializers/test_notification_template_serializers.py b/awx/main/tests/unit/api/serializers/test_notification_template_serializers.py
index afd29820d2..f0bd6784d4 100644
--- a/awx/main/tests/unit/api/serializers/test_notification_template_serializers.py
+++ b/awx/main/tests/unit/api/serializers/test_notification_template_serializers.py
@@ -26,7 +26,7 @@ class TestNotificationTemplateSerializer():
                               {'started': {'message': '{{ job.id }}', 'body': '{{ job.status }}'},
                                'success': {'message': None, 'body': '{{ job_friendly_name }}'},
                                'error': {'message': '{{ url }}', 'body': None}},
-                              {'started': {'body': '{{ job_summary_dict }}'}},
+                              {'started': {'body': '{{ job_metadata }}'}},
                               {'started': {'body': '{{ job.summary_fields.inventory.total_hosts }}'}},
                               {'started': {'body': u'Iñtërnâtiônàlizætiøn'}}
                               ])

From 9d93b78296ff98d5e11aed28c1fb012b33e2f1cf Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Thu, 3 Oct 2019 12:04:59 -0400
Subject: [PATCH 30/57] New target for sanity testing of the collection

Do not run in Zuul
---
 .gitignore                               |  1 +
 Makefile                                 |  8 ++++++++
 awx_collection/make_imports_absolute.yml | 17 +++++++++++++++++
 3 files changed, 26 insertions(+)
 create mode 100644 awx_collection/make_imports_absolute.yml

diff --git a/.gitignore b/.gitignore
index be22f947ae..60d960b66e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -138,6 +138,7 @@ use_dev_supervisor.txt
 awx_collection_test_venv/
 awx_collection/*.tar.gz
 awx_collection/galaxy.yml
+sanity/
 
 .idea/*
 *.unison.tmp
diff --git a/Makefile b/Makefile
index 0a93a8696b..55b65fa2c5 100644
--- a/Makefile
+++ b/Makefile
@@ -399,6 +399,14 @@ flake8_collection:
 
 test_collection_all: prepare_collection_venv test_collection flake8_collection
 
+test_collection_sanity:
+	rm -rf sanity
+	mkdir -p sanity/ansible_collections/awx
+	cp -Ra awx_collection sanity/ansible_collections/awx/awx  # symlinks do not work
+	cd sanity/ansible_collections/awx/awx && ansible-playbook -i localhost, make_imports_absolute.yml  # hack because sanity tests do not fully work
+	cd sanity/ansible_collections/awx/awx && git init && git add . # requires both this file structure and a git repo, so there you go
+	cd sanity/ansible_collections/awx/awx && ansible-test sanity --test validate-modules
+
 build_collection:
 	ansible-playbook -i localhost, awx_collection/template_galaxy.yml -e collection_package=$(COLLECTION_PACKAGE) -e collection_namespace=$(COLLECTION_NAMESPACE) -e collection_version=$(VERSION)
 	ansible-galaxy collection build awx_collection --output-path=awx_collection
diff --git a/awx_collection/make_imports_absolute.yml b/awx_collection/make_imports_absolute.yml
new file mode 100644
index 0000000000..184019ea2b
--- /dev/null
+++ b/awx_collection/make_imports_absolute.yml
@@ -0,0 +1,17 @@
+- hosts: localhost
+  gather_facts: false
+  connection: local
+
+  tasks:
+  - name: Find all module files
+    find:
+      paths: "{{ playbook_dir }}/plugins/modules"
+      patterns: "*.py"
+    register: module_files
+
+  - name: Change module_utils imports to absolute namespace and package names
+    replace:
+      path: "{{ item.path }}"
+      regexp: '^from ..module_utils.ansible_tower'
+      replace: 'from ansible_collections.awx.awx.plugins.module_utils.ansible_tower'
+    with_items: "{{ module_files.files }}"

From 201ae5f948ec94e418b9165999ad6352e82a5126 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Mon, 30 Sep 2019 16:01:44 -0400
Subject: [PATCH 31/57] declare types in Ansible Tower module options

---
 .../plugins/modules/tower_credential.py       |  3 ++-
 .../plugins/modules/tower_credential_type.py  |  6 +++++
 awx_collection/plugins/modules/tower_group.py | 16 ++++++++++-
 awx_collection/plugins/modules/tower_host.py  |  5 ++++
 .../plugins/modules/tower_inventory.py        |  7 +++++
 .../plugins/modules/tower_inventory_source.py | 20 ++++++++++----
 .../plugins/modules/tower_job_cancel.py       |  1 +
 .../plugins/modules/tower_job_launch.py       | 15 +++++------
 .../plugins/modules/tower_job_list.py         |  3 +++
 .../plugins/modules/tower_job_template.py     | 21 +++++++++++++++
 .../plugins/modules/tower_job_wait.py         |  4 +++
 awx_collection/plugins/modules/tower_label.py |  3 +++
 .../plugins/modules/tower_notification.py     | 27 +++++++++++++++++++
 .../plugins/modules/tower_organization.py     |  3 +++
 .../plugins/modules/tower_project.py          | 12 +++++++++
 .../plugins/modules/tower_receive.py          | 11 ++++++++
 awx_collection/plugins/modules/tower_role.py  | 10 +++++++
 awx_collection/plugins/modules/tower_send.py  |  4 +++
 .../plugins/modules/tower_settings.py         |  2 ++
 awx_collection/plugins/modules/tower_team.py  |  7 +++++
 awx_collection/plugins/modules/tower_user.py  |  6 +++++
 .../plugins/modules/tower_workflow_launch.py  |  3 +++
 .../modules/tower_workflow_template.py        |  8 ++++++
 23 files changed, 182 insertions(+), 15 deletions(-)

diff --git a/awx_collection/plugins/modules/tower_credential.py b/awx_collection/plugins/modules/tower_credential.py
index 587d8205dd..f43d7f5ab3 100644
--- a/awx_collection/plugins/modules/tower_credential.py
+++ b/awx_collection/plugins/modules/tower_credential.py
@@ -130,7 +130,8 @@ options:
     become_method:
       description:
         - Become method to use for privilege escalation.
-      choices: ["None", "sudo", "su", "pbrun", "pfexec", "pmrun"]
+        - Some examples are "None", "sudo", "su", "pbrun"
+        - Due to become plugins, these can be arbitrary
       type: str
     become_username:
       description:
diff --git a/awx_collection/plugins/modules/tower_credential_type.py b/awx_collection/plugins/modules/tower_credential_type.py
index 0fd6ebd046..94bb76e90f 100644
--- a/awx_collection/plugins/modules/tower_credential_type.py
+++ b/awx_collection/plugins/modules/tower_credential_type.py
@@ -28,10 +28,12 @@ options:
       description:
         - The name of the credential type.
       required: True
+      type: str
     description:
       description:
         - The description of the credential type to give more detail about it.
       required: False
+      type: str
     kind:
       description:
         - >-
@@ -40,24 +42,28 @@ options:
           for more information.
       choices: [ 'ssh', 'vault', 'net', 'scm', 'cloud', 'insights' ]
       required: False
+      type: str
     inputs:
       description:
         - >-
           Enter inputs using either JSON or YAML syntax. Refer to the Ansible
           Tower documentation for example syntax.
       required: False
+      type: dict
     injectors:
       description:
         - >-
           Enter injectors using either JSON or YAML syntax. Refer to the
           Ansible Tower documentation for example syntax.
       required: False
+      type: dict
     state:
       description:
         - Desired state of the resource.
       required: False
       default: "present"
       choices: ["present", "absent"]
+      type: str
     validate_certs:
       description:
         - Tower option to avoid certificates check.
diff --git a/awx_collection/plugins/modules/tower_group.py b/awx_collection/plugins/modules/tower_group.py
index 7fe717666a..bd9feaf91f 100644
--- a/awx_collection/plugins/modules/tower_group.py
+++ b/awx_collection/plugins/modules/tower_group.py
@@ -27,38 +27,50 @@ options:
       description:
         - The name to use for the group.
       required: True
+      type: str
     description:
       description:
         - The description to use for the group.
+      type: str
     inventory:
       description:
         - Inventory the group should be made a member of.
       required: True
+      type: str
     variables:
       description:
         - Variables to use for the group, use C(@) for a file.
+      type: str
     credential:
       description:
         - Credential to use for the group.
+      type: str
     source:
       description:
         - The source to use for this group.
       choices: ["manual", "file", "ec2", "rax", "vmware", "gce", "azure", "azure_rm", "openstack", "satellite6" , "cloudforms", "custom"]
+      default: manual
+      type: str
     source_regions:
       description:
         - Regions for cloud provider.
+      type: str
     source_vars:
       description:
         - Override variables from source with variables from this field.
+      type: str
     instance_filters:
       description:
         - Comma-separated list of filter expressions for matching hosts.
+      type: str
     group_by:
       description:
         - Limit groups automatically created from inventory source.
+      type: str
     source_script:
       description:
         - Inventory script to be used when group type is C(custom).
+      type: str
     overwrite:
       description:
         - Delete child groups and hosts not found in source.
@@ -67,6 +79,7 @@ options:
     overwrite_vars:
       description:
         - Override vars in child groups and hosts with those from external source.
+      type: bool
     update_on_launch:
       description:
         - Refresh inventory data from its source each time a job is run.
@@ -77,6 +90,7 @@ options:
         - Desired state of the resource.
       default: "present"
       choices: ["present", "absent"]
+      type: str
 extends_documentation_fragment: awx.awx.auth
 '''
 
@@ -120,7 +134,7 @@ def main():
         group_by=dict(),
         source_script=dict(),
         overwrite=dict(type='bool', default=False),
-        overwrite_vars=dict(),
+        overwrite_vars=dict(type='bool', default=False),
         update_on_launch=dict(type='bool', default=False),
         state=dict(choices=['present', 'absent'], default='present'),
     )
diff --git a/awx_collection/plugins/modules/tower_host.py b/awx_collection/plugins/modules/tower_host.py
index 02946cf4d7..7dfebb0b60 100644
--- a/awx_collection/plugins/modules/tower_host.py
+++ b/awx_collection/plugins/modules/tower_host.py
@@ -27,13 +27,16 @@ options:
       description:
         - The name to use for the host.
       required: True
+      type: str
     description:
       description:
         - The description to use for the host.
+      type: str
     inventory:
       description:
         - Inventory the host should be made a member of.
       required: True
+      type: str
     enabled:
       description:
         - If the host should be enabled.
@@ -42,11 +45,13 @@ options:
     variables:
       description:
         - Variables to use for the host. Use C(@) for a file.
+      type: str
     state:
       description:
         - Desired state of the resource.
       choices: ["present", "absent"]
       default: "present"
+      type: str
 extends_documentation_fragment: awx.awx.auth
 '''
 
diff --git a/awx_collection/plugins/modules/tower_inventory.py b/awx_collection/plugins/modules/tower_inventory.py
index 811430a723..d2321f3853 100644
--- a/awx_collection/plugins/modules/tower_inventory.py
+++ b/awx_collection/plugins/modules/tower_inventory.py
@@ -27,31 +27,38 @@ options:
       description:
         - The name to use for the inventory.
       required: True
+      type: str
     description:
       description:
         - The description to use for the inventory.
+      type: str
     organization:
       description:
         - Organization the inventory belongs to.
       required: True
+      type: str
     variables:
       description:
         - Inventory variables. Use C(@) to get from file.
+      type: str
     kind:
       description:
         - The kind field. Cannot be modified after created.
       default: ""
       choices: ["", "smart"]
       version_added: "2.7"
+      type: str
     host_filter:
       description:
         -  The host_filter field. Only useful when C(kind=smart).
       version_added: "2.7"
+      type: str
     state:
       description:
         - Desired state of the resource.
       default: "present"
       choices: ["present", "absent"]
+      type: str
 extends_documentation_fragment: awx.awx.auth
 '''
 
diff --git a/awx_collection/plugins/modules/tower_inventory_source.py b/awx_collection/plugins/modules/tower_inventory_source.py
index ede0896d64..331e7a07bb 100644
--- a/awx_collection/plugins/modules/tower_inventory_source.py
+++ b/awx_collection/plugins/modules/tower_inventory_source.py
@@ -27,13 +27,16 @@ options:
       description:
         - The name to use for the inventory source.
       required: True
+      type: str
     description:
       description:
         - The description to use for the inventory source.
+      type: str
     inventory:
       description:
         - The inventory the source is linked to.
       required: True
+      type: str
     source:
       description:
         - Types of inventory source.
@@ -52,9 +55,11 @@ options:
         - tower
         - custom
       required: True
+      type: str
     credential:
       description:
         - Credential to use to retrieve the inventory from.
+      type: str
     source_vars:
       description:
         - >-
@@ -62,15 +67,19 @@ options:
           file. For example with Openstack, specifying *private: false* would
           change the output of the openstack.py script. It has to be YAML or
           JSON.
+      type: str
     timeout:
       description:
         - Number in seconds after which the Tower API methods will time out.
+      type: int
     source_project:
       description:
         - Use a *project* as a source for the *inventory*.
+      type: str
     source_path:
       description:
         - Path to the file to use as a source in the selected *project*.
+      type: str
     update_on_project_update:
       description:
         - >-
@@ -83,23 +92,27 @@ options:
           List of regions for your cloud provider. You can include multiple all
           regions. Only Hosts associated with the selected regions will be
           updated. Refer to Ansible Tower documentation for more detail.
+      type: str
     instance_filters:
       description:
         - >-
           Provide a comma-separated list of filter expressions. Hosts are
           imported when all of the filters match. Refer to Ansible Tower
           documentation for more detail.
+      type: str
     group_by:
       description:
         - >-
           Specify which groups to create automatically. Group names will be
           created similar to the options selected. If blank, all groups above
           are created. Refer to Ansible Tower documentation for more detail.
+      type: str
     source_script:
       description:
         - >-
           The source custom script to use to build the inventory. It needs to
           exist.
+      type: str
     overwrite:
       description:
         - >-
@@ -133,16 +146,13 @@ options:
           job runs and callbacks the task system will evaluate the timestamp of
           the latest sync. If it is older than Cache Timeout, it is not
           considered current, and a new inventory sync will be performed.
+      type: int
     state:
       description:
         - Desired state of the resource.
       default: "present"
       choices: ["present", "absent"]
-    validate_certs:
-      description:
-        - Tower option to avoid certificates check.
-      type: bool
-      aliases: [ tower_verify_ssl ]
+      type: str
 extends_documentation_fragment: awx.awx.auth
 '''
 
diff --git a/awx_collection/plugins/modules/tower_job_cancel.py b/awx_collection/plugins/modules/tower_job_cancel.py
index f7a80b9f71..f65218b68a 100644
--- a/awx_collection/plugins/modules/tower_job_cancel.py
+++ b/awx_collection/plugins/modules/tower_job_cancel.py
@@ -27,6 +27,7 @@ options:
       description:
         - ID of the job to cancel
       required: True
+      type: int
     fail_if_not_running:
       description:
         - Fail loudly if the I(job_id) does not reference a running job.
diff --git a/awx_collection/plugins/modules/tower_job_launch.py b/awx_collection/plugins/modules/tower_job_launch.py
index 792632fbb4..40fc193b63 100644
--- a/awx_collection/plugins/modules/tower_job_launch.py
+++ b/awx_collection/plugins/modules/tower_job_launch.py
@@ -27,33 +27,32 @@ options:
       description:
         - Name of the job template to use.
       required: True
-    job_explanation:
-      description:
-        - Job explanation field.
+      type: str
     job_type:
       description:
         - Job_type to use for the job, only used if prompt for job_type is set.
       choices: ["run", "check", "scan"]
+      type: str
     inventory:
       description:
         - Inventory to use for the job, only used if prompt for inventory is set.
+      type: str
     credential:
       description:
         - Credential to use for job, only used if prompt for credential is set.
+      type: str
     extra_vars:
       description:
         - Extra_vars to use for the job_template. Prepend C(@) if a file.
+      type: list
     limit:
       description:
         - Limit to use for the I(job_template).
+      type: str
     tags:
       description:
         - Specific tags to use for from playbook.
-    use_job_endpoint:
-      description:
-        - Disable launching jobs from job template.
-      type: bool
-      default: 'no'
+      type: list
 extends_documentation_fragment: awx.awx.auth
 '''
 
diff --git a/awx_collection/plugins/modules/tower_job_list.py b/awx_collection/plugins/modules/tower_job_list.py
index ef8d8b3b15..63bd7c6f9a 100644
--- a/awx_collection/plugins/modules/tower_job_list.py
+++ b/awx_collection/plugins/modules/tower_job_list.py
@@ -27,9 +27,11 @@ options:
       description:
         - Only list jobs with this status.
       choices: ['pending', 'waiting', 'running', 'error', 'failed', 'canceled', 'successful']
+      type: str
     page:
       description:
         - Page number of the results to fetch.
+      type: int
     all_pages:
       description:
         - Fetch all the pages and return a single result.
@@ -38,6 +40,7 @@ options:
     query:
       description:
         - Query used to further filter the list of jobs. C({"foo":"bar"}) will be passed at C(?foo=bar)
+      type: dict
 extends_documentation_fragment: awx.awx.auth
 '''
 
diff --git a/awx_collection/plugins/modules/tower_job_template.py b/awx_collection/plugins/modules/tower_job_template.py
index 2600e8884e..c3105f313c 100644
--- a/awx_collection/plugins/modules/tower_job_template.py
+++ b/awx_collection/plugins/modules/tower_job_template.py
@@ -27,50 +27,63 @@ options:
       description:
         - Name to use for the job template.
       required: True
+      type: str
     description:
       description:
         - Description to use for the job template.
+      type: str
     job_type:
       description:
         - The job type to use for the job template.
       required: True
       choices: ["run", "check", "scan"]
+      type: str
     inventory:
       description:
         - Name of the inventory to use for the job template.
+      type: str
     project:
       description:
         - Name of the project to use for the job template.
       required: True
+      type: str
     playbook:
       description:
         - Path to the playbook to use for the job template within the project provided.
       required: True
+      type: str
     credential:
       description:
         - Name of the credential to use for the job template.
       version_added: 2.7
+      type: str
     vault_credential:
       description:
         - Name of the vault credential to use for the job template.
       version_added: 2.7
+      type: str
     forks:
       description:
         - The number of parallel or simultaneous processes to use while executing the playbook.
+      type: int
     limit:
       description:
         - A host pattern to further constrain the list of hosts managed or affected by the playbook
+      type: str
     verbosity:
       description:
         - Control the output level Ansible produces as the playbook runs. 0 - Normal, 1 - Verbose, 2 - More Verbose, 3 - Debug, 4 - Connection Debug.
       choices: [0, 1, 2, 3, 4]
       default: 0
+      type: int
     extra_vars_path:
       description:
         - Path to the C(extra_vars) YAML file.
+      type: path
     job_tags:
       description:
         - Comma separated list of the tags to use for the job template.
+      type: str
     force_handlers_enabled:
       description:
         - Enable forcing playbook handlers to run even if a task fails.
@@ -80,10 +93,12 @@ options:
     skip_tags:
       description:
         - Comma separated list of the tags to skip for the job template.
+      type: str
     start_at_task:
       description:
         - Start the playbook at the task matching this name.
       version_added: 2.7
+      type: str
     diff_mode_enabled:
       description:
         - Enable diff mode for the job template.
@@ -99,6 +114,7 @@ options:
     host_config_key:
       description:
         - Allow provisioning callbacks using this host config key.
+      type: str
     ask_diff_mode:
       description:
         - Prompt user to enable diff mode (show changes) to files when supported by modules.
@@ -171,11 +187,16 @@ options:
       version_added: 2.7
       type: bool
       default: 'no'
+    timeout:
+      description:
+        - Maximum time in seconds to wait for a job to finish (server-side).
+      type: int
     state:
       description:
         - Desired state of the resource.
       default: "present"
       choices: ["present", "absent"]
+      type: str
 extends_documentation_fragment: awx.awx.auth
 notes:
   - JSON for survey_spec can be found in Tower API Documentation. See
diff --git a/awx_collection/plugins/modules/tower_job_wait.py b/awx_collection/plugins/modules/tower_job_wait.py
index 0f0ab806db..c6866db2c8 100644
--- a/awx_collection/plugins/modules/tower_job_wait.py
+++ b/awx_collection/plugins/modules/tower_job_wait.py
@@ -27,17 +27,21 @@ options:
       description:
         - ID of the job to monitor.
       required: True
+      type: int
     min_interval:
       description:
         - Minimum interval in seconds, to request an update from Tower.
       default: 1
+      type: float
     max_interval:
       description:
         - Maximum interval in seconds, to request an update from Tower.
       default: 30
+      type: float
     timeout:
       description:
         - Maximum time in seconds to wait for a job to finish.
+      type: int
 extends_documentation_fragment: awx.awx.auth
 '''
 
diff --git a/awx_collection/plugins/modules/tower_label.py b/awx_collection/plugins/modules/tower_label.py
index 09b3b4b6dd..254d9d4986 100644
--- a/awx_collection/plugins/modules/tower_label.py
+++ b/awx_collection/plugins/modules/tower_label.py
@@ -27,15 +27,18 @@ options:
       description:
         - Name to use for the label.
       required: True
+      type: str
     organization:
       description:
         - Organization the label should be applied to.
       required: True
+      type: str
     state:
       description:
         - Desired state of the resource.
       default: "present"
       choices: ["present", "absent"]
+      type: str
 extends_documentation_fragment: awx.awx.auth
 '''
 
diff --git a/awx_collection/plugins/modules/tower_notification.py b/awx_collection/plugins/modules/tower_notification.py
index eee30a8cd4..b583efc056 100644
--- a/awx_collection/plugins/modules/tower_notification.py
+++ b/awx_collection/plugins/modules/tower_notification.py
@@ -27,35 +27,43 @@ options:
       description:
         - The name of the notification.
       required: True
+      type: str
     description:
       description:
         - The description of the notification.
       required: False
+      type: str
     organization:
       description:
         - The organization the notification belongs to.
       required: False
+      type: str
     notification_type:
       description:
         - The type of notification to be sent.
       required: True
       choices: ["email", "slack", "twilio", "pagerduty", "hipchat", "webhook", "irc"]
+      type: str
     notification_configuration:
       description:
         - The notification configuration file. Note providing this field would disable all notification-configuration-related fields.
       required: False
+      type: str
     username:
       description:
         - The mail server username. Required if I(notification_type=email).
       required: False
+      type: str
     sender:
       description:
         - The sender email address. Required if I(notification_type=email).
       required: False
+      type: str
     recipients:
       description:
         - The recipients email addresses. Required if I(notification_type=email).
       required: False
+      type: list
     use_tls:
       description:
         - The TLS trigger. Required if I(notification_type=email).
@@ -65,6 +73,7 @@ options:
       description:
         - The mail server host. Required if I(notification_type=email).
       required: False
+      type: str
     use_ssl:
       description:
         - The SSL trigger. Required if I(notification_type=email) or if I(notification_type=irc).
@@ -74,10 +83,12 @@ options:
       description:
         - The mail server password. Required if I(notification_type=email) or if I(notification_type=irc).
       required: False
+      type: str
     port:
       description:
         - The mail server port. Required if I(notification_type=email) or if I(notification_type=irc).
       required: False
+      type: int
     channels:
       description:
         - The destination Slack channels. Required if I(notification_type=slack).
@@ -87,47 +98,58 @@ options:
       description:
         - The access token. Required if I(notification_type=slack), if I(notification_type=pagerduty) or if I(notification_type=hipchat).
       required: False
+      type: str
     account_token:
       description:
         - The Twillio account token. Required if I(notification_type=twillio).
       required: False
+      type: str
     from_number:
       description:
         - The source phone number. Required if I(notification_type=twillio).
       required: False
+      type: str
     to_numbers:
       description:
         - The destination phone numbers. Required if I(notification_type=twillio).
       required: False
+      type: list
     account_sid:
       description:
         - The Twillio account SID. Required if I(notification_type=twillio).
       required: False
+      type: str
     subdomain:
       description:
         - The PagerDuty subdomain. Required if I(notification_type=pagerduty).
       required: False
+      type: str
     service_key:
       description:
         - The PagerDuty service/integration API key. Required if I(notification_type=pagerduty).
       required: False
+      type: str
     client_name:
       description:
         - The PagerDuty client identifier. Required if I(notification_type=pagerduty).
       required: False
+      type: str
     message_from:
       description:
         - The label to be shown with the notification. Required if I(notification_type=hipchat).
       required: False
+      type: str
     api_url:
       description:
         - The HipChat API URL. Required if I(notification_type=hipchat).
       required: False
+      type: str
     color:
       description:
         - The notification color. Required if I(notification_type=hipchat).
       required: False
       choices: ["yellow", "green", "red", "purple", "gray", "random"]
+      type: str
     rooms:
       description:
         - HipChat rooms to send the notification to. Required if I(notification_type=hipchat).
@@ -142,18 +164,22 @@ options:
       description:
         - The target URL. Required if I(notification_type=webhook).
       required: False
+      type: str
     headers:
       description:
         - The HTTP headers as JSON string. Required if I(notification_type=webhook).
       required: False
+      type: dict
     server:
       description:
         - The IRC server address. Required if I(notification_type=irc).
       required: False
+      type: str
     nickname:
       description:
         - The IRC nickname. Required if I(notification_type=irc).
       required: False
+      type: str
     targets:
       description:
         - The destination channels or users. Required if I(notification_type=irc).
@@ -164,6 +190,7 @@ options:
         - Desired state of the resource.
       default: "present"
       choices: ["present", "absent"]
+      type: str
 extends_documentation_fragment: awx.awx.auth
 '''
 
diff --git a/awx_collection/plugins/modules/tower_organization.py b/awx_collection/plugins/modules/tower_organization.py
index 7f261e2f1c..cfdbce711d 100644
--- a/awx_collection/plugins/modules/tower_organization.py
+++ b/awx_collection/plugins/modules/tower_organization.py
@@ -27,14 +27,17 @@ options:
       description:
         - Name to use for the organization.
       required: True
+      type: str
     description:
       description:
         - The description to use for the organization.
+      type: str
     state:
       description:
         - Desired state of the resource.
       default: "present"
       choices: ["present", "absent"]
+      type: str
 extends_documentation_fragment: awx.awx.auth
 '''
 
diff --git a/awx_collection/plugins/modules/tower_project.py b/awx_collection/plugins/modules/tower_project.py
index 423f63bb7f..ce18b3ae71 100644
--- a/awx_collection/plugins/modules/tower_project.py
+++ b/awx_collection/plugins/modules/tower_project.py
@@ -27,26 +27,33 @@ options:
       description:
         - Name to use for the project.
       required: True
+      type: str
     description:
       description:
         - Description to use for the project.
+      type: str
     scm_type:
       description:
         - Type of SCM resource.
       choices: ["manual", "git", "hg", "svn"]
       default: "manual"
+      type: str
     scm_url:
       description:
         - URL of SCM resource.
+      type: str
     local_path:
       description:
         - The server playbook directory for manual projects.
+      type: str
     scm_branch:
       description:
         - The branch to use for the SCM resource.
+      type: str
     scm_credential:
       description:
         - Name of the credential to use with this SCM resource.
+      type: str
     scm_clean:
       description:
         - Remove local modifications before updating.
@@ -68,23 +75,28 @@ options:
         - Cache Timeout to cache prior project syncs for a certain number of seconds.
             Only valid if scm_update_on_launch is to True, otherwise ignored.
       default: 0
+      type: int
     job_timeout:
       version_added: "2.8"
       description:
         - The amount of time (in seconds) to run before the SCM Update is canceled. A value of 0 means no timeout.
       default: 0
+      type: int
     custom_virtualenv:
       version_added: "2.8"
       description:
         - Local absolute file path containing a custom Python virtualenv to use
+      type: str
     organization:
       description:
         - Primary key of organization for project.
+      type: str
     state:
       description:
         - Desired state of the resource.
       default: "present"
       choices: ["present", "absent"]
+      type: str
 extends_documentation_fragment: awx.awx.auth
 '''
 
diff --git a/awx_collection/plugins/modules/tower_receive.py b/awx_collection/plugins/modules/tower_receive.py
index 66d45da58f..1e33f7f6a3 100644
--- a/awx_collection/plugins/modules/tower_receive.py
+++ b/awx_collection/plugins/modules/tower_receive.py
@@ -32,46 +32,57 @@ options:
       description:
         - List of organization names to export
       default: []
+      type: list
     user:
       description:
         - List of user names to export
       default: []
+      type: list
     team:
       description:
         - List of team names to export
       default: []
+      type: list
     credential_type:
       description:
         - List of credential type names to export
       default: []
+      type: list
     credential:
       description:
         - List of credential names to export
       default: []
+      type: list
     notification_template:
       description:
         - List of notification template names to export
       default: []
+      type: list
     inventory_script:
       description:
         - List of inventory script names to export
       default: []
+      type: list
     inventory:
       description:
         - List of inventory names to export
       default: []
+      type: list
     project:
       description:
         - List of project names to export
       default: []
+      type: list
     job_template:
       description:
         - List of job template names to export
       default: []
+      type: list
     workflow:
       description:
         - List of workflow names to export
       default: []
+      type: list
 
 requirements:
   - "ansible-tower-cli >= 3.3.0"
diff --git a/awx_collection/plugins/modules/tower_role.py b/awx_collection/plugins/modules/tower_role.py
index 9352827d8b..991bd426bd 100644
--- a/awx_collection/plugins/modules/tower_role.py
+++ b/awx_collection/plugins/modules/tower_role.py
@@ -26,38 +26,48 @@ options:
     user:
       description:
         - User that receives the permissions specified by the role.
+      type: str
     team:
       description:
         - Team that receives the permissions specified by the role.
+      type: str
     role:
       description:
         - The role type to grant/revoke.
       required: True
       choices: ["admin", "read", "member", "execute", "adhoc", "update", "use", "auditor", "project_admin", "inventory_admin", "credential_admin",
                 "workflow_admin", "notification_admin", "job_template_admin"]
+      type: str
     target_team:
       description:
         - Team that the role acts on.
+      type: str
     inventory:
       description:
         - Inventory the role acts on.
+      type: str
     job_template:
       description:
         - The job template the role acts on.
+      type: str
     credential:
       description:
         - Credential the role acts on.
+      type: str
     organization:
       description:
         - Organization the role acts on.
+      type: str
     project:
       description:
         - Project the role acts on.
+      type: str
     state:
       description:
         - Desired state of the resource.
       default: "present"
       choices: ["present", "absent"]
+      type: str
 extends_documentation_fragment: awx.awx.auth
 '''
 
diff --git a/awx_collection/plugins/modules/tower_send.py b/awx_collection/plugins/modules/tower_send.py
index eaa5b9d69f..07334d5589 100644
--- a/awx_collection/plugins/modules/tower_send.py
+++ b/awx_collection/plugins/modules/tower_send.py
@@ -28,16 +28,19 @@ options:
         - The assets to import.
         - This can be the output of tower_receive or loaded from a file
       required: False
+      type: str
     files:
       description:
         - List of files to import.
       required: False
       default: []
+      type: list
     prevent:
       description:
         - A list of asset types to prevent import for
       required: false
       default: []
+      type: list
     password_management:
       description:
         - The password management option to use.
@@ -45,6 +48,7 @@ options:
       required: false
       default: 'default'
       choices: ["default", "random"]
+      type: str
 
 notes:
   - One of assets or files needs to be passed in
diff --git a/awx_collection/plugins/modules/tower_settings.py b/awx_collection/plugins/modules/tower_settings.py
index 8de8c2e6f9..8d0da8ed0d 100644
--- a/awx_collection/plugins/modules/tower_settings.py
+++ b/awx_collection/plugins/modules/tower_settings.py
@@ -27,10 +27,12 @@ options:
       description:
         - Name of setting to modify
       required: True
+      type: str
     value:
       description:
         - Value to be modified for given setting.
       required: True
+      type: str
 extends_documentation_fragment: awx.awx.auth
 '''
 
diff --git a/awx_collection/plugins/modules/tower_team.py b/awx_collection/plugins/modules/tower_team.py
index 165f801b20..80aff36f04 100644
--- a/awx_collection/plugins/modules/tower_team.py
+++ b/awx_collection/plugins/modules/tower_team.py
@@ -27,15 +27,22 @@ options:
       description:
         - Name to use for the team.
       required: True
+      type: str
+    description:
+      description:
+        - The description to use for the team.
+      type: str
     organization:
       description:
         - Organization the team should be made a member of.
       required: True
+      type: str
     state:
       description:
         - Desired state of the resource.
       choices: ["present", "absent"]
       default: "present"
+      type: str
 extends_documentation_fragment: awx.awx.auth
 '''
 
diff --git a/awx_collection/plugins/modules/tower_user.py b/awx_collection/plugins/modules/tower_user.py
index a5fea6d861..87e9e8f9c1 100644
--- a/awx_collection/plugins/modules/tower_user.py
+++ b/awx_collection/plugins/modules/tower_user.py
@@ -27,19 +27,24 @@ options:
       description:
         - The username of the user.
       required: True
+      type: str
     first_name:
       description:
         - First name of the user.
+      type: str
     last_name:
       description:
         - Last name of the user.
+      type: str
     email:
       description:
         - Email address of the user.
       required: True
+      type: str
     password:
       description:
         - Password of the user.
+      type: str
     superuser:
       description:
         - User is a system wide administrator.
@@ -55,6 +60,7 @@ options:
         - Desired state of the resource.
       default: "present"
       choices: ["present", "absent"]
+      type: str
 
 requirements:
   - ansible-tower-cli >= 3.2.0
diff --git a/awx_collection/plugins/modules/tower_workflow_launch.py b/awx_collection/plugins/modules/tower_workflow_launch.py
index 8e0c06d33c..c0bf96fef6 100644
--- a/awx_collection/plugins/modules/tower_workflow_launch.py
+++ b/awx_collection/plugins/modules/tower_workflow_launch.py
@@ -24,10 +24,12 @@ options:
       description:
         - The name of the workflow template to run.
       required: True
+      type: str
     extra_vars:
       description:
         - Any extra vars required to launch the job.
       required: False
+      type: str
     wait:
       description:
         - Wait for the workflow to complete.
@@ -38,6 +40,7 @@ options:
       description:
         - If waiting for the workflow to complete this will abort after this
           amount of seconds
+      type: int
 
 requirements:
   - "python >= 2.6"
diff --git a/awx_collection/plugins/modules/tower_workflow_template.py b/awx_collection/plugins/modules/tower_workflow_template.py
index 3805079d01..56f85850b6 100644
--- a/awx_collection/plugins/modules/tower_workflow_template.py
+++ b/awx_collection/plugins/modules/tower_workflow_template.py
@@ -40,26 +40,32 @@ options:
     description:
       description:
         - The description to use for the workflow.
+      type: str
     extra_vars:
       description:
         - Extra variables used by Ansible in YAML or key=value format.
+      type: str
     inventory:
       description:
         - Name of the inventory to use for the job template.
       version_added: "2.9"
+      type: str
     name:
       description:
         - The name to use for the workflow.
       required: True
+      type: str
     organization:
       description:
         - The organization the workflow is linked to.
+      type: str
     schema:
       description:
         - >
           The schema is a JSON- or YAML-formatted string defining the
           hierarchy structure that connects the nodes. Refer to Tower
           documentation for more information.
+      type: str
     survey_enabled:
       description:
         - Setting that variable will prompt the user for job type on the
@@ -68,11 +74,13 @@ options:
     survey:
       description:
         - The definition of the survey associated to the workflow.
+      type: str
     state:
       description:
         - Desired state of the resource.
       default: "present"
       choices: ["present", "absent"]
+      type: str
 extends_documentation_fragment: awx.awx.auth
 '''
 

From 0434c611f0d6b7644c759bb7ce913bd771cb0051 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Tue, 22 Oct 2019 14:26:56 -0400
Subject: [PATCH 32/57] add release note

---
 awx_collection/README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/awx_collection/README.md b/awx_collection/README.md
index 31fd683c5c..1a1a1e1a62 100644
--- a/awx_collection/README.md
+++ b/awx_collection/README.md
@@ -8,6 +8,17 @@ inside the folder `lib/ansible/modules/web_infrastructure/ansible_tower`
 as well as other folders for the inventory plugin, module utils, and
 doc fragment.
 
+## Release and Upgrade Notes
+
+The release 7.0.0 of the `awx.awx` collection is intended to be identical
+to the content prior to the migration, aside from changes necessary to
+have it function as a collection.
+
+The following notes are changes that may require changes to playbooks.
+
+ - Specifying `inputs` or `injectors` as strings in the
+   `tower_credential_type` module is no longer supported. Provide as dictionaries instead.
+
 ## Running
 
 To use this collection, the "old" tower-cli needs to be installed

From b394862210d4ce42eee95977f2734324aa898480 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Thu, 24 Oct 2019 14:58:55 -0400
Subject: [PATCH 33/57] Ignore import errors due to bugs in Ansible core

---
 .gitignore                                  |  8 ++++----
 awx_collection/tests/sanity/ignore-2.10.txt | 20 ++++++++++++++++++++
 awx_collection/tests/sanity/ignore-2.9.txt  | 20 ++++++++++++++++++++
 3 files changed, 44 insertions(+), 4 deletions(-)
 create mode 100644 awx_collection/tests/sanity/ignore-2.10.txt
 create mode 100644 awx_collection/tests/sanity/ignore-2.9.txt

diff --git a/.gitignore b/.gitignore
index 60d960b66e..ac443e2acd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -135,10 +135,10 @@ use_dev_supervisor.txt
 
 
 # Ansible module tests
-awx_collection_test_venv/
-awx_collection/*.tar.gz
-awx_collection/galaxy.yml
-sanity/
+/awx_collection_test_venv/
+/awx_collection/*.tar.gz
+/awx_collection/galaxy.yml
+/sanity/
 
 .idea/*
 *.unison.tmp
diff --git a/awx_collection/tests/sanity/ignore-2.10.txt b/awx_collection/tests/sanity/ignore-2.10.txt
new file mode 100644
index 0000000000..b97a2b4060
--- /dev/null
+++ b/awx_collection/tests/sanity/ignore-2.10.txt
@@ -0,0 +1,20 @@
+plugins/modules/tower_credential_type.py validate-modules:missing-module-utils-import
+plugins/modules/tower_group.py validate-modules:missing-module-utils-import
+plugins/modules/tower_host.py validate-modules:missing-module-utils-import
+plugins/modules/tower_inventory.py validate-modules:missing-module-utils-import
+plugins/modules/tower_inventory_source.py validate-modules:missing-module-utils-import
+plugins/modules/tower_job_cancel.py validate-modules:missing-module-utils-import
+plugins/modules/tower_job_launch.py validate-modules:missing-module-utils-import
+plugins/modules/tower_job_list.py validate-modules:missing-module-utils-import
+plugins/modules/tower_job_template.py validate-modules:missing-module-utils-import
+plugins/modules/tower_label.py validate-modules:missing-module-utils-import
+plugins/modules/tower_notification.py validate-modules:missing-module-utils-import
+plugins/modules/tower_organization.py validate-modules:missing-module-utils-import
+plugins/modules/tower_project.py validate-modules:missing-module-utils-import
+plugins/modules/tower_receive.py validate-modules:missing-module-utils-import
+plugins/modules/tower_role.py validate-modules:missing-module-utils-import
+plugins/modules/tower_settings.py validate-modules:missing-module-utils-import
+plugins/modules/tower_team.py validate-modules:missing-module-utils-import
+plugins/modules/tower_user.py validate-modules:missing-module-utils-import
+plugins/modules/tower_workflow_launch.py validate-modules:missing-module-utils-import
+plugins/modules/tower_workflow_template.py validate-modules:missing-module-utils-import
\ No newline at end of file
diff --git a/awx_collection/tests/sanity/ignore-2.9.txt b/awx_collection/tests/sanity/ignore-2.9.txt
new file mode 100644
index 0000000000..b97a2b4060
--- /dev/null
+++ b/awx_collection/tests/sanity/ignore-2.9.txt
@@ -0,0 +1,20 @@
+plugins/modules/tower_credential_type.py validate-modules:missing-module-utils-import
+plugins/modules/tower_group.py validate-modules:missing-module-utils-import
+plugins/modules/tower_host.py validate-modules:missing-module-utils-import
+plugins/modules/tower_inventory.py validate-modules:missing-module-utils-import
+plugins/modules/tower_inventory_source.py validate-modules:missing-module-utils-import
+plugins/modules/tower_job_cancel.py validate-modules:missing-module-utils-import
+plugins/modules/tower_job_launch.py validate-modules:missing-module-utils-import
+plugins/modules/tower_job_list.py validate-modules:missing-module-utils-import
+plugins/modules/tower_job_template.py validate-modules:missing-module-utils-import
+plugins/modules/tower_label.py validate-modules:missing-module-utils-import
+plugins/modules/tower_notification.py validate-modules:missing-module-utils-import
+plugins/modules/tower_organization.py validate-modules:missing-module-utils-import
+plugins/modules/tower_project.py validate-modules:missing-module-utils-import
+plugins/modules/tower_receive.py validate-modules:missing-module-utils-import
+plugins/modules/tower_role.py validate-modules:missing-module-utils-import
+plugins/modules/tower_settings.py validate-modules:missing-module-utils-import
+plugins/modules/tower_team.py validate-modules:missing-module-utils-import
+plugins/modules/tower_user.py validate-modules:missing-module-utils-import
+plugins/modules/tower_workflow_launch.py validate-modules:missing-module-utils-import
+plugins/modules/tower_workflow_template.py validate-modules:missing-module-utils-import
\ No newline at end of file

From e40f29092bf6d8c15381afd6dfaaae676a42955c Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Thu, 24 Oct 2019 15:10:38 -0400
Subject: [PATCH 34/57] Fully rely on error ignoring for sanity rel imports

---
 Makefile                                    |  1 -
 awx_collection/make_imports_absolute.yml    | 17 --------------
 awx_collection/tests/sanity/ignore-2.10.txt | 26 ++++++++++++++++++++-
 awx_collection/tests/sanity/ignore-2.9.txt  | 26 ++++++++++++++++++++-
 4 files changed, 50 insertions(+), 20 deletions(-)
 delete mode 100644 awx_collection/make_imports_absolute.yml

diff --git a/Makefile b/Makefile
index 55b65fa2c5..7ce3323339 100644
--- a/Makefile
+++ b/Makefile
@@ -403,7 +403,6 @@ test_collection_sanity:
 	rm -rf sanity
 	mkdir -p sanity/ansible_collections/awx
 	cp -Ra awx_collection sanity/ansible_collections/awx/awx  # symlinks do not work
-	cd sanity/ansible_collections/awx/awx && ansible-playbook -i localhost, make_imports_absolute.yml  # hack because sanity tests do not fully work
 	cd sanity/ansible_collections/awx/awx && git init && git add . # requires both this file structure and a git repo, so there you go
 	cd sanity/ansible_collections/awx/awx && ansible-test sanity --test validate-modules
 
diff --git a/awx_collection/make_imports_absolute.yml b/awx_collection/make_imports_absolute.yml
deleted file mode 100644
index 184019ea2b..0000000000
--- a/awx_collection/make_imports_absolute.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-- hosts: localhost
-  gather_facts: false
-  connection: local
-
-  tasks:
-  - name: Find all module files
-    find:
-      paths: "{{ playbook_dir }}/plugins/modules"
-      patterns: "*.py"
-    register: module_files
-
-  - name: Change module_utils imports to absolute namespace and package names
-    replace:
-      path: "{{ item.path }}"
-      regexp: '^from ..module_utils.ansible_tower'
-      replace: 'from ansible_collections.awx.awx.plugins.module_utils.ansible_tower'
-    with_items: "{{ module_files.files }}"
diff --git a/awx_collection/tests/sanity/ignore-2.10.txt b/awx_collection/tests/sanity/ignore-2.10.txt
index b97a2b4060..4d3942ddf0 100644
--- a/awx_collection/tests/sanity/ignore-2.10.txt
+++ b/awx_collection/tests/sanity/ignore-2.10.txt
@@ -17,4 +17,28 @@ plugins/modules/tower_settings.py validate-modules:missing-module-utils-import
 plugins/modules/tower_team.py validate-modules:missing-module-utils-import
 plugins/modules/tower_user.py validate-modules:missing-module-utils-import
 plugins/modules/tower_workflow_launch.py validate-modules:missing-module-utils-import
-plugins/modules/tower_workflow_template.py validate-modules:missing-module-utils-import
\ No newline at end of file
+plugins/modules/tower_workflow_template.py validate-modules:missing-module-utils-import
+plugins/modules/tower_credential_type.py validate-modules:import-error
+plugins/modules/tower_credential.py validate-modules:import-error
+plugins/modules/tower_group.py validate-modules:import-error
+plugins/modules/tower_host.py validate-modules:import-error
+plugins/modules/tower_inventory.py validate-modules:import-error
+plugins/modules/tower_inventory_source.py validate-modules:import-error
+plugins/modules/tower_job_cancel.py validate-modules:import-error
+plugins/modules/tower_job_launch.py validate-modules:import-error
+plugins/modules/tower_job_list.py validate-modules:import-error
+plugins/modules/tower_job_wait.py validate-modules:import-error
+plugins/modules/tower_job_template.py validate-modules:import-error
+plugins/modules/tower_label.py validate-modules:import-error
+plugins/modules/tower_notification.py validate-modules:import-error
+plugins/modules/tower_organization.py validate-modules:import-error
+plugins/modules/tower_project.py validate-modules:import-error
+plugins/modules/tower_receive.py validate-modules:import-error
+plugins/modules/tower_role.py validate-modules:import-error
+plugins/modules/tower_settings.py validate-modules:import-error
+plugins/modules/tower_send.py validate-modules:import-error
+plugins/modules/tower_team.py validate-modules:import-error
+plugins/modules/tower_user.py validate-modules:import-error
+plugins/modules/tower_workflow_launch.py validate-modules:import-error
+plugins/modules/tower_workflow_template.py validate-modules:import-error
+plugins/modules/tower_workflow_job_template.py validate-modules:import-error
\ No newline at end of file
diff --git a/awx_collection/tests/sanity/ignore-2.9.txt b/awx_collection/tests/sanity/ignore-2.9.txt
index b97a2b4060..4d3942ddf0 100644
--- a/awx_collection/tests/sanity/ignore-2.9.txt
+++ b/awx_collection/tests/sanity/ignore-2.9.txt
@@ -17,4 +17,28 @@ plugins/modules/tower_settings.py validate-modules:missing-module-utils-import
 plugins/modules/tower_team.py validate-modules:missing-module-utils-import
 plugins/modules/tower_user.py validate-modules:missing-module-utils-import
 plugins/modules/tower_workflow_launch.py validate-modules:missing-module-utils-import
-plugins/modules/tower_workflow_template.py validate-modules:missing-module-utils-import
\ No newline at end of file
+plugins/modules/tower_workflow_template.py validate-modules:missing-module-utils-import
+plugins/modules/tower_credential_type.py validate-modules:import-error
+plugins/modules/tower_credential.py validate-modules:import-error
+plugins/modules/tower_group.py validate-modules:import-error
+plugins/modules/tower_host.py validate-modules:import-error
+plugins/modules/tower_inventory.py validate-modules:import-error
+plugins/modules/tower_inventory_source.py validate-modules:import-error
+plugins/modules/tower_job_cancel.py validate-modules:import-error
+plugins/modules/tower_job_launch.py validate-modules:import-error
+plugins/modules/tower_job_list.py validate-modules:import-error
+plugins/modules/tower_job_wait.py validate-modules:import-error
+plugins/modules/tower_job_template.py validate-modules:import-error
+plugins/modules/tower_label.py validate-modules:import-error
+plugins/modules/tower_notification.py validate-modules:import-error
+plugins/modules/tower_organization.py validate-modules:import-error
+plugins/modules/tower_project.py validate-modules:import-error
+plugins/modules/tower_receive.py validate-modules:import-error
+plugins/modules/tower_role.py validate-modules:import-error
+plugins/modules/tower_settings.py validate-modules:import-error
+plugins/modules/tower_send.py validate-modules:import-error
+plugins/modules/tower_team.py validate-modules:import-error
+plugins/modules/tower_user.py validate-modules:import-error
+plugins/modules/tower_workflow_launch.py validate-modules:import-error
+plugins/modules/tower_workflow_template.py validate-modules:import-error
+plugins/modules/tower_workflow_job_template.py validate-modules:import-error
\ No newline at end of file

From 95ab5327c3b3b77930dba213930c964e77c5b9bf Mon Sep 17 00:00:00 2001
From: Rebeccah <rhunter@redhat.com>
Date: Fri, 25 Oct 2019 09:01:34 -0400
Subject: [PATCH 35/57] added in check to see if the the current check has an
 instance or not to prevent nonetype errors

---
 awx/api/serializers.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 00a90b2653..3c3fcf41b6 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -4801,17 +4801,17 @@ class InstanceGroupSerializer(BaseSerializer):
                 raise serializers.ValidationError(_('Isolated instances may not be added or removed from instances groups via the API.'))
             if self.instance and self.instance.controller_id is not None:
                 raise serializers.ValidationError(_('Isolated instance group membership may not be managed via the API.'))
-        if value and self.instance.is_containerized:
+        if value and self.instance and self.instance.is_containerized:
             raise serializers.ValidationError(_('Containerized instances may not be managed via the API'))
         return value
 
     def validate_policy_instance_percentage(self, value):
-        if value and self.instance.is_containerized:
+        if value and self.instance and self.instance.is_containerized:
             raise serializers.ValidationError(_('Containerized instances may not be managed via the API'))
         return value
 
     def validate_policy_instance_minimum(self, value):
-        if value and self.instance.is_containerized:
+        if value and self.instance self.instance.is_containerized:
             raise serializers.ValidationError(_('Containerized instances may not be managed via the API'))
         return value
 

From b51b1a959fb2d6b1e7b906477ef1ff72b6b687a9 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Fri, 25 Oct 2019 10:20:18 -0400
Subject: [PATCH 36/57] fix a syntax error

whoopsie
---
 awx/api/serializers.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 3c3fcf41b6..a3d8d43306 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -4811,7 +4811,7 @@ class InstanceGroupSerializer(BaseSerializer):
         return value
 
     def validate_policy_instance_minimum(self, value):
-        if value and self.instance self.instance.is_containerized:
+        if value and self.instance and self.instance.is_containerized:
             raise serializers.ValidationError(_('Containerized instances may not be managed via the API'))
         return value
 

From 634550fb0b9620056feb91a798f90bb1a6c161d2 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Fri, 25 Oct 2019 12:23:10 -0400
Subject: [PATCH 37/57] pin to runner==1.4.4

---
 requirements/requirements.in  | 2 +-
 requirements/requirements.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/requirements.in b/requirements/requirements.in
index b0e83528bd..e26d228bd4 100644
--- a/requirements/requirements.in
+++ b/requirements/requirements.in
@@ -1,4 +1,4 @@
-ansible-runner==1.4.2
+ansible-runner==1.4.4
 appdirs==1.4.2
 asgi-amqp==1.1.3
 azure-keyvault==1.1.0
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index 99778135c2..89d1ef12ac 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -1,6 +1,6 @@
 adal==1.2.1               # via msrestazure
 amqp==2.4.2               # via kombu
-ansible-runner==1.4.2
+ansible-runner==1.4.4
 appdirs==1.4.2
 argparse==1.4.0           # via uwsgitop
 asgi-amqp==1.1.3

From 678ce81487da4a19e7037d9f8cc53ef09f0b1163 Mon Sep 17 00:00:00 2001
From: Rebeccah <rhunter@redhat.com>
Date: Fri, 25 Oct 2019 14:14:14 -0400
Subject: [PATCH 38/57] pinning pytest-mock to version 1.11.1

---
 requirements/requirements_dev.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements/requirements_dev.txt b/requirements/requirements_dev.txt
index 59a7c5837a..635862432c 100644
--- a/requirements/requirements_dev.txt
+++ b/requirements/requirements_dev.txt
@@ -11,7 +11,7 @@ pytest==3.6.0
 pytest-cov
 pytest-django
 pytest-pythonpath
-pytest-mock
+pytest-mock==1.11.1
 pytest-timeout
 pytest-xdist<1.28.0
 tox  # for awxkit

From 841975d72bd61a4b918d9a7becb7d7a04488ac0b Mon Sep 17 00:00:00 2001
From: Jake McDermott <yo@jakemcdermott.me>
Date: Fri, 25 Oct 2019 16:11:07 -0400
Subject: [PATCH 39/57] Scrape tag input state from dom and put it in vm

The tag input state lives somewhere in the associated select2 widgetry
and isn't directly tied to the vm like it is for the other inputs.
---
 .../src/templates/prompt/prompt.controller.js | 48 +++++++++++++++++++
 .../preview/prompt-preview.controller.js      | 21 --------
 2 files changed, 48 insertions(+), 21 deletions(-)

diff --git a/awx/ui/client/src/templates/prompt/prompt.controller.js b/awx/ui/client/src/templates/prompt/prompt.controller.js
index cf92af6258..53a8370a0c 100644
--- a/awx/ui/client/src/templates/prompt/prompt.controller.js
+++ b/awx/ui/client/src/templates/prompt/prompt.controller.js
@@ -233,6 +233,38 @@ export default [ 'ProcessErrors', 'CredentialTypeModel', 'TemplatesStrings', '$f
             }, true);
         };
 
+        function getSelectedTags(tagId) {
+            const selectedTags = [];
+            const choiceElements = $(tagId).siblings(".select2").first()
+                .find(".select2-selection__choice");
+            choiceElements.each((index, option) => {
+                selectedTags.push({
+                    value: option.title,
+                    name: option.title,
+                    label: option.title
+                });
+            });
+            return selectedTags;
+        }
+
+        function consolidateTags (tags, otherTags) {
+            const seen = [];
+            const consolidated = [];
+            tags.forEach(tag => {
+                if (!seen.includes(tag.value)) {
+                    seen.push(tag.value);
+                    consolidated.push(tag);
+                }
+            });
+            otherTags.forEach(tag => {
+                if (!seen.includes(tag.value)) {
+                    seen.push(tag.value);
+                    consolidated.push(tag);
+                }
+            });
+            return consolidated;
+        }
+
         vm.next = (currentTab) => {
             if(_.has(vm, 'steps.other_prompts.tab._active') && vm.steps.other_prompts.tab._active === true){
                 try {
@@ -243,6 +275,22 @@ export default [ 'ProcessErrors', 'CredentialTypeModel', 'TemplatesStrings', '$f
                     event.preventDefault();
                     return;
                 }
+
+                // The current tag input state lives somewhere in the associated select2
+                // widgetry and isn't directly tied to the vm, so extract the tag values
+                // and update the vm to keep it in sync.
+                if (vm.promptDataClone.launchConf.ask_tags_on_launch) {
+                    vm.promptDataClone.prompts.tags.value = consolidateTags(
+                        angular.copy(vm.promptDataClone.prompts.tags.value),
+                        getSelectedTags("#job_launch_job_tags")
+                    );
+                }
+                if (vm.promptDataClone.launchConf.ask_skip_tags_on_launch) {
+                    vm.promptDataClone.prompts.skipTags.value = consolidateTags(
+                        angular.copy(vm.promptDataClone.prompts.skipTags.value),
+                        getSelectedTags("#job_launch_skip_tags")
+                    );
+                }
             }
 
             let nextStep;
diff --git a/awx/ui/client/src/templates/prompt/steps/preview/prompt-preview.controller.js b/awx/ui/client/src/templates/prompt/steps/preview/prompt-preview.controller.js
index 0895994041..94c5dd8b9f 100644
--- a/awx/ui/client/src/templates/prompt/steps/preview/prompt-preview.controller.js
+++ b/awx/ui/client/src/templates/prompt/steps/preview/prompt-preview.controller.js
@@ -12,19 +12,6 @@ export default
 
             let scope;
 
-            let consolidateTags = (tagModel, tagId) => {
-                let tags = angular.copy(tagModel);
-                $(tagId).siblings(".select2").first().find(".select2-selection__choice").each((optionIndex, option) => {
-                    tags.push({
-                        value: option.title,
-                        name: option.title,
-                        label: option.title
-                    });
-                });
-
-                return [...tags.reduce((map, tag) => map.has(tag.value) ? map : map.set(tag.value, tag), new Map()).values()];
-            };
-
             vm.init = (_scope_) => {
                 scope = _scope_;
 
@@ -35,14 +22,6 @@ export default
 
                 const surveyPasswords = {};
 
-                if (scope.promptData.launchConf.ask_tags_on_launch) {
-                    scope.promptData.prompts.tags.value = consolidateTags(scope.promptData.prompts.tags.value, "#job_launch_job_tags");
-                }
-
-                if (scope.promptData.launchConf.ask_skip_tags_on_launch) {
-                    scope.promptData.prompts.skipTags.value = consolidateTags(scope.promptData.prompts.skipTags.value, "#job_launch_skip_tags");
-                }
-
                 if (scope.promptData.launchConf.survey_enabled){
                     scope.promptData.extraVars = ToJSON(scope.parseType, scope.promptData.prompts.variables.value, false);
                     scope.promptData.surveyQuestions.forEach(surveyQuestion => {

From b3af64d66f9408181e090e6cd3182446506d516a Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Fri, 25 Oct 2019 21:16:11 -0400
Subject: [PATCH 40/57] work around a bug in the k8s client that leaves trash
 in /tmp

---
 awx/main/dispatch/worker/task.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/awx/main/dispatch/worker/task.py b/awx/main/dispatch/worker/task.py
index d3817fa196..7e7437d445 100644
--- a/awx/main/dispatch/worker/task.py
+++ b/awx/main/dispatch/worker/task.py
@@ -4,6 +4,7 @@ import importlib
 import sys
 import traceback
 
+from kubernetes.config import kube_config
 
 from awx.main.tasks import dispatch_startup, inform_cluster_of_shutdown
 
@@ -107,6 +108,14 @@ class TaskWorker(BaseWorker):
             for callback in body.get('errbacks', []) or []:
                 callback['uuid'] = body['uuid']
                 self.perform_work(callback)
+        finally:
+            # It's frustrating that we have to do this, but the python k8s
+            # client leaves behind cacert files in /tmp, so we must clean up
+            # the tmpdir per-dispatcher process every time a new task comes in
+            try:
+                kube_config._cleanup_temp_files()
+            except Exception:
+                logger.exception('failed to cleanup k8s client tmp files')
 
         for callback in body.get('callbacks', []) or []:
             callback['uuid'] = body['uuid']

From 3cab73c57474bdb26bfb3894fa595211b3ef5129 Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Mon, 28 Oct 2019 09:58:00 -0400
Subject: [PATCH 41/57] Add tests for AWX collection credential fixes (#3893)

---
 awx/main/tests/functional/api/test_generic.py |  7 ++
 awx/main/tests/functional/conftest.py         | 13 +++-
 awx_collection/README.md                      | 19 +++++
 awx_collection/test/awx/test_job_template.py  |  1 -
 awx_collection/test/awx/test_send_receive.py  | 72 +++++++++++++++++++
 5 files changed, 109 insertions(+), 3 deletions(-)
 create mode 100644 awx_collection/test/awx/test_send_receive.py

diff --git a/awx/main/tests/functional/api/test_generic.py b/awx/main/tests/functional/api/test_generic.py
index e956475e2d..c6fe7ca188 100644
--- a/awx/main/tests/functional/api/test_generic.py
+++ b/awx/main/tests/functional/api/test_generic.py
@@ -117,3 +117,10 @@ def test_handle_content_type(post, admin):
          admin,
          content_type='text/html',
          expect=415)
+
+
+@pytest.mark.django_db
+def test_basic_not_found(get, admin_user):
+    root_url = reverse('api:api_v2_root_view')
+    r = get(root_url + 'fooooooo', user=admin_user, expect=404)
+    assert r.data.get('detail') == 'The requested resource could not be found.'
diff --git a/awx/main/tests/functional/conftest.py b/awx/main/tests/functional/conftest.py
index d8ae10f902..ee44aad84a 100644
--- a/awx/main/tests/functional/conftest.py
+++ b/awx/main/tests/functional/conftest.py
@@ -8,6 +8,8 @@ from unittest.mock import PropertyMock
 
 # Django
 from django.urls import resolve
+from django.http import Http404
+from django.core.handlers.exception import response_for_exception
 from django.contrib.auth.models import User
 from django.core.serializers.json import DjangoJSONEncoder
 from django.db.backends.sqlite3.base import SQLiteCursorWrapper
@@ -581,8 +583,12 @@ def _request(verb):
         if 'format' not in kwargs and 'content_type' not in kwargs:
             kwargs['format'] = 'json'
 
-        view, view_args, view_kwargs = resolve(urllib.parse.urlparse(url)[2])
         request = getattr(APIRequestFactory(), verb)(url, **kwargs)
+        request_error = None
+        try:
+            view, view_args, view_kwargs = resolve(urllib.parse.urlparse(url)[2])
+        except Http404 as e:
+            request_error = e
         if isinstance(kwargs.get('cookies', None), dict):
             for key, value in kwargs['cookies'].items():
                 request.COOKIES[key] = value
@@ -591,7 +597,10 @@ def _request(verb):
         if user:
             force_authenticate(request, user=user)
 
-        response = view(request, *view_args, **view_kwargs)
+        if not request_error:
+            response = view(request, *view_args, **view_kwargs)
+        else:
+            response = response_for_exception(request, request_error)
         if middleware:
             middleware.process_response(request, response)
         if expect:
diff --git a/awx_collection/README.md b/awx_collection/README.md
index 1a1a1e1a62..2340ed4336 100644
--- a/awx_collection/README.md
+++ b/awx_collection/README.md
@@ -40,6 +40,8 @@ in `awx_collection/test/awx`. These tests require that python packages
 are available for all of `awx`, `ansible`, `tower_cli`, and the collection
 itself.
 
+### Inside Development Container
+
 The target `make prepare_collection_venv` will prepare some requirements
 in the `awx_collection_test_venv` folder so that `make test_collection` can
 be ran to actually run the tests. A single test can be ran via:
@@ -48,6 +50,23 @@ be ran to actually run the tests. A single test can be ran via:
 make test_collection COLLECTION_TEST_DIRS=awx_collection/test/awx/test_organization.py
 ```
 
+### Manually
+
+As a faster alternative if you do not want to use the container, or
+run against Ansible or tower-cli source, it is possible to set up a
+working environment yourself.
+
+```
+mkvirtualenv my_new_venv
+# may need to replace psycopg2 with psycopg2-binary in requirements/requirements.txt
+pip install -r requirements/requirements.txt -r requirements/requirements_dev.txt -r requirements/requirements_git.txt
+make clean-api
+pip install -e <path to your Ansible>
+pip install -e <path to your tower-cli>
+pip install -e .
+PYTHONPATH=awx_collection:$PYTHONPATH py.test awx_collection/test/awx/
+```
+
 ## Building
 
 The build target `make build_collection` will template out a `galaxy.yml` file
diff --git a/awx_collection/test/awx/test_job_template.py b/awx_collection/test/awx/test_job_template.py
index e5ecfeb793..9c5764b61c 100644
--- a/awx_collection/test/awx/test_job_template.py
+++ b/awx_collection/test/awx/test_job_template.py
@@ -32,7 +32,6 @@ def test_create_job_template(run_module, admin_user, project, inventory):
 
 
 @pytest.mark.django_db
-@pytest.mark.xfail(reason='Known limitation and needs to be fixed.')
 def test_create_job_template_with_old_machine_cred(run_module, admin_user, project, inventory, machine_credential):
 
     module_args = {
diff --git a/awx_collection/test/awx/test_send_receive.py b/awx_collection/test/awx/test_send_receive.py
new file mode 100644
index 0000000000..67ced22833
--- /dev/null
+++ b/awx_collection/test/awx/test_send_receive.py
@@ -0,0 +1,72 @@
+import pytest
+import json
+
+from awx.main.models import (
+    Organization,
+    Project,
+    Inventory,
+    Host,
+    CredentialType,
+    Credential,
+    JobTemplate
+)
+
+
+@pytest.mark.django_db
+def test_receive_send_jt(run_module, admin_user, mocker):
+    org = Organization.objects.create(name='SRtest')
+    proj = Project.objects.create(
+        name='SRtest',
+        playbook_files=['debug.yml'],
+        scm_type='git',
+        scm_url='https://github.com/ansible/test-playbooks.git',
+        organization=org,
+        allow_override=True  # so we do not require playbooks populated
+    )
+    inv = Inventory.objects.create(name='SRtest', organization=org)
+    Host.objects.create(name='SRtest', inventory=inv)
+    ct = CredentialType.defaults['ssh']()
+    ct.save()
+    cred = Credential.objects.create(
+        name='SRtest',
+        credential_type=ct,
+        organization=org
+    )
+    jt = JobTemplate.objects.create(
+        name='SRtest',
+        project=proj,
+        inventory=inv,
+        playbook='helloworld.yml'
+    )
+    jt.credentials.add(cred)
+    jt.admin_role.members.add(admin_user)  # work around send/receive bug
+
+    # receive everything
+    result = run_module('tower_receive', dict(all=True), admin_user)
+
+    assert 'assets' in result, result
+    assets = result['assets']
+    assert not result.get('changed', True)
+    assert set(a['asset_type'] for a in assets) == set((
+        'organization', 'inventory', 'job_template', 'credential', 'project',
+        'user'
+    ))
+
+    # delete everything
+    for obj in (jt, inv, proj, cred, org):
+        obj.delete()
+
+    def fake_wait(self, pk, parent_pk=None, **kwargs):
+        return {"changed": True}
+
+    # recreate everything
+    with mocker.patch('sys.stdin.isatty', return_value=True):
+        with mocker.patch('tower_cli.models.base.MonitorableResource.wait'):
+            result = run_module('tower_send', dict(assets=json.dumps(assets)), admin_user)
+
+    assert not result.get('failed'), result
+
+    new = JobTemplate.objects.get(name='SRtest')
+    assert new.project.name == 'SRtest'
+    assert new.inventory.name == 'SRtest'
+    assert [cred.name for cred in new.credentials.all()] == ['SRtest']

From 91afa88b4448b779ee5374e49a3353f0cf3c200a Mon Sep 17 00:00:00 2001
From: Jake McDermott <yo@jakemcdermott.me>
Date: Mon, 28 Oct 2019 11:28:57 -0400
Subject: [PATCH 42/57] Improve accuracy of code comment

---
 awx/ui/client/features/output/render.service.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/awx/ui/client/features/output/render.service.js b/awx/ui/client/features/output/render.service.js
index 3dad042aa4..437dec589a 100644
--- a/awx/ui/client/features/output/render.service.js
+++ b/awx/ui/client/features/output/render.service.js
@@ -213,8 +213,8 @@ function JobRenderService ($q, $compile, $sce, $window) {
         const record = this.createRecord(event, lines);
 
         if (lines.length === 1 && lines[0] === '') {
-            // Some events, mainly runner_on_start events, have an actual line count of 1
-            // (stdout = '') and a claimed line count of 0 (end_line - start_line = 0).
+            // runner_on_start, runner_on_ok, and a few other events have an actual line count
+            // of 1 (stdout = '') and a claimed line count of 0 (end_line - start_line = 0).
             // Since a zero-length string has an actual line count of 1, they'll still get
             // rendered as blank lines unless we intercept them and add some special
             // handling to remove them.

From b48815d2bbbf6d945c70a616ee4ba7c8fac06cea Mon Sep 17 00:00:00 2001
From: Jeff Bradberry <jeff.bradberry@gmail.com>
Date: Mon, 28 Oct 2019 12:51:14 -0400
Subject: [PATCH 43/57] Add the no_truncate parameter to the job and adhoc
 event sublist views

which are the ones that the CLI actually uses.
---
 awx/api/views/__init__.py                    | 24 +++--------
 awx/api/views/mixin.py                       |  8 ++++
 awx/main/tests/functional/api/test_events.py | 45 ++++++++++++++++++++
 3 files changed, 59 insertions(+), 18 deletions(-)
 create mode 100644 awx/main/tests/functional/api/test_events.py

diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py
index dd31948acf..9d0e19b95e 100644
--- a/awx/api/views/__init__.py
+++ b/awx/api/views/__init__.py
@@ -102,7 +102,7 @@ from awx.main.scheduler.dag_workflow import WorkflowDAG
 from awx.api.views.mixin import (
     ControlledByScmMixin, InstanceGroupMembershipMixin,
     OrganizationCountsMixin, RelatedJobsPreventDeleteMixin,
-    UnifiedJobDeletionMixin,
+    UnifiedJobDeletionMixin, NoTruncateMixin,
 )
 from awx.api.views.organization import ( # noqa
     OrganizationList,
@@ -3785,18 +3785,12 @@ class JobHostSummaryDetail(RetrieveAPIView):
     serializer_class = serializers.JobHostSummarySerializer
 
 
-class JobEventList(ListAPIView):
+class JobEventList(NoTruncateMixin, ListAPIView):
 
     model = models.JobEvent
     serializer_class = serializers.JobEventSerializer
     search_fields = ('stdout',)
 
-    def get_serializer_context(self):
-        context = super().get_serializer_context()
-        if self.request.query_params.get('no_truncate'):
-            context.update(no_truncate=True)
-        return context
-
 
 class JobEventDetail(RetrieveAPIView):
 
@@ -3809,7 +3803,7 @@ class JobEventDetail(RetrieveAPIView):
         return context
 
 
-class JobEventChildrenList(SubListAPIView):
+class JobEventChildrenList(NoTruncateMixin, SubListAPIView):
 
     model = models.JobEvent
     serializer_class = serializers.JobEventSerializer
@@ -3834,7 +3828,7 @@ class JobEventHostsList(HostRelatedSearchMixin, SubListAPIView):
     name = _('Job Event Hosts List')
 
 
-class BaseJobEventsList(SubListAPIView):
+class BaseJobEventsList(NoTruncateMixin, SubListAPIView):
 
     model = models.JobEvent
     serializer_class = serializers.JobEventSerializer
@@ -4030,18 +4024,12 @@ class AdHocCommandRelaunch(GenericAPIView):
             return Response(data, status=status.HTTP_201_CREATED, headers=headers)
 
 
-class AdHocCommandEventList(ListAPIView):
+class AdHocCommandEventList(NoTruncateMixin, ListAPIView):
 
     model = models.AdHocCommandEvent
     serializer_class = serializers.AdHocCommandEventSerializer
     search_fields = ('stdout',)
 
-    def get_serializer_context(self):
-        context = super().get_serializer_context()
-        if self.request.query_params.get('no_truncate'):
-            context.update(no_truncate=True)
-        return context
-
 
 class AdHocCommandEventDetail(RetrieveAPIView):
 
@@ -4054,7 +4042,7 @@ class AdHocCommandEventDetail(RetrieveAPIView):
         return context
 
 
-class BaseAdHocCommandEventsList(SubListAPIView):
+class BaseAdHocCommandEventsList(NoTruncateMixin, SubListAPIView):
 
     model = models.AdHocCommandEvent
     serializer_class = serializers.AdHocCommandEventSerializer
diff --git a/awx/api/views/mixin.py b/awx/api/views/mixin.py
index 546b7090f2..e7d4959dfc 100644
--- a/awx/api/views/mixin.py
+++ b/awx/api/views/mixin.py
@@ -270,3 +270,11 @@ class ControlledByScmMixin(object):
         obj = super(ControlledByScmMixin, self).get_parent_object()
         self._reset_inv_src_rev(obj)
         return obj
+
+
+class NoTruncateMixin(object):
+    def get_serializer_context(self):
+        context = super().get_serializer_context()
+        if self.request.query_params.get('no_truncate'):
+            context.update(no_truncate=True)
+        return context
diff --git a/awx/main/tests/functional/api/test_events.py b/awx/main/tests/functional/api/test_events.py
new file mode 100644
index 0000000000..00b5459eaf
--- /dev/null
+++ b/awx/main/tests/functional/api/test_events.py
@@ -0,0 +1,45 @@
+import pytest
+
+from awx.api.versioning import reverse
+from awx.main.models import AdHocCommand, AdHocCommandEvent, JobEvent
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize('truncate, expected', [
+    (True, False),
+    (False, True),
+])
+def test_job_events_sublist_truncation(get, organization_factory, job_template_factory, truncate, expected):
+    objs = organization_factory("org", superusers=['admin'])
+    jt = job_template_factory("jt", organization=objs.organization,
+                              inventory='test_inv', project='test_proj').job_template
+    job = jt.create_unified_job()
+    JobEvent.create_from_data(job_id=job.pk, uuid='abc123', event='runner_on_start',
+                              stdout='a' * 1025)
+
+    url = reverse('api:job_job_events_list', kwargs={'pk': job.pk})
+    if not truncate:
+        url += '?no_truncate=1'
+
+    response = get(url, user=objs.superusers.admin, expect=200)
+    assert (len(response.data['results'][0]['stdout']) == 1025) == expected
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize('truncate, expected', [
+    (True, False),
+    (False, True),
+])
+def test_ad_hoc_events_sublist_truncation(get, organization_factory, job_template_factory, truncate, expected):
+    objs = organization_factory("org", superusers=['admin'])
+    adhoc = AdHocCommand()
+    adhoc.save()
+    AdHocCommandEvent.create_from_data(ad_hoc_command_id=adhoc.pk, uuid='abc123', event='runner_on_start',
+                                       stdout='a' * 1025)
+
+    url = reverse('api:ad_hoc_command_ad_hoc_command_events_list', kwargs={'pk': adhoc.pk})
+    if not truncate:
+        url += '?no_truncate=1'
+
+    response = get(url, user=objs.superusers.admin, expect=200)
+    assert (len(response.data['results'][0]['stdout']) == 1025) == expected

From 871d87374b4b7a35e7677fd6d8b69a605d5bd921 Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Thu, 31 Oct 2019 22:56:48 -0400
Subject: [PATCH 44/57] Only turn off Galaxy cert verification via toggle
 (#3933)

---
 awx/main/conf.py         | 11 +++++++++++
 awx/main/tasks.py        |  3 ++-
 awx/settings/defaults.py |  3 +++
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/awx/main/conf.py b/awx/main/conf.py
index f63fee564f..ba84d53e1c 100644
--- a/awx/main/conf.py
+++ b/awx/main/conf.py
@@ -523,6 +523,17 @@ register(
     category_slug='jobs'
 )
 
+register(
+    'GALAXY_IGNORE_CERTS',
+    field_class=fields.BooleanField,
+    default=False,
+    label=_('Ignore Ansible Galaxy SSL Certificate Verification'),
+    help_text=_('If set to true, certificate validation will not be done when'
+                'installing content from any Galaxy server.'),
+    category=_('Jobs'),
+    category_slug='jobs'
+)
+
 register(
     'STDOUT_MAX_BYTES_DISPLAY',
     field_class=fields.IntegerField,
diff --git a/awx/main/tasks.py b/awx/main/tasks.py
index 8e0149648a..7429f8f458 100644
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@@ -1957,7 +1957,8 @@ class RunProjectUpdate(BaseTask):
         env['TMP'] = settings.AWX_PROOT_BASE_PATH
         env['PROJECT_UPDATE_ID'] = str(project_update.pk)
         env['ANSIBLE_CALLBACK_PLUGINS'] = self.get_path_to('..', 'plugins', 'callback')
-        env['ANSIBLE_GALAXY_IGNORE'] = True
+        if settings.GALAXY_IGNORE_CERTS:
+            env['ANSIBLE_GALAXY_IGNORE'] = True
         # Set up the public Galaxy server, if enabled
         if settings.PUBLIC_GALAXY_ENABLED:
             galaxy_servers = [settings.PUBLIC_GALAXY_SERVER]
diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index ab8a5492e8..617ac2e440 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -643,6 +643,9 @@ PUBLIC_GALAXY_SERVER = {
     'url': 'https://galaxy.ansible.com'
 }
 
+# Applies to any galaxy server
+GALAXY_IGNORE_CERTS = False
+
 # List of dicts of fallback (additional) Galaxy servers.  If configured, these
 # will be higher precedence than public Galaxy, but lower than primary Galaxy.
 # Available options: 'id', 'url', 'username', 'password', 'token', 'auth_url'

From 458ca6940540ff52b8f3c9559a0b7e039775af43 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Mon, 4 Nov 2019 11:23:28 -0500
Subject: [PATCH 45/57] fix a bug that broken custom approval notification
 messages

---
 awx/main/models/notifications.py                              | 4 ++++
 awx/ui/client/src/notifications/notificationTemplates.form.js | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/awx/main/models/notifications.py b/awx/main/models/notifications.py
index 9163e57e92..26ff15580f 100644
--- a/awx/main/models/notifications.py
+++ b/awx/main/models/notifications.py
@@ -269,6 +269,7 @@ class JobNotificationMixin(object):
                             'timeout', 'use_fact_cache', 'launch_type', 'status', 'failed', 'started', 'finished',
                             'elapsed', 'job_explanation', 'execution_node', 'controller_node', 'allow_simultaneous',
                             'scm_revision', 'diff_mode', 'job_slice_number', 'job_slice_count', 'custom_virtualenv',
+                            'approval_status', 'approval_node_name', 'workflow_url',
                             {'host_status_counts': ['skipped', 'ok', 'changed', 'failures', 'dark']},
                             {'playbook_counts': ['play_count', 'task_count']},
                             {'summary_fields': [{'inventory': ['id', 'name', 'description', 'has_active_failures',
@@ -366,6 +367,9 @@ class JobNotificationMixin(object):
                            'verbosity': 0},
                    'job_friendly_name': 'Job',
                    'url': 'https://towerhost/#/jobs/playbook/1010',
+                   'approval_status': 'approved',
+                   'approval_node_name': 'Approve Me',
+                   'workflow_url': 'https://towerhost/#/workflows/1010',
                    'job_metadata': """{'url': 'https://towerhost/$/jobs/playbook/13',
  'traceback': '',
  'status': 'running',
diff --git a/awx/ui/client/src/notifications/notificationTemplates.form.js b/awx/ui/client/src/notifications/notificationTemplates.form.js
index 92ad403101..29f1764a72 100644
--- a/awx/ui/client/src/notifications/notificationTemplates.form.js
+++ b/awx/ui/client/src/notifications/notificationTemplates.form.js
@@ -598,7 +598,7 @@ export default ['i18n', function(i18n) {
                     '<code ng-non-bindable>{{ url }}</code>, or attributes of the job such as ' +
                     '<code ng-non-bindable>{{ job.status }}</code>. You may apply a number of possible ' +
                     'variables in the message. Refer to the ' +
-                    '<a href="https://docs.ansible.com/ansible-tower/latest/html/userguide/notifications.html#create-a-notification-template" ' +
+                    '<a href="https://docs.ansible.com/ansible-tower/latest/html/userguide/notifications.html#create-custom-notifications" ' +
                     'target="_blank">Ansible Tower documentation</a> for more details.'),
                 closeable: false
             },

From a15bf9ee415466bd7a0a49337364b9fb5dc9c33f Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Thu, 14 Nov 2019 12:37:45 -0500
Subject: [PATCH 46/57] fix a few bugs related to container group execution

see: https://github.com/ansible/awx/issues/5326
---
 awx/main/scheduler/kubernetes.py   |  2 +-
 awx/main/scheduler/task_manager.py | 23 ++++++++++++++---------
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/awx/main/scheduler/kubernetes.py b/awx/main/scheduler/kubernetes.py
index 68a95e2fc2..862cfd3f04 100644
--- a/awx/main/scheduler/kubernetes.py
+++ b/awx/main/scheduler/kubernetes.py
@@ -173,7 +173,7 @@ def generate_tmp_kube_config(credential, namespace):
         "current-context": host_input
     }
 
-    if credential.get_input('verify_ssl'):
+    if credential.get_input('verify_ssl') and 'ssl_ca_cert' in credential.inputs:
         config["clusters"][0]["cluster"]["certificate-authority-data"] = b64encode(
             credential.get_input('ssl_ca_cert').encode() # encode to bytes
         ).decode() # decode the base64 data into a str
diff --git a/awx/main/scheduler/task_manager.py b/awx/main/scheduler/task_manager.py
index e7ffb21487..32e8a7defb 100644
--- a/awx/main/scheduler/task_manager.py
+++ b/awx/main/scheduler/task_manager.py
@@ -258,19 +258,24 @@ class TaskManager():
                 for group in InstanceGroup.objects.all():
                     if group.is_containerized or group.controller_id:
                         continue
-                    match = group.find_largest_idle_instance()
+                    match = group.fit_task_to_most_remaining_capacity_instance(task)
                     if match:
                         break
                 task.instance_group = rampart_group
-                if task.supports_isolation():
-                    task.controller_node = match.hostname
+                if match is None:
+                    logger.warn(
+                        'No available capacity to run containerized <{}>.'.format(task.log_format)
+                    )
                 else:
-                    # project updates and inventory updates don't *actually* run in pods,
-                    # so just pick *any* non-isolated, non-containerized host and use it
-                    # as the execution node
-                    task.execution_node = match.hostname
-                    logger.debug('Submitting containerized {} to queue {}.'.format(
-                                 task.log_format, task.execution_node))
+                    if task.supports_isolation():
+                        task.controller_node = match.hostname
+                    else:
+                        # project updates and inventory updates don't *actually* run in pods,
+                        # so just pick *any* non-isolated, non-containerized host and use it
+                        # as the execution node
+                        task.execution_node = match.hostname
+                        logger.debug('Submitting containerized {} to queue {}.'.format(
+                                     task.log_format, task.execution_node))
             else:
                 task.instance_group = rampart_group
                 if instance is not None:

From bcbad06c1042d4cc7781b5a6605c0e6133aada93 Mon Sep 17 00:00:00 2001
From: Mathieu Mallet <mathieu.mallet1_ext@michelin.com>
Date: Mon, 26 Aug 2019 17:12:41 +0200
Subject: [PATCH 47/57] tower_credential: Missing 'kind' attribute (#61324)

In the 'tower_credential' module, when the credential 'kind' is set to
'vault', the code expects the other parameter 'vault_id' to be set.
Unfortunately, in the module 'credential_type_for_v1_kind' method, the
'kind' parameter is popped, i.e. remove from the module dict of
parameters leading to the following error:

> Parameter 'vault_id' is only valid if parameter 'kind' is specified as
'vault'

Fixes: #45644, #61324

Testing Done: Manually create a playbook with a task as follow
  - name: Create vault with ID 'bar' exists
    tower_credential:
      name: Foobar vault
      organization: Foobar
      kind: vault
      vault_id: bar
      vault_password: foobar
---
 awx_collection/plugins/modules/tower_credential.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx_collection/plugins/modules/tower_credential.py b/awx_collection/plugins/modules/tower_credential.py
index f43d7f5ab3..a87d76fecb 100644
--- a/awx_collection/plugins/modules/tower_credential.py
+++ b/awx_collection/plugins/modules/tower_credential.py
@@ -255,7 +255,7 @@ OLD_INPUT_NAMES = (
 
 def credential_type_for_kind(params):
     credential_type_res = tower_cli.get_resource('credential_type')
-    kind = params.pop('kind')
+    kind = params.get('kind')
     arguments = {'managed_by_tower': True}
     if kind == 'ssh':
         if params.get('vault_password'):

From 97e2fbbe279a60ac3d603dfc9ab8d4a8d7680df1 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Tue, 29 Oct 2019 15:34:32 -0400
Subject: [PATCH 48/57] Add collection test coverage for creating vault
 credential

---
 awx_collection/test/awx/test_credential.py | 43 +++++++++++++++++++---
 1 file changed, 38 insertions(+), 5 deletions(-)

diff --git a/awx_collection/test/awx/test_credential.py b/awx_collection/test/awx/test_credential.py
index 12b4935ff7..5225573baf 100644
--- a/awx_collection/test/awx/test_credential.py
+++ b/awx_collection/test/awx/test_credential.py
@@ -7,20 +7,52 @@ from awx.main.models import Credential, CredentialType, Organization
 def test_create_machine_credential(run_module, admin_user):
     Organization.objects.create(name='test-org')
     # create the ssh credential type
-    CredentialType.defaults['ssh']().save()
+    ct = CredentialType.defaults['ssh']()
+    ct.save()
     # Example from docs
     result = run_module('tower_credential', dict(
-        name='Team Name',
-        description='Team Description',
+        name='Test Machine Credential',
         organization='test-org',
         kind='ssh',
         state='present'
     ), admin_user)
+    assert result.get('changed'), result
 
-    cred = Credential.objects.get(name='Team Name')
+    cred = Credential.objects.get(name='Test Machine Credential')
+    assert cred.credential_type == ct
     result.pop('invocation')
     assert result == {
-        "credential": "Team Name",
+        "credential": "Test Machine Credential",
+        "state": "present",
+        "id": cred.pk,
+        "changed": True
+    }
+
+
+@pytest.mark.django_db
+def test_create_vault_credential(run_module, admin_user):
+    # https://github.com/ansible/ansible/issues/61324
+    Organization.objects.create(name='test-org')
+    ct = CredentialType.defaults['vault']()
+    ct.save()
+
+    result = run_module('tower_credential', dict(
+        name='Test Vault Credential',
+        organization='test-org',
+        kind='vault',
+        vault_id='bar',
+        vault_password='foobar',
+        state='present'
+    ), admin_user)
+    assert result.get('changed'), result
+
+    cred = Credential.objects.get(name='Test Vault Credential')
+    assert cred.credential_type == ct
+    assert 'vault_id' in cred.inputs
+    assert 'vault_password' in cred.inputs
+    result.pop('invocation')
+    assert result == {
+        "credential": "Test Vault Credential",
         "state": "present",
         "id": cred.pk,
         "changed": True
@@ -39,6 +71,7 @@ def test_create_custom_credential_type(run_module, admin_user):
         state='present',
         validate_certs='false'
     ), admin_user)
+    assert result.get('changed'), result
 
     ct = CredentialType.objects.get(name='Nexus')
     result.pop('invocation')

From a40398e6a1f560d7a8970c947e8789f623066b88 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Wed, 30 Oct 2019 12:56:36 -0400
Subject: [PATCH 49/57] Remove sanity exceptions no longer needed

---
 awx_collection/tests/sanity/ignore-2.10.txt | 44 ---------------------
 1 file changed, 44 deletions(-)
 delete mode 100644 awx_collection/tests/sanity/ignore-2.10.txt

diff --git a/awx_collection/tests/sanity/ignore-2.10.txt b/awx_collection/tests/sanity/ignore-2.10.txt
deleted file mode 100644
index 4d3942ddf0..0000000000
--- a/awx_collection/tests/sanity/ignore-2.10.txt
+++ /dev/null
@@ -1,44 +0,0 @@
-plugins/modules/tower_credential_type.py validate-modules:missing-module-utils-import
-plugins/modules/tower_group.py validate-modules:missing-module-utils-import
-plugins/modules/tower_host.py validate-modules:missing-module-utils-import
-plugins/modules/tower_inventory.py validate-modules:missing-module-utils-import
-plugins/modules/tower_inventory_source.py validate-modules:missing-module-utils-import
-plugins/modules/tower_job_cancel.py validate-modules:missing-module-utils-import
-plugins/modules/tower_job_launch.py validate-modules:missing-module-utils-import
-plugins/modules/tower_job_list.py validate-modules:missing-module-utils-import
-plugins/modules/tower_job_template.py validate-modules:missing-module-utils-import
-plugins/modules/tower_label.py validate-modules:missing-module-utils-import
-plugins/modules/tower_notification.py validate-modules:missing-module-utils-import
-plugins/modules/tower_organization.py validate-modules:missing-module-utils-import
-plugins/modules/tower_project.py validate-modules:missing-module-utils-import
-plugins/modules/tower_receive.py validate-modules:missing-module-utils-import
-plugins/modules/tower_role.py validate-modules:missing-module-utils-import
-plugins/modules/tower_settings.py validate-modules:missing-module-utils-import
-plugins/modules/tower_team.py validate-modules:missing-module-utils-import
-plugins/modules/tower_user.py validate-modules:missing-module-utils-import
-plugins/modules/tower_workflow_launch.py validate-modules:missing-module-utils-import
-plugins/modules/tower_workflow_template.py validate-modules:missing-module-utils-import
-plugins/modules/tower_credential_type.py validate-modules:import-error
-plugins/modules/tower_credential.py validate-modules:import-error
-plugins/modules/tower_group.py validate-modules:import-error
-plugins/modules/tower_host.py validate-modules:import-error
-plugins/modules/tower_inventory.py validate-modules:import-error
-plugins/modules/tower_inventory_source.py validate-modules:import-error
-plugins/modules/tower_job_cancel.py validate-modules:import-error
-plugins/modules/tower_job_launch.py validate-modules:import-error
-plugins/modules/tower_job_list.py validate-modules:import-error
-plugins/modules/tower_job_wait.py validate-modules:import-error
-plugins/modules/tower_job_template.py validate-modules:import-error
-plugins/modules/tower_label.py validate-modules:import-error
-plugins/modules/tower_notification.py validate-modules:import-error
-plugins/modules/tower_organization.py validate-modules:import-error
-plugins/modules/tower_project.py validate-modules:import-error
-plugins/modules/tower_receive.py validate-modules:import-error
-plugins/modules/tower_role.py validate-modules:import-error
-plugins/modules/tower_settings.py validate-modules:import-error
-plugins/modules/tower_send.py validate-modules:import-error
-plugins/modules/tower_team.py validate-modules:import-error
-plugins/modules/tower_user.py validate-modules:import-error
-plugins/modules/tower_workflow_launch.py validate-modules:import-error
-plugins/modules/tower_workflow_template.py validate-modules:import-error
-plugins/modules/tower_workflow_job_template.py validate-modules:import-error
\ No newline at end of file

From b76018d6e00080c396cf159bfb4b29346e5707a9 Mon Sep 17 00:00:00 2001
From: Hideki Saito <saito@fgrep.org>
Date: Mon, 22 Apr 2019 09:19:02 +0000
Subject: [PATCH 50/57] Fix multibyte character handling issue for
 tower_job_wait #55585 Add multibyte hostname handling test as an integration
 test

Signed-off-by: Hideki Saito <saito@fgrep.org>
---
 awx_collection/plugins/modules/tower_job_wait.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/awx_collection/plugins/modules/tower_job_wait.py b/awx_collection/plugins/modules/tower_job_wait.py
index c6866db2c8..aa160adb27 100644
--- a/awx_collection/plugins/modules/tower_job_wait.py
+++ b/awx_collection/plugins/modules/tower_job_wait.py
@@ -87,7 +87,9 @@ status:
 
 
 from ..module_utils.ansible_tower import TowerModule, tower_auth_config, tower_check_mode
+from ansible.module_utils.six import PY2
 from ansible.module_utils.six.moves import cStringIO as StringIO
+from codecs import getwriter
 
 
 try:
@@ -123,7 +125,10 @@ def main():
 
         # tower-cli gets very noisy when monitoring.
         # We pass in our our outfile to suppress the out during our monitor call.
-        outfile = StringIO()
+        if PY2:
+            outfile = getwriter('utf-8')(StringIO())
+        else:
+            outfile = StringIO()
         params['outfile'] = outfile
 
         job_id = params.get('job_id')

From 1961a8ba1585592250521772566973c9c776b75f Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Wed, 30 Oct 2019 15:40:49 -0400
Subject: [PATCH 51/57] Fix and test for warning when creating project

---
 .../plugins/modules/tower_project.py          |  2 +-
 awx_collection/test/awx/test_project.py       | 25 +++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 awx_collection/test/awx/test_project.py

diff --git a/awx_collection/plugins/modules/tower_project.py b/awx_collection/plugins/modules/tower_project.py
index ce18b3ae71..5c5f90faaa 100644
--- a/awx_collection/plugins/modules/tower_project.py
+++ b/awx_collection/plugins/modules/tower_project.py
@@ -145,7 +145,7 @@ def main():
         scm_clean=dict(type='bool', default=False),
         scm_delete_on_update=dict(type='bool', default=False),
         scm_update_on_launch=dict(type='bool', default=False),
-        scm_update_cache_timeout=dict(type='int', default=0),
+        scm_update_cache_timeout=dict(type='int'),
         job_timeout=dict(type='int', default=0),
         custom_virtualenv=dict(),
         local_path=dict(),
diff --git a/awx_collection/test/awx/test_project.py b/awx_collection/test/awx/test_project.py
new file mode 100644
index 0000000000..ad8adb867f
--- /dev/null
+++ b/awx_collection/test/awx/test_project.py
@@ -0,0 +1,25 @@
+import pytest
+
+from awx.main.models import Project
+
+
+@pytest.mark.django_db
+def test_create_project(run_module, admin_user, organization):
+    result = run_module('tower_project', dict(
+        name='foo',
+        organization=organization.name,
+        scm_type='git',
+        scm_url='https://foo.invalid'
+    ), admin_user)
+    assert result.pop('changed', None), result
+
+    proj = Project.objects.get(name='foo')
+    assert proj.scm_url == 'https://foo.invalid'
+    assert proj.organization == organization
+
+    result.pop('invocation')
+    assert result == {
+        'id': proj.id,
+        'project': 'foo',
+        'state': 'present'
+    }

From b878aed40001a61c1f4447a6cd1942cb02fc9090 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Wed, 30 Oct 2019 15:24:55 -0400
Subject: [PATCH 52/57] Add test coverage for launch with multiple prompted
 creds

---
 awx_collection/test/awx/test_job_template.py | 23 +++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/awx_collection/test/awx/test_job_template.py b/awx_collection/test/awx/test_job_template.py
index 9c5764b61c..47f305db18 100644
--- a/awx_collection/test/awx/test_job_template.py
+++ b/awx_collection/test/awx/test_job_template.py
@@ -1,6 +1,6 @@
 import pytest
 
-from awx.main.models import JobTemplate
+from awx.main.models import JobTemplate, Job
 
 
 @pytest.mark.django_db
@@ -31,6 +31,27 @@ def test_create_job_template(run_module, admin_user, project, inventory):
     assert jt.inventory_id == inventory.id
 
 
+@pytest.mark.django_db
+def test_job_launch_with_prompting(run_module, admin_user, project, inventory, machine_credential):
+    JobTemplate.objects.create(
+        name='foo',
+        project=project,
+        playbook='helloworld.yml',
+        ask_inventory_on_launch=True,
+        ask_credential_on_launch=True
+    )
+    result = run_module('tower_job_launch', dict(
+        job_template='foo',
+        inventory=inventory.name,
+        credential=machine_credential.name
+    ), admin_user)
+    assert result.pop('changed', None), result
+
+    job = Job.objects.get(id=result['id'])
+    assert job.inventory == inventory
+    assert [cred.id for cred in job.credentials.all()] == [machine_credential.id]
+
+
 @pytest.mark.django_db
 def test_create_job_template_with_old_machine_cred(run_module, admin_user, project, inventory, machine_credential):
 

From 35a565d09f34da15278c4b852cf779508391d4c4 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Thu, 31 Oct 2019 12:12:43 -0400
Subject: [PATCH 53/57] In tower_job_wait intentionally fail module for failure

---
 .../plugins/modules/tower_job_wait.py         |  6 +++
 awx_collection/test/awx/test_job.py           | 53 +++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 awx_collection/test/awx/test_job.py

diff --git a/awx_collection/plugins/modules/tower_job_wait.py b/awx_collection/plugins/modules/tower_job_wait.py
index aa160adb27..0f03cda474 100644
--- a/awx_collection/plugins/modules/tower_job_wait.py
+++ b/awx_collection/plugins/modules/tower_job_wait.py
@@ -141,6 +141,12 @@ def main():
             json_output['timeout'] = True
         except exc.NotFound as excinfo:
             fail_json = dict(msg='Unable to wait, no job_id {0} found: {1}'.format(job_id, excinfo), changed=False)
+        except exc.JobFailure as excinfo:
+            fail_json = dict(msg='Job with id={} failed, error: {}'.format(job_id, excinfo))
+            fail_json['success'] = False
+            result = job.get(job_id)
+            for k in ('id', 'status', 'elapsed', 'started', 'finished'):
+                fail_json[k] = result.get(k)
         except (exc.ConnectionError, exc.BadRequest, exc.AuthError) as excinfo:
             fail_json = dict(msg='Unable to wait for job: {0}'.format(excinfo), changed=False)
 
diff --git a/awx_collection/test/awx/test_job.py b/awx_collection/test/awx/test_job.py
new file mode 100644
index 0000000000..a8e3369738
--- /dev/null
+++ b/awx_collection/test/awx/test_job.py
@@ -0,0 +1,53 @@
+import pytest
+from django.utils.timezone import now
+
+from awx.main.models import Job
+
+
+@pytest.mark.django_db
+def test_job_wait_successful(run_module, admin_user):
+    job = Job.objects.create(status='successful', started=now(), finished=now())
+    result = run_module('tower_job_wait', dict(
+        job_id=job.id
+    ), admin_user)
+    result.pop('invocation', None)
+    assert result.pop('finished', '')[:10] == str(job.finished)[:10]
+    assert result.pop('started', '')[:10] == str(job.started)[:10]
+    assert result == {
+        "status": "successful",
+        "success": True,
+        "elapsed": str(job.elapsed),
+        "id": job.id
+    }
+
+
+@pytest.mark.django_db
+def test_job_wait_failed(run_module, admin_user):
+    job = Job.objects.create(status='failed', started=now(), finished=now())
+    result = run_module('tower_job_wait', dict(
+        job_id=job.id
+    ), admin_user)
+    result.pop('invocation', None)
+    assert result.pop('finished', '')[:10] == str(job.finished)[:10]
+    assert result.pop('started', '')[:10] == str(job.started)[:10]
+    assert result == {
+        "status": "failed",
+        "failed": True,
+        "success": False,
+        "elapsed": str(job.elapsed),
+        "id": job.id,
+        "msg": "Job with id=1 failed, error: Job failed."
+    }
+
+
+@pytest.mark.django_db
+def test_job_wait_not_found(run_module, admin_user):
+    result = run_module('tower_job_wait', dict(
+        job_id=42
+    ), admin_user)
+    result.pop('invocation', None)
+    assert result == {
+        "changed": False,
+        "failed": True,
+        "msg": "Unable to wait, no job_id 42 found: The requested object could not be found."
+    }

From b6745db4b8b127b563e9b5627ce4c86c18c96c02 Mon Sep 17 00:00:00 2001
From: James Vornhagen <vornhagenjames@gmail.com>
Date: Wed, 13 Nov 2019 17:11:36 +0100
Subject: [PATCH 54/57] update documentation example

missing k in workflow.

- Docs Pull Request

+label: docsite_pr
---
 awx_collection/plugins/modules/tower_workflow_template.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx_collection/plugins/modules/tower_workflow_template.py b/awx_collection/plugins/modules/tower_workflow_template.py
index 56f85850b6..d0325cb0e5 100644
--- a/awx_collection/plugins/modules/tower_workflow_template.py
+++ b/awx_collection/plugins/modules/tower_workflow_template.py
@@ -92,7 +92,7 @@ EXAMPLES = '''
     organization: My optional Organization
     schema: "{{ lookup('file', 'my_workflow.json') }}"
 
-- tower_worflow_template:
+- tower_workflow_template:
     name: Workflow Template
     state: absent
 '''

From ddf9fd581eea654dc8a05ec27396b3b71e6e43ac Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Thu, 14 Nov 2019 14:45:16 -0500
Subject: [PATCH 55/57] Run and fix all sanity tests

---
 Makefile                                      |  2 +-
 awx_collection/plugins/doc_fragments/auth.py  |  3 ++
 .../plugins/module_utils/ansible_tower.py     |  3 ++
 .../plugins/modules/tower_job_wait.py         |  2 +-
 awx_collection/test/awx/conftest.py           |  7 ++-
 awx_collection/test/awx/test_credential.py    |  3 ++
 awx_collection/test/awx/test_job.py           |  3 ++
 awx_collection/test/awx/test_job_template.py  |  3 ++
 awx_collection/test/awx/test_organization.py  |  3 ++
 awx_collection/test/awx/test_project.py       |  3 ++
 awx_collection/test/awx/test_send_receive.py  |  3 ++
 awx_collection/tests/sanity/ignore-2.10.txt   |  2 +
 awx_collection/tests/sanity/ignore-2.9.txt    | 46 +------------------
 13 files changed, 35 insertions(+), 48 deletions(-)
 create mode 100644 awx_collection/tests/sanity/ignore-2.10.txt

diff --git a/Makefile b/Makefile
index 7ce3323339..98caaba7df 100644
--- a/Makefile
+++ b/Makefile
@@ -404,7 +404,7 @@ test_collection_sanity:
 	mkdir -p sanity/ansible_collections/awx
 	cp -Ra awx_collection sanity/ansible_collections/awx/awx  # symlinks do not work
 	cd sanity/ansible_collections/awx/awx && git init && git add . # requires both this file structure and a git repo, so there you go
-	cd sanity/ansible_collections/awx/awx && ansible-test sanity --test validate-modules
+	cd sanity/ansible_collections/awx/awx && ansible-test sanity
 
 build_collection:
 	ansible-playbook -i localhost, awx_collection/template_galaxy.yml -e collection_package=$(COLLECTION_PACKAGE) -e collection_namespace=$(COLLECTION_NAMESPACE) -e collection_version=$(VERSION)
diff --git a/awx_collection/plugins/doc_fragments/auth.py b/awx_collection/plugins/doc_fragments/auth.py
index 5583710201..4187a17b2a 100644
--- a/awx_collection/plugins/doc_fragments/auth.py
+++ b/awx_collection/plugins/doc_fragments/auth.py
@@ -3,6 +3,9 @@
 # Copyright: (c) 2017, Wayne Witzel III <wayne@riotousliving.com>
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
 
 class ModuleDocFragment(object):
 
diff --git a/awx_collection/plugins/module_utils/ansible_tower.py b/awx_collection/plugins/module_utils/ansible_tower.py
index c71f096455..97dff798a9 100644
--- a/awx_collection/plugins/module_utils/ansible_tower.py
+++ b/awx_collection/plugins/module_utils/ansible_tower.py
@@ -26,6 +26,9 @@
 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
 import os
 import traceback
 
diff --git a/awx_collection/plugins/modules/tower_job_wait.py b/awx_collection/plugins/modules/tower_job_wait.py
index 0f03cda474..87b1f9f27c 100644
--- a/awx_collection/plugins/modules/tower_job_wait.py
+++ b/awx_collection/plugins/modules/tower_job_wait.py
@@ -142,7 +142,7 @@ def main():
         except exc.NotFound as excinfo:
             fail_json = dict(msg='Unable to wait, no job_id {0} found: {1}'.format(job_id, excinfo), changed=False)
         except exc.JobFailure as excinfo:
-            fail_json = dict(msg='Job with id={} failed, error: {}'.format(job_id, excinfo))
+            fail_json = dict(msg='Job with id={0} failed, error: {1}'.format(job_id, excinfo))
             fail_json['success'] = False
             result = job.get(job_id)
             for k in ('id', 'status', 'elapsed', 'started', 'finished'):
diff --git a/awx_collection/test/awx/conftest.py b/awx_collection/test/awx/conftest.py
index 3cf7295246..ee99f03406 100644
--- a/awx_collection/test/awx/conftest.py
+++ b/awx_collection/test/awx/conftest.py
@@ -1,3 +1,6 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
 import io
 import json
 import datetime
@@ -60,10 +63,10 @@ def run_module():
         # Note that a proper Ansiballz explosion of the modules will have an import path like:
         # ansible_collections.awx.awx.plugins.modules.{}
         # We should consider supporting that in the future
-        resource_module = importlib.import_module('plugins.modules.{}'.format(module_name))
+        resource_module = importlib.import_module('plugins.modules.{0}'.format(module_name))
 
         if not isinstance(module_params, dict):
-            raise RuntimeError('Module params must be dict, got {}'.format(type(module_params)))
+            raise RuntimeError('Module params must be dict, got {0}'.format(type(module_params)))
 
         # Ansible params can be passed as an invocation argument or over stdin
         # this short circuits within the AnsibleModule interface
diff --git a/awx_collection/test/awx/test_credential.py b/awx_collection/test/awx/test_credential.py
index 5225573baf..9d246a1db8 100644
--- a/awx_collection/test/awx/test_credential.py
+++ b/awx_collection/test/awx/test_credential.py
@@ -1,3 +1,6 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
 import pytest
 
 from awx.main.models import Credential, CredentialType, Organization
diff --git a/awx_collection/test/awx/test_job.py b/awx_collection/test/awx/test_job.py
index a8e3369738..2fb616c2ac 100644
--- a/awx_collection/test/awx/test_job.py
+++ b/awx_collection/test/awx/test_job.py
@@ -1,3 +1,6 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
 import pytest
 from django.utils.timezone import now
 
diff --git a/awx_collection/test/awx/test_job_template.py b/awx_collection/test/awx/test_job_template.py
index 47f305db18..daa9eacac5 100644
--- a/awx_collection/test/awx/test_job_template.py
+++ b/awx_collection/test/awx/test_job_template.py
@@ -1,3 +1,6 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
 import pytest
 
 from awx.main.models import JobTemplate, Job
diff --git a/awx_collection/test/awx/test_organization.py b/awx_collection/test/awx/test_organization.py
index ea76940fd4..ab5f453ae8 100644
--- a/awx_collection/test/awx/test_organization.py
+++ b/awx_collection/test/awx/test_organization.py
@@ -1,3 +1,6 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
 import pytest
 
 from awx.main.models import Organization
diff --git a/awx_collection/test/awx/test_project.py b/awx_collection/test/awx/test_project.py
index ad8adb867f..fa749cd6e0 100644
--- a/awx_collection/test/awx/test_project.py
+++ b/awx_collection/test/awx/test_project.py
@@ -1,3 +1,6 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
 import pytest
 
 from awx.main.models import Project
diff --git a/awx_collection/test/awx/test_send_receive.py b/awx_collection/test/awx/test_send_receive.py
index 67ced22833..f0244f61cc 100644
--- a/awx_collection/test/awx/test_send_receive.py
+++ b/awx_collection/test/awx/test_send_receive.py
@@ -1,3 +1,6 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
 import pytest
 import json
 
diff --git a/awx_collection/tests/sanity/ignore-2.10.txt b/awx_collection/tests/sanity/ignore-2.10.txt
new file mode 100644
index 0000000000..fa05535904
--- /dev/null
+++ b/awx_collection/tests/sanity/ignore-2.10.txt
@@ -0,0 +1,2 @@
+plugins/modules/tower_group.py use-argspec-type-path
+plugins/modules/tower_host.py use-argspec-type-path
\ No newline at end of file
diff --git a/awx_collection/tests/sanity/ignore-2.9.txt b/awx_collection/tests/sanity/ignore-2.9.txt
index 4d3942ddf0..fa05535904 100644
--- a/awx_collection/tests/sanity/ignore-2.9.txt
+++ b/awx_collection/tests/sanity/ignore-2.9.txt
@@ -1,44 +1,2 @@
-plugins/modules/tower_credential_type.py validate-modules:missing-module-utils-import
-plugins/modules/tower_group.py validate-modules:missing-module-utils-import
-plugins/modules/tower_host.py validate-modules:missing-module-utils-import
-plugins/modules/tower_inventory.py validate-modules:missing-module-utils-import
-plugins/modules/tower_inventory_source.py validate-modules:missing-module-utils-import
-plugins/modules/tower_job_cancel.py validate-modules:missing-module-utils-import
-plugins/modules/tower_job_launch.py validate-modules:missing-module-utils-import
-plugins/modules/tower_job_list.py validate-modules:missing-module-utils-import
-plugins/modules/tower_job_template.py validate-modules:missing-module-utils-import
-plugins/modules/tower_label.py validate-modules:missing-module-utils-import
-plugins/modules/tower_notification.py validate-modules:missing-module-utils-import
-plugins/modules/tower_organization.py validate-modules:missing-module-utils-import
-plugins/modules/tower_project.py validate-modules:missing-module-utils-import
-plugins/modules/tower_receive.py validate-modules:missing-module-utils-import
-plugins/modules/tower_role.py validate-modules:missing-module-utils-import
-plugins/modules/tower_settings.py validate-modules:missing-module-utils-import
-plugins/modules/tower_team.py validate-modules:missing-module-utils-import
-plugins/modules/tower_user.py validate-modules:missing-module-utils-import
-plugins/modules/tower_workflow_launch.py validate-modules:missing-module-utils-import
-plugins/modules/tower_workflow_template.py validate-modules:missing-module-utils-import
-plugins/modules/tower_credential_type.py validate-modules:import-error
-plugins/modules/tower_credential.py validate-modules:import-error
-plugins/modules/tower_group.py validate-modules:import-error
-plugins/modules/tower_host.py validate-modules:import-error
-plugins/modules/tower_inventory.py validate-modules:import-error
-plugins/modules/tower_inventory_source.py validate-modules:import-error
-plugins/modules/tower_job_cancel.py validate-modules:import-error
-plugins/modules/tower_job_launch.py validate-modules:import-error
-plugins/modules/tower_job_list.py validate-modules:import-error
-plugins/modules/tower_job_wait.py validate-modules:import-error
-plugins/modules/tower_job_template.py validate-modules:import-error
-plugins/modules/tower_label.py validate-modules:import-error
-plugins/modules/tower_notification.py validate-modules:import-error
-plugins/modules/tower_organization.py validate-modules:import-error
-plugins/modules/tower_project.py validate-modules:import-error
-plugins/modules/tower_receive.py validate-modules:import-error
-plugins/modules/tower_role.py validate-modules:import-error
-plugins/modules/tower_settings.py validate-modules:import-error
-plugins/modules/tower_send.py validate-modules:import-error
-plugins/modules/tower_team.py validate-modules:import-error
-plugins/modules/tower_user.py validate-modules:import-error
-plugins/modules/tower_workflow_launch.py validate-modules:import-error
-plugins/modules/tower_workflow_template.py validate-modules:import-error
-plugins/modules/tower_workflow_job_template.py validate-modules:import-error
\ No newline at end of file
+plugins/modules/tower_group.py use-argspec-type-path
+plugins/modules/tower_host.py use-argspec-type-path
\ No newline at end of file

From 9458741b72c1b18a1a0506dcb1893b9f5a12a240 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Sat, 16 Nov 2019 16:55:39 -0500
Subject: [PATCH 56/57] don't set rh_username and rh_password in the license
 upload

---
 .../migrations/0099_v361_license_cleanup.py   | 21 +++++++++++++++++++
 .../client/src/license/license.controller.js  |  4 ----
 2 files changed, 21 insertions(+), 4 deletions(-)
 create mode 100644 awx/main/migrations/0099_v361_license_cleanup.py

diff --git a/awx/main/migrations/0099_v361_license_cleanup.py b/awx/main/migrations/0099_v361_license_cleanup.py
new file mode 100644
index 0000000000..f3e1b4e6ed
--- /dev/null
+++ b/awx/main/migrations/0099_v361_license_cleanup.py
@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+
+def _cleanup_license_setting(apps, schema_editor):
+    Setting = apps.get_model('conf', 'Setting')
+    for license in Setting.objects.filter(key='LICENSE').all():
+        for k in ('rh_username', 'rh_password'):
+            license.value.pop(k, None)
+        license.save()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('main', '0098_v360_rename_cyberark_aim_credential_type'),
+    ]
+
+    operations = [migrations.RunPython(_cleanup_license_setting)]
diff --git a/awx/ui/client/src/license/license.controller.js b/awx/ui/client/src/license/license.controller.js
index c085076fc7..9e344dd2e4 100644
--- a/awx/ui/client/src/license/license.controller.js
+++ b/awx/ui/client/src/license/license.controller.js
@@ -187,10 +187,6 @@ export default
                 payload = $scope.newLicense.file;
             } else if ($scope.selectedLicense.fullLicense) {
                 payload = $scope.selectedLicense.fullLicense;
-                if ($scope.rhCreds.username && $scope.rhCreds.password) {
-                    payload.rh_password = $scope.rhCreds.password;
-                    payload.rh_username = $scope.rhCreds.username;
-                }
             }
             
             CheckLicense.post(payload, $scope.newLicense.eula)

From 9c2797b34c700ff9f1fb137872ec8f26feb43389 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Mon, 18 Nov 2019 11:21:10 -0500
Subject: [PATCH 57/57] fix a typo in the CLI usage docs

---
 awxkit/awxkit/cli/docs/source/authentication.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/awxkit/awxkit/cli/docs/source/authentication.rst b/awxkit/awxkit/cli/docs/source/authentication.rst
index 8106eb326b..b6dc33d4c3 100644
--- a/awxkit/awxkit/cli/docs/source/authentication.rst
+++ b/awxkit/awxkit/cli/docs/source/authentication.rst
@@ -17,7 +17,7 @@ The preferred mechanism for authenticating with AWX and |RHAT| is by generating
         TOWER_PASSWORD=secret \
         awx login
 
-As a convenience, the ``awx login -h human`` command prints a shell-formatted token
+As a convenience, the ``awx login -f human`` command prints a shell-formatted token
 value:
 
 .. code:: bash
@@ -30,7 +30,7 @@ specify your username and password each time:
 .. code:: bash
 
     export TOWER_HOST=https://awx.example.org
-    $(TOWER_USERNAME=alice TOWER_PASSWORD=secret awx login -h)
+    $(TOWER_USERNAME=alice TOWER_PASSWORD=secret awx login -f human)
     awx config
 
 Working with OAuth2.0 Applications