External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-10 14:09:28 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'tower/test_stable-2.6' into merge_26_2

Browse Source
This commit is contained in:
AlanCoding
2025-09-04 23:06:53 -04:00
parent 51eb109dbe 7dc4f149a7
commit 8fb6a3a633
127 changed files with 14455 additions and 345 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
awx_collection/README.md
View File

@@ -32,11 +32,12 @@ Installing the `tar.gz` involves no special instructions.
## Running
Non-deprecated modules in this collection have no Python requirements, but
may require the official [AWX CLI](https://pypi.org/project/awxkit/)
may require the AWX CLI
in the future. The `DOCUMENTATION` for each module will report this.
You can specify authentication by host, username, and password.
<<<<<<< HEAD
These can be specified via (from highest to lowest precedence):
- direct module parameters
@@ -54,6 +55,8 @@ verify_ssl = true
username = foo
password = bar
```
=======
>>>>>>> tower/test_stable-2.6
## Release and Upgrade Notes

7
awx_collection/meta/runtime.yml
View File

@@ -263,7 +263,14 @@ plugin_routing:
removal_date: '2022-01-23'
warning_text: The tower_* modules have been deprecated, use awx.awx.workflow_node_wait instead.
redirect: awx.awx.workflow_node_wait
<<<<<<< HEAD
role:
deprecation:
removal_version: '25.0.0'
warning_text: This is replaced by the DAB role system, via the role_definition module.
=======
application:
deprecation:
removal_version: '25.0.0'
warning_text: The application module manages a legacy authentication feature that is being phased out, migrate to token-based authentication instead.
>>>>>>> tower/test_stable-2.6

3
awx_collection/plugins/doc_fragments/auth.py
View File

@@ -40,6 +40,7 @@ options:
- A dictionary structure as returned by the token module.
- If value not set, will try environment variable C(CONTROLLER_OAUTH_TOKEN) and then config files
type: raw
aliases: [ controller_oauthtoken ]
version_added: "3.7.0"
validate_certs:
description:
@@ -60,7 +61,7 @@ options:
- Path to the controller config file.
- If provided, the other locations for config files will not be considered.
type: path
aliases: [tower_config_file]
aliases: [ tower_config_file ]
notes:
- If no I(config_file) is provided we will attempt to use the tower-cli library

9
awx_collection/plugins/doc_fragments/auth_plugin.py
View File

@@ -40,11 +40,20 @@ options:
version: '4.0.0'
why: Collection name change
alternatives: 'TOWER_PASSWORD, AAP_PASSWORD'
<<<<<<< HEAD
aap_token:
=======
oauth_token:
>>>>>>> tower/test_stable-2.6
description:
- The OAuth token to use.
env:
- name: AAP_TOKEN
<<<<<<< HEAD
=======
- name: CONTROLLER_OAUTH_TOKEN
- name: TOWER_OAUTH_TOKEN
>>>>>>> tower/test_stable-2.6
deprecated:
collection_name: 'awx.awx'
version: '4.0.0'

6
awx_collection/plugins/lookup/schedule_rrule.py
View File

@@ -73,9 +73,15 @@ DOCUMENTATION = """
"""
EXAMPLES = """
<<<<<<< HEAD
- name: Create a string for a schedule
debug:
msg: "{{ lookup('awx.awx.schedule_rrule', 'none', start_date='1979-09-13 03:45:07') }}"
=======
- name: Create a string for a schedule
debug:
msg: "{{ lookup('awx.awx.schedule_rrule', 'none', start_date='1979-09-13 03:45:07') }}"
>>>>>>> tower/test_stable-2.6
"""
RETURN = """

14
awx_collection/plugins/lookup/schedule_rruleset.py
View File

@@ -107,6 +107,7 @@ DOCUMENTATION = """
"""
EXAMPLES = """
<<<<<<< HEAD
- name: Create a ruleset for everyday except Sundays
set_fact:
complex_rule: "{{ lookup(awx.awx.schedule_rruleset, '2022-04-30 10:30:45', rules=rrules, timezone='UTC' ) }}"
@@ -118,6 +119,19 @@ EXAMPLES = """
interval: 1
byweekday: 'sunday'
include: false
=======
- name: Create a ruleset for everyday except Sundays
set_fact:
complex_rule: "{{ lookup(awx.awx.schedule_rruleset, '2022-04-30 10:30:45', rules=rrules, timezone='UTC' ) }}"
vars:
rrules:
- frequency: 'day'
interval: 1
- frequency: 'day'
interval: 1
byweekday: 'sunday'
include: False
>>>>>>> tower/test_stable-2.6
"""
RETURN = """

34
awx_collection/plugins/module_utils/controller_api.py
View File

@@ -75,6 +75,10 @@ class ControllerModule(AnsibleModule):
aap_token=dict(
type='raw',
no_log=True,
<<<<<<< HEAD
=======
aliases=['controller_oauthtoken',],
>>>>>>> tower/test_stable-2.6
required=False,
fallback=(env_fallback, ['CONTROLLER_OAUTH_TOKEN', 'TOWER_OAUTH_TOKEN', 'AAP_TOKEN'])
),
@@ -132,6 +136,23 @@ class ControllerModule(AnsibleModule):
if direct_value is not None:
setattr(self, short_param, direct_value)
<<<<<<< HEAD
=======
# Perform magic depending on whether aap_token is a string or a dict
if self.params.get('aap_token'):
token_param = self.params.get('aap_token')
if isinstance(token_param, dict):
if 'token' in token_param:
self.oauth_token = self.params.get('aap_token')['token']
else:
self.fail_json(msg="The provided dict in aap_token did not properly contain the token entry")
elif isinstance(token_param, string_types):
self.oauth_token = self.params.get('aap_token')
else:
error_msg = "The provided aap_token type was not valid ({0}). Valid options are str or dict.".format(type(token_param).__name__)
self.fail_json(msg=error_msg)
>>>>>>> tower/test_stable-2.6
# Perform some basic validation
if not self.host.startswith(("https://", "http://")): # NOSONAR
self.host = "https://{0}".format(self.host)
@@ -538,7 +559,18 @@ class ControllerAPIModule(ControllerModule):
self.fail_json(msg='Invalid authentication credentials for {0} (HTTP 401).'.format(url.path))
# Sanity check: Did we get a forbidden response, which means that the user isn't allowed to do this? Report that.
elif he.code == 403:
self.fail_json(msg="You don't have permission to {1} to {0} (HTTP 403).".format(url.path, method))
# Hack: Tell the customer to use the platform supported collection when interacting with Org, Team, User Controller endpoints
err_msg = he.fp.read().decode('utf-8')
try:
# Defensive coding. Handle json responses and non-json responses
err_msg = loads(err_msg)
err_msg = err_msg['detail']
# JSONDecodeError only available on Python 3.5+
except ValueError:
pass
prepend_msg = " Use the collection ansible.platform to modify resources Organization, User, or Team." if (
"this resource via the platform ingress") in err_msg else ""
self.fail_json(msg="You don't have permission to {1} to {0} (HTTP 403).{2}".format(url.path, method, prepend_msg))
# Sanity check: Did we get a 404 response?
# Requests with primary keys will return a 404 if there is no response, and we want to consistently trap these.
elif he.code == 404:

166
awx_collection/plugins/modules/application.py Normal file
View File

@@ -0,0 +1,166 @@
#!/usr/bin/python
# coding: utf-8 -*-
# (c) 2020,Geoffrey Bachelot <bachelotg@gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'}
DOCUMENTATION = '''
---
module: application
author: "Geoffrey Bacheot (@jffz)"
short_description: create, update, or destroy Automation Platform Controller applications
deprecated:
removed_in: '25.0.0'
why: This module manages a legacy authentication feature that is being phased out.
alternative: Migrate to token-based authentication.
description:
- Create, update, or destroy Automation Platform Controller applications. See
U(https://www.ansible.com/tower) for an overview.
options:
name:
description:
- Name of the application.
required: True
type: str
new_name:
description:
- Setting this option will change the existing name (looked up via the name field).
type: str
description:
description:
- Description of the application.
type: str
authorization_grant_type:
description:
- The grant type the user must use for acquire tokens for this application.
choices: ["password", "authorization-code"]
type: str
required: False
client_type:
description:
- Set to public or confidential depending on how secure the client device is.
choices: ["public", "confidential"]
type: str
required: False
organization:
description:
- Name, ID, or named URL of organization for application.
type: str
required: True
redirect_uris:
description:
- Allowed urls list, space separated. Required when authorization-grant-type=authorization-code
type: list
elements: str
state:
description:
- Desired state of the resource.
default: "present"
choices: ["present", "absent", "exists"]
type: str
skip_authorization:
description:
- Set True to skip authorization step for completely trusted applications.
type: bool
extends_documentation_fragment: awx.awx.auth
'''
EXAMPLES = '''
- name: Add Foo application
application:
name: "Foo"
description: "Foo bar application"
organization: "test"
state: present
authorization_grant_type: password
client_type: public
- name: Add Foo application
application:
name: "Foo"
description: "Foo bar application"
organization: "test"
state: present
authorization_grant_type: authorization-code
client_type: confidential
redirect_uris:
- http://tower.com/api/v2/
'''
from ..module_utils.controller_api import ControllerAPIModule
def main():
# Any additional arguments that are not fields of the item can be added here
argument_spec = dict(
name=dict(required=True),
new_name=dict(),
description=dict(),
authorization_grant_type=dict(choices=["password", "authorization-code"]),
client_type=dict(choices=['public', 'confidential']),
organization=dict(required=True),
redirect_uris=dict(type="list", elements='str'),
state=dict(choices=['present', 'absent', 'exists'], default='present'),
skip_authorization=dict(type='bool'),
)
# Create a module for ourselves
module = ControllerAPIModule(argument_spec=argument_spec)
# Extract our parameters
name = module.params.get('name')
new_name = module.params.get("new_name")
description = module.params.get('description')
authorization_grant_type = module.params.get('authorization_grant_type')
client_type = module.params.get('client_type')
organization = module.params.get('organization')
redirect_uris = module.params.get('redirect_uris')
skip_authorization = module.params.get('skip_authorization')
state = module.params.get('state')
# Attempt to look up the related items the user specified (these will fail the module if not found)
org_id = module.resolve_name_to_id('organizations', organization)
# Attempt to look up application based on the provided name and org ID
application = module.get_one('applications', name_or_id=name, check_exists=(state == 'exists'), **{'data': {'organization': org_id}})
if state == 'absent':
# If the state was absent we can let the module delete it if needed, the module will handle exiting from this
module.delete_if_needed(application)
# Create the data that gets sent for create and update
application_fields = {
'name': new_name if new_name else (module.get_item_name(application) if application else name),
'organization': org_id,
}
if authorization_grant_type is not None:
application_fields['authorization_grant_type'] = authorization_grant_type
if client_type is not None:
application_fields['client_type'] = client_type
if description is not None:
application_fields['description'] = description
if redirect_uris is not None:
application_fields['redirect_uris'] = ' '.join(redirect_uris)
if skip_authorization is not None:
application_fields['skip_authorization'] = skip_authorization
response = module.create_or_update_if_needed(application, application_fields, endpoint='applications', item_type='application', auto_exit=False)
if 'client_id' in response:
module.json_output['client_id'] = response['client_id']
if 'client_secret' in response:
module.json_output['client_secret'] = response['client_secret']
module.exit_json(**module.json_output)
if __name__ == '__main__':
main()

5
awx_collection/plugins/modules/schedule.py
View File

@@ -180,8 +180,13 @@ EXAMPLES = '''
- frequency: 'day'
interval: 1
- frequency: 'day'
<<<<<<< HEAD
interval: 1
byweekday: 'sunday'
=======
every: 1
on_days: 'sunday'
>>>>>>> tower/test_stable-2.6
include: false
- name: Delete 'my_schedule' schedule for my_workflow

3
awx_collection/test/awx/conftest.py
View File

@@ -19,8 +19,11 @@ from ansible.module_utils.six import raise_from
from ansible_base.rbac.models import RoleDefinition, DABPermission
from ansible_base.rbac import permission_registry
<<<<<<< HEAD
from awx.main.tests.conftest import load_all_credentials # noqa: F401; pylint: disable=unused-import
=======
>>>>>>> tower/test_stable-2.6
from awx.main.tests.functional.conftest import _request
from awx.main.tests.functional.conftest import credentialtype_scm, credentialtype_ssh # noqa: F401; pylint: disable=unused-import
from awx.main.models import (

2
awx_collection/test/awx/test_export.py
View File

@@ -65,7 +65,7 @@ def test_export(run_module, admin_user):
all_assets_except_users = {k: v for k, v in assets.items() if k != 'users'}
for k, v in all_assets_except_users.items():
assert v == [], f"Expected resource {k} to be empty. Instead it is {v}"
assert v == [] or v is None, f"Expected resource {k} to be empty. Instead it is {v}"
@pytest.mark.django_db

12
awx_collection/test/awx/test_organization.py
View File

@@ -20,6 +20,10 @@ def test_create_organization(run_module, admin_user):
'controller_username': None,
'controller_password': None,
'validate_certs': None,
<<<<<<< HEAD
=======
'aap_token': None,
>>>>>>> tower/test_stable-2.6
'controller_config_file': None,
}
@@ -52,6 +56,10 @@ def test_galaxy_credential_order(run_module, admin_user):
'controller_username': None,
'controller_password': None,
'validate_certs': None,
<<<<<<< HEAD
=======
'aap_token': None,
>>>>>>> tower/test_stable-2.6
'controller_config_file': None,
'galaxy_credentials': cred_ids,
}
@@ -76,6 +84,10 @@ def test_galaxy_credential_order(run_module, admin_user):
'controller_username': None,
'controller_password': None,
'validate_certs': None,
<<<<<<< HEAD
=======
'aap_token': None,
>>>>>>> tower/test_stable-2.6
'controller_config_file': None,
'galaxy_credentials': cred_ids,
}

30
awx_collection/test/awx/test_token.py Normal file
View File

@@ -0,0 +1,30 @@
from __future__ import absolute_import, division, print_function
__metaclass__ = type
import pytest
from awx.main.models import OAuth2AccessToken
@pytest.mark.django_db
def test_create_token(run_module, admin_user):
module_args = {
'description': 'barfoo',
'state': 'present',
'scope': 'read',
'controller_host': None,
'controller_username': None,
'controller_password': None,
'validate_certs': None,
'aap_token': None,
'controller_config_file': None,
}
result = run_module('token', module_args, admin_user)
assert result.get('changed'), result
tokens = OAuth2AccessToken.objects.filter(description='barfoo')
assert len(tokens) == 1, 'Tokens with description of barfoo != 0: {0}'.format(len(tokens))
assert tokens[0].scope == 'read', 'Token was not given read access'

27
awx_collection/tests/integration/targets/credential/tasks/main.yml
View File

@@ -775,6 +775,33 @@
- "result is changed"
when: insights_found
- name: Create a valid Insights token credential
credential:
name: "{{ insights_cred_name2 }}"
organization: Default
state: present
credential_type: Insights
inputs:
client_id: joe
client_secret: secret
register: result
- assert:
that:
- "result is changed"
- name: Delete an Insights token credential
credential:
name: "{{ insights_cred_name2 }}"
organization: Default
state: absent
credential_type: Insights
register: result
- assert:
that:
- "result is changed"
- name: Create a valid Tower-to-Tower credential
credential:
name: "{{ tower_cred_name1 }}"

2
awx_collection/tests/integration/targets/params/tasks/main.yml
View File

@@ -4,7 +4,7 @@
name: "Demo Inventory"
organization: Default
aap_hostname: https://foohostbar.invalid
ignore_errors: yes
ignore_errors: true
register: result
- assert:

17
awx_collection/tests/integration/targets/schedule_rrule/tasks/main.yml
View File

@@ -7,10 +7,16 @@
ansible.builtin.set_fact:
plugin_name: "{{ controller_meta.prefix }}.schedule_rrule"
<<<<<<< HEAD
- name: Lookup with too many parameters (should fail)
ansible.builtin.set_fact:
_rrule: "{{ query(plugin_name, days_of_week=[1, 2], days_of_month=[15]) }}"
register: result_too_many_params
=======
- name: Test too many params (failure from validation of terms)
ansible.builtin.debug:
msg: "{{ lookup(plugin_name | string, 'none', 'weekly', start_date='2020-4-16 03:45:07') }}"
>>>>>>> tower/test_stable-2.6
ignore_errors: true
- name: Assert proper error is reported for too many parameters
@@ -21,8 +27,12 @@
- name: Attempt invalid schedule_rrule lookup with bad frequency
ansible.builtin.debug:
<<<<<<< HEAD
msg: "{{ lookup(plugin_name, 'john', start_date='2020-04-16 03:45:07') }}"
register: result_bad_freq
=======
msg: "{{ lookup(plugin_name, 'john', start_date='2020-4-16 03:45:07') }}"
>>>>>>> tower/test_stable-2.6
ignore_errors: true
- name: Assert proper error is reported for bad frequency
@@ -34,7 +44,10 @@
- name: Test an invalid start date
ansible.builtin.debug:
msg: "{{ lookup(plugin_name, 'none', start_date='invalid') }}"
<<<<<<< HEAD
register: result_bad_date
=======
>>>>>>> tower/test_stable-2.6
ignore_errors: true
- name: Assert plugin error message for invalid start date
@@ -46,7 +59,11 @@
- name: Test end_on as count (generic success case)
ansible.builtin.debug:
msg: "{{ lookup(plugin_name, 'minute', start_date='2020-4-16 03:45:07', end_on='2') }}"
<<<<<<< HEAD
register: result_success
=======
register: result
>>>>>>> tower/test_stable-2.6
- name: Assert successful rrule generation
ansible.builtin.assert:

154
awx_collection/tests/integration/targets/token/tasks/main.yml Normal file
View File

@@ -0,0 +1,154 @@
---
- name: Generate a test ID
set_fact:
test_id: "{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
when: test_id is not defined
- name: Generate names
set_fact:
token_description: "AWX-Collection-tests-token-description-{{ test_id }}"
- name: Try to use a token as a dict which is missing the token parameter
job_list:
controller_oauthtoken:
not_token: "This has no token entry"
register: results
ignore_errors: true
- assert:
that:
- results is failed
- '"The provided dict in aap_token did not properly contain the token entry" == results.msg'
- name: Try to use a token as a list
job_list:
controller_oauthtoken:
- dummy_token
register: results
ignore_errors: true
- assert:
that:
- results is failed
- '"The provided aap_token type was not valid (list). Valid options are str or dict." == results.msg'
- name: Try to delete a token with no existing_token or existing_token_id
token:
state: absent
register: results
ignore_errors: true
- assert:
that:
- results is failed
# We don't assert a message here because it's handled by ansible
- name: Try to delete a token with both existing_token or existing_token_id
token:
existing_token:
id: 1234
existing_token_id: 1234
state: absent
register: results
ignore_errors: true
- assert:
that:
- results is failed
# We don't assert a message here because it's handled by ansible
- block:
- name: Create a Token
token:
description: '{{ token_description }}'
scope: "write"
state: present
register: new_token
- name: Validate our token works by token
job_list:
controller_oauthtoken: "{{ controller_token.token }}"
register: job_list
- name: Validate our token works by object
job_list:
controller_oauthtoken: "{{ controller_token }}"
register: job_list
always:
- name: Delete our Token with our own token
token:
existing_token: "{{ controller_token }}"
controller_oauthtoken: "{{ controller_token }}"
state: absent
when: controller_token is defined
register: results
- assert:
that:
- results is changed or results is skipped
- block:
- name: Create a second token
token:
description: '{{ token_description }}'
scope: "write"
state: present
register: results
- assert:
that:
- results is changed
always:
- name: Delete the second Token with our own token
token:
existing_token_id: "{{ controller_token['id'] }}"
controller_oauthtoken: "{{ controller_token }}"
state: absent
when: controller_token is defined
register: results
- assert:
that:
- results is changed or resuslts is skipped
- block:
- name: Create a less privileged token (read)
token:
description: '{{ token_description }}'
scope: "read"
state: present
register: read_only_token
- debug:
msg: "{{read_only_token}}"
- name: Exercise the aap_token parameter with the new token.
job_list:
aap_token: "{{ read_only_token.ansible_facts.controller_token.token }}"
- name: Ensure the new token is being used and not the default token for the tests.
token:
aap_token: "{{ read_only_token.ansible_facts.controller_token.token }}"
scope: "write"
state: present
ignore_errors: true
register: result
- assert:
that:
- "'You don\\'t have permission to POST' in result.msg"
always:
- name: Delete the less privileged token
token:
existing_token_id: "{{ read_only_token['id'] }}"
state: absent
when: read_only_token is defined
register: result
- assert:
that:
- result is changed

4
awx_collection/tools/roles/template_galaxy/templates/README.md.j2
View File

@@ -119,7 +119,11 @@ The following notes are changes that may require changes to playbooks:
- The `notification_configuration` parameter of `tower_notification_template` has changed from a string to a dict. Please use the `lookup` plugin to read an existing file into a dict.
- `tower_credential` no longer supports passing a file name to `ssh_key_data`.
- The HipChat `notification_type` has been removed and can no longer be created using the `tower_notification_template` module.
<<<<<<< HEAD
- Lookup plugins now always return a list, and if you want a scalar value use `lookup` as opposed to `query`
=======
- Lookup plugins now always reutrn a list, and if you want a scalar value use `lookup` as opposed to `query`
>>>>>>> tower/test_stable-2.6
{% if collection_package | lower() == "awx" %}
## Running Unit Tests