Merge remote-tracking branch 'tower/test_stable-2.6' into merge_26_2

awx_collection/plugins/doc_fragments/auth.py

@@ -40,6 +40,7 @@ options:
     - A dictionary structure as returned by the token module.
     - If value not set, will try environment variable C(CONTROLLER_OAUTH_TOKEN) and then config files
     type: raw
+    aliases: [ controller_oauthtoken ]
     version_added: "3.7.0"
   validate_certs:
     description:
@@ -60,7 +61,7 @@ options:
     - Path to the controller config file.
     - If provided, the other locations for config files will not be considered.
     type: path
-    aliases: [tower_config_file]
+    aliases: [ tower_config_file ]
 
 notes:
 - If no I(config_file) is provided we will attempt to use the tower-cli library

awx_collection/plugins/doc_fragments/auth_plugin.py

@@ -40,11 +40,20 @@ options:
         version: '4.0.0'
         why: Collection name change
         alternatives: 'TOWER_PASSWORD, AAP_PASSWORD'
+<<<<<<< HEAD
   aap_token:
+=======
+  oauth_token:
+>>>>>>> tower/test_stable-2.6
     description:
     - The OAuth token to use.
     env:
     - name: AAP_TOKEN
+<<<<<<< HEAD
+=======
+    - name: CONTROLLER_OAUTH_TOKEN
+    - name: TOWER_OAUTH_TOKEN
+>>>>>>> tower/test_stable-2.6
       deprecated:
         collection_name: 'awx.awx'
         version: '4.0.0'

awx_collection/plugins/lookup/schedule_rrule.py

@@ -73,9 +73,15 @@ DOCUMENTATION = """
 """
 
 EXAMPLES = """
+<<<<<<< HEAD
 - name: Create a string for a schedule
   debug:
     msg: "{{ lookup('awx.awx.schedule_rrule', 'none', start_date='1979-09-13 03:45:07') }}"
+=======
+    - name: Create a string for a schedule
+      debug:
+        msg: "{{ lookup('awx.awx.schedule_rrule', 'none', start_date='1979-09-13 03:45:07') }}"
+>>>>>>> tower/test_stable-2.6
 """
 
 RETURN = """

awx_collection/plugins/lookup/schedule_rruleset.py

@@ -107,6 +107,7 @@ DOCUMENTATION = """
 """
 
 EXAMPLES = """
+<<<<<<< HEAD
 - name: Create a ruleset for everyday except Sundays
   set_fact:
     complex_rule: "{{ lookup(awx.awx.schedule_rruleset, '2022-04-30 10:30:45', rules=rrules, timezone='UTC' ) }}"
@@ -118,6 +119,19 @@ EXAMPLES = """
         interval: 1
         byweekday: 'sunday'
         include: false
+=======
+    - name: Create a ruleset for everyday except Sundays
+      set_fact:
+        complex_rule: "{{ lookup(awx.awx.schedule_rruleset, '2022-04-30 10:30:45', rules=rrules, timezone='UTC' ) }}"
+      vars:
+        rrules:
+          - frequency: 'day'
+            interval: 1
+          - frequency: 'day'
+            interval: 1
+            byweekday: 'sunday'
+            include: False
+>>>>>>> tower/test_stable-2.6
 """
 
 RETURN = """

awx_collection/plugins/module_utils/controller_api.py

@@ -75,6 +75,10 @@ class ControllerModule(AnsibleModule):
         aap_token=dict(
             type='raw',
             no_log=True,
+<<<<<<< HEAD
+=======
+            aliases=['controller_oauthtoken',],
+>>>>>>> tower/test_stable-2.6
             required=False,
             fallback=(env_fallback, ['CONTROLLER_OAUTH_TOKEN', 'TOWER_OAUTH_TOKEN', 'AAP_TOKEN'])
         ),
@@ -132,6 +136,23 @@ class ControllerModule(AnsibleModule):
             if direct_value is not None:
                 setattr(self, short_param, direct_value)
 
+<<<<<<< HEAD
+=======
+        # Perform magic depending on whether aap_token is a string or a dict
+        if self.params.get('aap_token'):
+            token_param = self.params.get('aap_token')
+            if isinstance(token_param, dict):
+                if 'token' in token_param:
+                    self.oauth_token = self.params.get('aap_token')['token']
+                else:
+                    self.fail_json(msg="The provided dict in aap_token did not properly contain the token entry")
+            elif isinstance(token_param, string_types):
+                self.oauth_token = self.params.get('aap_token')
+            else:
+                error_msg = "The provided aap_token type was not valid ({0}). Valid options are str or dict.".format(type(token_param).__name__)
+                self.fail_json(msg=error_msg)
+
+>>>>>>> tower/test_stable-2.6
         # Perform some basic validation
         if not self.host.startswith(("https://", "http://")):  # NOSONAR
             self.host = "https://{0}".format(self.host)
@@ -538,7 +559,18 @@ class ControllerAPIModule(ControllerModule):
                 self.fail_json(msg='Invalid authentication credentials for {0} (HTTP 401).'.format(url.path))
             # Sanity check: Did we get a forbidden response, which means that the user isn't allowed to do this? Report that.
             elif he.code == 403:
-                self.fail_json(msg="You don't have permission to {1} to {0} (HTTP 403).".format(url.path, method))
+                # Hack: Tell the customer to use the platform supported collection when interacting with Org, Team, User Controller endpoints
+                err_msg = he.fp.read().decode('utf-8')
+                try:
+                    # Defensive coding. Handle json responses and non-json responses
+                    err_msg = loads(err_msg)
+                    err_msg = err_msg['detail']
+                # JSONDecodeError only available on Python 3.5+
+                except ValueError:
+                    pass
+                prepend_msg = " Use the collection ansible.platform to modify resources Organization, User, or Team." if (
+                    "this resource via the platform ingress") in err_msg else ""
+                self.fail_json(msg="You don't have permission to {1} to {0} (HTTP 403).{2}".format(url.path, method, prepend_msg))
             # Sanity check: Did we get a 404 response?
             # Requests with primary keys will return a 404 if there is no response, and we want to consistently trap these.
             elif he.code == 404:

awx_collection/plugins/modules/application.py

@@ -0,0 +1,166 @@
+#!/usr/bin/python
+# coding: utf-8 -*-
+
+# (c) 2020,Geoffrey Bachelot <bachelotg@gmail.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+
+ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'}
+
+
+DOCUMENTATION = '''
+---
+module: application
+author: "Geoffrey Bacheot (@jffz)"
+short_description: create, update, or destroy Automation Platform Controller applications
+deprecated:
+    removed_in: '25.0.0'
+    why: This module manages a legacy authentication feature that is being phased out.
+    alternative: Migrate to token-based authentication.
+description:
+    - Create, update, or destroy Automation Platform Controller applications. See
+      U(https://www.ansible.com/tower) for an overview.
+options:
+    name:
+      description:
+        - Name of the application.
+      required: True
+      type: str
+    new_name:
+      description:
+        - Setting this option will change the existing name (looked up via the name field).
+      type: str
+    description:
+      description:
+        - Description of the application.
+      type: str
+    authorization_grant_type:
+      description:
+        - The grant type the user must use for acquire tokens for this application.
+      choices: ["password", "authorization-code"]
+      type: str
+      required: False
+    client_type:
+      description:
+        - Set to public or confidential depending on how secure the client device is.
+      choices: ["public", "confidential"]
+      type: str
+      required: False
+    organization:
+      description:
+        - Name, ID, or named URL of organization for application.
+      type: str
+      required: True
+    redirect_uris:
+      description:
+        - Allowed urls list, space separated. Required when authorization-grant-type=authorization-code
+      type: list
+      elements: str
+    state:
+      description:
+        - Desired state of the resource.
+      default: "present"
+      choices: ["present", "absent", "exists"]
+      type: str
+    skip_authorization:
+      description:
+        - Set True to skip authorization step for completely trusted applications.
+      type: bool
+
+extends_documentation_fragment: awx.awx.auth
+'''
+
+
+EXAMPLES = '''
+- name: Add Foo application
+  application:
+    name: "Foo"
+    description: "Foo bar application"
+    organization: "test"
+    state: present
+    authorization_grant_type: password
+    client_type: public
+
+- name: Add Foo application
+  application:
+    name: "Foo"
+    description: "Foo bar application"
+    organization: "test"
+    state: present
+    authorization_grant_type: authorization-code
+    client_type: confidential
+    redirect_uris:
+      - http://tower.com/api/v2/
+'''
+
+from ..module_utils.controller_api import ControllerAPIModule
+
+
+def main():
+    # Any additional arguments that are not fields of the item can be added here
+    argument_spec = dict(
+        name=dict(required=True),
+        new_name=dict(),
+        description=dict(),
+        authorization_grant_type=dict(choices=["password", "authorization-code"]),
+        client_type=dict(choices=['public', 'confidential']),
+        organization=dict(required=True),
+        redirect_uris=dict(type="list", elements='str'),
+        state=dict(choices=['present', 'absent', 'exists'], default='present'),
+        skip_authorization=dict(type='bool'),
+    )
+
+    # Create a module for ourselves
+    module = ControllerAPIModule(argument_spec=argument_spec)
+
+    # Extract our parameters
+    name = module.params.get('name')
+    new_name = module.params.get("new_name")
+    description = module.params.get('description')
+    authorization_grant_type = module.params.get('authorization_grant_type')
+    client_type = module.params.get('client_type')
+    organization = module.params.get('organization')
+    redirect_uris = module.params.get('redirect_uris')
+    skip_authorization = module.params.get('skip_authorization')
+    state = module.params.get('state')
+
+    # Attempt to look up the related items the user specified (these will fail the module if not found)
+    org_id = module.resolve_name_to_id('organizations', organization)
+
+    # Attempt to look up application based on the provided name and org ID
+    application = module.get_one('applications', name_or_id=name, check_exists=(state == 'exists'), **{'data': {'organization': org_id}})
+
+    if state == 'absent':
+        # If the state was absent we can let the module delete it if needed, the module will handle exiting from this
+        module.delete_if_needed(application)
+
+    # Create the data that gets sent for create and update
+    application_fields = {
+        'name': new_name if new_name else (module.get_item_name(application) if application else name),
+        'organization': org_id,
+    }
+    if authorization_grant_type is not None:
+        application_fields['authorization_grant_type'] = authorization_grant_type
+    if client_type is not None:
+        application_fields['client_type'] = client_type
+    if description is not None:
+        application_fields['description'] = description
+    if redirect_uris is not None:
+        application_fields['redirect_uris'] = ' '.join(redirect_uris)
+    if skip_authorization is not None:
+        application_fields['skip_authorization'] = skip_authorization
+
+    response = module.create_or_update_if_needed(application, application_fields, endpoint='applications', item_type='application', auto_exit=False)
+    if 'client_id' in response:
+        module.json_output['client_id'] = response['client_id']
+    if 'client_secret' in response:
+        module.json_output['client_secret'] = response['client_secret']
+    module.exit_json(**module.json_output)
+
+
+if __name__ == '__main__':
+    main()

awx_collection/plugins/modules/schedule.py

@@ -180,8 +180,13 @@ EXAMPLES = '''
       - frequency: 'day'
         interval: 1
       - frequency: 'day'
+<<<<<<< HEAD
         interval: 1
         byweekday: 'sunday'
+=======
+        every: 1
+        on_days: 'sunday'
+>>>>>>> tower/test_stable-2.6
         include: false
 
 - name: Delete 'my_schedule' schedule for my_workflow