From a30ca9c19caaf3061e55154e30f435fda8fff217 Mon Sep 17 00:00:00 2001 From: Ryan Petrello Date: Wed, 5 Aug 2020 14:35:44 -0400 Subject: [PATCH] don't run ansible-galaxy installs if there are no Galaxy credentials --- awx/main/tasks.py | 14 ++++++++++++-- awx/main/tests/unit/test_tasks.py | 28 ++++++++++++++++++++++++---- 2 files changed, 36 insertions(+), 6 deletions(-) diff --git a/awx/main/tasks.py b/awx/main/tasks.py index b81bb939d8..0fbcb3618d 100644 --- a/awx/main/tasks.py +++ b/awx/main/tasks.py @@ -2117,6 +2117,16 @@ class RunProjectUpdate(BaseTask): raise RuntimeError('Could not determine a revision to run from project.') elif not scm_branch: scm_branch = {'hg': 'tip'}.get(project_update.scm_type, 'HEAD') + + galaxy_creds_are_defined = project_update.project.organization.galaxy_credentials.exists() + if not galaxy_creds_are_defined and ( + settings.AWX_ROLES_ENABLED or settings.AWX_COLLECTIONS_ENABLED + ): + logger.debug( + 'Galaxy role/collection syncing is enabled, but no ' + f'credentials are configured for {project_update.project.organization}.' + ) + extra_vars.update({ 'projects_root': settings.PROJECTS_ROOT.rstrip('/'), 'local_path': os.path.basename(project_update.project.local_path), @@ -2127,8 +2137,8 @@ class RunProjectUpdate(BaseTask): 'scm_url': scm_url, 'scm_branch': scm_branch, 'scm_clean': project_update.scm_clean, - 'roles_enabled': settings.AWX_ROLES_ENABLED, - 'collections_enabled': settings.AWX_COLLECTIONS_ENABLED, + 'roles_enabled': galaxy_creds_are_defined and settings.AWX_ROLES_ENABLED, + 'collections_enabled': galaxy_creds_are_defined and settings.AWX_COLLECTIONS_ENABLED, }) # apply custom refspec from user for PR refs and the like if project_update.scm_refspec: diff --git a/awx/main/tests/unit/test_tasks.py b/awx/main/tests/unit/test_tasks.py index a110b2a817..b49af2efd0 100644 --- a/awx/main/tests/unit/test_tasks.py +++ b/awx/main/tests/unit/test_tasks.py @@ -66,7 +66,8 @@ def patch_Organization(): credentials_mock = mock.Mock(**{ 'all': lambda: _credentials, 'add': _credentials.append, - 'spec_set': ['all', 'add'], + 'exists': lambda: len(_credentials) > 0, + 'spec_set': ['all', 'add', 'exists'], }) with mock.patch.object(Organization, 'galaxy_credentials', credentials_mock): yield @@ -1799,7 +1800,7 @@ class TestProjectUpdateGalaxyCredentials(TestJobExecution): def project_update(self): org = Organization(pk=1) proj = Project(pk=1, organization=org) - project_update = ProjectUpdate(pk=1, project=proj) + project_update = ProjectUpdate(pk=1, project=proj, scm_type='git') project_update.websocket_emit_status = mock.Mock() return project_update @@ -1820,19 +1821,38 @@ class TestProjectUpdateGalaxyCredentials(TestJobExecution): assert 'ANSIBLE_GALAXY_IGNORE' not in env def test_galaxy_credentials_empty(self, private_data_dir, project_update): - task = tasks.RunProjectUpdate() + + class RunProjectUpdate(tasks.RunProjectUpdate): + __vars__ = {} + + def _write_extra_vars_file(self, private_data_dir, extra_vars, *kw): + self.__vars__ = extra_vars + + task = RunProjectUpdate() env = task.build_env(project_update, private_data_dir) + task.build_extra_vars_file(project_update, private_data_dir) + assert task.__vars__['roles_enabled'] is False + assert task.__vars__['collections_enabled'] is False for k in env: assert not k.startswith('ANSIBLE_GALAXY_SERVER') def test_single_public_galaxy(self, private_data_dir, project_update): + class RunProjectUpdate(tasks.RunProjectUpdate): + __vars__ = {} + + def _write_extra_vars_file(self, private_data_dir, extra_vars, *kw): + self.__vars__ = extra_vars + credential_type = CredentialType.defaults['galaxy_api_token']() public_galaxy = Credential(pk=1, credential_type=credential_type, inputs={ 'url': 'https://galaxy.ansible.com/', }) project_update.project.organization.galaxy_credentials.add(public_galaxy) - task = tasks.RunProjectUpdate() + task = RunProjectUpdate() env = task.build_env(project_update, private_data_dir) + task.build_extra_vars_file(project_update, private_data_dir) + assert task.__vars__['roles_enabled'] is True + assert task.__vars__['collections_enabled'] is True assert sorted([ (k, v) for k, v in env.items() if k.startswith('ANSIBLE_GALAXY')