From e5552b547b3950fe03f58a92273d0daa8237fbfc Mon Sep 17 00:00:00 2001 From: Ryan Petrello Date: Tue, 4 Aug 2020 18:34:18 -0400 Subject: [PATCH] properly migrate settings.FALLBACK_GALAXY_SERVERS --- awx/main/migrations/_galaxy.py | 36 +++++++++++++++++++ .../test_galaxy_credential_migration.py | 33 +++++++++++++++++ 2 files changed, 69 insertions(+) diff --git a/awx/main/migrations/_galaxy.py b/awx/main/migrations/_galaxy.py index 2f6cfc25fd..55166585d9 100644 --- a/awx/main/migrations/_galaxy.py +++ b/awx/main/migrations/_galaxy.py @@ -4,6 +4,7 @@ import logging from awx.main.utils.encryption import encrypt_field, decrypt_field +from django.conf import settings from django.utils.timezone import now from awx.main.models import CredentialType as ModernCredentialType @@ -69,6 +70,41 @@ def migrate_galaxy_settings(apps, schema_editor): cred.inputs['token'] = encrypt_field(cred, 'token') cred.save() org.galaxy_credentials.add(cred) + + fallback_servers = getattr(settings, 'FALLBACK_GALAXY_SERVERS', []) + for fallback in fallback_servers: + url = fallback.get('url', None) + auth_url = fallback.get('auth_url', None) + username = fallback.get('username', None) + password = fallback.get('password', None) + token = fallback.get('token', None) + if username or password: + logger.error( + f'Specifying HTTP basic auth for the Ansible Galaxy API ' + f'({url}) is no longer supported. ' + 'Please provide an API token instead after your upgrade ' + 'has completed', + ) + inputs = {'url': url} + if token: + inputs['token'] = token + if auth_url: + inputs['auth_url'] = auth_url + cred = Credential( + created=now(), + modified=now(), + name=f'Ansible Galaxy ({url})', + organization=org, + credential_type=galaxy_type, + inputs=inputs + ) + cred.save() + if token: + # encrypt based on the primary key from the prior save + cred.inputs['token'] = encrypt_field(cred, 'token') + cred.save() + org.galaxy_credentials.add(cred) + if public_galaxy_enabled: # If public Galaxy was enabled, make a credential for it cred = Credential( diff --git a/awx/main/tests/functional/test_galaxy_credential_migration.py b/awx/main/tests/functional/test_galaxy_credential_migration.py index 7c1c89c202..1cf008b193 100644 --- a/awx/main/tests/functional/test_galaxy_credential_migration.py +++ b/awx/main/tests/functional/test_galaxy_credential_migration.py @@ -1,5 +1,6 @@ import importlib +from django.conf import settings from django.contrib.contenttypes.models import ContentType import pytest @@ -76,3 +77,35 @@ def test_multiple_galaxies(): assert creds[1].name == 'Ansible Galaxy' assert creds[1].inputs['url'] == 'https://galaxy.ansible.com/' + + +@pytest.mark.django_db +def test_fallback_galaxies(): + org = Organization.objects.create() + assert org.galaxy_credentials.count() == 0 + Setting.objects.create(key='PRIMARY_GALAXY_URL', value='https://example.org/') + Setting.objects.create(key='PRIMARY_GALAXY_AUTH_URL', value='https://auth.example.org/') + Setting.objects.create(key='PRIMARY_GALAXY_TOKEN', value='secret123') + try: + settings.FALLBACK_GALAXY_SERVERS = [{ + 'id': 'abc123', + 'url': 'https://some-other-galaxy.example.org/', + 'auth_url': 'https://some-other-galaxy.sso.example.org/', + 'username': 'user', + 'password': 'pass', + 'token': 'fallback123', + }] + galaxy.migrate_galaxy_settings(apps, None) + finally: + settings.FALLBACK_GALAXY_SERVERS = [] + assert org.galaxy_credentials.count() == 3 + creds = org.galaxy_credentials.all() + assert creds[0].name == 'Private Galaxy (https://example.org/)' + assert creds[0].inputs['url'] == 'https://example.org/' + assert creds[1].name == 'Ansible Galaxy (https://some-other-galaxy.example.org/)' + assert creds[1].inputs['url'] == 'https://some-other-galaxy.example.org/' + assert creds[1].inputs['auth_url'] == 'https://some-other-galaxy.sso.example.org/' + assert creds[1].inputs['token'].startswith('$encrypted$') + assert creds[1].get_input('token') == 'fallback123' + assert creds[2].name == 'Ansible Galaxy' + assert creds[2].inputs['url'] == 'https://galaxy.ansible.com/'