Ship analytics data using service account token (#15812)

Use oidc client to ship analytics data
2026-03-07 19:51:08 -03:30 · 2025-02-19 16:38:47 -05:00
parent 3495c421c1
commit e56752d55b
3 changed files with 49 additions and 23 deletions
--- a/awx/api/views/analytics.py
+++ b/awx/api/views/analytics.py
@@ -10,6 +10,7 @@ from awx.api.generics import APIView, Response
 from awx.api.permissions import AnalyticsPermission
 from awx.api.versioning import reverse
 from awx.main.utils import get_awx_version
+from awx.main.utils.analytics_proxy import OIDCClient, DEFAULT_OIDC_ENDPOINT
 from rest_framework import status

 from collections import OrderedDict
@@ -179,32 +180,48 @@ class AnalyticsGenericView(APIView):

        return Response(response.content, status=response.status_code)

+    @staticmethod
+    def _base_auth_request(request: requests.Request, method: str, url: str, user: str, pw: str, headers: dict[str, str]) -> requests.Response:
+        response = requests.request(
+            method,
+            url,
+            auth=(user, pw),
+            verify=settings.INSIGHTS_CERT_PATH,
+            params=getattr(request, 'query_params', {}),
+            headers=headers,
+            json=getattr(request, 'data', {}),
+            timeout=(31, 31),
+        )
+        return response
+
    def _send_to_analytics(self, request, method):
        try:
            headers = self._request_headers(request)

            self._get_setting('INSIGHTS_TRACKING_STATE', False, ERROR_UPLOAD_NOT_ENABLED)
+            if method not in ["GET", "POST", "OPTIONS"]:
+                return self._error_response(ERROR_UNSUPPORTED_METHOD, method, remote=False, status_code=status.HTTP_500_INTERNAL_SERVER_ERROR)
            url = self._get_analytics_url(request.path)
            try:
                rh_user = self._get_setting('REDHAT_USERNAME', None, ERROR_MISSING_USER)
                rh_password = self._get_setting('REDHAT_PASSWORD', None, ERROR_MISSING_PASSWORD)
-            except MissingSettings:
-                rh_user = self._get_setting('SUBSCRIPTIONS_USERNAME', None, ERROR_MISSING_USER)
-                rh_password = self._get_setting('SUBSCRIPTIONS_PASSWORD', None, ERROR_MISSING_PASSWORD)
-
-            if method not in ["GET", "POST", "OPTIONS"]:
-                return self._error_response(ERROR_UNSUPPORTED_METHOD, method, remote=False, status_code=status.HTTP_500_INTERNAL_SERVER_ERROR)
-            else:
-                response = requests.request(
+                client = OIDCClient(rh_user, rh_password, DEFAULT_OIDC_ENDPOINT, ['api.console'])
+                response = client.make_request(
                    method,
                    url,
-                    auth=(rh_user, rh_password),
+                    headers=headers,
                    verify=settings.INSIGHTS_CERT_PATH,
                    params=getattr(request, 'query_params', {}),
-                    headers=headers,
                    json=getattr(request, 'data', {}),
                    timeout=(31, 31),
                )
+            except requests.RequestException:
+                logger.error("Automation Analytics API request failed, trying base auth method")
+                response = self._base_auth_request(request, method, url, rh_user, rh_password, headers)
+            except MissingSettings:
+                rh_user = self._get_setting('SUBSCRIPTIONS_USERNAME', None, ERROR_MISSING_USER)
+                rh_password = self._get_setting('SUBSCRIPTIONS_PASSWORD', None, ERROR_MISSING_PASSWORD)
+                response = self._base_auth_request(request, method, url, rh_user, rh_password, headers)
            #
            # Missing or wrong user/pass
            #