Add new credential entry point discovery (#15685)

* - add new entry points - add logic to check what version of the project is running * remove former discovery method * update custom_injectors and remove unused import * fix how we load external creds * remove stale code to match devel * fix cloudforms test and move credential loading * add load credentials method to get tests passing * Conditionalize integration tests if the cred is present * remove inventory source test * inventory source is covered in the workflow job template target
2026-05-08 18:07:36 -02:30 · 2025-01-15 16:10:28 -05:00
parent e106e10b49
commit f05173cb65
12 changed files with 172 additions and 219 deletions
--- a/awx_collection/tests/integration/targets/credential/tasks/main.yml
+++ b/awx_collection/tests/integration/targets/credential/tasks/main.yml
@@ -25,6 +25,21 @@
    insights_cred_name2: "AWX-Collection-tests-credential-insights-cred2-{{ test_id }}"
    tower_cred_name1: "AWX-Collection-tests-credential-tower-cred1-{{ test_id }}"

+- name: Get current Credential Types available
+  ansible.builtin.set_fact:
+    credentials: "{{ lookup('awx.awx.controller_api', 'credential_types') }}"
+
+- name: Register Credentials found
+  set_fact:
+    aws_found: "{{ 'Amazon Web Services' in credentials | map(attribute='name') | list }}"
+    vmware_found: "{{ 'VMware vCenter' in credentials | map(attribute='name') | list }}"
+    azure_found: "{{ 'Microsoft Azure Resource Manager' in credentials | map(attribute='name') | list }}"
+    gce_found: "{{ 'Google Compute Engine' in credentials | map(attribute='name') | list }}"
+    insights_found: "{{ 'Red Hat Insights' in credentials | map(attribute='name') | list }}"
+    satellite_found: "{{ 'Red Hat Satellite 6' in credentials | map(attribute='name') | list }}"
+    openstack_found: "{{ 'OpenStack' in credentials | map(attribute='name') | list }}"
+    rhv_found: "{{ 'Red Hat Virtualization' in credentials | map(attribute='name') | list }}"
+
 - name: create a tempdir for an SSH key
  local_action: shell mktemp -d
  register: tempdir
@@ -464,10 +479,12 @@
      password: secret
      security_token: aws-token
  register: result
+  when: aws_found

 - assert:
    that:
      - "result is changed"
+  when: aws_found

 - name: Delete an AWS credential
  credential:
@@ -476,10 +493,12 @@
    state: absent
    credential_type: Amazon Web Services
  register: result
+  when: aws_found

 - assert:
    that:
      - "result is changed"
+  when: aws_found

 - name: Create a valid VMWare credential
  credential:
@@ -492,10 +511,12 @@
      username: joe
      password: secret
  register: result
+  when: vmware_found

 - assert:
    that:
      - "result is changed"
+  when: vmware_found

 - name: Delete an VMWare credential
  credential:
@@ -504,10 +525,12 @@
    state: absent
    credential_type: VMware vCenter
  register: result
+  when: vmware_found

 - assert:
    that:
      - "result is changed"
+  when: vmware_found

 - name: Create a valid Satellite6 credential
  credential:
@@ -520,10 +543,12 @@
      username: joe
      password: secret
  register: result
+  when: satellite_found

 - assert:
    that:
      - "result is changed"
+  when: satellite_found

 - name: Delete a Satellite6 credential
  credential:
@@ -532,10 +557,12 @@
    state: absent
    credential_type: Red Hat Satellite 6
  register: result
+  when: satellite_found

 - assert:
    that:
      - "result is changed"
+  when: satellite_found

 - name: Create a valid GCE credential
  credential:
@@ -548,10 +575,12 @@
      project: ABC123
      ssh_key_data: "{{ ssh_key_data }}"
  register: result
+  when: gce_found

 - assert:
    that:
      - "result is changed"
+  when: gce_found

 - name: Delete a GCE credential
  credential:
@@ -560,10 +589,12 @@
    state: absent
    credential_type: Google Compute Engine
  register: result
+  when: gce_found

 - assert:
    that:
      - "result is changed"
+  when: gce_found

 - name: Create a valid AzureRM credential
  credential:
@@ -576,10 +607,12 @@
      password: secret
      subscription: some-subscription
  register: result
+  when: azure_found

 - assert:
    that:
      - "result is changed"
+  when: azure_found

 - name: Create a valid AzureRM credential with a tenant
  credential:
@@ -593,10 +626,12 @@
      tenant: some-tenant
      subscription: some-subscription
  register: result
+  when: azure_found

 - assert:
    that:
      - "result is changed"
+  when: azure_found

 - name: Delete an AzureRM credential
  credential:
@@ -605,10 +640,12 @@
    state: absent
    credential_type: Microsoft Azure Resource Manager
  register: result
+  when: azure_found

 - assert:
    that:
      - "result is changed"
+  when: azure_found

 - name: Create a valid OpenStack credential
  credential:
@@ -623,10 +660,12 @@
      project: tenant123
      domain: some-domain
  register: result
+  when: openstack_found

 - assert:
    that:
      - "result is changed"
+  when: openstack_found

 - name: Delete a OpenStack credential
  credential:
@@ -635,10 +674,12 @@
    state: absent
    credential_type: OpenStack
  register: result
+  when: openstack_found

 - assert:
    that:
      - "result is changed"
+  when: openstack_found

 - name: Create a valid RHV credential
  credential:
@@ -651,10 +692,12 @@
      username: joe
      password: secret
  register: result
+  when: rhv_found

 - assert:
    that:
      - "result is changed"
+  when: rhv_found

 - name: Delete an RHV credential
  credential:
@@ -663,10 +706,12 @@
    state: absent
    credential_type: Red Hat Virtualization
  register: result
+  when: rhv_found

 - assert:
    that:
      - "result is changed"
+  when: rhv_found

 - name: Create a valid Insights credential
  credential:
@@ -678,10 +723,12 @@
      username: joe
      password: secret
  register: result
+  when: insights_found

 - assert:
    that:
      - "result is changed"
+  when: insights_found

 - name: Delete an Insights credential
  credential:
@@ -690,10 +737,12 @@
    state: absent
    credential_type: Insights
  register: result
+  when: insights_found

 - assert:
    that:
      - "result is changed"
+  when: insights_found

 - name: Create a valid Insights token credential
  credential:
@@ -705,10 +754,12 @@
      client_id: joe
      client_secret: secret
  register: result
+  when: insights_found

 - assert:
    that:
      - "result is changed"
+  when: insights_found

 - name: Delete an Insights token credential
  credential:
@@ -717,10 +768,12 @@
    state: absent
    credential_type: Insights
  register: result
+  when: insights_found

 - assert:
    that:
      - "result is changed"
+  when: insights_found

 - name: Create a valid Tower-to-Tower credential
  credential:
--- a/awx_collection/tests/integration/targets/credential_input_source/tasks/main.yml
+++ b/awx_collection/tests/integration/targets/credential_input_source/tasks/main.yml
@@ -9,7 +9,17 @@
    src_cred_name: "AWX-Collection-tests-credential_input_source-src_cred-{{ test_id }}"
    target_cred_name: "AWX-Collection-tests-credential_input_source-target_cred-{{ test_id }}"

- block:
+- name: detect credential types
+  ansible.builtin.set_fact:
+    credentials: "{{ lookup('awx.awx.controller_api', 'credential_types') }}"
+
+- name: Register Credentials found
+  set_fact:
+    cyberark_found: "{{ 'CyberArk Central Credential Provider Lookup' in credentials | map(attribute='name') | list }}"
+
+- name: Test credential lookup workflow
+  when: cyberark_found
+  block:
    - name: Add credential Lookup
      credential:
        description: Credential for Testing Source
@@ -121,7 +131,9 @@
        that:
          - "result is changed"

-  always:
+- name: Clean up if previous block ran
+  when: cyberark_found
+  block:
    - name: Remove a credential source
      credential_input_source:
        input_field_name: password
--- a/awx_collection/tests/integration/targets/inventory/tasks/main.yml
+++ b/awx_collection/tests/integration/targets/inventory/tasks/main.yml
@@ -8,7 +8,6 @@
  set_fact:
    inv_name1: "AWX-Collection-tests-inventory-inv1-{{ test_id }}"
    inv_name2: "AWX-Collection-tests-inventory-inv2-{{ test_id }}"
-    cred_name1: "AWX-Collection-tests-inventory-cred1-{{ test_id }}"
    group_name1: "AWX-Collection-tests-instance_group-group1-{{ test_id }}"

 - block:
@@ -23,21 +22,6 @@
        that:
          - "result is changed"

-    - name: Create an Insights Credential
-      credential:
-        name: "{{ cred_name1 }}"
-        organization: Default
-        credential_type: Insights
-        inputs:
-          username: joe
-          password: secret
-        state: present
-      register: result
-
-    - assert:
-        that:
-          - "result is changed"
-
    - name: Create an Inventory
      inventory:
        name: "{{ inv_name1 }}"
@@ -227,10 +211,3 @@
      instance_group:
        name: "{{ group_name1 }}"
        state: absent
-
-    - name: Delete Insights Credential
-      credential:
-        name: "{{ cred_name1 }}"
-        organization: "Default"
-        credential_type: Insights
-        state: absent
--- a/awx_collection/tests/integration/targets/inventory_source/tasks/main.yml
+++ b/awx_collection/tests/integration/targets/inventory_source/tasks/main.yml
@@ -1,143 +0,0 @@
---
- name: Generate a test ID
-  set_fact:
-    test_id: "{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
-  when: test_id is not defined
-
- name: Generate names
-  set_fact:
-    openstack_cred: "AWX-Collection-tests-inventory_source-cred-openstack-{{ test_id }}"
-    openstack_inv: "AWX-Collection-tests-inventory_source-inv-openstack-{{ test_id }}"
-    openstack_inv_source: "AWX-Collection-tests-inventory_source-inv-source-openstack-{{ test_id }}"
-
- name: Add a credential
-  credential:
-    description: Credentials for Openstack Test project
-    name: "{{ openstack_cred }}"
-    credential_type: OpenStack
-    organization: Default
-    inputs:
-      project: Test
-      username: admin
-      host: https://example.org:5000
-      password: passw0rd
-      domain: test
-  register: credential_result
-
- name: Add an inventory
-  inventory:
-    description: Test inventory
-    organization: Default
-    name: "{{ openstack_inv }}"
-
- name: Create an source inventory
-  inventory_source:
-    name: "{{ openstack_inv_source }}"
-    description: Source for Test inventory
-    inventory: "{{ openstack_inv }}"
-    credential: "{{ credential_result.id }}"
-    overwrite: true
-    update_on_launch: true
-    source_vars:
-      private: false
-    source: openstack
-  register: result
-
- assert:
-    that:
-      - "result is changed"
-
- name: Create an source inventory with exists
-  inventory_source:
-    name: "{{ openstack_inv_source }}"
-    description: Source for Test inventory
-    inventory: "{{ openstack_inv }}"
-    credential: "{{ credential_result.id }}"
-    overwrite: true
-    update_on_launch: true
-    source_vars:
-      private: false
-    source: openstack
-    state: exists
-  register: result
-
- assert:
-    that:
-      - "result is not changed"
-
- name: Delete an source inventory
-  inventory_source:
-    name: "{{ openstack_inv_source }}"
-    description: Source for Test inventory
-    inventory: "{{ openstack_inv }}"
-    credential: "{{ credential_result.id }}"
-    overwrite: true
-    update_on_launch: true
-    source_vars:
-      private: false
-    source: openstack
-    state: absent
-  register: result
-
- assert:
-    that:
-      - "result is changed"
-
- name: Create an source inventory with exists
-  inventory_source:
-    name: "{{ openstack_inv_source }}"
-    description: Source for Test inventory
-    inventory: "{{ openstack_inv }}"
-    credential: "{{ credential_result.id }}"
-    overwrite: true
-    update_on_launch: true
-    source_vars:
-      private: false
-    source: openstack
-    state: exists
-  register: result
-
- assert:
-    that:
-      - "result is changed"
-
- name: Delete the inventory source with an invalid cred and source_project specified
-  inventory_source:
-    name: "{{ result.id }}"
-    inventory: "{{ openstack_inv }}"
-    credential: "Does Not Exit"
-    source_project: "Does Not Exist"
-    state: absent
-
- assert:
-    that:
-      - "result is changed"
-
- name: Delete the credential
-  credential:
-    description: Credentials for Openstack Test project
-    name: "{{ openstack_cred }}"
-    credential_type: OpenStack
-    organization: Default
-    inputs:
-      project: Test
-      username: admin
-      host: https://example.org:5000
-      password: passw0rd
-      domain: test
-    state: absent
-
- assert:
-    that:
-      - "result is changed"
-
- name: Delete the inventory
-  inventory:
-    description: Test inventory
-    organization: Default
-    name: "{{ openstack_inv }}"
-    state: absent
-
- assert:
-    that:
-      - "result is changed"
--- a/awx_collection/tests/integration/targets/workflow_job_template/tasks/main.yml
+++ b/awx_collection/tests/integration/targets/workflow_job_template/tasks/main.yml
@@ -28,6 +28,14 @@
    ig2: "AWX-Collection-tests-workflow_job_template-ig2-{{ test_id }}"
    host1: "AWX-Collection-tests-workflow_job_template-h1-{{ test_id }}"

+- name: detect credential types
+  ansible.builtin.set_fact:
+    credentials: "{{ lookup('awx.awx.controller_api', 'credential_types') }}"
+
+- name: Register Credentials found
+  set_fact:
+    github_found: "{{ 'Github Personal Access Token' in credentials | map(attribute='name') | list }}"
+
 - block:
    - name: "Create a new organization"
      organization:
@@ -36,22 +44,30 @@
          - Ansible Galaxy
      register: result

-    - name: Create Credentials
+    - name: Create SCM Credential
      credential:
-        name: "{{ item.name }}"
+        name: "{{ scm_cred_name }}"
        organization: Default
-        credential_type: "{{ item.type }}"
+        credential_type: Source Control
      register: result
-      loop:
-        - name: "{{ scm_cred_name }}"
-          type: Source Control
-        - name: "{{ github_webhook_credential_name }}"
-          type: GitHub Personal Access Token

    - assert:
        that:
          - "result is changed"

+    - name: Create Github PAT Credential
+      credential:
+        name: "{{ github_webhook_credential_name }}"
+        organization: Default
+        credential_type: Github Personal Access Token
+      register: result
+      when: github_found
+
+    - assert:
+        that:
+          - "result is changed"
+      when: github_found
+
    - name: Add email notification
      notification_template:
        name: "{{ email_not }}"
@@ -867,8 +883,8 @@
        name: "{{ webhook_wfjt_name }}"
        organization: Default
        inventory: Demo Inventory
-        webhook_service: gitlab
-        webhook_credential: "{{ github_webhook_credential_name }}"
+        webhook_service: "{{ 'gitlab' if github_found else omit }}"
+        webhook_credential: "{{ github_webhook_credential_name if github_found else omit }}"
      ignore_errors: true
      register: result

@@ -876,14 +892,15 @@
        that:
          - result is failed
          - "'Must match the selected webhook service' in result['msg']"
+      when: github_found and gitlab_found

    - name: Create a workflow job template with a GitHub webhook and a GitHub credential
      workflow_job_template:
        name: "{{ webhook_wfjt_name }}"
        organization: Default
        inventory: Demo Inventory
-        webhook_service: github
-        webhook_credential: "{{ github_webhook_credential_name }}"
+        webhook_service: "{{ 'github' if github_found else omit }}"
+        webhook_credential: "{{ github_webhook_credential_name if github_found else omit }}"
      register: result

    - assert: