From f51af034247b35d60494aba14cacbe6f264ec0b9 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Wed, 1 Oct 2025 14:59:54 -0400 Subject: [PATCH] Create system_administrator rbac role in migration * We had race conditions with the system_administrator role being created just-in-time. Instead of fixing the race condition(s), dodge them by ensuring the role always exists --- awx/main/migrations/0201_create_managed_creds.py | 6 ++++++ awx/main/tests/functional/test_migrations.py | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/awx/main/migrations/0201_create_managed_creds.py b/awx/main/migrations/0201_create_managed_creds.py index 310eabfc4c..399a13cbd5 100644 --- a/awx/main/migrations/0201_create_managed_creds.py +++ b/awx/main/migrations/0201_create_managed_creds.py @@ -10,6 +10,11 @@ def setup_tower_managed_defaults(apps, schema_editor): CredentialType.setup_tower_managed_defaults(apps) +def setup_rbac_role_system_administrator(apps, schema_editor): + Role = apps.get_model('main', 'Role') + Role.objects.get_or_create(singleton_name='system_administrator', role_field='system_administrator') + + class Migration(migrations.Migration): dependencies = [ ('main', '0200_template_name_constraint'), @@ -17,4 +22,5 @@ class Migration(migrations.Migration): operations = [ migrations.RunPython(setup_tower_managed_defaults), + migrations.RunPython(setup_rbac_role_system_administrator), ] diff --git a/awx/main/tests/functional/test_migrations.py b/awx/main/tests/functional/test_migrations.py index 371b333e17..5402dd7778 100644 --- a/awx/main/tests/functional/test_migrations.py +++ b/awx/main/tests/functional/test_migrations.py @@ -167,3 +167,9 @@ class TestMigrationSmoke: assert CredentialType.objects.filter( name=expected_name ).exists(), f'Could not find {expected_name} credential type name, all names: {list(CredentialType.objects.values_list("name", flat=True))}' + + # Verify the system_administrator role exists + Role = new_state.apps.get_model('main', 'Role') + assert Role.objects.filter( + singleton_name='system_administrator', role_field='system_administrator' + ).exists(), "expected to find a system_administrator singleton role"