External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-11 18:09:57 -03:30
Code Issues Packages Projects Releases Wiki Activity
34,077 Commits 54 Branches 19 Tags
Commit Graph

34077 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alan Rominger
00ba1ea569
Suppress docker pull output in checks (#15323) 
Supress docker pull output in checks
 2024-07-03 15:04:59 -04:00
Alan Rominger
d91af132c1
Fix server error assigning teams EE object roles (#15320) 2024-07-03 14:07:03 -04:00
Seth Foster
94e5795dfc
Prevent assigning credential to user of other org (#15296) 
Utilizes the `validate_role_assignment` callback
from dab (see dab PR #490) to prevent granting credential
access to a user of another organization.

This logic will work for role_user_assignments
and role_team_assignments endpoints.

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
 2024-07-02 21:05:22 +00:00
Alan Rominger
c4688d6298
Add in missing read permissions for organization audit role (#15318) 
* Add in missing read permissions for organization audit role

* Add missing audit permission, special case name handling
 2024-07-02 15:20:40 -04:00
TVo
6763badea3
Added new OpenShift Virtualization inventory source to docs. (#15299) 
* Added new OpenShift Virtualization inventory source to docs.

* Incorporated review feedback from @fosterseth and @TheRealHaoLiu.

* Fixed link to correct kubevirt.core.kubevirt documentation.
 2024-07-01 11:47:39 -06:00
Hao Liu
2c4ad6ef0f
Add better 403 error message for Job template create (#15307) 
* Add better 403 error message for Job template create

To create Job template u need access to projects and inventory

---------

Co-authored-by: Chris Meyers <chris.meyers.fsu@gmail.com>
 2024-07-01 15:02:07 +00:00
Hao Liu
37f44d7214
Add better error message for wfjt create 403 (#15309) 2024-07-01 10:50:49 -04:00
Alan Rominger
98bbc836a6
Fix server error from DAB ValidationError with strings (#15312) 2024-07-01 10:11:22 -04:00
Alan Rominger
b59aff50dc
Update ExecutionEnvironment model so object-level roles work with DAB RBAC system (#15289) 
* Add initial test for deletion of stale permission

* Delete existing EE view permission

* Hypothetically complete update of EE model permissions setup

* Tests passing locally

* Issue with user_capabilities was a test bug, fixed
 2024-06-28 16:09:42 -04:00
Alan Rominger
a70b0c1ddc
Do not use cache in github image build action (#15308) 
* Do not use cache in actual image build action

* Add cache args to kube prod builds
 2024-06-28 09:52:59 -04:00
Alan Rominger
db72c9d5b8
Fix permissions that come from an external auditor role (#15291) 
* Add tests for external auditor

* Add assertion for unified JTs which fails

* Fix UJT listing bug

* Add test for ad hoc commands just to be sure
 2024-06-27 15:57:39 -04:00
jamesmarshall24
4e0d19914f
LISTENER_DATABASES clobbers DATABASES OPTIONS (#15306) 
Do not overwrite DATABASES OPTIONS with LISTENER_DATABASES
 2024-06-27 13:26:30 -04:00
Hao Liu
6f2307f50e
Add TASK_MANAGER_LOCK_TIMEOUT (#15300) 
* Add TASK_MANAGER_LOCK_TIMEOUT

`TASK_MANAGER_LOCK_TIMEOUT` controls the `idle_in_transaction_session_timeout` and `idle_session_timeout` configuration for task manager connections and lock in database

hope to prevent the situation that the task instance that holds the lock becomes unresponsive and preventing other instance to be able to run task manager

* Add session timeout to periodic scheduler and all sub task manager locks
 2024-06-27 09:42:41 -04:00
Alan Rominger
dbc2215bb6
Make attached user models adhere to new API assignments (#15298) 2024-06-26 23:00:25 -04:00
Hao Liu
7c08b29827
Temporary workaround for CI failure (#15305) 
Workaround
```
ERROR awx/main/tests/functional/test_licenses.py - pip._vendor.distlib.DistlibException: Unable to locate finder for 'pip._vendor.distlib'
```
 2024-06-26 15:29:22 -04:00
TVo
407194d320
Added troubleshooting and tips tricks content (#15212) 
* Added troubleshooting and tips tricks content

* Added troubleshooting and tips tricks content

* Moved DNS host entry override info to customize pod spec section of CG chapter.

* Added troubleshooting and tips tricks content

* Moved DNS host entry override info to customize pod spec section of CG chapter.

* Update docs/docsite/rst/administration/containers_instance_groups.rst

Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>

* Update docs/docsite/rst/administration/containers_instance_groups.rst

Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>

* Update docs/docsite/rst/administration/containers_instance_groups.rst

Co-authored-by: Sandra McCann <samccann@redhat.com>

* Incorp'd review feedback from @fosterseth and @samccann

* Update docs/docsite/rst/administration/containers_instance_groups.rst

Co-authored-by: Sandra McCann <samccann@redhat.com>

* Final revisions based on @fosterseth's inputs.

---------

Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
Co-authored-by: Sandra McCann <samccann@redhat.com>
 2024-06-24 12:17:31 -06:00
Alan Rominger
853af295d9
Various RBAC fixes related to managed RoleDefinitions (#15287) 
* Add migration testing for certain managed roles

* Fix managed role bugs

* Add more tests

* Fix another bug with org workflow admin role reference

* Add test because another issue is fixed

* Mark reason for test

* Remove internal markers

* Reword failure message

Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>

---------

Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
 2024-06-21 09:29:34 -04:00
Alan Rominger
4738c8333a
Fix object-level permission bugs with DAB RBAC system (#15284) 
* Fix object-level permission bugs with DAB RBAC system

* Fix NT organization change regression

* Mark tests to AAP number
 2024-06-20 16:34:34 -04:00
Seth Foster
13dcea0afd
Check for admin_role in role_check.py (#15283) 
Script was falsely identifying cross-linked
parents. It needs to check if parent roles if
content type is Team and role_field is
member_role OR admin_role.

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
 2024-06-20 14:04:04 -04:00
Chris Meyers
bc2d339981 Clarify the search for a proxy 2024-06-18 16:41:45 -04:00
Chris Meyers
bef9ef10bb Rename delete 
* Include a bit of context into the name of the delete function. The
  HTTP_ added prepended string may be unexpected if Django's header
  transformation isn't top of mind.
 2024-06-18 16:41:45 -04:00
Chris Meyers
8645fe5c57 Add support for x-trusted-proxy 
* Increase the surface area of the set of headers that the proxy list
  feature looks at for the remote proxy IF x-trusted-proxy is valid.
 2024-06-18 16:41:45 -04:00
Chris Meyers
b93aa20362 Revert "Trust proxy headers for host provision callback" 
This reverts commit 49e3971cd577127705fc0fd1d3b4ab7e3a3c3c2b.
 2024-06-18 16:41:45 -04:00
Chris Meyers
4bbfc8a946 Tests for trust proxy and existing explicit proxy 
* Integration tests to ensure the integration of the two features.
 2024-06-18 16:41:45 -04:00
Chris Meyers
2c8eef413b Trust proxy headers for host provision callback 
* Do not remove special header list if request is from a trusted proxy.
* Continue to remove headers if request if from a non-trusted proxy.
 2024-06-18 16:41:45 -04:00
Alan Rominger
d5bad1a533
Pass the Makefile python exe to ansible-playbook (#15282) 2024-06-18 13:03:01 -04:00
Alan Rominger
f6c0effcb2
Use public methods to reference registered models (#15277) 2024-06-17 11:45:44 -04:00
Chad Ferman
31a086b11a
Add OpenShift Virtualization Inventory source option (#15047) 
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
 2024-06-14 13:38:37 -04:00
a_nackov
d94f766fcb
Fix notification name search (#15231) 
Signed-off-by: Adrian Nackov <adrian.nackov@mail.schwarz>
 2024-06-13 14:49:54 +00:00
Viktor Varga
a7113549eb
Add 'Terraform State' inventory source support for collection (#15258) 2024-06-12 19:22:21 +00:00
Jake Jackson
bfd811f408
Upgrade aiohttp for cve 2024-23829 (#15257) 2024-06-12 19:20:40 +00:00
Jeff Bradberry
030704a9e1 Change all uses of ImplicitRoleField to do on_delete=SET_NULL 
This will mitigate the problem where if any Role gets deleted for some
weird reason it could previously cascade delete important objects.
 2024-06-12 13:08:03 -04:00
Seth Foster
c312d9bce3
Rename setting to allow local resource management (#15269) 
rename AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED
to
ALLOW_LOCAL_RESOURCE_MANAGEMENT

- clearer meaning
- drop prefix so the same setting is used across the platform

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
 2024-06-11 12:50:18 -04:00
Jeff Bradberry
aadcc217eb This should deal correctly with the ancestor list mismatches 2024-06-10 16:36:22 -04:00
Jeff Bradberry
345c1c11e9 Guard against the role field not being populated 
when doing the final reset of Role.implicit_parents.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
2c3a7fafc5 Add a new test scenario 
to trigger the implicit parent not being in the parents and ancestors lists.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
dbcd32a1d9 Mark and rebuild the implicit_parents field for all affected roles 2024-06-10 16:36:22 -04:00
Jeff Bradberry
d45e258a78 Wait until the end of the fix script to clean up orphaned roles 2024-06-10 16:36:22 -04:00
Jeff Bradberry
d16b69a102 Add output of the update and deletion counts to fix.py 2024-06-10 16:36:22 -04:00
Jeff Bradberry
8b4efbc973 Do not throw away the container of cross-linked parents 
Since we use it twice, the second time to get the id field of each.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
4cb061e7db Add a readme file with instructions 2024-06-10 16:36:22 -04:00
Jeff Bradberry
31db6a1447 Fix another instance where a bad resource->Role fk could throw a traceback 2024-06-10 16:36:22 -04:00
Jeff Bradberry
ad9d5904d8 Adjusted foreignkeys.sql for correctness 
Some relationships known to be handled by the special mapping sql file
were being caught as false positives.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
b837d549ff Split the foreign key sql script into an 'into' and 'from' portion 
Also, make use of up-front defined arrays of the tables involved, for
ease of editing in the future.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
9e22865d2e Filter out the relations within the known topology tables 2024-06-10 16:36:22 -04:00
Jeff Bradberry
ee3e3e1516 First cut at detecting which foreign keys enter and exit the topology tables 2024-06-10 16:36:22 -04:00
Jeff Bradberry
4a8f6e45f8 Move the "test" files into their own directory 2024-06-10 16:36:22 -04:00
Jeff Bradberry
6a317cca1b Remove the role_chain.py module 
it wound up being unworkable, and I think ultimately we only need to
check the immediate parentage of each role.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
d67af79451 Attempt to correct any crosslinked parents 
I think that rebuild_role_ancestor_list() will then correctly update
all of the affected Role.ancestors.
 2024-06-10 16:36:22 -04:00
Jeff Bradberry
fe77fda7b2 Exclude more files in the .gitignore 2024-06-10 16:36:22 -04:00