External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-09 23:12:08 -03:30
Code Issues Packages Projects Releases Wiki Activity
34,279 Commits 54 Branches 19 Tags
Commit Graph

34279 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jake Jackson
1d4b555a2c
Update feature_branch_sync.yml (#7006) 
fix typo in workflow title
 2025-07-10 02:37:35 +00:00
Luis Villa
69df7d0e27
[AAP-48771]wfjt migration to catch renaming (#6991) 
* wfjt migration to catch renaming

* Added rename_wfjt function to template constraint migration
* Add test to add duplicate names and verify that the duplicates are renamed

* move object creation

* add missing rename_wfjt operation

* fix linter issues

* fix tox issues

* test manually and move operation

* added back credential type validation code
 2025-07-09 15:51:55 -04:00
Jake Jackson
ec0732ce94
AAP-48139 add branch sync between release_4.6 and stable-2.6 (#6982) 
* add branch sync between release_4.6 and stable-2.6

* add a new workflow to force push commits in release_4.6 to
  stable-2.6

* Update workflow to use matrix keyword


---------

Co-authored-by: Jake Jackson
 2025-06-30 19:56:08 -04:00
jessicamack
1afd23043d
Remove api version from hardcoded inventory url (#16039) (#6980) 
* update url endpoints

* reformat line for length
 2025-06-25 22:53:03 +02:00
Matthew Sandoval
11a9a2b066
Pin receptorctl 1.5.7 (#6979) 2025-06-24 19:48:55 +00:00
Lila Yasin
5752c7a8e2
[2.5 Backport] AAP-46038 database deadlock (#6947) 
Sort both bulk updates and add batch size to facts bulk update to resolve deadlock issue

Update tests to expect batch_size to agree with changes

Add utility method to bulk update and sort hosts and applied that to the appropriate locations

Update functional tests to use bulk_update_sorted_by_id since update_hosts has been deleted

Add comment NOSONAR to get rid of Sonarqube warning since this is just a test and it's not actually a security issue

Fix failing test test_finish_job_fact_cache_clear & test_finish_job_fact_cache_with_existing_data

---------

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Co-authored-by: Alan Rominger <arominge@redhat.com>
Co-authored-by: Seth Foster <fosterbseth@gmail.com>
 2025-06-16 15:32:55 -04:00
Alan Rominger
3d027bafd0
AAP-44233 Create credential types in new migration step (#6969) 
* Update database to credential types in new migration file

* bump migration

* Add assertion

* Pre-delete credentials so we test recreation
 2025-06-11 16:26:42 -04:00
Jake Jackson
ee19ee0c10
Update workflow to allow the workflow to write (#6975) 
* Update the workflow to allow the action to write our branches from it.
* Also added username and email as git by default will want to know who
  is performing the action (edge case). Using github actions bot is
standard practice
 2025-06-11 20:07:38 +00:00
Alan Rominger
f1e5cadce7
🧪 Delegate artifact merge and garbage collection to GH (#16019) (#6973) 
* 🧪 Unpersist Git creds @ cov combine job

This is one of the things Zizmor [[1]] warns about.

[1]: https://docs.zizmor.sh

* 🧪 Download all coverage artifacts in one go

* 🧪 Delegate artifact garbage collection to GH

This is implemented by setting the retention days input to 1 on the
initial upload.

Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <webknjaz@redhat.com>
 2025-06-10 16:54:59 -04:00
Satoe Imaishi
a238c5dd09
Bump django to 4.2.21 (#6964) 2025-06-10 10:11:43 -04:00
Jake Jackson
d26c7fedb8
Add workflow to rebase release branches (#6968) 
* Adds a workflow that rebases release_4.6 onto release_4.6-next
 2025-06-10 10:11:43 -04:00
Jiří Jeřábek (Jiri Jerabek)
f4347d05a9
cherry-pick 222f387 to release_4.6 (#6971) 2025-06-10 10:11:42 -04:00
Hao Liu
4eefce622d
Fixes pytest CI error (#6970) 
```
  /var/lib/awx/venv/awx/lib64/python3.11/site-packages/_pytest/python.py:163:
  PytestReturnNotNoneWarning: Expected None, but
  awx/main/tests/unit/test_tasks.py::TestJobCredentials::test_custom_environment_injectors_with_boolean_extra_vars
  returned ['successful', 0], which will be an error in a future version
  of pytest.  Did you mean to use `assert` instead of `return`?
```

* Dug into the git blame for this one
  060585434abb5456935b7378211813b2ceaacaaa is the commit for any
  historians. It was wrongfully carried over from a mock pexpect
  implementation. Our new tests are nice. They don't go as far as trying
  to run the task so they do not need to mock pexpect. That is why it is
  safe to remove this code without finding it a new home.

Co-authored-by: Chris Meyers <chris.meyers.fsu@gmail.com>
 2025-06-10 10:11:42 -04:00
TVo
57b8773613
[2.5/4.6 Backport] AAP-40782 Reduce queued stuck jobs (#6962) 
* [2.5/4.6 Backport] AAP-40782 Reduce queued stuck jobs

* [2.5/4.6 Backport] AAP-40782 Reduce queued stuck jobs

* Incrp'd review feedback from @AlanCoding

* Reformatted 4 files per CI-check for api-linters
 2025-06-10 10:11:42 -04:00
Alan Rominger
d0776dabdf
AAP-32143 Make the JT name uniqueness enforced at the database level (#15956) (#6958) 
* Make the JT name uniqueness enforced at the database level

* Forgot demo project fixture

* New approach, done by adding a new field

* Update for linters and failures

* Fix logical error in migration test

* Revert some test changes based on review comment

* Do not rename first template, add test

* Avoid name-too-long rename errors

* Insert migration into place

* Move existing files with git

* Bump migrations of existing

* Update migration test

* Awkward bump

* Fix migration file link

* update test reference again
 2025-06-10 10:11:42 -04:00
Peter Braun
2d730abb82
fix: allow unknown keyword arguments (#6972) 
Co-authored-by: Peter Braun <pbranu@redhat.com>
 2025-06-10 10:11:42 -04:00
Seth Foster
8896f75f9b
Restore basic auth for subscriptions API (#6961) 
When POSTing to console.redhat.com, fallback
to using basic auth method if OAUTH via
service accounts fails

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
 2025-06-10 10:11:42 -04:00
Mauricio Magnani Jr
bb6bf33b9e
fix: ensure temp files are cleaned up after failed HCC (#6952) 2025-05-21 13:18:24 -04:00
Dirk Jülich
5cf3a09163
AAP-17690 Inventory variables sourced from git project are not getting deleted after being removed from source (#15928) (#6946) 
* Delete existing all-group vars on inventory sync (with overwrite-vars=True) instead of merging them.

* Implementation of inv var handling with file as db.

* Improve serialization to file of inv vars for src update

* Include inventory-level variable editing into inventory source update handling

* Add group vars to inventory source update handling

* Add support for overwrite_vars to new inventory source handling

* Persist inventory var history in the database instead of a file.

* Remove logging which was needed during development.

* Remove further debugging code and improve comments

* Move special handling for user edits of variables into serializers

* Relate the inventory variable history model to its inventory

* Allow for inventory variables to have the value 'None'

* Fix KeyError in new inventory variable handling

* Add unique-together constraint for new model InventoryGroupVariablesWithHistory

* Use only one special invsrc_id for initial update and manual updates

* Fix internal server error when creating a new inventory

* Print the empty string for a variable with value 'None'

* Fix comment which incorrectly states old behaviour

* Fix inventory_group_variables_update tests which did not take the new handling of None into account

* Allow any type for Ansible-core variable values

* Refactor misleading method names

* Fix internal server error when savig vars from group form

* Remove superfluous json conversion in front of JSONField

* Call variable update from create/update instead from validate

* Use group_id instead of group_name in model InventoryGroupVariablesWithHistory

* Disable new variable update handling for all regular (non-'all') groups

* Add live test to verify AAP-17690 (inv var deleted from source)

* Add functional tests to verify inventory variables update logic

* Fix migration which was corrupted by a rebase

* Add a more complex live test and resolve linter complaints

* Force overwrite_vars=False for updates from source on all-group

* Change behavior with respect to overwrite_vars
 2025-05-19 21:38:33 +02:00
Seth Foster
54db6c792b
Revert "unpin sqlparse dependency (#6911)" (#6950) 
This reverts commit 3e122778e4b51416c4c3535fe130007928208317.
 2025-05-16 22:53:54 +00:00
Peter Braun
3e122778e4
unpin sqlparse dependency (#6911) 
* unpin sqlparse dependency

* remove sqlparse license
 2025-05-15 15:51:34 -04:00
Elijah DeLee
f98b2e2455 introduce age for workers and mandatory retirement 
Retire workers after a certain age, allowing them to finish their
current task if they are not idle.

This mitigates any issues like memory leaks in long running workers,
especially if systems stay busy for months at a time.

Introduce new optional setting WORKER_MAX_LIFETIME_SECONDS, defaulting to 4 hours
 2025-05-15 14:15:50 -04:00
Seth Foster
12dcc10416
[4.6] Update subscription API to use service accounts (#6927) 
* Update subscription API to use service accounts

Update code to pull subscriptions from
console.redhat.com instead of
subscription.rhsm.redhat.com

Uses service account client ID and client secret
instead of username/password, which is being
deprecated in July 2025.

Additional changes:

- In awx.awx.subscriptions module, use new service
account params rather than old basic auth params

- Update awx.awx.license module to use subscription_id
instead of pool_id. This is due to using a different API,
which identifies unique subscriptions by subscriptionID
instead of pool ID.

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Co-authored-by: Chris Meyers <chris.meyers.fsu@gmail.com>
Co-authored-by: Peter Braun <pbraun@redhat.com>

* fix token name

Signed-off-by: Seth Foster <fosterbseth@gmail.com>

* Fix Subscriptions credentials fallback

Ensure service account authentication is being used
when falling back to using SUBSCRIPTIONS_CLIENT_ID.

Additional change:
Subscription data can return two types of capacities:
Sockets and Nodes

For determining overall capacity
if capacity name is Nodes:
  capacity quantity x subscription quantity
if capacity name is Sockets:
  capacity quantity / 2 (minimum of 1) x subscription quantity

Signed-off-by: Seth Foster <fosterbseth@gmail.com>

---------

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Co-authored-by: Chris Meyers <chris.meyers.fsu@gmail.com>
Co-authored-by: Peter Braun <pbraun@redhat.com>
 2025-05-13 15:41:35 -04:00
Mauricio Magnani Jr
6bd39aea4b
OPA server hostname with https or http results in connection errors (#6921) 
Signed-off-by: Mauricio Magnani <magnani@redhat.com>
 2025-05-13 14:41:29 -04:00
Hao Liu
b7a3c6b025
Delete UI test from CI (#6831) 
In release_4.6 we no longer ship UI in AAP 2.5 so there's no reason to waste time on CI test for UIs
 2025-05-13 14:40:07 -04:00
jessicamack
ba7ee23298
[backport][4.6] Update Azure Key Vault plugin to use Managed Identity (#6939) 
* Bug on file name. Commiting to remove it.

* Update azure_kv plugin to use ManagedIdentity. Add testing.
 2025-05-13 10:05:24 -04:00
Jake Jackson
825a48bb32
[4.6] Insights Credential Help Text Update (#6937) 
* Update help text for insights cred

* update help text for the insights cred per new mock ups
 2025-05-08 10:45:14 -04:00
thedoubl3j
eb6aebff00 Update logic to not over write ec2 replace 
* fix replace logic so that we don't over write and stay only at vmware
  when ec2 is selected
* add an env.json for functional testing
 2025-05-08 15:06:58 +02:00
thedoubl3j
60114ab929 add logic to replace cred name when using esxi 
* similar to aws, allow the use of the standard vmware cred
 2025-05-08 15:06:58 +02:00
Peter Braun
0e28d2590a
fix: keep processing events, even if previous event data cannot be pa… (#15965) (#6922) 
* fix: keep processing events, even if previous event data cannot be parsed

* change log level to warning
 2025-05-05 13:26:42 +02:00
jessicamack
2bc08b421d
Bring WFJT job access to parity with UnifiedJobAccess (#15344) (#6935) 
* Bring WFJT job access to parity with UnifiedJobAccess

* Run linters

Co-authored-by: Alan Rominger <arominge@redhat.com>
 2025-04-30 13:43:47 -04:00
Matthew Sandoval
cae8a4e16c
Pin receptorctl 1.5.5 (#6931) 2025-04-29 11:01:22 -07:00
Chris Meyers
41d3729501 Allow ipv6 address for TOWER_URL_BASE setting 
* Django url validators support ipv6, our custom URLField
  allow_plain_hostname feature was messing with the hostname before it
  was passed to Django validators.
* This change dodges the allow_plan_hostname transformations if the
  value looks like it's an ipv6 one.
 2025-04-29 09:55:16 -04:00
TVo
a3303bb74b
Pin ansible runner241 and receptorctl154 (#6919) 
* Updated pinned runner and receptorctl in controller.

* Bumped receptorctl to 1.5.4
 2025-04-22 11:13:58 -07:00
Alan Rominger
6a10e0ea5c
AAP-41139 [4.6][dependencies] Bump Django 2 minor versions (#6892) 
* Initial requirement bump for Django CVE

* Run updater script
 2025-04-16 14:41:05 -04:00
Bruno Rocha
6690d71357
[4.6][Backport][Feature] feat: Manage Django Settings with Dynaconf (#6910) 
Dynaconf is being added from DAB factory to load Django Settings
 2025-04-15 15:17:16 -04:00
Hao Liu
ae0a8a80eb
[4.6] Fix Cert base authentication for OPA (#6909) 
* Remove unused setting

* Fix mTLS auth to OPA server

- Workaround https://github.com/Turall/OPA-python-client/issues/32
- Add tests for `opa_cert_file` context manager
 2025-04-15 11:07:33 -04:00
Hao Liu
4532c627e3
Update dependencies for DAB (#6914) 
Co-authored-by: Satoe Imaishi <simaishi@redhat.com>
 2025-04-15 09:55:45 -04:00
Lila Yasin
87cb6dc0b9
AAP-39365 facts are unintentionally deleted when the inventory is modified during a job execution (#15910) (#6905) 
* Added test_jobs.py to the model unit test folder in orther to show the undesired behaviour with fact cache



* Added test_jobs.py to the model unit test folder in orther to show the undesired behaviour with fact cache



* Solved undesired behaviour with fact_cache



* Solved bug with slices



* Remove unused imports

Remove now unused line of code which was commented out by the contributor

Revert "Remove now unused line of code which was commented out by the contributor"

This reverts commit f1a056a2356d56bc7256957a18503bd14dcfd8aa.

* Add back line that had been commented out as this line makes hosts specific to the particular slice when applicable

Revise private_data_dir fixture to see if it improves code coverage

Checked out awx/main/tests/unit/models/test_jobs.py in devel to see if it resolves git diff issue

* Fix formatting in awx/main/tests/unit/models/test_jobs.py

Rename for loop from host in hosts to hosts in hosts_cahced and remove unneeded continue

Revise finish_fact_cache to utilize inventory rather than hosts

Remove local var hosts that was assigned but unused

Revert change in start_fact_cache hosts_cached back to hosts

Revise the way we are handling hosts_cached and joining the file

Revert "Revise the way we are handling hosts_cached and joining the file"

This reverts commit e6e3d2f09c1b79a9bce3647a72e3dad97fe0aed8.

Reapply "Revise the way we are handling hosts_cached and joining the file"

This reverts commit a42b7ae69133fee24d3a5f1b456d9c343d111df9.

Revert some of my changes to get back to a better working state

Rename for loop to host in hosts_cached and remove unneeded continue

Remove jobs job.get_hosts_for_fact_cache() from post run hook, fix if statement after continue block, and revise how we are calling hosts in finish for loop

Add test_invalid_host_facts to test_jobs to increase code coverage

Update method signature to use hosts_cached and updated other references to hosts in finish_facts_cached

Rename hosts iterator to hosts_cached to agree with naming elsewhere

Revise test_invalid_host_facts to get more code coverage

Revise test_invalid_host_facts to increase codecov

Revise test_pre_post_run_hook_facts_deleted_sliced to ensure we are hitting the assertionerror for code cov

Revise  mock_inventory.hosts. to hit assert failure

Add revision of hosts and facts to force failure to satisfy code cov

Fix failure in test_pre_post_run_hook_facts_deleted_sliced

Add back for loop to create failures and add assert to hit them

Remove hosts.iterator() from both start_fact_cache and finish_fact_cache

Remove unused import of Queryset to satisfy api-lint

Fix typo in docstring hasnot to has not

Move hosts_cached.append(host) to outer loop in start_fact_cache

Add class to help support cached hosts resolving host.name issue with hosts_cached

* Add live tests for ansible facts

Remove fixture needed for local work only maybe

Revert "Add class to help support cached hosts resolving host.name issue with hosts_cached"

This reverts commit 99d998cfb9960baafe887de80bd9b01af50513ec.

* Move hosts_cached.append(host) outside of try except

* Move hosts_cached.append(host) to the beginning of start_fact_cache

---------

Signed-off-by: onetti7 <davonebat@gmail.com>
Co-authored-by: onetti7 <davonebat@gmail.com>
Co-authored-by: Alan Rominger <arominge@redhat.com>
 2025-04-11 11:08:26 -04:00
Lila Yasin
bbcdef18a7
[2.5][Backport] AAP 30045 incorrect deprecation warning for awx.awx.schedule rrule (#6903) 
* Make lookup plugins return lists to fix failures (#15625)

* Make lookup plugins return lists to fix failures

* Update unit tests

* Use lookup for test failures, update docs

* Grammar fix from review

Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>

---------

Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>

* Fix cherry-pick merge issue, should resolve failing linter

---------

Co-authored-by: Alan Rominger <arominge@redhat.com>
Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
 2025-04-11 11:02:45 -04:00
Jake Jackson
d35d7f62ec
Esxi inventory plugin (#6895) 
* Add in ESXI plugin as a choice

* added in vmware esxi as an inventory source
* made a migration that may not be needed but will need to circle back

* black formatting

* linter fixes that I missed in the first commit, squash

* Update esxi to use_fqcn to true

* added use_fqcn on the esxi cred to true to correctly lay down
  collection name

* add fqcn true

* updated vmware esxi to use true for fqcn

* Update defaults and re-order migrations

* updated defaults to add correct env var to get empty
* re-ordered migrations to be in line with others

* Add condition to replace vmware_esxi cred

* replace direct name match with vmware cred since source supports old
  cred

* add skeleton test

* quick pass, needs more
* squash this

* Add tests for creating inventory ESXI source

* add test case to test creating an inventory with different cred type
  to source name

* update test and linting

* added correct cred return since esxi uses same cred

* assert on status code

* assert that we received a 204

* Added new folder for vmware_exsi and empty json file.

* Corrected the misspelling of folder name to 'esxi'

* fixed misspelling for `vmware_`

---------

Co-authored-by: Thanhnguyet Vo <thavo@redhat.com>
 2025-04-10 14:32:17 -04:00
Lila Yasin
9d9c125e47
[4.6][Backport][Feature] feat: 38589 GitHub App Authentication (#15807) (#6887) 
* feat: 38589 GitHub App Authentication (#15807)

* feat: 38589 GitHub App Authentication

Allows both git@<personal-token> and x-access-token@<github-access-token> when authenticating using git.
This allows GitHub App tokens to work without interfering with existing authentication types.

---------

Co-authored-by: Jake Jackson <thedoubl3j@Jakes-MacBook-Pro.local>

* revert change made to allow UI to accept x-access-token, just use htt… (#15851)

revert change made to allow UI to accept x-access-token, just use https:// instead

* Add Github dep for new cred support if used (#15850)

* Add pygithub for new app token support

* fixed git requirements file with new
* added new github dep and relevant deps it needs

* add required licenses

* Add artifacts to satisfy license check

* Remove duplicated license

---------

Co-authored-by: Andrea Restle-Lay <arestlel@redhat.com>
Co-authored-by: Alan Rominger <arominge@redhat.com>

* Remove deps update it came with the cherry-pick and is not needed in this version

Remove unneeded deps updates from requirements.in

Remove point to awx-plugins as it is not needed in tower

* Add a credential plugin that uses GitHub Apps to get tokens

* Add github app tests

* Ran requirements updater script

Ran black on github_app_test to fix formatting issue

Add scm_github_app to managed credentials

Ran updater script to reflect new deps

Added github app info to def build_passwords in jobs.py, cred now appears in credential types

Update ManagedCredentialType for GitHub App to match what we have in awx-plugins

Update inputs in maManagedCredentialType to github_app_inputs to communicate with awx/main/credential_plugins/github_app.py

Revert incorrect change in ManagedCredentialType, change github_app_lookup to call inputs instead of github_app_inputs

Updated namespace to github_app_lookup to agree with nomenclature used in the rest of the implementation and to resolve failing API test

Remove import pointing to awx plugins and update to point to credential_plugins

Remove references to gh_app_plugin_mod and change to github_app

Remove from awx_plugins.interfaces._temporary_private_django_api import (  # noqa: WPS436 to resolve failing test

Remove flake8 typing & typing references that do not exist in this version of Tower

Remove references in jobs.py and  __init__.py since this is an external cred type and registered it in setup.cfg instead

Remove blank line

REvise name in cfg from github_app_lookup to github_app to see if that ifxes module not found error

Revise first declaration of github_app to agree with file name to see if that resolves issue

Rename line 174 to agree with what's in config

Fix reference to github_app_lookup to github_app

Linters compliaining about the github_app in __all__ not being defined, renamed to see if that aligns them

Fix naming in test to correspond to naming of cred type

Update naming to be more specific and add blank line to setup.cfg

Remove __all__ from githubapp.py to satisfy linters

Revert formatting change since it is not needed in this repository

* Add blank line at the end of requirements.in

---------

Co-authored-by: Andrea Restle-Lay <andrearestlelay@gmail.com>
Co-authored-by: Jake Jackson <thedoubl3j@Jakes-MacBook-Pro.local>
Co-authored-by: Jake Jackson <jljacks93@gmail.com>
Co-authored-by: Andrea Restle-Lay <arestlel@redhat.com>
Co-authored-by: Alan Rominger <arominge@redhat.com>
 2025-04-10 14:32:17 -04:00
Chris Meyers
5dd81a04ce
Aap 41580 indirect host count wildcard query (#15893) 
* Support <collection_namespace>.<collection_name>.* indirect host query
  to match ANY module in the <collection_namespace>.<collection_name>
* Add tests for new wildcard indirect host count
* error checking of ansible event name
* error checking of ansible event query
 2025-04-10 14:32:15 -04:00
Dirk Jülich
e060e44b05
AAP-37381 Apply Django password validators correctly. (#6902) 
* Move call to django_validate_password to the correct method were the user object is available.
* Added tests for the Django password validation functionality.
 2025-04-02 16:45:58 +02:00
Chris Meyers
db5b6d0019 Add changelog to awx collection 2025-03-25 13:41:53 -04:00
Chris Meyers
a2c8ecb4e6 Bump awx collection ansible required version 2025-03-25 13:41:53 -04:00
Chris Meyers
277bc581e7 Remove coarse grain unused import 
* It would seem that fine-grain noqa pylint ignores do the job and are
  already in place. Prefer that over the coarse entire file ignore.
 2025-03-25 13:41:53 -04:00
Chris Meyers
ef89c59a13 Fix ansible-lint empty lines in module docstrings 2025-03-25 13:41:53 -04:00
Chris Meyers
5872a88a57 Fix ansible-lint truthy in module docstrings 2025-03-25 13:41:53 -04:00
Chris Meyers
7fdd15f115 Fix ansible-lint indentation in module docstrings 2025-03-25 13:41:53 -04:00