External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-10 15:32:07 -03:30
Code Issues Packages Projects Releases Wiki Activity
34,333 Commits 54 Branches 19 Tags
Commit Graph

687 Commits

Author SHA1 Message Date
Alan Rominger
c5fb0c351d
AAP-47283 [2.6] Unified display of RBAC & synchronization (#7001) 
* Working branch for testing DAB RBAC changes

* AAP-48392 Handle DAB RBAC either before or after new type model (for merge) (#16045)

* Handle DAB RBAC either before or after new type model

* Translate CT to DAB CT

* Fix for rearrangement of post_migration methods

* Directly include RBAC service URLs

* Add a run before remote permission additions

* Sync old rbac to remote rbac (#7025)

Signed-off-by: Seth Foster <fosterbseth@gmail.com>

* Set DAB requirement back to devel

---------

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
 2025-09-04 15:13:10 -04:00
Jake Jackson
534549139c
bump DAB dep to devel from stable-2.5 (#6988) 
* update dab dependency for 2.6 development
 2025-09-04 15:03:57 -04:00
jessicamack
e3a9d9fbe8
[AAP-51443]CVE-2025-48432 (#7073) 
* bump Django version to patch with additional hardening
 2025-08-29 15:57:16 -04:00
Jake Jackson
8fe4223eac
[AAP-47384] CVE 2025 47273 (#7054) 
* Update requirements for setuptools

* first pass and need to commit

* update makefile and run updater script

* updated makefile per readme
* ran updater script

* Patch irc backend to avoid namespace collision w/ jaraco

When importing the IRC backend, jaraco resolves to
the version vendored inside setuptools:

1) importing irc backend…
irc_backend ERROR: ModuleNotFoundError("No module named 'jaraco.stream'")

2) sys.modules['jaraco'] after failure:
present: True
type: <class 'module'>
__file__: /var/lib/awx/venv/awx/lib64/python3.11/site-packages/setuptools/_vendor/jaraco/__init__.py
__path__: ['/var/lib/awx/venv/awx/lib64/python3.11/site-packages/setuptools/_vendor/jaraco']
__spec__: ModuleSpec(name='jaraco',
loader=<_frozen_importlib_external.SourceFileLoader object at 0x7f006a0eccd0>,
origin='/var/lib/awx/venv/awx/lib64/python3.11/site-packages/setuptools/_vendor/jaraco/__init__.py',
submodule_search_locations=['/var/lib/awx/venv/awx/lib64/python3.11/site-packages/setuptools/_vendor/jaraco'])

Since setuptools does not vendor jaraco.stream, it blew up. This patch ensures
jaraco.stream gets imported *before* attempting to import the irc modules.

* Revert "[4.6][dependency] CVE 2025 47273 (#7020)" (#7027)

This reverts commit e8b2920aec95de2c51308ce2fb14773ef676d01a.

* reformatted irc backend with black

* ran black to fix linting issues

* Reapply "[4.6][dependency] CVE 2025 47273 (#7020)" (#7027)

This reverts commit 0c6df9b13398a93569fae7558e1a0e72cbe8fb6c.

* add flake8 ignore since jaraco.stream is needed

* jaraco.stream is not directly called in the file but is needed by irc
  so ignore the linter failure

---------

Co-authored-by: Shane McDonald <me@shanemcd.com>
 2025-08-19 15:59:24 +00:00
Jake Jackson
550ae51aec
Revert "[4.6][dependency] CVE 2025 47273 (#7020)" (#7027) 
This reverts commit e8b2920aec95de2c51308ce2fb14773ef676d01a.
 2025-07-23 13:22:25 -04:00
Jake Jackson
e8b2920aec
[4.6][dependency] CVE 2025 47273 (#7020) 
* Update requirements for setuptools

* first pass and need to commit

* update makefile and run updater script
 2025-07-22 15:21:06 -04:00
Matthew Sandoval
11a9a2b066
Pin receptorctl 1.5.7 (#6979) 2025-06-24 19:48:55 +00:00
Satoe Imaishi
a238c5dd09
Bump django to 4.2.21 (#6964) 2025-06-10 10:11:43 -04:00
Seth Foster
54db6c792b
Revert "unpin sqlparse dependency (#6911)" (#6950) 
This reverts commit 3e122778e4b51416c4c3535fe130007928208317.
 2025-05-16 22:53:54 +00:00
Peter Braun
3e122778e4
unpin sqlparse dependency (#6911) 
* unpin sqlparse dependency

* remove sqlparse license
 2025-05-15 15:51:34 -04:00
Matthew Sandoval
cae8a4e16c
Pin receptorctl 1.5.5 (#6931) 2025-04-29 11:01:22 -07:00
TVo
a3303bb74b
Pin ansible runner241 and receptorctl154 (#6919) 
* Updated pinned runner and receptorctl in controller.

* Bumped receptorctl to 1.5.4
 2025-04-22 11:13:58 -07:00
Alan Rominger
6a10e0ea5c
AAP-41139 [4.6][dependencies] Bump Django 2 minor versions (#6892) 
* Initial requirement bump for Django CVE

* Run updater script
 2025-04-16 14:41:05 -04:00
Bruno Rocha
6690d71357
[4.6][Backport][Feature] feat: Manage Django Settings with Dynaconf (#6910) 
Dynaconf is being added from DAB factory to load Django Settings
 2025-04-15 15:17:16 -04:00
Hao Liu
4532c627e3
Update dependencies for DAB (#6914) 
Co-authored-by: Satoe Imaishi <simaishi@redhat.com>
 2025-04-15 09:55:45 -04:00
Lila Yasin
9d9c125e47
[4.6][Backport][Feature] feat: 38589 GitHub App Authentication (#15807) (#6887) 
* feat: 38589 GitHub App Authentication (#15807)

* feat: 38589 GitHub App Authentication

Allows both git@<personal-token> and x-access-token@<github-access-token> when authenticating using git.
This allows GitHub App tokens to work without interfering with existing authentication types.

---------

Co-authored-by: Jake Jackson <thedoubl3j@Jakes-MacBook-Pro.local>

* revert change made to allow UI to accept x-access-token, just use htt… (#15851)

revert change made to allow UI to accept x-access-token, just use https:// instead

* Add Github dep for new cred support if used (#15850)

* Add pygithub for new app token support

* fixed git requirements file with new
* added new github dep and relevant deps it needs

* add required licenses

* Add artifacts to satisfy license check

* Remove duplicated license

---------

Co-authored-by: Andrea Restle-Lay <arestlel@redhat.com>
Co-authored-by: Alan Rominger <arominge@redhat.com>

* Remove deps update it came with the cherry-pick and is not needed in this version

Remove unneeded deps updates from requirements.in

Remove point to awx-plugins as it is not needed in tower

* Add a credential plugin that uses GitHub Apps to get tokens

* Add github app tests

* Ran requirements updater script

Ran black on github_app_test to fix formatting issue

Add scm_github_app to managed credentials

Ran updater script to reflect new deps

Added github app info to def build_passwords in jobs.py, cred now appears in credential types

Update ManagedCredentialType for GitHub App to match what we have in awx-plugins

Update inputs in maManagedCredentialType to github_app_inputs to communicate with awx/main/credential_plugins/github_app.py

Revert incorrect change in ManagedCredentialType, change github_app_lookup to call inputs instead of github_app_inputs

Updated namespace to github_app_lookup to agree with nomenclature used in the rest of the implementation and to resolve failing API test

Remove import pointing to awx plugins and update to point to credential_plugins

Remove references to gh_app_plugin_mod and change to github_app

Remove from awx_plugins.interfaces._temporary_private_django_api import (  # noqa: WPS436 to resolve failing test

Remove flake8 typing & typing references that do not exist in this version of Tower

Remove references in jobs.py and  __init__.py since this is an external cred type and registered it in setup.cfg instead

Remove blank line

REvise name in cfg from github_app_lookup to github_app to see if that ifxes module not found error

Revise first declaration of github_app to agree with file name to see if that resolves issue

Rename line 174 to agree with what's in config

Fix reference to github_app_lookup to github_app

Linters compliaining about the github_app in __all__ not being defined, renamed to see if that aligns them

Fix naming in test to correspond to naming of cred type

Update naming to be more specific and add blank line to setup.cfg

Remove __all__ from githubapp.py to satisfy linters

Revert formatting change since it is not needed in this repository

* Add blank line at the end of requirements.in

---------

Co-authored-by: Andrea Restle-Lay <andrearestlelay@gmail.com>
Co-authored-by: Jake Jackson <thedoubl3j@Jakes-MacBook-Pro.local>
Co-authored-by: Jake Jackson <jljacks93@gmail.com>
Co-authored-by: Andrea Restle-Lay <arestlel@redhat.com>
Co-authored-by: Alan Rominger <arominge@redhat.com>
 2025-04-10 14:32:17 -04:00
Alan Rominger
c7ac45717b Pin drf-yasg to make api-test pass (#15887) 
Ping drf-yasg to make api-test pass
 2025-03-12 13:50:19 -04:00
Alan Rominger
b5bc85e639
AAP-41692 [4.6] Update jinja2 for CVE (#6881) 
* Initial bump of jinja2 lib

* Run updater script
 2025-03-11 10:45:37 -04:00
Jake Jackson
f04bf5ccf0
update recetpor (#6869) 
* bumped receptor version to latest
 2025-03-04 15:16:58 -05:00
Hao Liu
698d769a7a
[Policy as Code] Monkey patch opa_client.base.BaseClient (#6865) 
Workaround bug described in https://github.com/Turall/OPA-python-client/issues/29
 2025-02-26 21:09:51 +00:00
Alan Rominger
b351dfb102
Undo temporary DAB change for requirements generation (#6862) 2025-02-25 09:30:15 -05:00
Alan Rominger
b502a9444a
[4.6 backport] Feature indirect host counting (#15802) (#6858) 
* Feature indirect host counting (#15802)

* AAP-37282 Add parse JQ data and test it for a `job` object in isolation (#15774)

* Add jq dependency

* Add file in progress

* Add license for jq

* Write test and get it passing

* Successfully test collection of `event_query.yml` data (#15761)

* Callback plugin method from cmeyers adapted to global collection list

Get tests passing

Mild rebranding

Put behind feature flag, flip true in dev

Add noqa flag

* Add missing wait_for_events

* feat: try grabbing query files from artifacts directory (#15776)

* Contract changes for the event_query collection callback plugin (#15785)

* Minor import changes to collection processing in callback plugin

* Move agreed location of event_query file

* feat: remaining schema changes for indirect host audits (#15787)

* Re-organize test file and move artifacts processing logic to callback (#15784)

* Rename the indirect host counting test file

* Combine artifacts saving logic

* Connect host audit model to jq logic via new task

* Add unit tests for indirect host counting (#15792)

* Do not get django flags from database (#15794)

* Document, implement, and test remaining indirect host audit fields (#15796)

* Document, implement, and test remaining indirect host audit fields

* Fix hashing

* AAP-39559 Wait for all event processing to finish, add fallback task (#15798)

* Wait for all event processing to finish, add fallback task

* Add flag check to periodic task

* feat: cleanup of old indirect host audit records (#15800)

* By default, do not count indirect hosts (#15801)

* By default, do not count indirect hosts

* Fix copy paste goof

* Fix linter issue from base branch

* prevent multiple tasks from processing the same job events, prevent p… (#15805)

prevent multiple tasks from processing the same job events, prevent periodic task from spawning another task per job

* Fix typos and other bugs found by Pablo review

* fix: rely on resolved_action instead of task, adapt to proposed query… (#15815)

* fix: rely on resolved_action instead of task, adapt to proposed query structure

* tests: update indirect host tests

* update remaining queries to new format

* update live test

* Remove polling loop for job finishing event processing (#15811)

* Remove polling loop for job finishing event processing

* Make awx/main/tests/live dramatically faster (#15780)

* AAP-37282 Add parse JQ data and test it for a `job` object in isolation (#15774)

* Add jq dependency

* Add file in progress

* Add license for jq

* Write test and get it passing

* Successfully test collection of `event_query.yml` data (#15761)

* Callback plugin method from cmeyers adapted to global collection list

Get tests passing

Mild rebranding

Put behind feature flag, flip true in dev

Add noqa flag

* Add missing wait_for_events

* feat: try grabbing query files from artifacts directory (#15776)

* Contract changes for the event_query collection callback plugin (#15785)

* Minor import changes to collection processing in callback plugin

* Move agreed location of event_query file

* feat: remaining schema changes for indirect host audits (#15787)

* Re-organize test file and move artifacts processing logic to callback (#15784)

* Rename the indirect host counting test file

* Combine artifacts saving logic

* Connect host audit model to jq logic via new task

* Document, implement, and test remaining indirect host audit fields (#15796)

* AAP-39559 Wait for all event processing to finish, add fallback task (#15798)

* Wait for all event processing to finish, add fallback task

* Add flag check to periodic task

* feat: cleanup of old indirect host audit records (#15800)

* prevent multiple tasks from processing the same job events, prevent p… (#15805)

prevent multiple tasks from processing the same job events, prevent periodic task from spawning another task per job

* Remove polling loop for job finishing event processing (#15811)

* Make awx/main/tests/live dramatically faster (#15780)

* reorder migrations to allow indirect instances backport

* cleanup for rebase and merge into devel

---------

Co-authored-by: Peter Braun <pbraun@redhat.com>
Co-authored-by: jessicamack <jmack@redhat.com>
Co-authored-by: Peter Braun <pbranu@redhat.com>
 2025-02-24 21:55:44 +00:00
Hao Liu
2d648d1225
[Feature][release_4.6] Policy as Code MVP part 1 (#6848) 2025-02-24 15:58:57 -05:00
Hao Liu
c0b9d3f428
Switch to ssh for private git requirements (#6838) 2025-02-17 22:44:29 -05:00
Hao Liu
ccb6360a96
AAP-39778[Backport][release_4.6] Add DAB Feature Flag common API (#6833) 
* [AAP-39138] - Add DAB Feature Flag common API (#15786)
* Update django-ansible-base reference to ansible-automation-platform/django-ansible-base@stable-2.5

---------

Co-authored-by: Zack Kayyali <zkayyali@redhat.com>
 2025-02-12 15:47:06 -05:00
Hao Liu
397fb297bf
Add ability to provide token for private repo for requirements_git in container build (#15831) (#6830) 
Add ability to provide auth to private repo for requirements_git
 2025-02-12 20:00:37 +00:00
Rodrigo Toshiaki Horie
2e8114394b
[4.6][dependency] update django for CVE-2024-56374 (#6784) 2025-01-20 18:58:30 -03:00
Jake Jackson
a209751f22
Fix CVE-2024-56201 update jinja2 (#6778) 2025-01-08 13:42:42 -05:00
Pablo H.
b361aef0fb
chore: addressing CVE 2024-53908 (#6768) 2024-12-16 14:16:00 -05:00
Seth Foster
df79fa4ae1
bump grpcio CVE-2024-11407 (#6766) 
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
 2024-12-16 13:23:24 -05:00
Peter Braun
56d3933154
feat: enable django flags support (#15660) (#6755) 
* feat: enable django flags support

* add django flags license

* re-run updater script
 2024-12-09 09:40:28 +01:00
Peter Braun
148afce455
deps: receptorctl v1.5.1 (#6760) 2024-12-06 16:12:58 +01:00
Peter Braun
8174a28716
update receptorctl to v1.5.0 (#6749) 2024-11-25 15:37:01 +01:00
Satoe Imaishi
71a18c0d61
Bump uwsgi to 2.0.28 (#6736) 2024-11-22 10:54:52 -05:00
Hao Liu
c55fb369fa
Update receptorctl to 1.4.11 (#6746) 2024-11-21 16:31:09 -05:00
Jake Jackson
2c3b4ff5d7
[4.6][dependency] update aiohttp to address vuln CVE-2024-52304 (#6740) 
* update aiohttp to address vuln CVE-2024-52304

* add licenses for new deps
 2024-11-21 16:21:34 -05:00
Hao Liu
784ff3193d
Pin DAB to 2024.10.17 (#6721) 2024-10-21 19:25:05 +00:00
Hao Liu
7972486594
Update receptorctl to 1.4.9 (#6718) 2024-10-17 11:27:21 -04:00
Tomas Z
d1c85dae4d
Upgrade django and sqlparse to pickup CVE fixes (#6709) 2024-10-04 15:51:12 -04:00
Hao Liu
46becf15e9
Switch DAB back to devel to (#6713) 
Enable event 2 development
 2024-10-01 20:11:04 +00:00
Hao Liu
6574cfe3a9
Pin dependencies to prepare for release_4.6 release tag (#6707) 
* Pin deps to release prep
- ansible-runner@2.4.0
- receptorctl@1.4.8
- django-ansible-base@c8fbc1e345d4908cc97eaae20771238a5dd35aad
 2024-09-19 16:22:18 +00:00
Jake Jackson
fafed924e3
rebase and merge conflict resolution (#6692) 2024-09-17 16:46:12 +00:00
Jake Jackson
eb4f3c2864
update urllib to fix CVE-2024-37891 (#6700) 2024-09-17 12:14:28 -04:00
Jake Jackson
bcd18e161c
fix CVE-2024-21520 (#6687) 2024-09-16 16:04:11 -04:00
Elijah DeLee
059f52f314
Unpin django-ansible-base for now (#6681) 2024-09-09 21:51:20 +00:00
Seth Foster
85bd7c3ca0
[4.6] Make controller specific team and org roles (#6662) 
Adds the following managed Role Definitions

Controller Team Admin
Controller Team Member
Controller Organization Admin
Controller Organization Member

These have the same permission set as the
platform roles (without the Controller prefix)

Adding members to teams and orgs via the legacy RBAC system
will use these role definitions.

Other changes:
- Bump DAB to 2024.08.22
- Set ALLOW_LOCAL_ASSIGNING_JWT_ROLES to False in defaults.py.
This setting prevents assignments to the platform roles (e.g. Team Member).

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
 2024-08-26 16:31:42 -04:00
Rick Elrod
9fa5be015c Bump DAB to 2024.8.19 
Signed-off-by: Rick Elrod <rick@elrod.me>
 2024-08-19 07:37:01 -05:00
Jake Jackson
8b293e7046
update django to 4.2.15 to address multiple CVEs (#6636) 2024-08-15 13:32:26 -04:00
Jake Jackson
467024bc54
fix CVE-2024-33663 and bring in updates for social-auth-app-django (#6634) 2024-08-15 13:32:09 -04:00
jessicamack
bdf3f81016
Unpin channels-redis (#15329) (#6647) 
* unpin channels-redis

The bug that initially caused the upgrade block has been resolved https://github.com/django/channels_redis/issues/332

* replace aioredis Exception with a redis Exception

Version 4.0.0 of channel-redis migrated the underlying Redis library from aioredis to redis-py. The Exception has been changed to an equivalent

* remove unused license

* remove UPGRADE BLOCKER in README

* remove hiredis

it was an indirect dependency from aioredis which was removed

* remove unused license

* add back hiredis

it's potentially providing a performance boost. install explicitly as a part of redis. upgrade to more recent version

* remove UPGRADE BLOCKER for hiredis

it was also addressed as a part of this PR
 2024-08-12 15:03:46 -04:00