* Replaced all references of downstream docs to upstream docs.
* Update README.md
Co-authored-by: Don Naro <dnaro@redhat.com>
* Update README.md.j2
Co-authored-by: Don Naro <dnaro@redhat.com>
* Update README.md.j2
Co-authored-by: Don Naro <dnaro@redhat.com>
* Incorpor'd review feedback from @oraNod and @samccann
* Updated with agreed link (for now) until further change is needed.
---------
Co-authored-by: Don Naro <dnaro@redhat.com>
* update terminology
Replace some instances of Tower with AWX and remove some references to
enterprise left over from the migration of RST content from the
Automation Controller docs.
* Update docs/docsite/rst/userguide/overview.rst
Co-authored-by: TVo <thavo@redhat.com>
---------
Co-authored-by: TVo <thavo@redhat.com>
* Added new OpenShift Virtualization inventory source to docs.
* Incorporated review feedback from @fosterseth and @TheRealHaoLiu.
* Fixed link to correct kubevirt.core.kubevirt documentation.
Support for AWS SNS notifications. SNS is a widespread service that is used to integrate with other AWS services(EG lambdas). This support would unlock use cases like triggering lambda functions, especially when AWX is deployed on EKS.
Decisions:
Data Structure
- I preferred using the same structure as Webhook for message body data because it contains all job details. For now, I directly linked to Webhook to avoid duplication, but I am open to suggestions.
AWS authentication
- To support non-AWS native environments, I added configuration options for AWS secret key, ID, and session tokens. When entered, these values are supplied to the underlining boto3 SNS client. If not entered, it falls back to the default authentication chain to support the native AWS environment. Properly configured EKS pods are created with temporary credentials that the default authentication chain can pick automatically.
---------
Signed-off-by: Ethem Cem Ozkan <ethemcem.ozkan@gmail.com>
It's the year 2024: using -k as default in https URL schemes should be deprecated. (I have left one mention of it possibly being required if no CA available). Furtheremore, neither -XGET or -XPOST are required, as curl(1) well knows when to use which method.
Develop ability to list permissions for existing roles
Create a model registry for RBAC-tracked models
Write the data migration logic for creating
the preloaded role definitions
Write migration to migrate old Role into ObjectRole model
This loops over the old Role model, knowing it is unique
on object and role_field
Most of the logic is concerned with identifying the
needed permissions, and then corresponding role definition
As needed, object roles are created and users then teams
are assigned
Write re-computation of cache logic for teams
and then for object role permissions
Migrate new RBAC internals to ansible_base
Migrate tests to ansible_base
Implement solution for visible_roles
Expose URLs for DAB RBAC
* Stage multi-arch awx image
- change CI to use `make awx-kube-build` instead of build playbook
- update staging CI to build and push multiarch awx image
- update doc to use `make awx-kube-build` to build awx image
- remove build playbook (no longer used)
* Added docs for terraform credential/inventory source
* Updated screen captures for inventories and source to match wfjt example
* Added docs for terraform credential/inventory source
* Updated screen captures for inventories and source to match wfjt example
* Update docs/docsite/rst/userguide/inventories.rst
Co-authored-by: Aoki <lucasaoki@users.noreply.github.com>
* Revised per review feedback.
* Update docs/docsite/rst/userguide/inventories.rst
Co-authored-by: Helen Bailey <hakbailey@gmail.com>
---------
Co-authored-by: Aoki <lucasaoki@users.noreply.github.com>
Co-authored-by: Helen Bailey <hakbailey@gmail.com>
* Switch mailing list to forum
* add link to community
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
* use correct channel name
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
---------
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
* Added LDAP support for HashiCorp Vault lookup credential
* Added LDAP support for HashiCorp Vault lookup credential
* Replaced graphics and updated missing fields.
* Added LDAP support for HashiCorp Vault lookup credential
* Replaced graphics and updated missing fields.
* Incorporated review feedback from @thedoubl3j and @djyasin.
* Added hop node information and beefed up exec nodes section.
* Made updates to the Topology viewer & dis/associate peers
* Added hop node information and beefed up exec nodes section.
* Made updates to the Topology viewer & dis/associate peers
* Fixed build and image rendering issues.
* Replaced graphic with many many nodes!
* Updated images with latest
* Incorporated review inputs from @fosterseth.
* Incorporated more review feedback from @fosterseth
* Resized graphic
* Resized graphic again
* Reduced image sizes to scale better on different browsers.
* Added section for using private image for default EE.
* Deleted .md file for execution nodes due to migration to RTD.
* Added hop node information and beefed up exec nodes section.
* Made updates to the Topology viewer & dis/associate peers
* Added hop node information and beefed up exec nodes section.
* Made updates to the Topology viewer & dis/associate peers
* Fixed build and image rendering issues.
* Replaced graphic with many many nodes!
* Updated images with latest
* Incorporated review inputs from @fosterseth.
* Incorporated more review feedback from @fosterseth
* Resized graphic
* Resized graphic again
* Reduced image sizes to scale better on different browsers.
* Add username and password to handle_auth and update exception message
Revise naming of ldap username and password
* Add url for LDAP and userpass to method_auth
* Add information regarding LDAP and username and password to credential plugins documentation
Revise ldap_auth to userpass_auth and revised exception to better reflect functionality
* Revise method_auth to ensure certs can be used with username and ensure namespace functionality is not hindered
* Adding hosts bulk deletion feature
Signed-off-by: Avi Layani <alayani@redhat.com>
* fix the type of the argument
Signed-off-by: Avi Layani <alayani@redhat.com>
* fixing activity_entry tracking
Signed-off-by: Avi Layani <alayani@redhat.com>
* Revert "fixing activity_entry tracking"
This reverts commit c8eab52c2ccc5abe215d56d1704ba1157e5fbbd0.
Since the bulk_delete is not related to an inventory, only hosts which
can be from different inventories.
* get only needed vars to reduce memory consumption
Signed-off-by: Avi Layani <alayani@redhat.com>
* filtering the data to reduce memory increase the number of queries
Signed-off-by: Avi Layani <alayani@redhat.com>
* update the activity stream for inventories
Signed-off-by: Avi Layani <alayani@redhat.com>
* fix the changes dict initialiazation
Signed-off-by: Avi Layani <alayani@redhat.com>
---------
Signed-off-by: Avi Layani <alayani@redhat.com>
* Add TLS certificate auth for HashiCorp Vault
Add support for AWX to authenticate with HashiCorp Vault using
TLS client certificates.
Also updates the documentation for the HashiCorp Vault secret management
plugins to include both the new TLS options and the missing Kubernetes
auth method options.
Signed-off-by: Andrew Austin <aaustin@redhat.com>
* Refactor docker-compose vault for TLS cert auth
Add TLS configuration to the docker-compose Vault configuration and
use that method by default in vault plumbing.
This ensures that the result of bringing up the docker-compose stack
with vault enabled and running the plumb-vault playbook is a fully
working credential retrieval setup using TLS client cert authentication.
Signed-off-by: Andrew Austin <aaustin@redhat.com>
* Remove incorrect trailing space
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
* Make vault init idempotent
- improve error handling for vault_initialization
- ignore error if vault cert auth is already configured
- removed unused register
* Add VAULT_TLS option
Make TLS for HashiCorp Vault optional and configurable via VAULT_TLS env var
* Add retries for vault init
Sometime it took longer for vault to fully come up and init will fail
---------
Signed-off-by: Andrew Austin <aaustin@redhat.com>
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
Co-authored-by: Hao Liu <haoli@redhat.com>
