Commit Graph

786 Commits

Author SHA1 Message Date
adamscmRH
e9a128138a add org-app endpoint & permissions 2018-04-03 08:58:53 -04:00
adamscmRH
a7625b8747 add organization to app model 2018-04-03 08:58:53 -04:00
Wayne Witzel III
067ead35ac Extend test and fix to include the admin_role 2018-04-02 15:39:01 -04:00
Wayne Witzel III
ea7a0b2f58 Fixes RBAC issue, ensures can admin of sub_obj when needed 2018-04-02 14:10:14 -04:00
AlanCoding
d8f37e799b hide launch button for invalid JTs 2018-04-02 11:58:02 -04:00
AlanCoding
894eeee979 inventory source can_change rm credential check 2018-03-26 09:45:45 -04:00
Chris Meyers
ddf000e8e7 Merge pull request #1643 from chrismeyersfsu/fix-tower_special_group
do not allow tower group delete or name change
2018-03-22 08:06:03 -04:00
chris meyers
305ef6fa7e do not allow tower group delete or name change
* DO allow policy changes and other attribute changes
2018-03-22 08:05:06 -04:00
AlanCoding
4f1f578fde make user_capabilities False for read tokens 2018-03-21 13:14:14 -04:00
Wayne Witzel III
d7f26f417d Reword help text for manage org auth 2018-03-20 07:31:08 -04:00
Wayne Witzel III
d5564e8d81 Fix user capabilities when MANAGE_ORGANIZATION_AUTH is disabled 2018-03-19 15:16:54 -04:00
Wayne Witzel III
a9da494904 switch to single toggle and change name 2018-03-19 14:45:52 -04:00
Wayne Witzel III
771108e298 Protect team assignment for the roles access point 2018-03-19 12:10:13 -04:00
Wayne Witzel III
33ac8a9668 System wide toggle for org admin user/team abilities 2018-03-19 11:24:36 -04:00
Chris Meyers
2640ef8b1c Merge pull request #1536 from chrismeyersfsu/fix-protect_instance_groups
prevent instance group delete if running jobs
2018-03-15 14:57:45 -04:00
chris meyers
5d5d8152c5 prevent instance group delete if running jobs
* related to https://github.com/ansible/ansible-tower/issues/7936
2018-03-15 14:25:49 -04:00
AlanCoding
5170fb80dc fix bugs with UJT optimizations 2018-03-14 08:19:53 -04:00
AlanCoding
ce9234df0f Revamp user_capabilities with new copy fields
Add copy fields corresponding to new server-side copying

Refactor the way user_capabilities are delivered
 - move the prefetch definition from views to serializer
 - store temporary mapping in serializer context
 - use serializer backlinks to denote polymorphic prefetch model exclusions
2018-02-26 12:13:41 -05:00
Christian Adams
9493b72f29 Merge pull request #904 from ansible/oauth_n_session
Implement session-based  and OAuth 2 authentications
2018-02-26 12:12:38 -05:00
adamscmRH
30b473b0df remove default app creation 2018-02-24 21:34:07 -05:00
adamscmRH
2911dec324 fixes app token endpoint 2018-02-23 11:06:53 -05:00
adamscmRH
310f37dd37 clears authtoken & add PAT 2018-02-22 15:18:12 -05:00
Aaron Tan
1c2621cd60 Implement session-based and OAuth 2 authentications
Relates #21. Please see acceptance docs for feature details.

Signed-off-by: Aaron Tan <jangsutsr@gmail.com>
2018-02-22 15:18:12 -05:00
Ryan Petrello
35f629d42c Revert "changes to license compliance"
This reverts commit 218dfb680e.
2018-02-22 15:02:33 -05:00
AlanCoding
9c4d89f512 use the m2m field for inventory source creds 2018-02-20 12:34:56 -05:00
Wayne Witzel III
2c71a27630 Merge pull request #1123 from wwitzel3/new-permissions
New RBAC Roles
2018-02-15 16:56:03 -05:00
Wayne Witzel III
30a5617825 Address PR feedback 2018-02-14 22:53:33 +00:00
Ryan Petrello
218dfb680e changes to license compliance
now if a license is expired or over the managed node limit, it won't
prevent host creation or Job/JobTemplate launches

see: https://github.com/ansible/ansible-tower/issues/7860
2018-02-14 15:51:19 -05:00
AlanCoding
960845883d change schedule qs logic, avoid server error 2018-02-13 08:32:00 -05:00
Wayne Witzel III
819b318fe5 Add Org Execute 2018-02-10 02:52:26 +00:00
Wayne Witzel III
9e7bd55579 Add Notification Admin 2018-02-10 02:52:26 +00:00
Wayne Witzel III
b478740f28 Add Workflow Admin 2018-02-10 02:52:25 +00:00
Wayne Witzel III
109841c350 Add Credential Admin role 2018-02-10 02:52:25 +00:00
Wayne Witzel III
6c951aa883 Add Inventory Admin role 2018-02-10 02:52:25 +00:00
Wayne Witzel III
e7e83afd00 Add Project Admin role 2018-02-10 02:52:25 +00:00
Matthew Jones
624289bed7 Add support for directly managing instance groups
* Associating/Disassociating an instance with a group
* Triggering a topology rebuild on that change
* Force rabbitmq cleanup of offline nodes
* Automatically check for dependent service startup
* Fetch and set hostname for celery so it doesn't clobber other
  celeries
* Rely on celery init signals to dyanmically set listen queues
* Removing old total_capacity instance manager property
2018-02-01 16:46:44 -05:00
Ryan Petrello
1369f72885 add new API endpoints and websocket emit for new job event types
see: https://github.com/ansible/awx/issues/200
2018-01-03 09:09:44 -05:00
AlanCoding
e3a731bb9e apply listview optimizations to detail view 2017-12-13 16:09:37 -05:00
Matthew Jones
9dbcc5934e Merge remote-tracking branch 'tower/release_3.2.2' into devel 2017-12-13 12:25:47 -05:00
Ryan Petrello
202161f090 move legacy UnifiedJob stdout data to a separate unmanaged model
This data often (in the case of inventory updates) represents large data
blobs (5+MB per job run).  Storing it on the polymorphic base class
table, `main_unifiedjob`, causes it to be automatically fetched on every
query (and every polymorphic join) against that table, which can result
in _very_ poor performance for awx across the board.  Django offers
`defer()`, but it's quite complicated to sprinkle this everywhere (and
easy to get wrong/introduce side effects related to our RBAC and usage
of polymorphism).

This change moves the field definition to a separate unmanaged model
(which references the same underlying `main_unifiedjob` table) and adds
a proxy for fetching the data as needed

see https://github.com/ansible/awx/issues/200
2017-12-12 18:16:19 -05:00
AlanCoding
72a8854c27 Make ask_mapping a simple class property
from PR feedback of saved launchtime configurations
2017-12-08 13:45:23 -05:00
AlanCoding
34a8e0a9b6 Feature: saved launchtime configurations
Consolidate prompts accept/reject logic in unified models
Break out accept/reject logic for variables
Surface new promptable fields on WFJT nodes, schedules

Make schedules and workflows accurately reject variables
  that are not allowed by the prompting
  rules or the survey rules on the template

Validate against unallowed extra_data in system job schedules
Prevent schedule or WFJT node POST/PATCH with unprompted data
Move system job days validation to new mechanism
Add new psuedo-field for WFJT node credential
Add validation for node related credentials
Add related config model to unified job
Use JobLaunchConfig model for launch RBAC check

Support credential overwrite behavior with multi-creds
  change modern manual launch to use merge behavior
Refactor JobLaunchSerializer, self.instance=None
Modularize job launch view to create "modern" data
Auto-create config object with every job
Add create schedule endpoint for jobs
2017-12-08 13:38:54 -05:00
AlanCoding
a880f47925 fix bug with inventory update queryset 2017-11-28 14:13:35 -05:00
Aaron Tan
0641c6b0a6 Supress exception with concurrent deletion
Relates https://github.com/ansible/ansible-tower/issues/7768

This issue, as well as
https://github.com/ansible/ansible-tower/issues/7622, both rooted in a
concurrency issue of Django ORM:
https://github.com/ansible/ansible-tower/issues/762://code.djangoproject.com/ticket/28806

The solution related deals specifically with the related issue, but is
not a general solution. A general workaround can be found in
https://github.com/ansible/tower/pull/500.

Signed-off-by: Aaron Tan <jangsutsr@gmail.com>
2017-11-17 16:29:08 -05:00
AlanCoding
8cb5ce8307 prefetch UnifiedJob related credentials 2017-11-15 22:35:10 -05:00
Ryan Petrello
28ce9b700e replace all Job/JT relations with a single M2M credentials relation
Includes backwards compatibility for now-deprecated .credential,
.vault_credential, and .extra_credentials

This is a building block for multi-vault implementation and Alan's saved
launch configurations (both coming soon)

see: https://github.com/ansible/awx/issues/352
see: https://github.com/ansible/awx/issues/169
2017-11-14 12:49:12 -05:00
AlanCoding
7eac219eae do not use expensive visible_roles for Act Stream filter 2017-11-14 08:37:14 -05:00
Wayne Witzel III
96904968d8 Fix migration issues, tests, and templates 2017-11-09 17:29:48 -05:00
AlanCoding
0051da95c9 fix bug of system auditor 404 viewing job 2017-11-08 10:44:41 -05:00
AlanCoding
270a41443c fix bug of system auditor 404 viewing job 2017-11-03 08:20:15 -04:00