[pull] devel from ansible:devel#572
Open
pull[bot] wants to merge 2033 commits intophilipsd6:develfrom
Open
Conversation
github-actions
bot
added
component:api
component:ui
community
component:awx_collection
labels
github-actions
bot
added
the
dependencies
* the workflow has been failing silently without catching a merge conflict. this removes the fail pretty logic previously implemented. * just fail if a merge conflict is encountered
… (#7074) * remove requirement for galaxy credentials to belong to an organization * remove organization check for galaxy credential type
* bump Django version to patch with additional hardening
…it (#16085) * fix: awxkit should honor CONTROLLER_OPTIONAL_API_URLPATTERN_PREFIX if defined * add unit tests * update tests
* Fix issue where export module does not honor CONTROLLER_OPTIONAL_API_URLPATTERN_PREFIX * Add unit test and handle leading/trailing slashes * Reformat * Refactor for clarity * Remove unused import
…ntroller API api/v2/jobs/{id}/stdout/?format=txt (#7071)
* Move logic to unified job model instead of view
* Refine logic to only apply to double escaped characters to prevent touching unicord chars
* Refine logic to only apply to stdout so that it does not impact webhook notifications
* Revise naming to reflect correction to escapes, not just escape quotes
* Update code comments to reflect fixing double escapes vs double escaped quotes specifically
* Add regex for 5 most common python escape chars to make fix more robust
…7086) * Fixed merge conflicts * fix linters * Added test for projectTeamsList
* Fix issue where export module does not honor CONTROLLER_OPTIONAL_API_URLPATTERN_PREFIX * Add unit test and handle leading/trailing slashes * Reformat * Refactor for clarity * Remove unused import
…it (#16085) * fix: awxkit should honor CONTROLLER_OPTIONAL_API_URLPATTERN_PREFIX if defined * add unit tests * update tests
* wip: management command for authenticator export to GateWay * wip: implement ldap auth config migration * refactor: split concerns into gathering config and converting / recreating config * refactor: dry run by default * use the authenticator slug for idempotency * move to correct utils path * use env vars instead of flags, fix linter errors * remove unused import
…ocal resource management (#16033) (#6985) Remove ALLOW_LOCAL_RESOURCE_MANAGEMENT setting and enable local resource management This commit removes the ALLOW_LOCAL_RESOURCE_MANAGEMENT setting and all associated functionality, making the behavior as if the setting is always enabled. Changes: - Remove ALLOW_LOCAL_RESOURCE_MANAGEMENT setting from defaults.py - Remove @immutablesharedfields decorator and all related logic - Remove decorator applications from Organization, Team, and User API views - Remove role assignment restrictions in UserRolesList and RoleUsersList - Remove test file for immutablesharedfields functionality - Clean up unused imports Result: Organizations, Teams, and Users can now always be created, modified, and deleted via the API without platform ingress restrictions.
* split up migration into classes for each authenticator * remove unused import * remove unused code * remove unused class
* compare authenticators and mappers before recreating them * add unit tests * fix linter errors * refactor and improve: better implementation for get_authenticator_by_slug and removal of redundant code * add submit_authenticator method to handle create vs. update in a generic way * remove unused import
* update dab dependency for 2.6 development
Remove Controller specific roles Removes - Controller Organization Admin - Controller Organization Member - Controller Team Admin - Controller Team Member - Controller System Auditor Going forward the platform role definitions will be used, e.g. Organization Member The migration will take care of any assignments with those controller specific roles and use the platform roles instead. Signed-off-by: Seth Foster <fosterbseth@gmail.com>
* Address more ignored pytest warnings * Fix what we can with CI results * Add new migration file
Co-Authored-By: Claude Sonnet 4 <noreply@anthropic.com>
Only remove the collection directory the fixture created (redhat/indirect_accounting) instead of the entire /var/lib/awx/vendor_collections/ root, so we don't accidentally delete vendor collections that may have been installed by the build process. Forward-port of ansible/tower#7350. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Remove pbr from requirements pbr was temporarily added to support ansible-runner installed from a git branch. It is no longer needed as a direct dependency. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Retrigger CI Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…yed as part of AAP (#16283) After all settings are loaded, override DEFAULT_AUTHENTICATION_CLASSES to only allow Gateway JWT authentication when RESOURCE_SERVER__URL is set. This makes the lockdown immutable — no configuration file or environment variable can re-enable legacy auth methods (Basic, Session, OAuth2, Token). This is the same pattern used by Hub (galaxy_ng) and EDA (eda-server) for ANSTRAT-1840. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Pass workload TTL to Gateway (minimal changes) assisted-by: Claude * lint Assisted-by: Claude * fix unit tests assisted-by claude * use existing functions assisted-by: Claude * fix test assisted-by: Claude * fixes for sonarcloud assisted-by: Claude * nit * nit * address feedback * feedback from pr review assisted-by: Claude * feedback from pr review assisted-by: Claude * Apply suggestion from @dleehr Co-authored-by: Dan Leehr <dleehr@users.noreply.github.com> * lint assisted-by: Claude * fix: narrow vendor_collections_dir fixture teardown scope (#16326) Only remove the collection directory the fixture created (redhat/indirect_accounting) instead of the entire /var/lib/awx/vendor_collections/ root, so we don't accidentally delete vendor collections that may have been installed by the build process. Forward-port of ansible/tower#7350. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * AAP-67436 Remove pbr from requirements (#16337) * Remove pbr from requirements pbr was temporarily added to support ansible-runner installed from a git branch. It is no longer needed as a direct dependency. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Retrigger CI Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * [AAP-64062] Enforce JWT-only authentication for Controller when deployed as part of AAP (#16283) After all settings are loaded, override DEFAULT_AUTHENTICATION_CLASSES to only allow Gateway JWT authentication when RESOURCE_SERVER__URL is set. This makes the lockdown immutable — no configuration file or environment variable can re-enable legacy auth methods (Basic, Session, OAuth2, Token). This is the same pattern used by Hub (galaxy_ng) and EDA (eda-server) for ANSTRAT-1840. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Re-trigger CI Made-with: Cursor * Re-trigger CI Made-with: Cursor * [AAP-63314] Pass job timeout as workload_ttl_seconds to Gateway Assisted-by: Claude * Additional unit test requested at review Assisted-by: Claude * Revert profiled_pg/base.py rebase error, unrelated to AAP-63314 * revert requirements changes introduced by testing * revert * revert * docstring nit from coderabbit --------- Co-authored-by: Dan Leehr <dleehr@users.noreply.github.com> Co-authored-by: Dirk Julich <djulich@redhat.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
…on constructor (#16351) Fix SonarCloud Reliability Rating issue in Common exception constructor The constructor had code paths where attributes were not consistently initialized and super().__init__() was not called, which was flagged as a Reliability Rating issue by SonarCloud. Ensures all branches properly set self.status_string and self.msg, and call super().__init__(). Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fixed typo/project naming to match example.
* Fix error from newer ansible versions * Include fix for setting cachable * Revert "Include fix for setting cachable" This reverts commit 477293c.
* Stop writing tmp test files that are not cleaned up
* Fix SonarCloud Reliability issues: time-dependent class attrs and dict comprehensions - Move last_stats/last_flush from class body to __init__ in CallbackBrokerWorker (S8434: time-dependent expressions evaluated at class definition) - Replace dict comprehensions with dict.fromkeys() in has_create.py (S7519: constant-value dict should use fromkeys) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix callback receiver tests to use flush(force=True) Tests were implicitly relying on last_flush being a stale class-level timestamp. Now that last_flush is set in __init__, the time-based flush condition isn't met when flush() is called immediately after construction. Use force=True to explicitly trigger an immediate flush in tests. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fix job cancel chain bugs * Early relief valve for canceled jobs, ATF related changes * Add test and fix for approval nodes as well * Revert unwanted change * Refactor workflow approval nodes to make it more clean * Revert data structure changes * Delete local utility file * Review comment addressing * Use canceled status in websocket * Delete slop * Add agent marker * Bugbot comment about status websocket mismatch
…16340) * fix: NameError in wsrelay when JSON decode fails with DEBUG logging run_connection() referenced payload in the JSONDecodeError handler, but payload was never assigned because json.loads() is what failed. Use msg.data instead to log the raw message content. Fixes: AAP-68045 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix other instance of undefined payload --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: AlanCoding <arominge@redhat.com>
Add install-time feature flag for OIDC workload identity credential types Implements FEATURE_OIDC_WORKLOAD_IDENTITY_ENABLED feature flag to gate HashiCorp Vault OIDC credential types as a Technology Preview feature. When the feature flag is disabled (default), OIDC credential types are not loaded into the plugin registry at application startup and do not exist in the database. When enabled, OIDC credential types are loaded normally and function as expected. Changes: - Add FEATURE_OIDC_WORKLOAD_IDENTITY_ENABLED setting (defaults to False) - Add OIDC_CREDENTIAL_TYPE_NAMESPACES constant for maintainability - Modify load_credentials() to skip OIDC types when flag is disabled - Add test coverage (2 test cases) This is an install-time flag that requires application restart to take effect. The flag is checked during application startup when credential types are loaded from plugins. Fixes: AAP-64510 Assisted-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…on (#16364) * Pass plugin_description through to CredentialType.description Propagate the plugin_description field from credential plugins into the CredentialType description when loading and creating managed credential types, including updates to existing records. Assisted-by: Claude * Add unit tests for plugin_description passthrough to CredentialType Tests cover load_plugin, get_creation_params, and _setup_tower_managed_defaults handling of the description field. Assisted-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: PabloHiro <palonso@redhat.com>
Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Fix CI: Pin setuptools_scm<10 to fix api-lint build failure setuptools-scm 10.0.5 (with its new vcs-versioning dependency) requires a [tool.setuptools_scm] or [tool.vcs-versioning] section in pyproject.toml. AWX intentionally omits this section because it uses a custom version resolution via setup.cfg (version = attr: awx.get_version). The new major version of setuptools-scm treats the missing section as a fatal error when building the sdist in tox's isolated build, causing the linters environment to fail. Pinning to <10 restores compatibility with the existing version resolution strategy. Failing run: https://github.com/ansible/awx/actions/runs/23744310714 Branch: devel Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: enable workload identity credentials for project updates * Add explanatory comment for credential context handling * Revert build_passwords
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )