[pull] devel from ansible:devel#572
Open
pull[bot] wants to merge 2019 commits intophilipsd6:develfrom
Open
Conversation
github-actions
bot
added
component:api
component:ui
community
component:awx_collection
labels
github-actions
bot
added
the
dependencies
* Bug fix for AAP-47771 this data migration updates existing CredentialType entries in the database and changes the kind from github_app to github_app_lookup * Combine migration 0203 into 0202 * Add test to ensure reconciliation issue has been resolved
* fixes UnboundLocalError in POST /attach Signed-off-by: Robin Y Bobbitt <rbobbitt@redhat.com> * bust cache for credentials before attaching subscription Signed-off-by: Robin Y Bobbitt <rbobbitt@redhat.com> --------- Signed-off-by: Robin Y Bobbitt <rbobbitt@redhat.com>
* clear LICENSE from cache on change Signed-off-by: Robin Y Bobbitt <rbobbitt@redhat.com> * Adds tests for license cache clearing Generated by Cursor (claude-4-sonnet) Signed-off-by: Robin Y Bobbitt <rbobbitt@redhat.com> * test fixes Generated with Cursor (claude-4-sonnet) Signed-off-by: Robin Y Bobbitt <rbobbitt@redhat.com> --------- Signed-off-by: Robin Y Bobbitt <rbobbitt@redhat.com> Co-authored-by: Jake Jackson <jljacks93@gmail.com>
Signed-off-by: Elyézer Rezende <elyezermr@gmail.com>
* clear LICENSE from cache on change * Adds tests for license cache clearing Generated by Cursor (claude-4-sonnet) * test fixes Generated with Cursor (claude-4-sonnet) --------- Signed-off-by: Robin Y Bobbitt <rbobbitt@redhat.com> Co-authored-by: Jake Jackson <jljacks93@gmail.com>
* aap_token now functions like controller_oauthtoken
* lookup('awx.awx.controller_api', ...) fixed
* remove requirement for galaxy credentials to belong to an organization * remove organization check for galaxy credential type
* Update requirements for setuptools
* first pass and need to commit
* update makefile and run updater script
* updated makefile per readme
* ran updater script
* Patch irc backend to avoid namespace collision w/ jaraco
When importing the IRC backend, jaraco resolves to
the version vendored inside setuptools:
1) importing irc backend…
irc_backend ERROR: ModuleNotFoundError("No module named 'jaraco.stream'")
2) sys.modules['jaraco'] after failure:
present: True
type: <class 'module'>
__file__: /var/lib/awx/venv/awx/lib64/python3.11/site-packages/setuptools/_vendor/jaraco/__init__.py
__path__: ['/var/lib/awx/venv/awx/lib64/python3.11/site-packages/setuptools/_vendor/jaraco']
__spec__: ModuleSpec(name='jaraco',
loader=<_frozen_importlib_external.SourceFileLoader object at 0x7f006a0eccd0>,
origin='/var/lib/awx/venv/awx/lib64/python3.11/site-packages/setuptools/_vendor/jaraco/__init__.py',
submodule_search_locations=['/var/lib/awx/venv/awx/lib64/python3.11/site-packages/setuptools/_vendor/jaraco'])
Since setuptools does not vendor jaraco.stream, it blew up. This patch ensures
jaraco.stream gets imported *before* attempting to import the irc modules.
* Revert "[4.6][dependency] CVE 2025 47273 (#7020)" (#7027)
This reverts commit e8b2920.
* reformatted irc backend with black
* ran black to fix linting issues
* Reapply "[4.6][dependency] CVE 2025 47273 (#7020)" (#7027)
This reverts commit 0c6df9b13398a93569fae7558e1a0e72cbe8fb6c.
* add flake8 ignore since jaraco.stream is needed
* jaraco.stream is not directly called in the file but is needed by irc
so ignore the linter failure
---------
Co-authored-by: Shane McDonald <me@shanemcd.com>
* Fix some patterns in collection test playbooks * Revert change to ansible.builtin.user * Revert change to WFJT for dup label error * Add error handling and fix references * Add back lookup organization * Fix all remainingfailing syntax in workflow_job_template * Allow creating galaxy credential types without an organization (#16077) * remove requirement for galaxy credentials to belong to an organization * remove organization check for galaxy credential type --------- Co-authored-by: AlanCoding <arominge@redhat.com> Co-authored-by: Peter Braun <pbraun@redhat.com>
* Revise start_fact_cache and finish_fact_cache to use JSON file (#15970) * Revise start_fact_cache and finish_fact_cache to use JSON file with host list inside it * Revise artifacts path to be relative to the job private_data_dir * Update calls to start_fact_cache and finish_fact_cache to agree with new reference to artifacts_dir * Prevents unnecessary updates to ansible_facts_modified, fixing timestamp-related test failures. * Import bulk_update_sorted_by_id * Removed assert that calls ansible_facts_new which was removed in the backported pr * Add import of Host back
* the workflow has been failing silently without catching a merge conflict. this removes the fail pretty logic previously implemented. * just fail if a merge conflict is encountered
… (#7074) * remove requirement for galaxy credentials to belong to an organization * remove organization check for galaxy credential type
Include scaledown fix from dispatcherd
Forward port of 5c4653fbbca4b542fea05f070efea0396b034839 from stable-2.6. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…and stable-2.6 (#16315) * Added worflow dispatch to trigger ci on release_4.6 and stable-2.6 * fix error cascading to subsequent jobs for cron * made compose_tag resolve to the correct branch name
Added HTTP_X_FORWARDED_FOR in Devel for production
…16319) Add documentation for indirect query files
* feat: workload identity credentials integration * feat: cache credentials and add context property to Credential Assisted-by: Claude * feat: include safeguard in case feature flag is disabled * feat: tests to validate workload identity credentials integration * fix: affected tests by the credential cache mechanism * feat: remove word cache from variables and comments, use standard library decorators * fix: reorder tests in correct files * Use better error catching mechanisms * Adjust logic to support multiple credential input sources and use internal field * Remove hardcoded credential type names * Add tests for the internal field Assited-by: Claude
Django 5.2 restricts LogoutView to POST only (deprecated in 4.1, removed in 5.0+). Without this fix, GET requests to /api/logout/ return 405 Method Not Allowed. Add http_method_names override and a get() method that delegates to post() where auth_logout() actually runs
* Pin container versions * downgrades from coderabbit * Add notes for future upgrades
…ed hosts (#16318) * Add new tests for bug saving concurrent facts * Fix first bug and improve tests * Fix new bug where concurrent job clears facts from other job in unwanted way * minor test fixes * Add in missing playbook * Fix host reference for constructed inventory * Increase speed for concurrent fact tests * Make test a bit faster * Fix linters * Add some functional tests * Remove the sanity test * Agent markers added * Address SonarCloud * Do backdating method, resolving stricter assertions * Address coderabbit comments * Address review comment with qs only method * Delete missed sleep statement * Add more coverage
* Revert "AAP-58452 Add version fallback for external query files (#16309)" This reverts commit 0f2692b. * AAP-58441: Add runtime integration for external query collection (#7208) Extend build_private_data_files() to copy vendor collections from /var/lib/awx/vendor_collections/ to the job's private_data_dir, making external query files available to the indirect node counting callback plugin in execution environments. Changes: - Copy vendor_collections to private_data_dir during job preparation - Add vendor_collections path to ANSIBLE_COLLECTIONS_PATH in build_env() - Gracefully handle missing source directory with warning log - Feature gated by FEATURE_INDIRECT_NODE_COUNTING_ENABLED flag This enables external query file discovery for indirect node counting across all deployment types (RPM, Podman, OpenShift, Kubernetes) using the existing private_data_dir mechanism. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * [stable-2.6] AAP-58451: Add callback plugin discovery for external query files (#7223) * AAP-58451: Add callback plugin discovery for external query files Extend the indirect_instance_count callback plugin to discover and load external query files from the bundled redhat.indirect_accounting collection when embedded queries are not present in the target collection. Changes: - Add external query discovery with precedence (embedded queries first) - External query path: redhat.indirect_accounting/extensions/audit/ external_queries/{namespace}.{name}.{version}.yml - Use self._display.v() for external query messages (visible with -v) - Use self._display.vv() for embedded query messages (visible with -vv) - Fix: Change .exists() to .is_file() per Traversable ABC - Handle missing external query collection gracefully (ModuleNotFoundError) Note: This implements exact version match only. Version fallback logic is covered in AAP-58452. * fix CI error when using Traversable.is_file * Add minimal implementation for AAP-58451 * Fix formatting --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * AAP-58452 Add version fallback for external query files (#7254) * AAP-58456 unit test suite for external query handling (#7283) * Add unit tests for external query handling * Refactor unit tests for external query handling * Refactor indirect node counting callback code to improve testing code * Refactor unit tests for external query handling for improved callback code * Fix test for majore version boundary check * Fix weaknesses in some unit tests * Make callback plugin module self contained, independent from awx * AAP-58470 integration tests (core) for external queries (#7278) * Add collection for testing external queries * Add query files for testing external query file runtime integration * Add live tests for external query file runtime integration * Remove redundant wait for events and refactor test data folders * Fix unit tests: mock flag_enabled to avoid DB access The AAP-58441 cherry-pick added a flag_enabled() call in BaseTask.build_private_data_files(), which is called by all task types. Tests for RunInventoryUpdate and RunJob credentials now hit this code path and need the flag mocked to avoid database access in unit tests. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: attempt exact query file match before Version parsing (#7345) The exact-version filename check does not require PEP440 parsing, but Version() was called first, causing early return on non-PEP440 version strings even when an exact file exists on disk. Move the exact file check before Version parsing so fallback logic only parses when needed. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * Do no longer mutate global sys.modules (#7337) * [stable-2.6] AAP-58452 fix: Add queries_dir guard (#7338) * Add queries_dir guard * fix: update unit tests to mock _get_query_file_dir instead of files The TestVersionFallback tests mocked `files()` with chainable path mocks, but `find_external_query_with_fallback` now uses `_get_query_file_dir()` which returns the queries directory directly. Mock the helper instead for simpler, correct tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * fix: remove unused EXTERNAL_QUERY_PATH constant (#7336) The constant was defined but never referenced — the path is constructed inline via Traversable's `/` operator which requires individual segments, not a slash-separated string. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * fix: restore original feature flag state in test fixture (#7347) The enable_indirect_host_counting fixture unconditionally disabled the FEATURE_INDIRECT_NODE_COUNTING_ENABLED flag on teardown, even when it was already enabled before the test (as is the case in development via development_defaults.py). This caused test_indirect_host_counting to fail when run after the external query tests, because the callback plugin was no longer enabled. Save and restore the original flag state instead. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Dirk Julich <djulich@redhat.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* Address more ignored pytest warnings * Fix what we can with CI results * Add new migration file
Co-Authored-By: Claude Sonnet 4 <noreply@anthropic.com>
Only remove the collection directory the fixture created (redhat/indirect_accounting) instead of the entire /var/lib/awx/vendor_collections/ root, so we don't accidentally delete vendor collections that may have been installed by the build process. Forward-port of ansible/tower#7350. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Remove pbr from requirements pbr was temporarily added to support ansible-runner installed from a git branch. It is no longer needed as a direct dependency. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Retrigger CI Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…yed as part of AAP (#16283) After all settings are loaded, override DEFAULT_AUTHENTICATION_CLASSES to only allow Gateway JWT authentication when RESOURCE_SERVER__URL is set. This makes the lockdown immutable — no configuration file or environment variable can re-enable legacy auth methods (Basic, Session, OAuth2, Token). This is the same pattern used by Hub (galaxy_ng) and EDA (eda-server) for ANSTRAT-1840. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Pass workload TTL to Gateway (minimal changes) assisted-by: Claude * lint Assisted-by: Claude * fix unit tests assisted-by claude * use existing functions assisted-by: Claude * fix test assisted-by: Claude * fixes for sonarcloud assisted-by: Claude * nit * nit * address feedback * feedback from pr review assisted-by: Claude * feedback from pr review assisted-by: Claude * Apply suggestion from @dleehr Co-authored-by: Dan Leehr <dleehr@users.noreply.github.com> * lint assisted-by: Claude * fix: narrow vendor_collections_dir fixture teardown scope (#16326) Only remove the collection directory the fixture created (redhat/indirect_accounting) instead of the entire /var/lib/awx/vendor_collections/ root, so we don't accidentally delete vendor collections that may have been installed by the build process. Forward-port of ansible/tower#7350. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * AAP-67436 Remove pbr from requirements (#16337) * Remove pbr from requirements pbr was temporarily added to support ansible-runner installed from a git branch. It is no longer needed as a direct dependency. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Retrigger CI Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * [AAP-64062] Enforce JWT-only authentication for Controller when deployed as part of AAP (#16283) After all settings are loaded, override DEFAULT_AUTHENTICATION_CLASSES to only allow Gateway JWT authentication when RESOURCE_SERVER__URL is set. This makes the lockdown immutable — no configuration file or environment variable can re-enable legacy auth methods (Basic, Session, OAuth2, Token). This is the same pattern used by Hub (galaxy_ng) and EDA (eda-server) for ANSTRAT-1840. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Re-trigger CI Made-with: Cursor * Re-trigger CI Made-with: Cursor * [AAP-63314] Pass job timeout as workload_ttl_seconds to Gateway Assisted-by: Claude * Additional unit test requested at review Assisted-by: Claude * Revert profiled_pg/base.py rebase error, unrelated to AAP-63314 * revert requirements changes introduced by testing * revert * revert * docstring nit from coderabbit --------- Co-authored-by: Dan Leehr <dleehr@users.noreply.github.com> Co-authored-by: Dirk Julich <djulich@redhat.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
…on constructor (#16351) Fix SonarCloud Reliability Rating issue in Common exception constructor The constructor had code paths where attributes were not consistently initialized and super().__init__() was not called, which was flagged as a Reliability Rating issue by SonarCloud. Ensures all branches properly set self.status_string and self.msg, and call super().__init__(). Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fixed typo/project naming to match example.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )