Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Update collection arguments #15627

Open
wants to merge 6 commits into
base: devel
Choose a base branch
from

Conversation

sean-m-sullivan
Copy link
Contributor

@sean-m-sullivan sean-m-sullivan commented Nov 10, 2024

SUMMARY

Update the injectors for the AAP credential type to work across collections

ISSUE TYPE
  • New or Enhanced Feature
COMPONENT NAME
  • Collection
AWX VERSION
24.6.1
ADDITIONAL INFORMATION

Related PR's:

@github-actions github-actions bot added component:awx_collection issues related to the collection for controlling AWX community labels Nov 10, 2024
@sean-m-sullivan sean-m-sullivan changed the title update collection arguments feat: Update collection arguments Nov 10, 2024
@AlanCoding
Copy link
Member

Consistency is the most important thing for this. What other content is using these connection parameters? This?

https://galaxy.ansible.com/ui/repo/published/infra/aap_configuration/docs/

@sean-m-sullivan
Copy link
Contributor Author

Consistency is the most important thing for this. What other content is using these connection parameters? This?

https://galaxy.ansible.com/ui/repo/published/infra/aap_configuration/docs/

This is the primary thing using it at the moment, and the installer using it as well, it was more Some Variables should be exposed to playbooks for use, lets set a standard.

@AlanCoding
Copy link
Member

Looking good 👍

I got some more background on this initiative. It looks like you've already taken the lead in proposing these changes elsewhere. I fully support this, but want to wait a few days to assure we've solidified consensus.

@AlanCoding
Copy link
Member

I'm actually not convinced this will work anymore. I expect that if the collection receives AAP_HOSTNAME then in that scenario specifically, it needs to append to use /api/controller/ as opposed to /api/. I don't see that.

I could test this manually to clarify specifically how it's not working, but there's no automated tests we can rely on right now.

@AlanCoding
Copy link
Member

ansible/event-driven-ansible#347

The PR you created here is for the collection. There may be a needed change to eda-server as well.

https://github.com/ansible/eda-server/blob/ac4be90e413196e922bd255a04589711b25b818e/src/aap_eda/core/management/commands/create_initial_data.py#L302-L315

This is probably more consequential, since this is a credential type used in-app, most similar to the awx_plugins change you are making. At some point we hope to essentially merge the 2 CredentialType models, but we are not there yet, so the controller type is more-or-less duplicated in both places.

@sean-m-sullivan
Copy link
Contributor Author

It may be needed, didn't know it was there will look and add that to the list

ansible/event-driven-ansible#347

The PR you created here is for the collection. There may be a needed change to eda-server as well.

https://github.com/ansible/eda-server/blob/ac4be90e413196e922bd255a04589711b25b818e/src/aap_eda/core/management/commands/create_initial_data.py#L302-L315

This is probably more consequential, since this is a credential type used in-app, most similar to the awx_plugins change you are making. At some point we hope to essentially merge the 2 CredentialType models, but we are not there yet, so the controller type is more-or-less duplicated in both places.

awx_collection/plugins/doc_fragments/auth.py Show resolved Hide resolved
collection_name: 'awx.awx'
version: '4.0.0'
why: Collection name change
alternatives: 'TOWER_OAUTH_TOKEN, AAP_TOKEN'
Copy link
Contributor

@PabloHiro PabloHiro Dec 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same with this. Not sure how to handle this so it is clear that OAUTH is coming from the Resource Server but is not available in Controller

@AlanCoding
Copy link
Member

Here is a patch to hopefully fix the sanity failures.

sean-m-sullivan#60

Checks do have trouble running on forks, so we may not get meaningful output from that until merged here. I guess I can test separately... #15729

Copy link
Member

@AlanCoding AlanCoding left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to formally document the situation with tokens here. These lines of code were removed in recent changes:

3ba6e2e#diff-87795928c0b98b89601c8cc0bb837dd70788e1a0c7c5803a6bf7a695bc02984dL505-L507

        if self.oauth_token:
            # If we have a oauth token, we just use a bearer header
            headers['Authorization'] = 'Bearer {0}'.format(self.oauth_token)

Changing how we parse the token argument is ignoring the problem. With no code that constructs the headers to use a token, you can't make requests using a token.

For now, I would say kick the token out of scope of this, and an issue can be filed for that. Current reading is that all params related to OAuth2 tokens here are non-functional and that's the blocker. So the simple change I'm asking for is to remove the token params.

@AlanCoding
Copy link
Member

For sanity test failures, I've now realized (after banging my head on my desk for a bit) that the following failure is introduced by this PR.

ERROR: Found 2 pep8 issue(s) which need to be resolved:
ERROR: plugins/module_utils/controller_api.py:80:14: E131: continuation line unaligned for hanging indent
ERROR: plugins/module_utils/controller_api.py:81:14: E131: continuation line unaligned for hanging indent

The patch I linked (my PR in your fork) is still valid. This is yet another fix that's needed for sanity to pass.

@AlanCoding
Copy link
Member

For yet another request here, it was agreed that we need some measure of testing of the new params. This is my proposed solution. It can be expanded to some other params, but cannot be expanded realistically to test env vars (maybe? you could try)

sean-m-sullivan#61

I think that will pass, so this (along with my other PR 60) should hopefully be easy inclusions without breaking checks.

To recap the full work list here:

  • fork PR 60 - 1 of 2 sanity test fixes
  • 2 of 2 sanity test fixes (from pep8)
  • fork PR 61 - add some very basic coverage for the updated params (that values given take effect)
  • remove all the params about using tokens, because they don't work

And I hope all that should cover it to get this ready to merged and moved along.

Copy link

sonarqubecloud bot commented Jan 8, 2025

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
community component:awx_collection issues related to the collection for controlling AWX
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants