feat: run scheduled tasks to sync shared resources from gateway (#932)

src/aap_eda/settings/default.py

@@ -83,6 +83,16 @@
                              "target": "/var/run/containers/storage",
                              "type": "bind"}]'
 
+
+Django Ansible Base settings:
+For Resource Server the following are required when
+DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED is turned on:
+* RESOURCE_SERVER__URL - The URL to connect to the resource server
+* RESOURCE_SERVER__SECRET_KEY - The secret key needed to pull the resource list
+* RESOURCE_SERVER__VALIDATE_HTTPS - Whether to validate https, default to False
+* RESOURCE_JWT_USER_ID - The user id to connect to the resource server
+* RESOURCE_SERVICE_PATH - The path in the service server to fetch resources
+
 """
 import os
 from datetime import timedelta
@@ -636,6 +646,39 @@ def get_rulebook_process_log_level() -> RulebookProcessLogLevel:
 # Organization and object roles will come from create_initial_data
 ANSIBLE_BASE_ROLE_PRECREATE = {}
 
+# --------------------------------------------------------
+# DJANGO ANSIBLE BASE RESOURCE API CLIENT
+# --------------------------------------------------------
+RESOURCE_SERVER = {
+    "URL": settings.get("RESOURCE_SERVER__URL", "https://localhost"),
+    "SECRET_KEY": settings.get("RESOURCE_SERVER__SECRET_KEY", ""),
+    "VALIDATE_HTTPS": settings.get("RESOURCE_SERVER__VALIDATE_HTTPS", False),
+}
+RESOURCE_JWT_USER_ID = settings.get("RESOURCE_JWT_USER_ID", "")
+RESOURCE_SERVICE_PATH = settings.get(
+    "RESOURCE_SERVICE_PATH", "/api/gateway/v1/service-index/"
+)
+
+if DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
+    if (
+        RESOURCE_SERVER["URL"]
+        and RESOURCE_SERVER["SECRET_KEY"]
+        and RESOURCE_JWT_USER_ID
+    ):
+        RQ_PERIODIC_JOBS.append(
+            {
+                "func": "aap_eda.tasks.shared_resources.resync_shared_resources",  # noqa E501
+                "interval": 900,
+                "id": "resync_shared_resources",
+            }
+        )
+    else:
+        raise ImproperlyConfigured(
+            "RESOURCE_SERVER__URL, RESOURCE_SERVER__SECRET_KEY, "
+            "and RESOURCE_JWT_USER_ID settings must be properly configured"
+        )
+
+
 ACTIVATION_DB_HOST = settings.get(
     "ACTIVATION_DB_HOST", "host.containers.internal"
 )

src/aap_eda/tasks/shared_resources.py

@@ -0,0 +1,31 @@
+#  Copyright 2024 Red Hat, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+import logging
+
+from ansible_base.resource_registry.tasks.sync import SyncExecutor
+from django.conf import settings
+
+logger = logging.getLogger(__name__)
+
+
+# Started by the scheduler
+def resync_shared_resources():
+    try:
+        SyncExecutor().run()
+    except Exception as e:
+        logger.error(
+            f"Failed to sync shared resources. Error: {e}",
+            exc_info=settings.DEBUG,
+        )

tools/docker/docker-compose-dev-redis-tls.yaml

@@ -36,6 +36,10 @@ x-environment:
   - EDA_ANSIBLE_RULEBOOK_FLUSH_AFTER=${EDA_ANSIBLE_RULEBOOK_FLUSH_AFTER:-100}
   - EDA_DEFAULT_QUEUE_TIMEOUT=${EDA_DEFAULT_QUEUE_TIMEOUT:-300}
   - EDA_DEFAULT_RULEBOOK_QUEUE_TIMEOUT=${EDA_DEFAULT_RULEBOOK_QUEUE_TIMEOUT:-120}
+  - EDA_RESOURCE_SERVER__URL=${EDA_RESOURCE_SERVER__URL}
+  - EDA_RESOURCE_SERVER__SECRET_KEY=${EDA_RESOURCE_SERVER__SECRET_KEY}
+  - EDA_RESOURCE_SERVER__VALIDATE_HTTPS=${EDA_RESOURCE_SERVER__VALIDATE_HTTPS:-False}
+  - EDA_RESOURCE_JWT_USER_ID=${EDA_RESOURCE_JWT_USER_ID}
 
 services:
   podman-pre-setup:

tools/docker/docker-compose-dev.yaml

@@ -29,6 +29,10 @@ x-environment: &common-env
   EDA_ANSIBLE_RULEBOOK_FLUSH_AFTER: ${EDA_ANSIBLE_RULEBOOK_FLUSH_AFTER:-100}
   EDA_DEFAULT_QUEUE_TIMEOUT: ${EDA_DEFAULT_QUEUE_TIMEOUT:-300}
   EDA_DEFAULT_RULEBOOK_QUEUE_TIMEOUT: ${EDA_DEFAULT_RULEBOOK_QUEUE_TIMEOUT:-120}
+  EDA_RESOURCE_SERVER__URL: ${EDA_RESOURCE_SERVER__URL}
+  EDA_RESOURCE_SERVER__SECRET_KEY: ${EDA_RESOURCE_SERVER_SECRET__KEY}
+  EDA_RESOURCE_SERVER__VALIDATE_HTTPS: ${EDA_RESOURCE_SERVER_VALIDATE__HTTPS:-False}
+  EDA_RESOURCE_JWT_USER_ID: ${EDA_RESOURCE_JWT_USER_ID}
 
 services:
   podman-pre-setup-node1:

tools/docker/docker-compose-mac.yml

@@ -28,6 +28,11 @@ x-environment:
   - EDA_ANSIBLE_RULEBOOK_FLUSH_AFTER=${EDA_ANSIBLE_RULEBOOK_FLUSH_AFTER:-100}
   - EDA_DEFAULT_QUEUE_TIMEOUT=${EDA_DEFAULT_QUEUE_TIMEOUT:-300}
   - EDA_DEFAULT_RULEBOOK_QUEUE_TIMEOUT=${EDA_DEFAULT_RULEBOOK_QUEUE_TIMEOUT:-120}
+  - EDA_RESOURCE_SERVER__URL=${EDA_RESOURCE_SERVER__URL}
+  - EDA_RESOURCE_SERVER__SECRET_KEY=${EDA_RESOURCE_SERVER__SECRET_KEY}
+  - EDA_RESOURCE_SERVER__VALIDATE_HTTPS=${EDA_RESOURCE_SERVER__VALIDATE_HTTPS:-False}
+  - EDA_RESOURCE_JWT_USER_ID=${EDA_RESOURCE_JWT_USER_ID}
+
 
 services:
   eda-ui:

tools/docker/docker-compose-stage.yaml

@@ -25,6 +25,10 @@ x-environment:
   - EDA_ANSIBLE_BASE_JWT_VALIDATE_CERT=${EDA_ANSIBLE_BASE_JWT_VALIDATE_CERT:-False}
   - EDA_ANSIBLE_BASE_JWT_KEY=${EDA_ANSIBLE_BASE_JWT_KEY:-'https://localhost'}
   - EDA_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED=${EDA_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:-False}
+  - EDA_RESOURCE_SERVER__URL=${EDA_RESOURCE_SERVER__URL}
+  - EDA_RESOURCE_SERVER__SECRET_KEY=${EDA_RESOURCE_SERVER__SECRET_KEY}
+  - EDA_RESOURCE_SERVER__VALIDATE_HTTPS=${EDA_RESOURCE_SERVER__VALIDATE_HTTPS:-False}
+  - EDA_RESOURCE_JWT_USER_ID=${EDA_RESOURCE_JWT_USER_ID}
 
 services:
   podman-pre-setup: