Merge branch 'main' into aap-24814

src/aap_eda/api/serializers/mixins.py

@@ -19,7 +19,7 @@
 
 class SharedResourceSerializerMixin:
     def validate_shared_resource(self):
-        if settings.DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
+        if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
             view = self.context.get("view")
             action = view.action.capitalize() if view else "Action"
             raise api_exc.Forbidden(

src/aap_eda/api/views/mixins.py

@@ -106,7 +106,7 @@ def get_response_serializer_class(self):
 
 class SharedResourceViewMixin:
     def validate_shared_resource(self):
-        if settings.DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
+        if not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
             raise api_exc.Forbidden(
                 f"{self.action} should be done through the platform ingress"
             )

src/aap_eda/api/views/organization.py

@@ -42,7 +42,7 @@
         },
     ),
     create=extend_schema(
-        exclude=settings.DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED,
+        exclude=not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT,
         description="Create a new organization",
         request=serializers.OrganizationCreateSerializer,
         responses={
@@ -56,7 +56,7 @@
         },
     ),
     partial_update=extend_schema(
-        exclude=settings.DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED,
+        exclude=not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT,
         description="Partially update an organization",
         request=serializers.OrganizationCreateSerializer,
         responses={
@@ -96,7 +96,7 @@ def get_response_serializer_class(self):
         return serializers.OrganizationSerializer
 
     @extend_schema(
-        exclude=settings.DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED,
+        exclude=not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT,
         description="Delete an organization by id",
         responses={
             status.HTTP_204_NO_CONTENT: OpenApiResponse(

src/aap_eda/api/views/team.py

@@ -49,7 +49,7 @@
         },
     ),
     create=extend_schema(
-        exclude=settings.DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED,
+        exclude=not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT,
         description="Create a new team",
         request=TeamCreateSerializer,
         responses={
@@ -71,7 +71,7 @@
         },
     ),
     partial_update=extend_schema(
-        exclude=settings.DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED,
+        exclude=not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT,
         description="Partially update a team",
         request=TeamUpdateSerializer,
         responses={
@@ -116,7 +116,7 @@ def get_response_serializer_class(self):
         return TeamSerializer
 
     @extend_schema(
-        exclude=settings.DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED,
+        exclude=not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT,
         description="Delete a team by id",
         responses={
             status.HTTP_204_NO_CONTENT: OpenApiResponse(

src/aap_eda/api/views/user.py

@@ -57,7 +57,7 @@ def get(self, request: Request, *args, **kwargs) -> Response:
         return Response(data=serializer.data)
 
     @extend_schema(
-        exclude=settings.DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED,
+        exclude=not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT,
         operation_id="update_current_user",
         description="Update current user.",
         request=serializers.CurrentUserUpdateSerializer,
@@ -164,7 +164,7 @@ def perform_create(self, serializer):
 
 @extend_schema_view(
     create=extend_schema(
-        exclude=settings.DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED,
+        exclude=not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT,
         description="Create a user",
         request=serializers.UserCreateUpdateSerializer,
         responses={
@@ -196,7 +196,7 @@ def perform_create(self, serializer):
         },
     ),
     partial_update=extend_schema(
-        exclude=settings.DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED,
+        exclude=not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT,
         description="Partial update of a user.",
         request=serializers.UserCreateUpdateSerializer,
         responses={
@@ -210,7 +210,7 @@ def perform_create(self, serializer):
         },
     ),
     destroy=extend_schema(
-        exclude=settings.DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED,
+        exclude=not settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT,
         description="Delete a user by id",
         responses={
             status.HTTP_204_NO_CONTENT: OpenApiResponse(

src/aap_eda/settings/default.py

@@ -86,12 +86,11 @@
 
 Django Ansible Base settings:
 For Resource Server the following are required when
-DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED is turned on:
+ALLOW_LOCAL_RESOURCE_MANAGEMENT is False:
 * RESOURCE_SERVER__URL - The URL to connect to the resource server
 * RESOURCE_SERVER__SECRET_KEY - The secret key needed to pull the resource list
 * RESOURCE_SERVER__VALIDATE_HTTPS - Whether to validate https, default to False
-* RESOURCE_JWT_USER_ID - The user id to connect to the resource server
-* RESOURCE_SERVICE_PATH - The path in the service server to fetch resources
+
 
 """
 import os
@@ -624,8 +623,8 @@ def get_rulebook_process_log_level() -> RulebookProcessLogLevel:
     "ANSIBLE_BASE_JWT_KEY", "https://localhost"
 )
 
-DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED = settings.get(
-    "DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED", False
+ALLOW_LOCAL_RESOURCE_MANAGEMENT = settings.get(
+    "ALLOW_LOCAL_RESOURCE_MANAGEMENT", True
 )
 
 # ---------------------------------------------------------
@@ -654,29 +653,17 @@ def get_rulebook_process_log_level() -> RulebookProcessLogLevel:
     "SECRET_KEY": settings.get("RESOURCE_SERVER__SECRET_KEY", ""),
     "VALIDATE_HTTPS": settings.get("RESOURCE_SERVER__VALIDATE_HTTPS", False),
 }
-RESOURCE_JWT_USER_ID = settings.get("RESOURCE_JWT_USER_ID", "")
-RESOURCE_SERVICE_PATH = settings.get(
-    "RESOURCE_SERVICE_PATH", "/api/gateway/v1/service-index/"
-)
-
-if DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:
-    if (
-        RESOURCE_SERVER["URL"]
-        and RESOURCE_SERVER["SECRET_KEY"]
-        and RESOURCE_JWT_USER_ID
-    ):
-        RQ_PERIODIC_JOBS.append(
-            {
-                "func": "aap_eda.tasks.shared_resources.resync_shared_resources",  # noqa E501
-                "interval": 900,
-                "id": "resync_shared_resources",
-            }
-        )
-    else:
-        raise ImproperlyConfigured(
-            "RESOURCE_SERVER__URL, RESOURCE_SERVER__SECRET_KEY, "
-            "and RESOURCE_JWT_USER_ID settings must be properly configured"
-        )
+RESOURCE_JWT_USER_ID = settings.get("RESOURCE_JWT_USER_ID", None)
+RESOURCE_SERVICE_PATH = settings.get("RESOURCE_SERVICE_PATH", None)
+
+if RESOURCE_SERVER["URL"] and RESOURCE_SERVER["SECRET_KEY"]:
+    RQ_PERIODIC_JOBS.append(
+        {
+            "func": "aap_eda.tasks.shared_resources.resync_shared_resources",
+            "interval": 900,
+            "id": "resync_shared_resources",
+        }
+    )
 
 
 ACTIVATION_DB_HOST = settings.get(

tests/integration/conftest.py

@@ -771,7 +771,7 @@ def use_debug_setting():
 
 @pytest.fixture
 def use_shared_resource_setting():
-    with override_settings(DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED=True):
+    with override_settings(ALLOW_LOCAL_RESOURCE_MANAGEMENT=False):
         yield
 
 

tools/docker/docker-compose-dev-redis-tls.yaml

@@ -32,7 +32,7 @@ x-environment:
   - EDA_PGSSLCERT=${EDA_PGSSLCERT:-./postgres_ssl_config/certs/server.crt}
   - EDA_PGSSLKEY=${EDA_PGSSLKEY:-./postgres_ssl_config/certs/server.key}
   - EDA_PGSSLROOTCERT=${EDA_PGSSLROOTCERT:-./postgres_ssl_config/certs/ca.crt}
-  - EDA_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED=${EDA_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:-False}
+  - EDA_ALLOW_LOCAL_RESOURCE_MANAGEMENT=${EDA_ALLOW_LOCAL_RESOURCE_MANAGEMENT:-True}
   - EDA_ANSIBLE_RULEBOOK_FLUSH_AFTER=${EDA_ANSIBLE_RULEBOOK_FLUSH_AFTER:-100}
   - EDA_DEFAULT_QUEUE_TIMEOUT=${EDA_DEFAULT_QUEUE_TIMEOUT:-300}
   - EDA_DEFAULT_RULEBOOK_QUEUE_TIMEOUT=${EDA_DEFAULT_RULEBOOK_QUEUE_TIMEOUT:-120}

tools/docker/docker-compose-dev.yaml

@@ -25,7 +25,7 @@ x-environment: &common-env
   EDA_RULEBOOK_WORKER_QUEUES: "activation-node1,activation-node2"
   EDA_ANSIBLE_BASE_JWT_VALIDATE_CERT: ${EDA_ANSIBLE_BASE_JWT_VALIDATE_CERT:-False}
   EDA_ANSIBLE_BASE_JWT_KEY: ${EDA_ANSIBLE_BASE_JWT_KEY:-'https://localhost'}
-  EDA_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED: ${EDA_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:-False}
+  EDA_ALLOW_LOCAL_RESOURCE_MANAGEMENT: ${EDA_ALLOW_LOCAL_RESOURCE_MANAGEMENT:-True}
   EDA_ANSIBLE_RULEBOOK_FLUSH_AFTER: ${EDA_ANSIBLE_RULEBOOK_FLUSH_AFTER:-100}
   EDA_DEFAULT_QUEUE_TIMEOUT: ${EDA_DEFAULT_QUEUE_TIMEOUT:-300}
   EDA_DEFAULT_RULEBOOK_QUEUE_TIMEOUT: ${EDA_DEFAULT_RULEBOOK_QUEUE_TIMEOUT:-120}

tools/docker/docker-compose-mac.yml

@@ -24,7 +24,7 @@ x-environment:
   - EDA_ANSIBLE_BASE_JWT_VALIDATE_CERT=${EDA_ANSIBLE_BASE_JWT_VALIDATE_CERT:-False}
   - EDA_ANSIBLE_BASE_JWT_KEY=${EDA_ANSIBLE_BASE_JWT_KEY:-'https://localhost'}
   - EDA_DEBUG=${EDA_DEBUG:-True}
-  - EDA_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED=${EDA_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:-False}
+  - EDA_ALLOW_LOCAL_RESOURCE_MANAGEMENT=${EDA_ALLOW_LOCAL_RESOURCE_MANAGEMENT:-True}
   - EDA_ANSIBLE_RULEBOOK_FLUSH_AFTER=${EDA_ANSIBLE_RULEBOOK_FLUSH_AFTER:-100}
   - EDA_DEFAULT_QUEUE_TIMEOUT=${EDA_DEFAULT_QUEUE_TIMEOUT:-300}
   - EDA_DEFAULT_RULEBOOK_QUEUE_TIMEOUT=${EDA_DEFAULT_RULEBOOK_QUEUE_TIMEOUT:-120}

tools/docker/docker-compose-stage.yaml

@@ -24,7 +24,7 @@ x-environment:
   - EDA_ACTIVATION_RESTART_SECONDS_ON_FAILURE=${EDA_ACTIVATION_RESTART_SECONDS_ON_FAILURE:-60}
   - EDA_ANSIBLE_BASE_JWT_VALIDATE_CERT=${EDA_ANSIBLE_BASE_JWT_VALIDATE_CERT:-False}
   - EDA_ANSIBLE_BASE_JWT_KEY=${EDA_ANSIBLE_BASE_JWT_KEY:-'https://localhost'}
-  - EDA_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED=${EDA_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED:-False}
+  - EDA_ALLOW_LOCAL_RESOURCE_MANAGEMENT=${EDA_ALLOW_LOCAL_RESOURCE_MANAGEMENT:-True}
   - EDA_RESOURCE_SERVER__URL=${EDA_RESOURCE_SERVER__URL}
   - EDA_RESOURCE_SERVER__SECRET_KEY=${EDA_RESOURCE_SERVER__SECRET_KEY}
   - EDA_RESOURCE_SERVER__VALIDATE_HTTPS=${EDA_RESOURCE_SERVER__VALIDATE_HTTPS:-False}