summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--awx/api/generics.py6
-rw-r--r--awx/main/models/credential.py8
-rw-r--r--awx/main/tasks/jobs.py8
-rw-r--r--awx/main/tests/functional/test_inventory_source_injectors.py7
-rw-r--r--awx/main/tests/unit/test_tasks.py3
-rw-r--r--awx/main/tests/unit/utils/test_execution_environments.py8
-rw-r--r--awx/main/utils/execution_environments.py23
-rw-r--r--awx/main/utils/licensing.py14
-rw-r--r--awx/ui/urls.py5
-rw-r--r--licenses/awx_plugins.interfaces.txt202
-rw-r--r--requirements/requirements_git.txt1
11 files changed, 236 insertions, 49 deletions
diff --git a/awx/api/generics.py b/awx/api/generics.py
index f9b1e04bbc..9e1698a61f 100644
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -30,6 +30,9 @@ from rest_framework.permissions import IsAuthenticated
from rest_framework.renderers import StaticHTMLRenderer
from rest_framework.negotiation import DefaultContentNegotiation
+# Shared code for the AWX platform
+from awx_plugins.interfaces._temporary_private_licensing_api import detect_server_product_name
+
# django-ansible-base
from ansible_base.rest_filters.rest_framework.field_lookup_backend import FieldLookupBackend
from ansible_base.lib.utils.models import get_all_field_names
@@ -43,7 +46,6 @@ from awx.main.models import UnifiedJob, UnifiedJobTemplate, User, Role, Credenti
from awx.main.models.rbac import give_creator_permissions
from awx.main.access import optimize_queryset
from awx.main.utils import camelcase_to_underscore, get_search_fields, getattrd, get_object_or_400, decrypt_field, get_awx_version
-from awx.main.utils.licensing import server_product_name
from awx.main.utils.proxy import is_proxy_in_headers, delete_headers_starting_with_http
from awx.main.views import ApiErrorView
from awx.api.serializers import ResourceAccessListElementSerializer, CopySerializer
@@ -254,7 +256,7 @@ class APIView(views.APIView):
time_started = getattr(self, 'time_started', None)
if request.user.is_authenticated:
response['X-API-Product-Version'] = get_awx_version()
- response['X-API-Product-Name'] = server_product_name()
+ response['X-API-Product-Name'] = detect_server_product_name()
response['X-API-Node'] = settings.CLUSTER_HOST_ID
if time_started:
diff --git a/awx/main/models/credential.py b/awx/main/models/credential.py
index 53d817e346..052f5f9b6c 100644
--- a/awx/main/models/credential.py
+++ b/awx/main/models/credential.py
@@ -26,6 +26,9 @@ from django.utils.functional import cached_property
from django.utils.timezone import now
from django.contrib.auth.models import User
+# Shared code for the AWX platform
+from awx_plugins.interfaces._temporary_private_container_api import get_incontainer_path
+
# DRF
from awx.main.utils.pglock import advisory_lock
from rest_framework.serializers import ValidationError as DRFValidationError
@@ -41,7 +44,6 @@ from awx.main.fields import (
)
from awx.main.utils import decrypt_field, classproperty, set_environ
from awx.main.utils.safe_yaml import safe_dump
-from awx.main.utils.execution_environments import to_container_path
from awx.main.validators import validate_ssh_private_key
from awx.main.models.base import CommonModelNameNotUnique, PasswordFieldsModel, PrimordialModel
from awx.main.models.mixins import ResourceMixin
@@ -623,7 +625,7 @@ class CredentialType(CommonModelNameNotUnique):
with open(path, 'w') as f:
f.write(data)
os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
- container_path = to_container_path(path, private_data_dir)
+ container_path = get_incontainer_path(path, private_data_dir)
# determine if filename indicates single file or many
if file_label.find('.') == -1:
@@ -665,7 +667,7 @@ class CredentialType(CommonModelNameNotUnique):
extra_vars = build_extra_vars(self.injectors.get('extra_vars', {}))
if extra_vars:
path = build_extra_vars_file(extra_vars, private_data_dir)
- container_path = to_container_path(path, private_data_dir)
+ container_path = get_incontainer_path(path, private_data_dir)
args.extend(['-e', '@%s' % container_path])
diff --git a/awx/main/tasks/jobs.py b/awx/main/tasks/jobs.py
index c6cfc6a180..80b639e2a7 100644
--- a/awx/main/tasks/jobs.py
+++ b/awx/main/tasks/jobs.py
@@ -18,6 +18,9 @@ import urllib.parse as urlparse
# Django
from django.conf import settings
+# Shared code for the AWX platform
+from awx_plugins.interfaces._temporary_private_container_api import CONTAINER_ROOT, get_incontainer_path
+
# Runner
import ansible_runner
@@ -67,7 +70,6 @@ from awx.main.tasks.receptor import AWXReceptorJob
from awx.main.tasks.facts import start_fact_cache, finish_fact_cache
from awx.main.exceptions import AwxTaskError, PostRunError, ReceptorNodeNotFound
from awx.main.utils.ansible import read_ansible_config
-from awx.main.utils.execution_environments import CONTAINER_ROOT, to_container_path
from awx.main.utils.safe_yaml import safe_dump, sanitize_jinja
from awx.main.utils.common import (
update_scm_url,
@@ -909,7 +911,7 @@ class RunJob(SourceControlMixin, BaseTask):
cred_files = private_data_files.get('credentials', {})
for cloud_cred in job.cloud_credentials:
if cloud_cred and cloud_cred.credential_type.namespace == 'openstack' and cred_files.get(cloud_cred, ''):
- env['OS_CLIENT_CONFIG_FILE'] = to_container_path(cred_files.get(cloud_cred, ''), private_data_dir)
+ env['OS_CLIENT_CONFIG_FILE'] = get_incontainer_path(cred_files.get(cloud_cred, ''), private_data_dir)
for network_cred in job.network_credentials:
env['ANSIBLE_NET_USERNAME'] = network_cred.get_input('username', default='')
@@ -1552,7 +1554,7 @@ class RunInventoryUpdate(SourceControlMixin, BaseTask):
args.append('-i')
script_params = dict(hostvars=True, towervars=True)
source_inv_path = self.write_inventory_file(input_inventory, private_data_dir, f'hosts_{input_inventory.id}', script_params)
- args.append(to_container_path(source_inv_path, private_data_dir))
+ args.append(get_incontainer_path(source_inv_path, private_data_dir))
# Include any facts from input inventories so they can be used in filters
start_fact_cache(
input_inventory.hosts.only(*HOST_FACTS_FIELDS),
diff --git a/awx/main/tests/functional/test_inventory_source_injectors.py b/awx/main/tests/functional/test_inventory_source_injectors.py
index 0df9a13226..6c93717b76 100644
--- a/awx/main/tests/functional/test_inventory_source_injectors.py
+++ b/awx/main/tests/functional/test_inventory_source_injectors.py
@@ -5,11 +5,12 @@ import json
import re
from collections import namedtuple
+from awx_plugins.interfaces._temporary_private_container_api import get_incontainer_path
+
from awx.main.tasks.jobs import RunInventoryUpdate
from awx.main.models import InventorySource, Credential, CredentialType, UnifiedJob, ExecutionEnvironment
from awx.main.constants import CLOUD_PROVIDERS, STANDARD_INVENTORY_UPDATE_ENV
from awx.main.tests import data
-from awx.main.utils.execution_environments import to_container_path
from django.conf import settings
@@ -115,7 +116,7 @@ def read_content(private_data_dir, raw_env, inventory_update):
continue # Ansible runner
abs_file_path = os.path.join(private_data_dir, filename)
file_aliases[abs_file_path] = filename
- runner_path = to_container_path(abs_file_path, private_data_dir)
+ runner_path = get_incontainer_path(abs_file_path, private_data_dir)
if runner_path in inverse_env:
referenced_paths.add(abs_file_path)
alias = 'file_reference'
@@ -163,7 +164,7 @@ def read_content(private_data_dir, raw_env, inventory_update):
# assert that all files laid down are used
if (
abs_file_path not in referenced_paths
- and to_container_path(abs_file_path, private_data_dir) not in inventory_content
+ and get_incontainer_path(abs_file_path, private_data_dir) not in inventory_content
and abs_file_path not in ignore_files
):
raise AssertionError(
diff --git a/awx/main/tests/unit/test_tasks.py b/awx/main/tests/unit/test_tasks.py
index 6c460e3236..d003569c82 100644
--- a/awx/main/tests/unit/test_tasks.py
+++ b/awx/main/tests/unit/test_tasks.py
@@ -12,6 +12,8 @@ import pytest
import yaml
import jinja2
+from awx_plugins.interfaces._temporary_private_container_api import CONTAINER_ROOT
+
from django.conf import settings
from awx.main.models import (
@@ -37,7 +39,6 @@ from awx.main.models.credential import HIDDEN_PASSWORD, ManagedCredentialType
from awx.main.tasks import jobs, system, receptor
from awx.main.utils import encrypt_field, encrypt_value
from awx.main.utils.safe_yaml import SafeLoader
-from awx.main.utils.execution_environments import CONTAINER_ROOT
from awx.main.utils.licensing import Licenser
from awx.main.constants import JOB_VARIABLE_PREFIXES
diff --git a/awx/main/tests/unit/utils/test_execution_environments.py b/awx/main/tests/unit/utils/test_execution_environments.py
index 04a8b05f5f..941623d7e1 100644
--- a/awx/main/tests/unit/utils/test_execution_environments.py
+++ b/awx/main/tests/unit/utils/test_execution_environments.py
@@ -4,7 +4,7 @@ from uuid import uuid4
import pytest
-from awx.main.utils.execution_environments import to_container_path
+from awx_plugins.interfaces._temporary_private_container_api import get_incontainer_path
private_data_dir = '/tmp/pdd_iso/awx_xxx'
@@ -22,7 +22,7 @@ private_data_dir = '/tmp/pdd_iso/awx_xxx'
],
)
def test_switch_paths(container_path, host_path):
- assert to_container_path(host_path, private_data_dir) == container_path
+ assert get_incontainer_path(host_path, private_data_dir) == container_path
def test_symlink_isolation_dir(request):
@@ -40,7 +40,7 @@ def test_symlink_isolation_dir(request):
pdd = f'{dst_path}/awx_xxx'
- assert to_container_path(f'{pdd}/env/tmp1234', pdd) == '/runner/env/tmp1234'
+ assert get_incontainer_path(f'{pdd}/env/tmp1234', pdd) == '/runner/env/tmp1234'
@pytest.mark.parametrize(
@@ -53,4 +53,4 @@ def test_symlink_isolation_dir(request):
)
def test_invalid_host_path(host_path):
with pytest.raises(RuntimeError):
- to_container_path(host_path, private_data_dir)
+ get_incontainer_path(host_path, private_data_dir)
diff --git a/awx/main/utils/execution_environments.py b/awx/main/utils/execution_environments.py
index 7b197287b3..f1f7faa34f 100644
--- a/awx/main/utils/execution_environments.py
+++ b/awx/main/utils/execution_environments.py
@@ -1,6 +1,4 @@
-import os
import logging
-from pathlib import Path
from django.conf import settings
@@ -51,24 +49,3 @@ def get_default_pod_spec():
],
},
}
-
-
-# this is the root of the private data dir as seen from inside
-# of the container running a job
-CONTAINER_ROOT = '/runner'
-
-
-def to_container_path(path, private_data_dir):
- """Given a path inside of the host machine filesystem,
- this returns the expected path which would be observed by the job running
- inside of the EE container.
- This only handles the volume mount from private_data_dir to /runner
- """
- if not os.path.isabs(private_data_dir):
- raise RuntimeError('The private_data_dir path must be absolute')
- # due to how tempfile.mkstemp works, we are probably passed a resolved path, but unresolved private_data_dir
- resolved_path = Path(path).resolve()
- resolved_pdd = Path(private_data_dir).resolve()
- if resolved_pdd != resolved_path and resolved_pdd not in resolved_path.parents:
- raise RuntimeError(f'Cannot convert path {resolved_path} unless it is a subdir of {resolved_pdd}')
- return str(resolved_path).replace(str(resolved_pdd), CONTAINER_ROOT, 1)
diff --git a/awx/main/utils/licensing.py b/awx/main/utils/licensing.py
index 7453f56c81..24109cd39c 100644
--- a/awx/main/utils/licensing.py
+++ b/awx/main/utils/licensing.py
@@ -15,7 +15,6 @@ from datetime import datetime, timezone
import collections
import copy
import io
-import os
import json
import logging
import re
@@ -35,6 +34,9 @@ from cryptography import x509
from django.conf import settings
from django.utils.translation import gettext_lazy as _
+# Shared code for the AWX platform
+from awx_plugins.interfaces._temporary_private_licensing_api import detect_server_product_name
+
from awx.main.constants import SUBSCRIPTION_USAGE_MODEL_UNIQUE_HOSTS
MAX_INSTANCES = 9999999
@@ -480,13 +482,9 @@ def get_licenser(*args, **kwargs):
from awx.main.utils.licensing import Licenser, OpenLicense
try:
- if os.path.exists('/var/lib/awx/.tower_version'):
- return Licenser(*args, **kwargs)
- else:
+ if detect_server_product_name() == 'AWX':
return OpenLicense()
+ else:
+ return Licenser(*args, **kwargs)
except Exception as e:
raise ValueError(_('Error importing License: %s') % e)
-
-
-def server_product_name():
- return 'AWX' if isinstance(get_licenser(), OpenLicense) else 'Red Hat Ansible Automation Platform'
diff --git a/awx/ui/urls.py b/awx/ui/urls.py
index 540a69017b..108607b1ee 100644
--- a/awx/ui/urls.py
+++ b/awx/ui/urls.py
@@ -2,7 +2,8 @@ from django.urls import re_path
from django.utils.translation import gettext_lazy as _
from django.views.generic.base import TemplateView
-from awx.main.utils.licensing import server_product_name
+# Shared code for the AWX platform
+from awx_plugins.interfaces._temporary_private_licensing_api import detect_server_product_name
class IndexView(TemplateView):
@@ -14,7 +15,7 @@ class MigrationsNotran(TemplateView):
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
- product_name = server_product_name()
+ product_name = detect_server_product_name()
context['title'] = _('%s Upgrading' % product_name)
context['image_alt'] = _('Logo')
context['aria_spinner'] = _('Loading')
diff --git a/licenses/awx_plugins.interfaces.txt b/licenses/awx_plugins.interfaces.txt
new file mode 100644
index 0000000000..d645695673
--- /dev/null
+++ b/licenses/awx_plugins.interfaces.txt
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/requirements/requirements_git.txt b/requirements/requirements_git.txt
index 21dc4c6e78..24ccccfa1c 100644
--- a/requirements/requirements_git.txt
+++ b/requirements/requirements_git.txt
@@ -4,3 +4,4 @@ git+https://github.com/ansible/ansible-runner.git@devel#egg=ansible-runner
git+https://github.com/ansible/python3-saml.git@devel#egg=python3-saml
django-ansible-base @ git+https://github.com/ansible/django-ansible-base@devel#egg=django-ansible-base[rest_filters,jwt_consumer,resource_registry,rbac]
awx-plugins-core @ git+https://git@github.com/ansible/awx-plugins.git@devel#egg=awx-plugins-core
+awx_plugins.interfaces @ git+https://github.com/ansible/awx_plugins.interfaces.git