diff options
-rw-r--r-- | awx/api/generics.py | 6 | ||||
-rw-r--r-- | awx/main/models/credential.py | 8 | ||||
-rw-r--r-- | awx/main/tasks/jobs.py | 8 | ||||
-rw-r--r-- | awx/main/tests/functional/test_inventory_source_injectors.py | 7 | ||||
-rw-r--r-- | awx/main/tests/unit/test_tasks.py | 3 | ||||
-rw-r--r-- | awx/main/tests/unit/utils/test_execution_environments.py | 8 | ||||
-rw-r--r-- | awx/main/utils/execution_environments.py | 23 | ||||
-rw-r--r-- | awx/main/utils/licensing.py | 14 | ||||
-rw-r--r-- | awx/ui/urls.py | 5 | ||||
-rw-r--r-- | licenses/awx_plugins.interfaces.txt | 202 | ||||
-rw-r--r-- | requirements/requirements_git.txt | 1 |
11 files changed, 236 insertions, 49 deletions
diff --git a/awx/api/generics.py b/awx/api/generics.py index f9b1e04bbc..9e1698a61f 100644 --- a/awx/api/generics.py +++ b/awx/api/generics.py @@ -30,6 +30,9 @@ from rest_framework.permissions import IsAuthenticated from rest_framework.renderers import StaticHTMLRenderer from rest_framework.negotiation import DefaultContentNegotiation +# Shared code for the AWX platform +from awx_plugins.interfaces._temporary_private_licensing_api import detect_server_product_name + # django-ansible-base from ansible_base.rest_filters.rest_framework.field_lookup_backend import FieldLookupBackend from ansible_base.lib.utils.models import get_all_field_names @@ -43,7 +46,6 @@ from awx.main.models import UnifiedJob, UnifiedJobTemplate, User, Role, Credenti from awx.main.models.rbac import give_creator_permissions from awx.main.access import optimize_queryset from awx.main.utils import camelcase_to_underscore, get_search_fields, getattrd, get_object_or_400, decrypt_field, get_awx_version -from awx.main.utils.licensing import server_product_name from awx.main.utils.proxy import is_proxy_in_headers, delete_headers_starting_with_http from awx.main.views import ApiErrorView from awx.api.serializers import ResourceAccessListElementSerializer, CopySerializer @@ -254,7 +256,7 @@ class APIView(views.APIView): time_started = getattr(self, 'time_started', None) if request.user.is_authenticated: response['X-API-Product-Version'] = get_awx_version() - response['X-API-Product-Name'] = server_product_name() + response['X-API-Product-Name'] = detect_server_product_name() response['X-API-Node'] = settings.CLUSTER_HOST_ID if time_started: diff --git a/awx/main/models/credential.py b/awx/main/models/credential.py index 53d817e346..052f5f9b6c 100644 --- a/awx/main/models/credential.py +++ b/awx/main/models/credential.py @@ -26,6 +26,9 @@ from django.utils.functional import cached_property from django.utils.timezone import now from django.contrib.auth.models import User +# Shared code for the AWX platform +from awx_plugins.interfaces._temporary_private_container_api import get_incontainer_path + # DRF from awx.main.utils.pglock import advisory_lock from rest_framework.serializers import ValidationError as DRFValidationError @@ -41,7 +44,6 @@ from awx.main.fields import ( ) from awx.main.utils import decrypt_field, classproperty, set_environ from awx.main.utils.safe_yaml import safe_dump -from awx.main.utils.execution_environments import to_container_path from awx.main.validators import validate_ssh_private_key from awx.main.models.base import CommonModelNameNotUnique, PasswordFieldsModel, PrimordialModel from awx.main.models.mixins import ResourceMixin @@ -623,7 +625,7 @@ class CredentialType(CommonModelNameNotUnique): with open(path, 'w') as f: f.write(data) os.chmod(path, stat.S_IRUSR | stat.S_IWUSR) - container_path = to_container_path(path, private_data_dir) + container_path = get_incontainer_path(path, private_data_dir) # determine if filename indicates single file or many if file_label.find('.') == -1: @@ -665,7 +667,7 @@ class CredentialType(CommonModelNameNotUnique): extra_vars = build_extra_vars(self.injectors.get('extra_vars', {})) if extra_vars: path = build_extra_vars_file(extra_vars, private_data_dir) - container_path = to_container_path(path, private_data_dir) + container_path = get_incontainer_path(path, private_data_dir) args.extend(['-e', '@%s' % container_path]) diff --git a/awx/main/tasks/jobs.py b/awx/main/tasks/jobs.py index c6cfc6a180..80b639e2a7 100644 --- a/awx/main/tasks/jobs.py +++ b/awx/main/tasks/jobs.py @@ -18,6 +18,9 @@ import urllib.parse as urlparse # Django from django.conf import settings +# Shared code for the AWX platform +from awx_plugins.interfaces._temporary_private_container_api import CONTAINER_ROOT, get_incontainer_path + # Runner import ansible_runner @@ -67,7 +70,6 @@ from awx.main.tasks.receptor import AWXReceptorJob from awx.main.tasks.facts import start_fact_cache, finish_fact_cache from awx.main.exceptions import AwxTaskError, PostRunError, ReceptorNodeNotFound from awx.main.utils.ansible import read_ansible_config -from awx.main.utils.execution_environments import CONTAINER_ROOT, to_container_path from awx.main.utils.safe_yaml import safe_dump, sanitize_jinja from awx.main.utils.common import ( update_scm_url, @@ -909,7 +911,7 @@ class RunJob(SourceControlMixin, BaseTask): cred_files = private_data_files.get('credentials', {}) for cloud_cred in job.cloud_credentials: if cloud_cred and cloud_cred.credential_type.namespace == 'openstack' and cred_files.get(cloud_cred, ''): - env['OS_CLIENT_CONFIG_FILE'] = to_container_path(cred_files.get(cloud_cred, ''), private_data_dir) + env['OS_CLIENT_CONFIG_FILE'] = get_incontainer_path(cred_files.get(cloud_cred, ''), private_data_dir) for network_cred in job.network_credentials: env['ANSIBLE_NET_USERNAME'] = network_cred.get_input('username', default='') @@ -1552,7 +1554,7 @@ class RunInventoryUpdate(SourceControlMixin, BaseTask): args.append('-i') script_params = dict(hostvars=True, towervars=True) source_inv_path = self.write_inventory_file(input_inventory, private_data_dir, f'hosts_{input_inventory.id}', script_params) - args.append(to_container_path(source_inv_path, private_data_dir)) + args.append(get_incontainer_path(source_inv_path, private_data_dir)) # Include any facts from input inventories so they can be used in filters start_fact_cache( input_inventory.hosts.only(*HOST_FACTS_FIELDS), diff --git a/awx/main/tests/functional/test_inventory_source_injectors.py b/awx/main/tests/functional/test_inventory_source_injectors.py index 0df9a13226..6c93717b76 100644 --- a/awx/main/tests/functional/test_inventory_source_injectors.py +++ b/awx/main/tests/functional/test_inventory_source_injectors.py @@ -5,11 +5,12 @@ import json import re from collections import namedtuple +from awx_plugins.interfaces._temporary_private_container_api import get_incontainer_path + from awx.main.tasks.jobs import RunInventoryUpdate from awx.main.models import InventorySource, Credential, CredentialType, UnifiedJob, ExecutionEnvironment from awx.main.constants import CLOUD_PROVIDERS, STANDARD_INVENTORY_UPDATE_ENV from awx.main.tests import data -from awx.main.utils.execution_environments import to_container_path from django.conf import settings @@ -115,7 +116,7 @@ def read_content(private_data_dir, raw_env, inventory_update): continue # Ansible runner abs_file_path = os.path.join(private_data_dir, filename) file_aliases[abs_file_path] = filename - runner_path = to_container_path(abs_file_path, private_data_dir) + runner_path = get_incontainer_path(abs_file_path, private_data_dir) if runner_path in inverse_env: referenced_paths.add(abs_file_path) alias = 'file_reference' @@ -163,7 +164,7 @@ def read_content(private_data_dir, raw_env, inventory_update): # assert that all files laid down are used if ( abs_file_path not in referenced_paths - and to_container_path(abs_file_path, private_data_dir) not in inventory_content + and get_incontainer_path(abs_file_path, private_data_dir) not in inventory_content and abs_file_path not in ignore_files ): raise AssertionError( diff --git a/awx/main/tests/unit/test_tasks.py b/awx/main/tests/unit/test_tasks.py index 6c460e3236..d003569c82 100644 --- a/awx/main/tests/unit/test_tasks.py +++ b/awx/main/tests/unit/test_tasks.py @@ -12,6 +12,8 @@ import pytest import yaml import jinja2 +from awx_plugins.interfaces._temporary_private_container_api import CONTAINER_ROOT + from django.conf import settings from awx.main.models import ( @@ -37,7 +39,6 @@ from awx.main.models.credential import HIDDEN_PASSWORD, ManagedCredentialType from awx.main.tasks import jobs, system, receptor from awx.main.utils import encrypt_field, encrypt_value from awx.main.utils.safe_yaml import SafeLoader -from awx.main.utils.execution_environments import CONTAINER_ROOT from awx.main.utils.licensing import Licenser from awx.main.constants import JOB_VARIABLE_PREFIXES diff --git a/awx/main/tests/unit/utils/test_execution_environments.py b/awx/main/tests/unit/utils/test_execution_environments.py index 04a8b05f5f..941623d7e1 100644 --- a/awx/main/tests/unit/utils/test_execution_environments.py +++ b/awx/main/tests/unit/utils/test_execution_environments.py @@ -4,7 +4,7 @@ from uuid import uuid4 import pytest -from awx.main.utils.execution_environments import to_container_path +from awx_plugins.interfaces._temporary_private_container_api import get_incontainer_path private_data_dir = '/tmp/pdd_iso/awx_xxx' @@ -22,7 +22,7 @@ private_data_dir = '/tmp/pdd_iso/awx_xxx' ], ) def test_switch_paths(container_path, host_path): - assert to_container_path(host_path, private_data_dir) == container_path + assert get_incontainer_path(host_path, private_data_dir) == container_path def test_symlink_isolation_dir(request): @@ -40,7 +40,7 @@ def test_symlink_isolation_dir(request): pdd = f'{dst_path}/awx_xxx' - assert to_container_path(f'{pdd}/env/tmp1234', pdd) == '/runner/env/tmp1234' + assert get_incontainer_path(f'{pdd}/env/tmp1234', pdd) == '/runner/env/tmp1234' @pytest.mark.parametrize( @@ -53,4 +53,4 @@ def test_symlink_isolation_dir(request): ) def test_invalid_host_path(host_path): with pytest.raises(RuntimeError): - to_container_path(host_path, private_data_dir) + get_incontainer_path(host_path, private_data_dir) diff --git a/awx/main/utils/execution_environments.py b/awx/main/utils/execution_environments.py index 7b197287b3..f1f7faa34f 100644 --- a/awx/main/utils/execution_environments.py +++ b/awx/main/utils/execution_environments.py @@ -1,6 +1,4 @@ -import os import logging -from pathlib import Path from django.conf import settings @@ -51,24 +49,3 @@ def get_default_pod_spec(): ], }, } - - -# this is the root of the private data dir as seen from inside -# of the container running a job -CONTAINER_ROOT = '/runner' - - -def to_container_path(path, private_data_dir): - """Given a path inside of the host machine filesystem, - this returns the expected path which would be observed by the job running - inside of the EE container. - This only handles the volume mount from private_data_dir to /runner - """ - if not os.path.isabs(private_data_dir): - raise RuntimeError('The private_data_dir path must be absolute') - # due to how tempfile.mkstemp works, we are probably passed a resolved path, but unresolved private_data_dir - resolved_path = Path(path).resolve() - resolved_pdd = Path(private_data_dir).resolve() - if resolved_pdd != resolved_path and resolved_pdd not in resolved_path.parents: - raise RuntimeError(f'Cannot convert path {resolved_path} unless it is a subdir of {resolved_pdd}') - return str(resolved_path).replace(str(resolved_pdd), CONTAINER_ROOT, 1) diff --git a/awx/main/utils/licensing.py b/awx/main/utils/licensing.py index 7453f56c81..24109cd39c 100644 --- a/awx/main/utils/licensing.py +++ b/awx/main/utils/licensing.py @@ -15,7 +15,6 @@ from datetime import datetime, timezone import collections import copy import io -import os import json import logging import re @@ -35,6 +34,9 @@ from cryptography import x509 from django.conf import settings from django.utils.translation import gettext_lazy as _ +# Shared code for the AWX platform +from awx_plugins.interfaces._temporary_private_licensing_api import detect_server_product_name + from awx.main.constants import SUBSCRIPTION_USAGE_MODEL_UNIQUE_HOSTS MAX_INSTANCES = 9999999 @@ -480,13 +482,9 @@ def get_licenser(*args, **kwargs): from awx.main.utils.licensing import Licenser, OpenLicense try: - if os.path.exists('/var/lib/awx/.tower_version'): - return Licenser(*args, **kwargs) - else: + if detect_server_product_name() == 'AWX': return OpenLicense() + else: + return Licenser(*args, **kwargs) except Exception as e: raise ValueError(_('Error importing License: %s') % e) - - -def server_product_name(): - return 'AWX' if isinstance(get_licenser(), OpenLicense) else 'Red Hat Ansible Automation Platform' diff --git a/awx/ui/urls.py b/awx/ui/urls.py index 540a69017b..108607b1ee 100644 --- a/awx/ui/urls.py +++ b/awx/ui/urls.py @@ -2,7 +2,8 @@ from django.urls import re_path from django.utils.translation import gettext_lazy as _ from django.views.generic.base import TemplateView -from awx.main.utils.licensing import server_product_name +# Shared code for the AWX platform +from awx_plugins.interfaces._temporary_private_licensing_api import detect_server_product_name class IndexView(TemplateView): @@ -14,7 +15,7 @@ class MigrationsNotran(TemplateView): def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) - product_name = server_product_name() + product_name = detect_server_product_name() context['title'] = _('%s Upgrading' % product_name) context['image_alt'] = _('Logo') context['aria_spinner'] = _('Loading') diff --git a/licenses/awx_plugins.interfaces.txt b/licenses/awx_plugins.interfaces.txt new file mode 100644 index 0000000000..d645695673 --- /dev/null +++ b/licenses/awx_plugins.interfaces.txt @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/requirements/requirements_git.txt b/requirements/requirements_git.txt index 21dc4c6e78..24ccccfa1c 100644 --- a/requirements/requirements_git.txt +++ b/requirements/requirements_git.txt @@ -4,3 +4,4 @@ git+https://github.com/ansible/ansible-runner.git@devel#egg=ansible-runner git+https://github.com/ansible/python3-saml.git@devel#egg=python3-saml django-ansible-base @ git+https://github.com/ansible/django-ansible-base@devel#egg=django-ansible-base[rest_filters,jwt_consumer,resource_registry,rbac] awx-plugins-core @ git+https://git@github.com/ansible/awx-plugins.git@devel#egg=awx-plugins-core +awx_plugins.interfaces @ git+https://github.com/ansible/awx_plugins.interfaces.git |