| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Validate role assignment if org defined
Check that organization is defined on credential
before running queries.
Fixes a "None type does not have attribute id" error.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
|
|
|
|
mismatches (#15321)
* Add test that we got all permissions right for every role
* Fix missing Org execute role and missing adhoc role permission
* Add in missing Organization Approval Role as well
* Remove Role from role names
|
|
Supress docker pull output in checks
|
|
|
|
Utilizes the `validate_role_assignment` callback
from dab (see dab PR #490) to prevent granting credential
access to a user of another organization.
This logic will work for role_user_assignments
and role_team_assignments endpoints.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
|
|
* Add in missing read permissions for organization audit role
* Add missing audit permission, special case name handling
|
|
* Added new OpenShift Virtualization inventory source to docs.
* Incorporated review feedback from @fosterseth and @TheRealHaoLiu.
* Fixed link to correct kubevirt.core.kubevirt documentation.
|
|
* Add better 403 error message for Job template create
To create Job template u need access to projects and inventory
---------
Co-authored-by: Chris Meyers <chris.meyers.fsu@gmail.com>
|
|
|
|
|
|
system (#15289)
* Add initial test for deletion of stale permission
* Delete existing EE view permission
* Hypothetically complete update of EE model permissions setup
* Tests passing locally
* Issue with user_capabilities was a test bug, fixed
|
|
* Do not use cache in actual image build action
* Add cache args to kube prod builds
|
|
* Add tests for external auditor
* Add assertion for unified JTs which fails
* Fix UJT listing bug
* Add test for ad hoc commands just to be sure
|
|
Do not overwrite DATABASES OPTIONS with LISTENER_DATABASES
|
|
* Add TASK_MANAGER_LOCK_TIMEOUT
`TASK_MANAGER_LOCK_TIMEOUT` controls the `idle_in_transaction_session_timeout` and `idle_session_timeout` configuration for task manager connections and lock in database
hope to prevent the situation that the task instance that holds the lock becomes unresponsive and preventing other instance to be able to run task manager
* Add session timeout to periodic scheduler and all sub task manager locks
|
|
|
|
Workaround
```
ERROR awx/main/tests/functional/test_licenses.py - pip._vendor.distlib.DistlibException: Unable to locate finder for 'pip._vendor.distlib'
```
|
|
* Added troubleshooting and tips tricks content
* Added troubleshooting and tips tricks content
* Moved DNS host entry override info to customize pod spec section of CG chapter.
* Added troubleshooting and tips tricks content
* Moved DNS host entry override info to customize pod spec section of CG chapter.
* Update docs/docsite/rst/administration/containers_instance_groups.rst
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
* Update docs/docsite/rst/administration/containers_instance_groups.rst
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
* Update docs/docsite/rst/administration/containers_instance_groups.rst
Co-authored-by: Sandra McCann <samccann@redhat.com>
* Incorp'd review feedback from @fosterseth and @samccann
* Update docs/docsite/rst/administration/containers_instance_groups.rst
Co-authored-by: Sandra McCann <samccann@redhat.com>
* Final revisions based on @fosterseth's inputs.
---------
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
Co-authored-by: Sandra McCann <samccann@redhat.com>
|
|
* Add migration testing for certain managed roles
* Fix managed role bugs
* Add more tests
* Fix another bug with org workflow admin role reference
* Add test because another issue is fixed
* Mark reason for test
* Remove internal markers
* Reword failure message
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
---------
Co-authored-by: Seth Foster <fosterseth@users.noreply.github.com>
|
|
* Fix object-level permission bugs with DAB RBAC system
* Fix NT organization change regression
* Mark tests to AAP number
|
|
Script was falsely identifying cross-linked
parents. It needs to check if parent roles if
content type is Team and role_field is
member_role OR admin_role.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
|
|
|
|
* Include a bit of context into the name of the delete function. The
HTTP_ added prepended string may be unexpected if Django's header
transformation isn't top of mind.
|
|
* Increase the surface area of the set of headers that the proxy list
feature looks at for the remote proxy IF x-trusted-proxy is valid.
|
|
This reverts commit 49e3971cd577127705fc0fd1d3b4ab7e3a3c3c2b.
|
|
* Integration tests to ensure the integration of the two features.
|
|
* Do not remove special header list if request is from a trusted proxy.
* Continue to remove headers if request if from a non-trusted proxy.
|
|
|
|
|
|
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
|
|
Signed-off-by: Adrian Nackov <adrian.nackov@mail.schwarz>
|
|
|
|
|
|
This will mitigate the problem where if any Role gets deleted for some
weird reason it could previously cascade delete important objects.
|
|
rename AWX_DIRECT_SHARED_RESOURCE_MANAGEMENT_ENABLED
to
ALLOW_LOCAL_RESOURCE_MANAGEMENT
- clearer meaning
- drop prefix so the same setting is used across the platform
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
|
|
|
|
when doing the final reset of Role.implicit_parents.
|
