-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Project update sync assets #7099
Conversation
awx/api/serializers.py
Outdated
data['token'] = generate_token() | ||
if 'expires' not in data: | ||
data['expires'] = now() + timedelta( | ||
seconds=settings.OAUTH2_PROVIDER['ACCESS_TOKEN_EXPIRE_SECONDS'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given that this is really intended to be an anonymous, single-use token, I think we should give it a very short expiration time, maybe something like 30 minutes (or however long we anticipate the actual sync process should take at maximum).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was something else I thought of but I wasn't sure how long. The default 1000 years is likely too much but I know there are some massive job syncs out there. Do we want to add another setting for this token? PROJECT_SYNC_ACCESS_TOKEN_EXPIRE_SECONDS and start with 24h as the default?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
repeating from a different conversation - tying this to the launching user is tricky in the case of update-on-launch and scheduled project updates. We'd want to find a way to handle those
ask_variables_on_launch: "{{ item.ask_variables_on_launch | default(omit) }}" | ||
ask_verbosity_on_launch: "{{ item.ask_verbosity_on_launch | default(omit) }}" | ||
become_enabled: "{{ item.become_enabled | default(omit) }}" | ||
credential: "{{ item.credential | default(omit) }}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we're making something new, let's stop using this old singular credential
key.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, this was a bulk field copy from an ansible-doc | grep ... | grep ...
command. For now I will leave this as is since this might be changing anyway to match the import/export code.
timeout: "{{ item.timeout | default(omit) }}" | ||
tower_host: "{{ awx_host }}" | ||
use_fact_cache: "{{ item.use_fact_cache | default(omit) }}" | ||
vault_credential: "{{ item.vault_credential | default(omit) }}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comment here.
Build failed.
|
class Migration(migrations.Migration): | ||
|
||
dependencies = [ | ||
('main', '0115_v370_schedule_set_null'), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a heads up, @beeankha may beat you to claiming this 0116
number.
Build failed.
|
306f1d0
to
b24c340
Compare
Build failed.
|
This has been superseded by PR #7099 |
SUMMARY
This is an initial cut as having parts of Tower being controlled by code. A project update of an SCM based project will not attempt to create job templates and workflow job templates from files within the source. The current proposed files are:
assets/job_templates.yml
assets/workflow_job_template_nodes.yml
assets/workflow_job_templates.yml
Which can be seen here: https://github.com/john-westcott-iv/test-playbooks/tree/master/assets
This PR adds a "Sync Assets" checkbox to the project UI screen. If enabled, during a manually invoked project sync the project_update.yml playbook will now include a role which will read these files and then leverage the awx.awx collection to build assets within tower.
Related #526
ISSUE TYPE
COMPONENT NAME
AWX VERSION
ADDITIONAL INFORMATION
TODO:
Sync with the awxkit import/export work to have the data files aligned.