[WIP] Project update sync assets #7099
Conversation
awx/api/serializers.py
Outdated
| data['token'] = generate_token() | ||
| if 'expires' not in data: | ||
| data['expires'] = now() + timedelta( | ||
| seconds=settings.OAUTH2_PROVIDER['ACCESS_TOKEN_EXPIRE_SECONDS'] |
There was a problem hiding this comment.
Given that this is really intended to be an anonymous, single-use token, I think we should give it a very short expiration time, maybe something like 30 minutes (or however long we anticipate the actual sync process should take at maximum).
There was a problem hiding this comment.
This was something else I thought of but I wasn't sure how long. The default 1000 years is likely too much but I know there are some massive job syncs out there. Do we want to add another setting for this token? PROJECT_SYNC_ACCESS_TOKEN_EXPIRE_SECONDS and start with 24h as the default?
There was a problem hiding this comment.
repeating from a different conversation - tying this to the launching user is tricky in the case of update-on-launch and scheduled project updates. We'd want to find a way to handle those
| ask_variables_on_launch: "{{ item.ask_variables_on_launch | default(omit) }}" | ||
| ask_verbosity_on_launch: "{{ item.ask_verbosity_on_launch | default(omit) }}" | ||
| become_enabled: "{{ item.become_enabled | default(omit) }}" | ||
| credential: "{{ item.credential | default(omit) }}" |
There was a problem hiding this comment.
If we're making something new, let's stop using this old singular credential key.
There was a problem hiding this comment.
Good point, this was a bulk field copy from an ansible-doc | grep ... | grep ... command. For now I will leave this as is since this might be changing anyway to match the import/export code.
| timeout: "{{ item.timeout | default(omit) }}" | ||
| tower_host: "{{ awx_host }}" | ||
| use_fact_cache: "{{ item.use_fact_cache | default(omit) }}" | ||
| vault_credential: "{{ item.vault_credential | default(omit) }}" |
|
Build failed.
|
| class Migration(migrations.Migration): | ||
|
|
||
| dependencies = [ | ||
| ('main', '0115_v370_schedule_set_null'), |
There was a problem hiding this comment.
Just a heads up, @beeankha may beat you to claiming this 0116 number.
|
Build failed.
|
john-westcott-iv
force-pushed
the
projet_update
branch
from
306f1d0
to
b24c340
Compare
|
Build failed.
|
|
This has been superseded by PR #7099 |
SUMMARY
This is an initial cut as having parts of Tower being controlled by code. A project update of an SCM based project will not attempt to create job templates and workflow job templates from files within the source. The current proposed files are:
assets/job_templates.yml
assets/workflow_job_template_nodes.yml
assets/workflow_job_templates.yml
Which can be seen here: https://github.com/john-westcott-iv/test-playbooks/tree/master/assets
This PR adds a "Sync Assets" checkbox to the project UI screen. If enabled, during a manually invoked project sync the project_update.yml playbook will now include a role which will read these files and then leverage the awx.awx collection to build assets within tower.
Related #526
ISSUE TYPE
COMPONENT NAME
AWX VERSION
ADDITIONAL INFORMATION
TODO:
Sync with the awxkit import/export work to have the data files aligned.