diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index ddfb33a27..db9a5d1cd 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -2,12 +2,12 @@ # What does this PR do? -# How should this be tested? +## How should this be tested? -# Is there a relevant Issue open for this? +## Is there a relevant Issue open for this? resolves #[number] -# Other Relevant info, PRs, etc +## Other Relevant info, PRs, etc diff --git a/.github/files/galaxy.yml.j2 b/.github/files/galaxy.yml.j2 index 45ade95f9..97e644662 100644 --- a/.github/files/galaxy.yml.j2 +++ b/.github/files/galaxy.yml.j2 @@ -5,28 +5,28 @@ version: {{ collection_version }} description: A collection of roles to extend functionality of aap_configuration collection readme: README.md authors: - - Andrew Huffman - - Adebisi Oyawale @aoyawale - - Kedar Kulkarni @kedark3 - - Tom Page @Tompage1994 - - Sean Sullivan @sean-m-sullivan - - David Danielsson @djdanielsson - - Ivan Aragonés - - Silvio Perez - - Adonis García + - Andrew Huffman + - Adebisi Oyawale @aoyawale + - Kedar Kulkarni @kedark3 + - Tom Page @Tompage1994 + - Sean Sullivan @sean-m-sullivan + - David Danielsson @djdanielsson + - Ivan Aragonés @ivarmu + - Silvio Perez + - Adonis García repository: {{ collection_repo }}/ issues: {{ collection_repo }}/issues build_ignore: - - galaxy.yml.j2 - - release.yml - - .github - - '*.tar.gz' + - galaxy.yml.j2 + - release.yml + - .github + - '*.tar.gz' license: - - GPL-3.0-or-later + - GPL-3.0-or-later tags: - - controller - - collection - - aap_configuration_extended - - automation_platform - - infrastructure + - controller + - collection + - aap_configuration_extended + - automation_platform + - infrastructure ... diff --git a/.gitignore b/.gitignore index 18d207ce0..07b5dc1ca 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ ansible.cfg vault-aap-controller.yaml .ansible/ .vault-password +sample_25 diff --git a/.yamllint.yml b/.yamllint.yml index f84073ebe..7f111b8c9 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -14,7 +14,7 @@ rules: min-spaces-from-content: 1 # prettier compatibility comments-indentation: false document-start: disable - document-end: {present: true} + document-end: { present: true } indentation: level: error # Require indentation https://redhat-cop.github.io/automation-good-practices/#_yaml_and_jinja2_syntax diff --git a/EXPORT_README.md b/EXPORT_README.md index e517eaa0d..fc839493a 100644 --- a/EXPORT_README.md +++ b/EXPORT_README.md @@ -36,7 +36,7 @@ awx export --conf.host https://localhost --conf.username admin --conf.password * CONTROLLER_HOST: https://localhost CONTROLLER_USERNAME: admin CONTROLLER_PASSWORD: password - CONTROLLER_VERIFY_SSL: False + CONTROLLER_VERIFY_SSL: false tasks: - name: Export projects @@ -50,7 +50,7 @@ awx export --conf.host https://localhost --conf.username admin --conf.password * - name: Export projects to file ansible.builtin.copy: - content: "{{ export_results | to_nice_yaml(width=50, explicit_start=True, explicit_end=True) }}" + content: "{{ export_results | to_nice_yaml(width=50, explicit_start=true, explicit_end=true) }}" dest: projects.yaml ... ``` diff --git a/changelogs/fragments/filetree_create_controller_applications.yaml b/changelogs/fragments/filetree_create_controller_applications.yaml new file mode 100644 index 000000000..45f8969b6 --- /dev/null +++ b/changelogs/fragments/filetree_create_controller_applications.yaml @@ -0,0 +1,4 @@ +--- +bugfixes: + - Set the correct API URL for the controller applications endpoint +... diff --git a/changelogs/fragments/filetree_create_controller_credential_types.yaml b/changelogs/fragments/filetree_create_controller_credential_types.yaml new file mode 100644 index 000000000..f6eb3e215 --- /dev/null +++ b/changelogs/fragments/filetree_create_controller_credential_types.yaml @@ -0,0 +1,4 @@ +--- +bugfixes: + - There was an indentation error in the output at the `inputs` and `injectors` sections. The template has been fixed. +... diff --git a/changelogs/fragments/filetree_create_controller_inventories.yaml b/changelogs/fragments/filetree_create_controller_inventories.yaml new file mode 100644 index 000000000..3a1c44066 --- /dev/null +++ b/changelogs/fragments/filetree_create_controller_inventories.yaml @@ -0,0 +1,4 @@ +--- +bugfixes: + - Change connection variables to AAP from 'controller_*' to 'aap_*' when exporting the 'inventory_sources'. +... diff --git a/changelogs/fragments/filetree_create_controller_workflow_job_templates.yaml b/changelogs/fragments/filetree_create_controller_workflow_job_templates.yaml new file mode 100644 index 000000000..b1a512748 --- /dev/null +++ b/changelogs/fragments/filetree_create_controller_workflow_job_templates.yaml @@ -0,0 +1,4 @@ +--- +bugfixes: + - Fix the exported contents of survey's choices in workflow job templates to avoid to have the clause '!unsafe' inside the generated string. +... diff --git a/changelogs/fragments/filetree_create_eda_credential_types.yaml b/changelogs/fragments/filetree_create_eda_credential_types.yaml new file mode 100644 index 000000000..f6eb3e215 --- /dev/null +++ b/changelogs/fragments/filetree_create_eda_credential_types.yaml @@ -0,0 +1,4 @@ +--- +bugfixes: + - There was an indentation error in the output at the `inputs` and `injectors` sections. The template has been fixed. +... diff --git a/changelogs/fragments/filetree_create_gateway_service_keys.yaml b/changelogs/fragments/filetree_create_gateway_service_keys.yaml new file mode 100644 index 000000000..e44f7eec4 --- /dev/null +++ b/changelogs/fragments/filetree_create_gateway_service_keys.yaml @@ -0,0 +1,4 @@ +--- +bugfixes: + - There was a format error in the output after each key occurence. The template has been fixed. +... diff --git a/changelogs/fragments/new_role_upgrade_config.yml b/changelogs/fragments/new_role_upgrade_config.yml new file mode 100644 index 000000000..8667c52f0 --- /dev/null +++ b/changelogs/fragments/new_role_upgrade_config.yml @@ -0,0 +1,4 @@ +--- +major_changes: + - New role to update Configuration as Code files from 2.4 (infra.controller_configuration) format to 2.5 (infra.aap_configuration_extended) +... diff --git a/galaxy.yml b/galaxy.yml index 6d023986b..f01a16e01 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -5,28 +5,28 @@ version: 1.1.1-devel description: A collection of roles to extend functionality of aap_configuration collection readme: README.md authors: - - Andrew Huffman - - Adebisi Oyawale @aoyawale - - Kedar Kulkarni @kedark3 - - Tom Page @Tompage1994 - - Sean Sullivan @sean-m-sullivan - - David Danielsson @djdanielsson - - Ivan Aragonés - - Silvio Perez - - Adonis García + - Andrew Huffman + - Adebisi Oyawale @aoyawale + - Kedar Kulkarni @kedark3 + - Tom Page @Tompage1994 + - Sean Sullivan @sean-m-sullivan + - David Danielsson @djdanielsson + - Ivan Aragonés @ivarmu + - Silvio Perez + - Adonis García repository: https://github.com/redhat-cop/aap_configuration_extended/ issues: https://github.com/redhat-cop/aap_configuration_extended/issues build_ignore: - - galaxy.yml.j2 - - release.yml - - .github - - '*.tar.gz' + - galaxy.yml.j2 + - release.yml + - .github + - '*.tar.gz' license: - - GPL-3.0-or-later + - GPL-3.0-or-later tags: - - controller - - collection - - aap_configuration_extended - - automation_platform - - infrastructure + - controller + - collection + - aap_configuration_extended + - automation_platform + - infrastructure ... diff --git a/playbooks/upgrade_config.yaml b/playbooks/upgrade_config.yaml new file mode 100644 index 000000000..c16f47cfd --- /dev/null +++ b/playbooks/upgrade_config.yaml @@ -0,0 +1,15 @@ +--- +# +# ansible-playbook -i localhost, playbooks/upgrade_config.yaml -e '{sanitize: true}' +# +- name: "Playbook to upgrade CaC from AAP <= 2.4 to AAP >= 2.5 format" + hosts: localhost + connection: local + gather_facts: false + tasks: + - name: "Call upgrade_config role" + ansible.builtin.include_role: + name: infra.aap_configuration_extended.upgrade_config + vars: + input_authenticator_name: "IDM LDAP" +... diff --git a/roles/filetree_create/tasks/controller_applications.yml b/roles/filetree_create/tasks/controller_applications.yml index 186c6b752..97714472e 100644 --- a/roles/filetree_create/tasks/controller_applications.yml +++ b/roles/filetree_create/tasks/controller_applications.yml @@ -1,7 +1,7 @@ --- - name: "Get current Applications from the API" ansible.builtin.set_fact: - applications_lookvar: "{{ query(controller_api_plugin, 'applications/', + applications_lookvar: "{{ query(controller_api_plugin, 'api/controller/v2/applications/', query_params=(query_params | combine({'organization': organization_id})) if organization_id is defined else query_params, host=aap_hostname, oauth_token=aap_oauthtoken, verify_ssl=aap_validate_certs, return_all=true, max_objects=query_controller_api_max_objects) diff --git a/roles/filetree_create/templates/controller_credential_types.j2 b/roles/filetree_create/templates/controller_credential_types.j2 index f482e5e09..ac76dc334 100644 --- a/roles/filetree_create/templates/controller_credential_types.j2 +++ b/roles/filetree_create/templates/controller_credential_types.j2 @@ -8,14 +8,14 @@ controller_credential_types: kind: "{{ credential_type.kind }}" inputs: {{ template_overrides_resources.credential_type[credential_type.name].inputs - | default(credential_type.inputs) | to_nice_yaml(indent=2,sort_keys=False) | indent(width=6, first=True) }} + | default(credential_type.inputs) | to_nice_yaml(indent=2,sort_keys=false) | indent(width=8, first=true) }} {% if template_overrides_resources.credential_type[credential_type.name].injectors is defined or (credential_type.injectors and credential_type.injectors != '---') %} injectors: {# https://docs.ansible.com/ansible/latest/user_guide/playbooks_advanced_syntax.html#unsafe-or-raw-strings #} {{ template_overrides_resources.credential_type[credential_type.name].injectors | default(credential_type.injectors) - | to_nice_yaml(indent=2, sort_keys=False) | indent(width=6, first=True) | regex_replace('(^[^:]*): (.*){([{%])', '\\g<1>: !unsafe \\g<2>{\\g<3>', multiline=True)}} -{%- endif %} + | to_nice_yaml(indent=2, sort_keys=false) | indent(width=8, first=true) | regex_replace('(^[^:]*): (.*){([{%])', '\\g<1>: !unsafe \\g<2>{\\g<3>', multiline=true)}} +{% endif %} {% endfor %} ... diff --git a/roles/filetree_create/templates/controller_credentials.j2 b/roles/filetree_create/templates/controller_credentials.j2 index d36a36063..d33dbcf95 100644 --- a/roles/filetree_create/templates/controller_credentials.j2 +++ b/roles/filetree_create/templates/controller_credentials.j2 @@ -16,11 +16,11 @@ controller_credentials: or (current_credentials_asset_value.inputs is defined and current_credentials_asset_value.inputs is not match('{}')) %} inputs: {% if show_encrypted is defined and show_encrypted %} -{{ current_credentials_asset_value.inputs | to_nice_yaml(indent=2, sort_keys=False) | indent(width=6, first=True) }} +{{ current_credentials_asset_value.inputs | to_nice_yaml(indent=2, sort_keys=false) | indent(width=6, first=true) }} {% else %} {{ template_overrides_resources.credential[current_credentials_asset_value.name].inputs | default(current_credentials_asset_value.inputs) - | to_nice_yaml(indent=2, sort_keys=False) | indent(width=6, first=True) | replace("$encrypted$", "\'\'") }} + | to_nice_yaml(indent=2, sort_keys=false) | indent(width=6, first=true) | replace("$encrypted$", "\'\'") }} {% endif %} {% endif %} {% if last_credential | default(true) | bool %} diff --git a/roles/filetree_create/templates/controller_workflow_job_templates.j2 b/roles/filetree_create/templates/controller_workflow_job_templates.j2 index 19a869b28..5725facfc 100644 --- a/roles/filetree_create/templates/controller_workflow_job_templates.j2 +++ b/roles/filetree_create/templates/controller_workflow_job_templates.j2 @@ -58,10 +58,10 @@ controller_workflows: {% if extra_data_item.value | type_debug is match('list') %} {{ extra_data_item.key }}: {% for current_list_item in extra_data_item.value if ((extra_data_item.value | string | length) > 0 and (extra_data_item.value | string) is not match('None')) %} - - {{ (current_list_item | regex_replace("\n", "\\\\n") | regex_replace('"', '\\"')) | regex_replace('\\\\(?!n|")', '\\\\\\\\') | regex_replace('(^[^{]*){([{%])(.*)', '!unsafe "\\g<1>{\\g<2>\\g<3>"', multiline=True) }} + - {{ (current_list_item | regex_replace("\n", "\\\\n") | regex_replace('"', '\\"')) | regex_replace('\\\\(?!n|")', '\\\\\\\\') | regex_replace('(^[^{]*){([{%])(.*)', '!unsafe "\\g<1>{\\g<2>\\g<3>"', multiline=true) }} {% endfor %} {% else %} - {{ extra_data_item.key }}: {{ (extra_data_item.value | regex_replace("\n", "\\\\n") | regex_replace('"', '\\"')) | regex_replace('\\\\(?!n|")', '\\\\\\\\') | regex_replace('(^[^{]*){([{%])(.*)', '!unsafe "\\g<1>{\\g<2>\\g<3>"', multiline=True) }} + {{ extra_data_item.key }}: {{ (extra_data_item.value | regex_replace("\n", "\\\\n") | regex_replace('"', '\\"')) | regex_replace('\\\\(?!n|")', '\\\\\\\\') | regex_replace('(^[^{]*){([{%])(.*)', '!unsafe "\\g<1>{\\g<2>\\g<3>"', multiline=true) }} {% endif %} {% endfor %} {%- endif %} @@ -117,10 +117,10 @@ controller_workflows: {% if extra_vars_item.value | type_debug is match('list') %} {{ extra_vars_item.key }}: {% for current_list_item in extra_vars_item.value if ((extra_vars_item.value | string | length) > 0 and (extra_vars_item.value | string) is not match('None')) %} - - {{ (current_list_item | regex_replace("\n", "\\\\n") | regex_replace('"', '\\"')) | regex_replace('\\\\(?!n|")', '\\\\\\\\') | regex_replace('(^[^{]*){([{%])(.*)', '!unsafe "\\g<1>{\\g<2>\\g<3>"', multiline=True) }} + - {{ (current_list_item | regex_replace("\n", "\\\\n") | regex_replace('"', '\\"')) | regex_replace('\\\\(?!n|")', '\\\\\\\\') | regex_replace('(^[^{]*){([{%])(.*)', '!unsafe "\\g<1>{\\g<2>\\g<3>"', multiline=true) }} {% endfor %} {% else %} - {{ extra_vars_item.key }}: {{ (extra_vars_item.value | regex_replace("\n", "\\\\n") | regex_replace('"', '\\"')) | regex_replace('\\\\(?!n|")', '\\\\\\\\') | regex_replace('(^[^{]*){([{%])(.*)', '!unsafe "\\g<1>{\\g<2>\\g<3>"', multiline=True) }} + {{ extra_vars_item.key }}: {{ (extra_vars_item.value | regex_replace("\n", "\\\\n") | regex_replace('"', '\\"')) | regex_replace('\\\\(?!n|")', '\\\\\\\\') | regex_replace('(^[^{]*){([{%])(.*)', '!unsafe "\\g<1>{\\g<2>\\g<3>"', multiline=true) }} {% endif %} {% endfor %} {% else %} @@ -193,7 +193,11 @@ controller_workflows: {% if survey_item_content.key is match('choices') and survey_item_content.value[0] is defined %} {{ survey_item_content.key }}: {% for choice in survey_item_content.value if ((survey_item_content.value | string | length) > 0 and (survey_item_content.value | string) is not match('None')) %} - - "{{ choice | regex_replace('(^[^{]*){([{%])(.*)', '!unsafe "\\g<1>{\\g<2>\\g<3>"', multiline=True) }}" +{% if (choice | regex_replace('(^[^{]*){([{%])(.*)', '!unsafe "\\g<1>{\\g<2>\\g<3>"', multiline=true) != choice) %} + - {{ choice | regex_replace('(^[^{]*){([{%])(.*)', '!unsafe "\\g<1>{\\g<2>\\g<3>"', multiline=true) }} +{% else %} + - "{{ choice }}" +{% endif %} {% endfor %} {% endif %} {% endif %} diff --git a/roles/filetree_create/templates/eda_credential_types.j2 b/roles/filetree_create/templates/eda_credential_types.j2 index 08899466f..873138375 100644 --- a/roles/filetree_create/templates/eda_credential_types.j2 +++ b/roles/filetree_create/templates/eda_credential_types.j2 @@ -9,16 +9,16 @@ eda_credential_types: kind: "{{ eda_credential_type.kind }}" inputs: {{ template_overrides_resources.eda_credential_type[eda_credential_type.name].inputs - | default(eda_credential_type.inputs) | to_nice_yaml(indent=2,sort_keys=False) | indent(width=6, first=True) }} + | default(eda_credential_type.inputs) | to_nice_yaml(indent=2,sort_keys=false) | indent(width=8, first=true) }} {% if template_overrides_resources.eda_credential_type[eda_credential_type.name].injectors is defined or (eda_credential_type.injectors and eda_credential_type.injectors != '---') %} injectors: {# https://docs.ansible.com/ansible/latest/user_guide/playbooks_advanced_syntax.html#unsafe-or-raw-strings #} {{ template_overrides_resources.eda_credential_type[eda_credential_type.name].injectors | default(eda_credential_type.injectors) - | to_nice_yaml(indent=2, sort_keys=False) | indent(width=6, first=True) | regex_replace('(^[^:]*): (.*){([{%])', '\\g<1>: !unsafe \\g<2>{\\g<3>', multiline=True)}} + | to_nice_yaml(indent=2, sort_keys=false) | indent(width=8, first=true) | regex_replace('(^[^:]*): (.*){([{%])', '\\g<1>: !unsafe \\g<2>{\\g<3>', multiline=true)}} {% else %} injectors: {} -{%- endif %} +{% endif %} {% endfor %} ... diff --git a/roles/filetree_create/templates/gateway_service_keys.j2 b/roles/filetree_create/templates/gateway_service_keys.j2 index b62f85454..b4f8a04e9 100644 --- a/roles/filetree_create/templates/gateway_service_keys.j2 +++ b/roles/filetree_create/templates/gateway_service_keys.j2 @@ -20,5 +20,6 @@ gateway_service_keys: | default(template_overrides_global.gateway_route.mark_previous_inactive) | default(current_service_key.mark_previous_inactive) | default(false) }}" {# default(false) because it is required but not returned by the API #} + {% endfor %} ... diff --git a/roles/filetree_read/tests/.gitignore b/roles/filetree_read/tests/.gitignore index 53a03723a..c59a28e02 100644 --- a/roles/filetree_read/tests/.gitignore +++ b/roles/filetree_read/tests/.gitignore @@ -1,2 +1,3 @@ collections +collections.old vars.yaml diff --git a/roles/upgrade_config/README.md b/roles/upgrade_config/README.md new file mode 100644 index 000000000..e8b23c0c0 --- /dev/null +++ b/roles/upgrade_config/README.md @@ -0,0 +1,110 @@ +# Upgrade Config Role + +This role is designed to automatically convert the configuration files used for AAP <= 2.4 CaC collections to the new format supported by the AAP >= 2.5 CaC collections. + +The following conversions are implemented: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Component AAP <= 2.4 AAP >= 2.5
LDAP Configuration Connection variables Gateway Authenticators
User and group mappings Gateway Authenticator Maps
SAML Configuration Connection variables Gateway Authenticators
User and group mappings Gateway Authenticator Maps
+ +## Role Variables + +| Variable | Required | Type | Description | +| ----------------- | :--------: | :----: | :--------------------------------------------- | +| aap24_configs_dir | Yes | Path | Path tha contains the CaC files for AAP <= 2.4 | +| aap25_configs_dir | Yes | Path | Path tha contains the CaC files for AAP >= 2.5 | + +## Known problems + +* After the conversion, the generated file `gateway_authenticators.yaml` must be updated by, at least, the following two fields: + * SAML: + * configuration -> CALLBACK_URL: This field must be set to the correct URL + * configuration -> SP_PRIVATE_KEY: This field must be set to the correct private key, having the following format: + + ```yaml + SP_PRIVATE_KEY: | + -----BEGIN PRIVATE KEY----- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + XXXXXXXXXXXXXXXXXXXXXXXXX + -----END PRIVATE KEY----- + + ``` + +## Example Playbook + +```yaml +--- +# +# ansible-playbook -i localhost, playbooks/upgrade_config.yaml -e '{sanitize: true}' +# +- name: "Playbook to upgrade CaC from AAP <= 2.4 to AAP >= 2.5 format" + hosts: localhost + connection: local + gather_facts: false + tasks: + - name: "Call upgrade_config role" + ansible.builtin.include_role: + name: infra.aap_configuration_extended.upgrade_config + vars: + input_authenticator_name: "IDM LDAP" +... +``` + +## License + +GPLv3+ + +## Author Information + +* [ivarmu](https://github.com/ivarmu) diff --git a/roles/upgrade_config/meta/argument_specs.yml b/roles/upgrade_config/meta/argument_specs.yml new file mode 100644 index 000000000..dd3d90ccd --- /dev/null +++ b/roles/upgrade_config/meta/argument_specs.yml @@ -0,0 +1,14 @@ +--- +argument_specs: + main: + short_description: An Ansible Role to migrate configuration files from AAP <= 2.4 format to AAP >= 2.5 + options: + aap24_configs_dir: + required: true + type: str + description: The path to the input directory where all the Configuration as Code files with AAP <= 2.4 format. + aap25_configs_dir: + required: true + type: str + description: The path to the output directory where all the Configuration as Code files AAP >= 2.5 format will be written to. +... diff --git a/roles/upgrade_config/meta/main.yml b/roles/upgrade_config/meta/main.yml new file mode 100644 index 000000000..03add90c0 --- /dev/null +++ b/roles/upgrade_config/meta/main.yml @@ -0,0 +1,47 @@ +--- +galaxy_info: + author: Automation Iberia + description: AAP Configuration as Code extract from AAP + company: Automation Iberia + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: GPL-3.0-or-later + + min_ansible_version: 2.15.0 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: "EL" + versions: + - "all" + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +... diff --git a/roles/upgrade_config/tasks/common_item/common_item.yaml b/roles/upgrade_config/tasks/common_item/common_item.yaml new file mode 100644 index 000000000..1535e40c3 --- /dev/null +++ b/roles/upgrade_config/tasks/common_item/common_item.yaml @@ -0,0 +1,23 @@ +--- +- name: "Upgrade_config | Common Item - Copy the original file to the destination one: {{ current_common_item.object }}" + ansible.builtin.copy: + src: "{{ aap24_configs_dir }}/{{ input_filename_prefix | default('') }}{{ current_common_item.object }}.yaml" + dest: "{{ aap25_configs_dir }}/aap_{{ current_common_item.object }}.yaml" + mode: "0644" + +- name: "Replace the variable name: {{ current_common_item.object }}" + ansible.builtin.lineinfile: + path: "{{ aap25_configs_dir }}/aap_{{ current_common_item.object }}.yaml" + regex: '^controller_(.*):\s*$' + line: 'aap_\g<1>:' + backrefs: true + when: current_common_item.object not in ['notifications'] + +- name: "Replace the variable name: {{ current_common_item.object }}" + ansible.builtin.lineinfile: + path: "{{ aap25_configs_dir }}/aap_{{ current_common_item.object }}.yaml" + regex: '^controller_notifications:\s*$' + line: 'notification_templates:' + backrefs: true + when: current_common_item.object in ['notifications'] +... diff --git a/roles/upgrade_config/tasks/ldap/ldap.yaml b/roles/upgrade_config/tasks/ldap/ldap.yaml new file mode 100644 index 000000000..6e448e15c --- /dev/null +++ b/roles/upgrade_config/tasks/ldap/ldap.yaml @@ -0,0 +1,24 @@ +--- +- name: "Upgrade_config | LDAP - Upgrade all the LDAP configs in the 2.4 settings" + ansible.builtin.include_tasks: + file: "{{ __current_ldap_server.1 }}" + vars: + input_config_prefix: "{{ __current_ldap_server.0.split('_SERVER_URI')[0] }}" + __loop_data: + - AUTH_LDAP_SERVER_URI + - AUTH_LDAP_1_SERVER_URI + - AUTH_LDAP_2_SERVER_URI + - AUTH_LDAP_3_SERVER_URI + - AUTH_LDAP_4_SERVER_URI + - AUTH_LDAP_5_SERVER_URI + __files: + - ldap_upgrade_authenticators.yaml + - ldap_upgrade_mappings.yaml + loop: "{{ __loop_data | product(__files) | list }}" + loop_control: + loop_var: __current_ldap_server + when: + - (controller_settings[0].settings[__current_ldap_server.0]) is defined + - (controller_settings[0].settings[__current_ldap_server.0]) | length > 0 + +... diff --git a/roles/upgrade_config/tasks/ldap/ldap_upgrade_authenticators.yaml b/roles/upgrade_config/tasks/ldap/ldap_upgrade_authenticators.yaml new file mode 100644 index 000000000..ae36d8a12 --- /dev/null +++ b/roles/upgrade_config/tasks/ldap/ldap_upgrade_authenticators.yaml @@ -0,0 +1,37 @@ +--- +- name: "Upgrade_config | LDAP authenticators - Include the current output file (if exists)" + ansible.builtin.include_vars: + dir: "{{ aap25_configs_dir }}" + files_matching: "gateway_authenticators.yaml" + +- name: "Upgrade_config | LDAP authenticators - Add the current authenticator" + ansible.builtin.set_fact: + gateway_authenticators: "{{ (gateway_authenticators | default([])) + [__current_authenticator_value] }}" + vars: + __current_authenticator_value: + name: "{{ input_authenticator_name | default(input_config_prefix) }}" + enabled: "{{ input_authenticator_enabled | default(true) | bool | lower }}" + create_objects: "{{ input_create_objects | default(true) | bool | lower }}" + remove_users: "{{ input_remove_users | default(true) | bool | lower }}" + configuration: + BIND_DN: "{{ controller_settings[0].settings[input_config_prefix + '_BIND_DN'] }}" + BIND_PASSWORD: "{{ controller_settings[0].settings[input_config_prefix + '_BIND_PASSWORD'] }}" + CONNECTION_OPTIONS: "{{ (controller_settings[0].settings[input_config_prefix + '_CONNECTION_OPTIONS']) | default({}) }}" + GROUP_SEARCH: "{{ controller_settings[0].settings[input_config_prefix + '_GROUP_SEARCH'] }}" + GROUP_TYPE: "{{ controller_settings[0].settings[input_config_prefix + '_GROUP_TYPE'] }}" + GROUP_TYPE_PARAMS: "{{ controller_settings[0].settings[input_config_prefix + '_GROUP_TYPE_PARAMS'] }}" + SERVER_URI: + - "{{ controller_settings[0].settings[input_config_prefix + '_SERVER_URI'] }}" + START_TLS: "{{ controller_settings[0].settings[input_config_prefix + '_START_TLS'] }}" + USER_ATTR_MAP: "{{ (controller_settings[0].settings[input_config_prefix + '_USER_ATTR_MAP']) | default({}) }}" + USER_DN_TEMPLATE: "{{ controller_settings[0].settings[input_config_prefix + '_USER_DN_TEMPLATE'] }}" + USER_SEARCH: "{{ controller_settings[0].settings[input_config_prefix + '_USER_SEARCH'] }}" + type: "ansible_base.authentication.authenticator_plugins.ldap" + # Let auto-ordering... # order: "{{ (gateway_authenticators | default([]) | length) + 1 | int }}" + +- name: "Upgrade_config | LDAP authenticators - Write down the new data structure" + ansible.builtin.template: + src: "gateway_authenticators.yaml.j2" + dest: "{{ aap25_configs_dir }}/gateway_authenticators.yaml" + mode: "0644" +... diff --git a/roles/upgrade_config/tasks/ldap/ldap_upgrade_mappings.yaml b/roles/upgrade_config/tasks/ldap/ldap_upgrade_mappings.yaml new file mode 100644 index 000000000..f92482dff --- /dev/null +++ b/roles/upgrade_config/tasks/ldap/ldap_upgrade_mappings.yaml @@ -0,0 +1,97 @@ +--- +- name: "Upgrade_config | LDAP mappings - Include the current output file (if exists)" + ansible.builtin.include_vars: + dir: "{{ aap25_configs_dir }}" + files_matching: "gateway_authenticator_maps.yaml" + +- name: "Upgrade_config | LDAP mappings - Add the is_superuser mapping" + ansible.builtin.set_fact: + gateway_authenticator_maps: "{{ (gateway_authenticator_maps | default([])) + [__current_map_value] }}" + vars: + __current_map_value: + name: "{{ 'administrators' if __current_map.key is match('is_superuser') else __current_map.key }}" + authenticator: "{{ input_authenticator_name | default(input_config_prefix) }}" + map_type: "{{ __current_map.key }}" + revoke: "{{ input_revoke | default(true) | bool | lower }}" + triggers: + groups: + has_and: "{{ __current_map.value }}" + # Let auto-ordering... # order: "{{ (gateway_authenticator_maps | default([]) | length) + 1 | int }}" + loop: "{{ controller_settings[0].settings[input_config_prefix + '_USER_FLAGS_BY_GROUP'] | dict2items }}" + loop_control: + loop_var: __current_map + +- name: "Upgrade_config | LDAP mappings - Add the LDAP Team Mappings" + ansible.builtin.set_fact: + gateway_authenticator_maps: "{{ (gateway_authenticator_maps | default([])) + [__current_map_value] }}" + vars: + __current_map_value: + name: "{{ __current_map.key }}" + authenticator: "{{ input_authenticator_name | default(input_config_prefix) }}" + map_type: "team" + role: "Team Member" + organization: "{{ __current_map.value.organization }}" + team: "{{ __current_map.key }}" + revoke: "{{ __current_map.value.remove | bool | lower }}" + triggers: + groups: + has_and: + - "{{ __current_map.value.users }}" + # Let auto-ordering... # order: "{{ (gateway_authenticator_maps | default([]) | length) + 1 | int }}" + loop: "{{ controller_settings[0].settings[input_config_prefix + '_TEAM_MAP'] | dict2items }}" + loop_control: + loop_var: __current_map + index_var: __current_team_map_index + +- name: "Upgrade_config | LDAP mappings - Add the LDAP Organization Mappings (Administrators)" + ansible.builtin.set_fact: + gateway_authenticator_maps: "{{ (gateway_authenticator_maps | default([])) + [__current_map_value_admins] }}" + vars: + __current_map_value_admins: + name: "{{ __current_map.key }} Admins" + authenticator: "{{ input_authenticator_name | default(input_config_prefix) }}" + map_type: "organization" + role: "Organization Admin" + organization: "{{ __current_map.key }}" + team: "{{ __current_map.key }}" + revoke: "{{ __current_map.value.remove_admins | bool | lower }}" + triggers: + groups: + has_and: + - "{{ __current_map.value.admins }}" + # Let auto-ordering... # order: "{{ (gateway_authenticator_maps | default([]) | length) + 1 | int }}" + loop: "{{ controller_settings[0].settings[input_config_prefix + '_ORGANIZATION_MAP'] | dict2items }}" + loop_control: + loop_var: __current_map + index_var: __current_org_map_index + when: __current_map.value.admins | length > 0 + +- name: "Upgrade_config | LDAP mappings - Add the LDAP Organization Mappings (Members)" + ansible.builtin.set_fact: + gateway_authenticator_maps: "{{ (gateway_authenticator_maps | default([])) + [__current_map_value_members] }}" + vars: + __current_map_value_members: + name: "{{ __current_map.key }} Members" + authenticator: "{{ input_authenticator_name | default(input_config_prefix) }}" + map_type: "organization" + role: "Organization Member" + organization: "{{ __current_map.key }}" + team: "{{ __current_map.key }}" + revoke: "{{ __current_map.value.remove_users | bool | lower }}" + triggers: + groups: + has_and: + - "{{ __current_map.value.users }}" + # Let auto-ordering... # order: "{{ (gateway_authenticator_maps | default([]) | length) + 1 | int }}" + loop: "{{ controller_settings[0].settings[input_config_prefix + '_ORGANIZATION_MAP'] | dict2items }}" + loop_control: + loop_var: __current_map + index_var: __current_org_map_index + when: __current_map.value.users | length > 0 + +- name: "Upgrade_config | LDAP mappings - Write down the new data structure" + ansible.builtin.template: + src: "gateway_authenticator_maps.yaml.j2" + dest: "{{ aap25_configs_dir }}/gateway_authenticator_maps.yaml" + mode: "0644" +... diff --git a/roles/upgrade_config/tasks/main.yml b/roles/upgrade_config/tasks/main.yml new file mode 100644 index 000000000..f5ab022c7 --- /dev/null +++ b/roles/upgrade_config/tasks/main.yml @@ -0,0 +1,93 @@ +--- +- name: "Include vars from specified directory: {{ aap24_configs_dir }}" + ansible.builtin.include_vars: + dir: "{{ aap24_configs_dir }}" + extensions: + - yaml + - yml + tags: + - always + +- name: "Remove the specified output directory (sanitize tag): {{ aap25_configs_dir }}" + ansible.builtin.file: + state: absent + path: "{{ aap25_configs_dir }}" + when: + - sanitize is defined + - sanitize | bool + +- name: "Ensure the output directory exists: {{ aap25_configs_dir }}" + ansible.builtin.file: + state: directory + path: "{{ aap25_configs_dir }}" + mode: "0755" + +- name: "Upgrade all the configs from 2.4 to 2.5 format (LDAP and SAML)" + ansible.builtin.include_tasks: + file: "{{ _current_file.file }}" + vars: + _files: + - file: ldap/ldap.yaml + condition: AUTH_LDAP + - file: saml/saml.yaml + condition: SOCIAL_AUTH_SAML + loop: "{{ _files }}" + loop_control: + loop_var: _current_file + when: (controller_settings | first).settings | regex_search(_current_file.condition) | length > 0 + # when: (controller_settings is defined and ((controller_settings | first).settings | regex_search(_current_file.condition) | default([], true) | length > 0)) + # or (lookup('vars', _current_file.condition) is defined) + +- name: "Upgrade all the configs from 2.4 to 2.5 format (Common code)" + ansible.builtin.include_tasks: + # file: "{{ current_common_item.object }}/{{ current_common_item.object }}.yaml" + file: "common_item/common_item.yaml" + loop: + # - settings + - object: instances + - object: instance_groups + - object: organizations + - object: labels + - object: user_accounts + - object: teams + - object: credential_types + - object: credentials + - object: credential_input_sources + - object: execution_environments + - object: notifications + - object: projects + - object: inventories + - object: inventory_sources + - object: applications + - object: hosts + - object: groups + - object: templates + - object: workflows + - object: schedules + - object: roles + alt_name: role + vars: + __var_name: "{{ lookup('vars', 'controller_' + current_common_item.object, default='non_exists') }}" + loop_control: + loop_var: current_common_item + when: '__var_name != "non_exists"' + +- name: "Block to fix the output files' format" + block: + - name: "Search for all the generated files" + ansible.builtin.find: + paths: "{{ aap25_configs_dir }}" + recurse: true + patterns: + - '*.yaml' + - '*.yml' + register: _generated_files + + - name: "Re-write all the generated files to make them more readable" + ansible.builtin.shell: "/usr/bin/env yq -i -P {{ _current_file.path }} && echo '...' >> {{ _current_file.path }}" + changed_when: true + loop: "{{ _generated_files.files }}" + loop_control: + loop_var: _current_file + label: "{{ _current_file.path }}" +... diff --git a/roles/upgrade_config/tasks/saml/saml.yaml b/roles/upgrade_config/tasks/saml/saml.yaml new file mode 100644 index 000000000..3aaec1088 --- /dev/null +++ b/roles/upgrade_config/tasks/saml/saml.yaml @@ -0,0 +1,10 @@ +--- +- name: "Upgrade_config | SAML - Upgrade all the SAML configs in the 2.4 settings" + ansible.builtin.include_tasks: + file: "{{ __current_saml_file }}" + loop: + - saml_upgrade_authenticators.yaml + - saml_upgrade_mappings.yaml + loop_control: + loop_var: __current_saml_file +... diff --git a/roles/upgrade_config/tasks/saml/saml_upgrade_authenticators.yaml b/roles/upgrade_config/tasks/saml/saml_upgrade_authenticators.yaml new file mode 100644 index 000000000..be708cfca --- /dev/null +++ b/roles/upgrade_config/tasks/saml/saml_upgrade_authenticators.yaml @@ -0,0 +1,85 @@ +--- +- name: "Upgrade_config | SAML authenticators - Include the current output file (if exists)" + ansible.builtin.include_vars: + dir: "{{ aap25_configs_dir }}" + files_matching: "gateway_authenticators.yaml" + +- name: "Upgrade_config | SAML authenticators - Add the current authenticator" + ansible.builtin.set_fact: + gateway_authenticators: "{{ (gateway_authenticators | default([])) + [__current_authenticator_value] }}" + vars: + __current_authenticator_value: + name: "{{ saml_authenticator_name | default(controller_settings[0].settings.SOCIAL_AUTH_SAML_ORG_INFO | dict2items | map(attribute='value.name') | first) }}" + enabled: "{{ saml_authenticator_enabled | default(true) | bool | lower }}" + create_objects: "{{ saml_create_objects | default(controller_settings[0].settings.SAML_AUTO_CREATE_OBJECTS) | default(true) | bool | lower }}" + remove_users: "{{ saml_remove_users | default(false) | bool | lower }}" + configuration: + ADDITIONAL_UNVERIFIED_ARGS: + GET_ALL_EXTRA_DATA: true + CALLBACK_URL: "TODO: THIS MUST BE AUTO-GENERATED BY THE AUTHENTICATOR AND UPDATED INTO THE IdP SERVER" + EXTRA_DATA: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_EXTRA_DATA if controller_settings[0].settings.SOCIAL_AUTH_SAML_EXTRA_DATA is not match('null') else [] }}" + IDP_ATTR_EMAIL: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_ENABLED_IDPS[saml_authenticator_name + | default(controller_settings[0].settings.SOCIAL_AUTH_SAML_ORG_INFO + | dict2items + | map(attribute='value.name') + | first)].attr_email }}" + IDP_ATTR_FIRST_NAME: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_ENABLED_IDPS[saml_authenticator_name + | default(controller_settings[0].settings.SOCIAL_AUTH_SAML_ORG_INFO + | dict2items + | map(attribute='value.name') + | first)].attr_first_name }}" + IDP_ATTR_LAST_NAME: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_ENABLED_IDPS[saml_authenticator_name + | default(controller_settings[0].settings.SOCIAL_AUTH_SAML_ORG_INFO + | dict2items + | map(attribute='value.name') + | first)].attr_last_name }}" + IDP_ATTR_USERNAME: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_ENABLED_IDPS[saml_authenticator_name + | default(controller_settings[0].settings.SOCIAL_AUTH_SAML_ORG_INFO + | dict2items + | map(attribute='value.name') + | first)].attr_username }}" + IDP_ATTR_USER_PERMANENT_ID: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_ENABLED_IDPS[saml_authenticator_name + | default(controller_settings[0].settings.SOCIAL_AUTH_SAML_ORG_INFO + | dict2items + | map(attribute='value.name') + | first)].attr_user_permanent_id }}" + IDP_ENTITY_ID: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_ENABLED_IDPS[saml_authenticator_name + | default(controller_settings[0].settings.SOCIAL_AUTH_SAML_ORG_INFO + | dict2items + | map(attribute='value.name') + | first)].entity_id }}" + IDP_GROUPS: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_ENABLED_IDPS[saml_authenticator_name + | default(controller_settings[0].settings.SOCIAL_AUTH_SAML_ORG_INFO + | dict2items + | map(attribute='value.name') + | first)].attr_groups }}" + IDP_URL: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_ENABLED_IDPS[saml_authenticator_name + | default(controller_settings[0].settings.SOCIAL_AUTH_SAML_ORG_INFO + | dict2items + | map(attribute='value.name') + | first)].url }}" + IDP_X509_CERT: >- + -----BEGIN CERTIFICATE----- + {{ controller_settings[0].settings.SOCIAL_AUTH_SAML_ENABLED_IDPS[saml_authenticator_name + | default(controller_settings[0].settings.SOCIAL_AUTH_SAML_ORG_INFO + | dict2items + | map(attribute='value.name') + | first)].x509cert + }} + -----END CERTIFICATE----- + ORG_INFO: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_ORG_INFO }}" + SECURITY_CONFIG: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_SECURITY_CONFIG }}" + SP_ENTITY_ID: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_SP_ENTITY_ID }}" + SP_EXTRA: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_SP_EXTRA }}" + SP_PRIVATE_KEY: "TODO: " + SP_PUBLIC_CERT: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_SP_PUBLIC_CERT }}" + SUPPORT_CONTACT: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_SUPPORT_CONTACT }}" + TECHNICAL_CONTACT: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_TECHNICAL_CONTACT }}" + type: ansible_base.authentication.authenticator_plugins.saml + +- name: "Upgrade_config | SAML authenticators - Write down the new data structure" + ansible.builtin.template: + src: "gateway_authenticators.yaml.j2" + dest: "{{ aap25_configs_dir }}/gateway_authenticators.yaml" + mode: "0644" +... diff --git a/roles/upgrade_config/tasks/saml/saml_upgrade_mappings.yaml b/roles/upgrade_config/tasks/saml/saml_upgrade_mappings.yaml new file mode 100644 index 000000000..c45814978 --- /dev/null +++ b/roles/upgrade_config/tasks/saml/saml_upgrade_mappings.yaml @@ -0,0 +1,109 @@ +--- +- name: "Upgrade_config | SAML mappings - Include the current output file (if exists)" + ansible.builtin.include_vars: + dir: "{{ aap25_configs_dir }}" + files_matching: "gateway_authenticator_maps.yaml" + +- name: "Upgrade_config | SAML mappings - Add the is_superuser mapping" + ansible.builtin.set_fact: + gateway_authenticator_maps: "{{ (gateway_authenticator_maps | default([])) + [__current_map_value] }}" + vars: + __current_map_value: + name: "Is Superuser" + authenticator: "{{ saml_authenticator_name | default(controller_settings[0].settings.SOCIAL_AUTH_SAML_ORG_INFO | dict2items | map(attribute='value.name') | first) }}" + map_type: "is_superuser" + revoke: "{{ saml_is_superuser_revoke | default(true) | bool | lower }}" + triggers: "{{ {} | combine({'attributes': + {controller_settings[0].settings.SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR.is_superuser_attr: + {'contains': controller_settings[0].settings.SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR.is_superuser_value | first}, + 'join_condition': 'or'}}) + }}" + +- name: "Upgrade_config | SAML mappings - Add the is_auditor mapping" + ansible.builtin.set_fact: + gateway_authenticator_maps: "{{ (gateway_authenticator_maps | default([])) + [__current_map_value] }}" + vars: + __current_map_value: + name: "Is Auditor" + authenticator: "{{ saml_authenticator_name | default(controller_settings[0].settings.SOCIAL_AUTH_SAML_ORG_INFO | dict2items | map(attribute='value.name') | first) }}" + map_type: "role" + role: "Platform Auditor" + revoke: "{{ saml_is_system_auditor_revoke | default(true) | bool | lower }}" + triggers: "{{ {} | combine({'attributes': {controller_settings[0].settings.SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR.is_system_auditor_attr: + {'contains': controller_settings[0].settings.SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR.is_system_auditor_value | first}, + 'join_condition': 'or'}}) + }}" + +- name: "Upgrade_config | SAML mappings - Add the SAML Team Mappings" + ansible.builtin.set_fact: + gateway_authenticator_maps: "{{ (gateway_authenticator_maps | default([])) + [__current_map_value] }}" + vars: + __current_map_value: + name: "{{ __current_map.key }}" + authenticator: "{{ saml_authenticator_name | default(controller_settings[0].settings.SOCIAL_AUTH_SAML_ORG_INFO | dict2items | map(attribute='value.name') | first) }}" + map_type: "team" + role: "Team Member" + organization: "{{ __current_map.value.organization }}" + team: "{{ __current_map.key }}" + revoke: "{{ __current_map.value.remove | default(true) | bool | lower }}" + triggers: "{{ {} | combine({'groups': {'has_and': ([__current_map.value.users] | flatten)}} if (__current_map.value.users | type_debug is not match('bool')) else + {'always': {}} if (__current_map.value.users | bool) else {'never': {}}) + }}" + # Let auto-ordering... # order: "{{ (gateway_authenticator_maps | default([]) | length) + 1 | int }}" + loop: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_TEAM_MAP | dict2items }}" + loop_control: + loop_var: __current_map + index_var: __current_team_map_index + +- name: "Upgrade_config | SAML mappings - Add the LDAP Organization Mappings (Administrators)" + ansible.builtin.set_fact: + gateway_authenticator_maps: "{{ (gateway_authenticator_maps | default([])) + [__current_map_value_admins] }}" + vars: + __current_map_value_admins: + name: "{{ __current_map.key }} Admins" + authenticator: "{{ input_authenticator_name | default(input_config_prefix) }}" + map_type: "organization" + role: "Organization Admin" + organization: "{{ __current_map.key }}" + revoke: "{{ __current_map.value.remove_admins | default(true) | bool | lower }}" + triggers: "{{ {} | combine({'groups': {'has_and': ([__current_map.value.admins] | flatten)}} if (__current_map.value.admins | type_debug is not match('bool')) else + {'always': {}} if (__current_map.value.admins | bool) else {'never': {}}) + }}" + # Let auto-ordering... # order: "{{ (gateway_authenticator_maps | default([]) | length) + 1 | int }}" + loop: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_ORGANIZATION_MAP | dict2items }}" + loop_control: + loop_var: __current_map + # index_var: __current_org_map_index + when: + - __current_map.value.admins is defined + - __current_map.value.admins | string | length > 0 + +- name: "Upgrade_config | SAML mappings - Add the LDAP Organization Mappings (Members)" + ansible.builtin.set_fact: + gateway_authenticator_maps: "{{ (gateway_authenticator_maps | default([])) + [__current_map_value_members] }}" + vars: + __current_map_value_members: + name: "{{ __current_map.key }} Members" + authenticator: "{{ input_authenticator_name | default(input_config_prefix) }}" + map_type: "organization" + role: "Organization Member" + organization: "{{ __current_map.key }}" + revoke: "{{ __current_map.value.remove_users | default(true) | bool | lower }}" + triggers: "{{ {} | combine({'groups': {'has_and': ([__current_map.value.users] | flatten)}} if (__current_map.value.users | type_debug is not match('bool')) else + {'always': {}} if (__current_map.value.users | bool) else {'never': {}}) + }}" + # Let auto-ordering... # order: "{{ (gateway_authenticator_maps | default([]) | length) + 1 | int }}" + loop: "{{ controller_settings[0].settings.SOCIAL_AUTH_SAML_ORGANIZATION_MAP | dict2items }}" + loop_control: + loop_var: __current_map + index_var: __current_org_map_index + when: + - __current_map.value.users is defined + - __current_map.value.users | string | length > 0 + +- name: "Upgrade_config | SAML mappings - Write down the new data structure" + ansible.builtin.template: + src: "gateway_authenticator_maps.yaml.j2" + dest: "{{ aap25_configs_dir }}/gateway_authenticator_maps.yaml" + mode: "0644" +... diff --git a/roles/upgrade_config/templates/aap_common_items.yaml.j2 b/roles/upgrade_config/templates/aap_common_items.yaml.j2 new file mode 100644 index 000000000..7001ac558 --- /dev/null +++ b/roles/upgrade_config/templates/aap_common_items.yaml.j2 @@ -0,0 +1,22 @@ +--- +aap_{{ current_common_item.object }}: +{% for __map in __aap_common_item %} +{% for __map_item in (__map | dict2items) %} +{% if __map_item.value | type_debug not in ['str','AnsibleUnsafeText'] or __map_item.value | length > 0 %} +{% if loop.index == 1 %} +{% if __map_item.value | type_debug == 'AnsibleUnsafeText' %} + - {{ __map_item.key }}: !unsafe {{ __map_item.value | replace("\\'", "''") }} +{% else %} + - {{ __map_item.key }}: {{ __map_item.value | replace("\\'", "''") }} +{% endif %} +{% else %} +{% if __map_item.value | type_debug == 'AnsibleUnsafeText' %} + {{ __map_item.key }}: !unsafe {{ __map_item.value | replace("\\'", "''") }} +{% else %} + {{ __map_item.key }}: {{ __map_item.value | replace("\\'", "''") }} +{% endif %} +{% endif %} +{% endif %} +{% endfor %} +{%- endfor %} +... diff --git a/roles/upgrade_config/templates/gateway_authenticator_maps.yaml.j2 b/roles/upgrade_config/templates/gateway_authenticator_maps.yaml.j2 new file mode 100644 index 000000000..186672a19 --- /dev/null +++ b/roles/upgrade_config/templates/gateway_authenticator_maps.yaml.j2 @@ -0,0 +1,12 @@ +--- +gateway_authenticator_maps: +{% for __map in gateway_authenticator_maps %} +{% for __map_item in (__map | dict2items) %} +{% if loop.index == 1 %} + - {{ __map_item.key }}: {{ __map_item.value }} +{% else %} + {{ __map_item.key }}: {{ __map_item.value }} +{% endif %} +{% endfor %} +{%- endfor %} +... diff --git a/roles/upgrade_config/templates/gateway_authenticators.yaml.j2 b/roles/upgrade_config/templates/gateway_authenticators.yaml.j2 new file mode 100644 index 000000000..35c901c0f --- /dev/null +++ b/roles/upgrade_config/templates/gateway_authenticators.yaml.j2 @@ -0,0 +1,12 @@ +--- +gateway_authenticators: +{% for __map in gateway_authenticators %} +{% for __map_item in (__map | dict2items) %} +{% if loop.index == 1 %} + - {{ __map_item.key }}: {{ __map_item.value }} +{% else %} + {{ __map_item.key }}: {{ __map_item.value }} +{% endif %} +{% endfor %} +{%- endfor %} +... diff --git a/roles/upgrade_config/tests/inventory b/roles/upgrade_config/tests/inventory new file mode 100644 index 000000000..712db593b --- /dev/null +++ b/roles/upgrade_config/tests/inventory @@ -0,0 +1,2 @@ +#SPDX-License-Identifier: MIT-0 +localhost diff --git a/roles/upgrade_config/tests/upgrade_config.yaml b/roles/upgrade_config/tests/upgrade_config.yaml new file mode 100644 index 000000000..98be504b7 --- /dev/null +++ b/roles/upgrade_config/tests/upgrade_config.yaml @@ -0,0 +1,17 @@ +--- +# +# ansible-playbook -i localhost, upgrade_config.yaml -e '{sanitize: true}' +# +- name: "Playbook to upgrade CaC from AAP <= 2.4 to AAP >= 2.5 format" + hosts: localhost + connection: local + gather_facts: false + tasks: + - name: "Call upgrade_config role" + ansible.builtin.include_role: + name: infra.aap_configuration_extended.upgrade_config + vars: + aap24_configs_dir: "{{ playbook_dir }}/../../../tests/configs/upgrade_configs/aap_24" + aap25_configs_dir: "{{ playbook_dir }}/../../../tests/configs/upgrade_configs/aap_25" + input_authenticator_name: "IDM LDAP" +... diff --git a/tests/configs/upgrade_configs/aap_24/applications.yaml b/tests/configs/upgrade_configs/aap_24/applications.yaml new file mode 100644 index 000000000..24f9a1df8 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/applications.yaml @@ -0,0 +1,31 @@ +--- +controller_applications: + - name: "controller_application-app3" + description: "" + organization: "Default" + authorization_grant_type: "password" + redirect_uris: "" + skip_authorization: "false" + client_type: "confidential" + - name: "dummy_application" + description: "" + organization: "Dummy" + authorization_grant_type: "password" + redirect_uris: "" + skip_authorization: "false" + client_type: "confidential" + - name: "controller_application-app1" + description: "" + organization: "Satellite" + authorization_grant_type: "password" + redirect_uris: "" + skip_authorization: "false" + client_type: "public" + - name: "test_gateway_application" + description: "" + organization: "test" + authorization_grant_type: "authorization-code" + redirect_uris: "https://test_url" + skip_authorization: "false" + client_type: "confidential" +... diff --git a/tests/configs/upgrade_configs/aap_24/credential_types.yaml b/tests/configs/upgrade_configs/aap_24/credential_types.yaml new file mode 100644 index 000000000..769a5f6fe --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/credential_types.yaml @@ -0,0 +1,49 @@ +--- +controller_credential_types: + - name: "dummy" + description: "" + kind: "cloud" + inputs: + fields: + - id: rest_username + type: string + label: REST Username + - id: rest_password + type: string + label: REST Password + secret: true + required: + - rest_username + - rest_password + + injectors: + env: + rest_password_env: !unsafe "{{ rest_password }}" + rest_username_env: !unsafe "{{ rest_username }}" + extra_vars: + rest_password: !unsafe "{{ rest_password }}" + rest_username: !unsafe "{{ rest_username }}" + - name: "REST API Credential" + description: "REST API Credential" + kind: "cloud" + inputs: + fields: + - id: rest_username + type: string + label: REST Username + - id: rest_password + type: string + label: REST Password + secret: true + required: + - rest_username + - rest_password + + injectors: + env: + rest_password_env: !unsafe "{{ rest_password }}" + rest_username_env: !unsafe "{{ rest_username }}" + extra_vars: + rest_password: !unsafe "{{ rest_password }}" + rest_username: !unsafe "{{ rest_username }}" +... diff --git a/tests/configs/upgrade_configs/aap_24/credentials.yaml b/tests/configs/upgrade_configs/aap_24/credentials.yaml new file mode 100644 index 000000000..ae25e0758 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/credentials.yaml @@ -0,0 +1,227 @@ +--- +controller_credentials: + - name: "AWX-Machine Credential" + description: "" + credential_type: "Machine" + organization: "AWX-ORG" + inputs: + username: admin + - name: "CONTROLLER-Machine Credential" + description: "" + credential_type: "Machine" + organization: "CONTROLLER-ORG" + inputs: + username: admin + - name: "CONTROLLER-Git-Credential" + description: "" + credential_type: "Source Control" + organization: "CONTROLLER-ORG" + inputs: + username: awx-git-cred-temp + - name: "Demo Credential" + description: "" + credential_type: "Machine" + organization: "Default" + inputs: + username: root + become_method: "" + become_username: "" + - name: "IBE_LINUX_IPU_RHEL6" + description: "Credential to connect to the servers to be upgraded" + credential_type: "Machine" + organization: "Default" + inputs: + username: + - name: "IBE_LINUX_IPU_RHEL6_VAULT" + description: "Vault password to use to decrypt the vaulted variables" + credential_type: "Vault" + organization: "Default" + - name: "IBE_LINUX_IPU_RHEL6_GIT_CONNECTION" + description: "Git credential to clone the git repositories" + credential_type: "Source Control" + organization: "Default" + inputs: + username: + - name: "cyberark" + description: "CyberArk Lookup Credential" + credential_type: "CyberArk Central Credential Provider Lookup" + organization: "Default" + inputs: + url: https://cyberark.example.com + - name: "gitlab-team" + description: "" + credential_type: "Source Control" + organization: "Default" + inputs: + username: username + - name: "Ansible Galaxy" + description: "" + credential_type: "Ansible Galaxy/Automation Hub API Token" + organization: "Default" + inputs: + url: https://galaxy.ansible.com/ + - name: "Default Execution Environment Registry Credential" + description: "" + credential_type: "Container Registry" + organization: "Default" + inputs: + host: registry.redhat.io + username: iaragone@redhat.com + verify_ssl: true + - name: "Machine" + description: "" + credential_type: "Machine" + organization: "Default" + inputs: + username: pgoku + become_method: "" + become_username: "" + - name: "git-creds" + description: "" + credential_type: "Source Control" + organization: "Default" + inputs: + username: root + - name: "dummy" + description: "" + credential_type: "Machine" + organization: "Dummy" + inputs: + username: dummy + - name: "dummy_2" + description: "" + credential_type: "Machine" + organization: "Dummy" + inputs: + username: dummy_2 + - name: "dummy_custom" + description: "" + credential_type: "dummy" + organization: "Dummy" + inputs: + rest_username: dummy + - name: "osbuild_pgoku_credential" + description: "" + credential_type: "Machine" + organization: "edge" + inputs: + username: pgoku + become_method: "" + become_username: "" + - name: "Recursive Workflows Credential" + description: "" + credential_type: "Machine" + organization: "Recursive Workflows" + inputs: + username: admin + - name: "Automation Hub Container Registry" + description: "" + credential_type: "Container Registry" + organization: "Recursive Workflows" + inputs: + host: aap-all-in-one.iam.lab + username: admin + verify_ssl: true + - name: "AAP Self Connection" + description: "" + credential_type: "Red Hat Ansible Automation Platform" + organization: "Recursive Workflows" + inputs: + host: https://aapstdalone.bcnconsulting.com/ + username: admin + verify_ssl: false + - name: "AD1 Credential" + description: "" + credential_type: "Machine" + organization: "Recursive Workflows" + inputs: + username: admin + - name: "AD2 Credential" + description: "" + credential_type: "Machine" + organization: "Recursive Workflows" + inputs: + username: admin + - name: "Default Execution Environment Registry Credential" + description: "" + credential_type: "Container Registry" + organization: "Recursive Workflows" + inputs: + host: registry.redhat.io + username: iaragone@redhat.com + verify_ssl: true + - name: "Ansible Galaxy Recursive Workflows" + description: "" + credential_type: "Ansible Galaxy/Automation Hub API Token" + organization: "Recursive Workflows" + inputs: + url: https://galaxy.ansible.com/ + - name: "gitlab-user" + description: "" + credential_type: "Source Control" + organization: "Satellite" + inputs: + username: username + - name: "satlab-admin-vault" + description: "satlab-admin-vault password aka vault_secret" + credential_type: "Vault" + organization: "Satellite" + - name: "gitlab-personal-access-token for satqe_auto_droid" + description: "General purpose token that can be used by anyone for satlab-admin(or other private) repo clone" + credential_type: "Source Control" + organization: "Satellite" + inputs: + username: gitlab + - name: "machine-creds-with-jenkins-pvt-key" + description: "This credential can be used with any vm that contains jenkins_public key in authorized keys" + credential_type: "Machine" + organization: "Satellite" + inputs: + username: root + - name: "admin@internal-RHVM-01" + description: "infra-rhvm-01 creds for inventory sources." + credential_type: "Red Hat Virtualization" + organization: "Satellite" + inputs: + host: https://example.com/ovirt-engine/api + username: user + - name: "Satellite Register - pgoku_github" + description: "" + credential_type: "Source Control" + organization: "Satellite Register" + inputs: + username: git + - name: "Satellite Register - pgoku" + description: "" + credential_type: "Machine" + organization: "Satellite Register" + inputs: + username: pgoku + become_method: sudo + become_username: root + - name: "Satellite Register - Vault" + description: "" + credential_type: "Vault" + organization: "Satellite Register" + inputs: + vault_id: "" + - name: "Satellite" + description: "" + credential_type: "Red Hat Satellite 6" + organization: "Workflows Demo" + inputs: + host: https://satellite.bcnconsulting.com/ + username: admin + - name: "Vault" + description: "" + credential_type: "Vault" + organization: "Workflows Demo" + inputs: + vault_id: "" + - name: "Ansible Galaxy Workflows Demo" + description: "" + credential_type: "Ansible Galaxy/Automation Hub API Token" + organization: "Workflows Demo" + inputs: + url: https://galaxy.ansible.com/ +... diff --git a/tests/configs/upgrade_configs/aap_24/current_settings.yaml b/tests/configs/upgrade_configs/aap_24/current_settings.yaml new file mode 100644 index 000000000..87882f41c --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/current_settings.yaml @@ -0,0 +1,163 @@ +--- +controller_settings: + - settings: + ACTIVITY_STREAM_ENABLED: "true" + ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC: "false" + ORG_ADMINS_CAN_SEE_ALL_USERS: "true" + MANAGE_ORGANIZATION_AUTH: "true" + TOWER_URL_BASE: https://aap24.iam.lab + REMOTE_HOST_HEADERS: + - REMOTE_ADDR + - REMOTE_HOST + PROXY_IP_ALLOWED_LIST: [] + CSRF_TRUSTED_ORIGINS: [] + LICENSE: + sku: MCT3694 + usage: "" + pool_id: 8a85f99a7db4827d017dc513038200b2 + satellite: + valid_key: true + license_date: 1798779599 + license_type: enterprise + product_name: Red Hat Ansible Automation Platform + support_level: Premium + account_number: "1460290" + instance_count: 500 + subscription_id: "10479498" + subscription_name: Red Hat Ansible Automation Platform, Premium (500 Managed Nodes) + REDHAT_USERNAME: iaragone@redhat.com + SUBSCRIPTIONS_USERNAME: iaragone@redhat.com + SUBSCRIPTIONS_PASSWORD: "" + INSTALL_UUID: f22006d8-8ea9-4233-b302-b86dcb35c973 + AWX_TASK_ENV: + GIT_SSL_NO_VERIFY: "true" + INSIGHTS_TRACKING_STATE: "false" + AUTOMATION_ANALYTICS_LAST_GATHER: "2023-07-19T05:26:34.899664Z" + AUTOMATION_ANALYTICS_LAST_ENTRIES: "" + AUTOMATION_ANALYTICS_GATHER_INTERVAL: "14400" + UI_NEXT: "false" + CLEANUP_HOST_METRICS_LAST_TS: "2025-05-14T14:33:14.770234Z" + HOST_METRIC_SUMMARY_TASK_LAST_TS: "2025-06-04T17:31:08.232552Z" + PENDO_TRACKING_STATE: "off" + AUTH_LDAP_SERVER_URI: ldap://34.175.181.254:389 + AUTH_LDAP_BIND_DN: uid=admin,cn=users,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + AUTH_LDAP_BIND_PASSWORD: redhat00 + AUTH_LDAP_START_TLS: "false" + AUTH_LDAP_USER_SEARCH: + - cn=users,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + - SCOPE_SUBTREE + - (cn=%(user)s) + AUTH_LDAP_USER_DN_TEMPLATE: uid=%(user)s,cn=users,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + AUTH_LDAP_USER_ATTR_MAP: + email: mail + last_name: sn + first_name: givenName + AUTH_LDAP_GROUP_SEARCH: + - cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + - SCOPE_SUBTREE + - (objectClass=groupofnames) + AUTH_LDAP_GROUP_TYPE: MemberDNGroupType + AUTH_LDAP_GROUP_TYPE_PARAMS: + name_attr: cn + member_attr: member + AUTH_LDAP_REQUIRE_GROUP: + AUTH_LDAP_DENY_GROUP: + AUTH_LDAP_USER_FLAGS_BY_GROUP: + is_superuser: + - cn=clusteradmins,cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + AUTH_LDAP_ORGANIZATION_MAP: + Organization1: + admins: cn=organization1admins,cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + remove_admins: true + users: cn=organization1,cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + remove_users: true + Organization2: + admins: cn=organization2admins,cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + remove_admins: true + users: cn=organization2,cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + remove_users: true + AUTH_LDAP_TEAM_MAP: + Team1: + organization: Default + users: cn=team1,cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + remove: true + Team2: + organization: Default + users: cn=team2,cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + remove: true + SAML_AUTO_CREATE_OBJECTS: "true" + SOCIAL_AUTH_SAML_CALLBACK_URL: https://aap24.iam.lab/sso/complete/saml/ + SOCIAL_AUTH_SAML_METADATA_URL: https://aap24.iam.lab/sso/metadata/saml/ + SOCIAL_AUTH_SAML_SP_ENTITY_ID: https://aap24.iam.lab + SOCIAL_AUTH_SAML_SP_PUBLIC_CERT: '-----BEGIN CERTIFICATE----- MIICuTCCAaECBgGXRCJWBTANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVodHRwczovL2FhcDI1LmlhbS5sYWIwHhcNMjUwNjA2MDcyNDUwWhcNMzUwNjA2MDcyNjMwWjAgMR4wHAYDVQQDDBVodHRwczovL2FhcDI1LmlhbS5sYWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMHrQ3jOPsLOG9VBPb3AW84yH+gl+KqIEJwrs1JHGVdasP3+HhABVCjl4IGo7FEuDyERycM4CfdBbhAjL7Yzw1Wt4u9UD8ZhEiGWcn76Zk8QrodKRVTOqUd6hnI1pBrgKoRbQKspaBhCSK7QUv22MQoZozragis9sthzg5tRZZow+twH8hOUrgPGaNUoDZ0On2hYZDMztsIJ5Bswvdfq/yvzMtuBbmzMZU8Gi+C5WLDj78d1rxX/xbO7TR+Wo7s9gDy01IlgQVH40KEFD+W/O2BU28aDLRVx1RVb7IsW7av6sHGxqXp8O465tqr35Kly3n4RwgKtJAYCGyjQWVBUkRAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFrmWowYbcwAb/Wa63kWPolpglkiN129T3CEepOy3wf0Bz4JLAveFaQQUYQWaUA0GVHEY1dXFGf7Z3aXcVT2jqpvp8+qc84ihIWL9UUMGTQk9qgJkDT2/RL/87kT+qhdS7ORDAmYRkqwwZ7LEy9JmLexTrSjqCDKXeabR08PRBcxr7g9cJNlk5TLX6yvYrKP3r2hvPqaa3JwMpIiHbtlrszvD+Xrjn35I2mEir0EvNdYru/42ZONBMhVHgwpRontVf6pM7U6JWC69kUC80b3AkKgDcjG1PqjwOombgRq4rywQXUEVJGBZAsjQYieRwqw3hQR5jy8xUEgRcSRxRvigM0= -----END CERTIFICATE-----' + SOCIAL_AUTH_SAML_SP_PRIVATE_KEY: | + -----BEGIN PRIVATE KEY----- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + -----END PRIVATE KEY----- + SOCIAL_AUTH_SAML_ORG_INFO: + en-US: + url: https://aapsso.iam.lab:8443 + name: RHSSO + displayname: RHSSO + SOCIAL_AUTH_SAML_TECHNICAL_CONTACT: + givenName: Arnold Schwarzenegger + emailAddress: arnold.schwarzenegger@example.net + SOCIAL_AUTH_SAML_SUPPORT_CONTACT: + givenName: Arnold Schwarzenegger + emailAddress: arnold.schwarzenegger@example.net + SOCIAL_AUTH_SAML_ENABLED_IDPS: + RHSSO: + url: https://aapsso.iam.lab:8443/auth/realms/aap/protocol/saml + x509cert: MIIDtzCCAp+gAwIBAgIUC1kApqTujxI1TZMSbwihEG1SbEUwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCRVMxFDASBgNVBAgMC0Nhc3RlbGzDg8KzMQ0wCwYDVQQHDARPbmRhMRAwDgYDVQQKDAdpYW0ubGFiMQwwCgYDVQQLDANsYWIxFzAVBgNVBAMMDmFhcHNzby5pYW0ubGFiMB4XDTI1MDYwNjA3MDEzNVoXDTM1MDYwNDA3MDEzNVowazELMAkGA1UEBhMCRVMxFDASBgNVBAgMC0Nhc3RlbGzDg8KzMQ0wCwYDVQQHDARPbmRhMRAwDgYDVQQKDAdpYW0ubGFiMQwwCgYDVQQLDANsYWIxFzAVBgNVBAMMDmFhcHNzby5pYW0ubGFiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3N279zWZ4F5NqMcyfci8JFrKUHrw7LQI6Gf9OE5rq59grLggFl0nUd7oBEX9+v7alge0k3zQrtq4XgYtpbL3JeejOfXFUyDiNiL7iDKyYJ6XlTwsEccSbrCCorEsnyJ9JVcon26sKLvR1BHmFL3XgoRunJehflOPoPOuUoaIn4/5mIYa8VZ0/vG5oyDEYjW7EuzeBBl/j9XF3wfgDTBtWyBO7MxhvVQdYItL+0lrRQqM5+lbr1sMkBHbg0tPzdMZJHZOZ8NDPFdwZ50wOFeN+RUl6I1EehOmbhd+pfLjZQE21DNW8NSZKSK3hT99M86y6t/qfA5VlNzshy3RLafR9QIDAQABo1MwUTAdBgNVHQ4EFgQUb2Pa/ydOsOYcFfUc6pL76Haf09IwHwYDVR0jBBgwFoAUb2Pa/ydOsOYcFfUc6pL76Haf09IwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxT9JRVzRRHJszR+6C/EbcYfr/rohmRa7r52fr8s4s5VaV0rI1Jah9Xb9z+xDeE7EtUg4ccB9mXoBhgd162XK+gn3wEjOIV8yAcQLfePda8p7CJW4tKvmNGZxyyJDAQmDbrY9IVn480tjNSDmxtt5gVnOJtqyqzC5IBmCa0U3PURi+0B79mjITuTrOGDa3HnbfIMqG+EHAxoEn48HCRAiRjiwdCoisT2PMm1VZtJZzMuUh+KhQRFCJBPB8VocFt1hsOQN1ywvLowOOW4i7uop3TLRE8V7QE74P/7Nld9yJ4N6GnJTgvM/fyJ7HMeX5VUAZphztC31ncXvpK+p137sFA== + entity_id: https://aapsso.iam.lab:8443/auth/realms/aap + attr_email: email + attr_groups: groups + attr_username: username + attr_last_name: last_name + attr_first_name: first_name + attr_user_permanent_id: name_id + SOCIAL_AUTH_SAML_SECURITY_CONFIG: + wantMessagesSigned: true + authnRequestsSigned: true + wantAssertionsSigned: true + requestedAuthnContext: false + SOCIAL_AUTH_SAML_SP_EXTRA: + sign_request: true + requestedAuthnContext: false + SOCIAL_AUTH_SAML_EXTRA_DATA: "null" + SOCIAL_AUTH_SAML_ORGANIZATION_MAP: + Dummy: + users: false + admins: true + Default: + users: + - arnold.schwarzenegger@example.net + Systems Engineering: + users: true + admins: + - arnold.schwarzenegger@example.net + remove_users: false + remove_admins: false + SOCIAL_AUTH_SAML_TEAM_MAP: + Dummy: + users: false + organization: Dummy + Default: + users: + - arnold.schwarzenegger@example.net + organization: Default + Systems Engineering: + users: + - /^[^@]+?@example\.net$/ + remove: true + organization: Systems Engineering + SOCIAL_AUTH_SAML_ORGANIZATION_ATTR: {} + SOCIAL_AUTH_SAML_TEAM_ATTR: {} + SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR: + is_superuser_attr: member + is_superuser_value: + - /AAPAdmins + is_system_auditor_attr: member + is_system_auditor_value: + - /AAPAuditors +... diff --git a/tests/configs/upgrade_configs/aap_24/execution_environments.yaml b/tests/configs/upgrade_configs/aap_24/execution_environments.yaml new file mode 100644 index 000000000..4989ae489 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/execution_environments.yaml @@ -0,0 +1,23 @@ +--- +controller_execution_environments: + - name: "Minimal execution environment" + description: "" + image: "registry.redhat.io/ansible-automation-platform-24/ee-minimal-rhel8:latest" + pull: "missing" + - name: "Default execution environment" + description: "" + image: "registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel8:latest" + pull: "missing" + - name: "Automation Hub Minimal execution environment" + description: "" + image: "aap-all-in-one.iam.lab/ee-minimal-rhel8:latest" + pull: "missing" + - name: "Automation Hub Default execution environment" + description: "" + image: "aap-all-in-one.iam.lab/ee-supported-rhel8:latest" + pull: "missing" + - name: "My EE" + description: "" + image: "quay.io/ansible/awx-ee" + pull: "always" +... diff --git a/tests/configs/upgrade_configs/aap_24/groups.yaml b/tests/configs/upgrade_configs/aap_24/groups.yaml new file mode 100644 index 000000000..966846ed7 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/groups.yaml @@ -0,0 +1,18 @@ +--- +controller_groups: + - name: "dummy_group" + description: "" + inventory: "Inventory_Dummy_1" + hosts: + - dummy + - name: "dummy_group" + description: "" + inventory: "Inventory_Dummy_2" + hosts: + - dummy + - name: "dummy_group" + description: "" + inventory: "Inventory_Dummy_3" + hosts: + - dummy +... diff --git a/tests/configs/upgrade_configs/aap_24/hosts.yaml b/tests/configs/upgrade_configs/aap_24/hosts.yaml new file mode 100644 index 000000000..7bdc09493 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/hosts.yaml @@ -0,0 +1,66 @@ +--- +controller_hosts: + - name: "localhost" + description: "" + inventory: "Demo Inventory" + variables: + ansible_connection: local + ansible_python_interpreter: !unsafe "{{ ansible_playbook_python }}" + - name: "localhost2" + description: "" + inventory: "Demo Inventory" + variables: + ansible_connection: local + ansible_python_interpreter: !unsafe "{{ ansible_playbook_python }}" + - name: "localhost3" + description: "" + inventory: "Demo Inventory" + variables: + ansible_connection: local + ansible_python_interpreter: !unsafe "{{ ansible_playbook_python }}" + - name: "localhost" + description: "" + inventory: "Demo Inventory" + variables: + ansible_connection: local + ansible_python_interpreter: !unsafe "{{ ansible_playbook_python }}" + - name: "localhost2" + description: "" + inventory: "Demo Inventory" + variables: + ansible_connection: local + ansible_python_interpreter: !unsafe "{{ ansible_playbook_python }}" + - name: "localhost3" + description: "" + inventory: "Demo Inventory" + variables: + ansible_connection: local + ansible_python_interpreter: !unsafe "{{ ansible_playbook_python }}" + - name: "dummy" + description: "" + inventory: "Inventory_Dummy_1" + variables: + ansible_host: 127.0.0.1 + - name: "dummy" + description: "" + inventory: "Inventory_Dummy_2" + variables: + ansible_host: 127.0.0.1 + - name: "dummy" + description: "" + inventory: "Inventory_Dummy_3" + variables: + ansible_host: 127.0.0.1 + - name: "localhost" + description: "" + inventory: "Recursive Workflows Inventory" + variables: + ansible_connection: local + ansible_python_interpreter: !unsafe "{{ ansible_playbook_python }}" + - name: "localhost" + description: "" + inventory: "localhost" + variables: + ansible_connection: local + some_var: some_val +... diff --git a/tests/configs/upgrade_configs/aap_24/inventories.yaml b/tests/configs/upgrade_configs/aap_24/inventories.yaml new file mode 100644 index 000000000..c2a18b3a3 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/inventories.yaml @@ -0,0 +1,52 @@ +--- +controller_inventories: + - name: "Demo Inventory" + description: "" + organization: "Default" + host_filter: "" + prevent_instance_group_fallback: false + - name: "test_smart" + description: "" + organization: "Default" + host_filter: name__icontains=local + kind: "smart" + prevent_instance_group_fallback: false + - name: "Inventory_Dummy_1" + description: "" + organization: "Dummy" + host_filter: "" + prevent_instance_group_fallback: false + - name: "Inventory_Dummy_2" + description: "" + organization: "Dummy" + host_filter: "" + prevent_instance_group_fallback: false + - name: "Inventory_Dummy_3" + description: "" + organization: "Dummy" + host_filter: "" + prevent_instance_group_fallback: false + - name: "Recursive Workflows Inventory" + description: "" + organization: "Recursive Workflows" + host_filter: "" + prevent_instance_group_fallback: false + - name: "localhost" + description: "inventory for localhost" + organization: "Satellite" + host_filter: "" + prevent_instance_group_fallback: false + - name: "RHVM-02" + description: "created by Ansible Playbook - for RHVM-02" + organization: "Satellite" + host_filter: "" + prevent_instance_group_fallback: true + - name: "RHVM-01" + description: "created by Ansible Playbook - for RHVM-01" + organization: "Satellite" + host_filter: "" + prevent_instance_group_fallback: false + variables: + remote_subnet: !unsafe "{% if site == 'SITE-2' %}10.100.{% else %}10.200.{% endif%}" + site_subnet: !unsafe "{% if site == 'SITE-2' %}10.200.{% else %}10.100.{% endif%}" +... diff --git a/tests/configs/upgrade_configs/aap_24/inventory_sources.yaml b/tests/configs/upgrade_configs/aap_24/inventory_sources.yaml new file mode 100644 index 000000000..f31da2bf1 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/inventory_sources.yaml @@ -0,0 +1,14 @@ +--- +controller_inventory_sources: + - name: "RHVM-01" + description: "" + organization: "Satellite" + source: "scm" + limit: "" + source_project: "Test Inventory source project" + source_path: "phillips_hue/hosts" + inventory: "RHVM-01" + update_on_launch: "true" + overwrite: "true" + credential: "admin@internal-RHVM-01" +... diff --git a/tests/configs/upgrade_configs/aap_24/labels.yaml b/tests/configs/upgrade_configs/aap_24/labels.yaml new file mode 100644 index 000000000..49647e206 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/labels.yaml @@ -0,0 +1,19 @@ +--- +controller_labels: + - name: "test" + organization: "Default" + - name: "Prod" + organization: "Default" + - name: "differential" + organization: "Default" + - name: "differential2" + organization: "Default" + - name: "dummy_1" + organization: "Dummy" + - name: "dummy_2" + organization: "Dummy" + - name: "dummy_3" + organization: "Dummy" + - name: "Dev" + organization: "Satellite" +... diff --git a/tests/configs/upgrade_configs/aap_24/notifications.yaml b/tests/configs/upgrade_configs/aap_24/notifications.yaml new file mode 100644 index 000000000..a521bf58e --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/notifications.yaml @@ -0,0 +1,98 @@ +--- +controller_notifications: + - name: "Email notification" + organization: "Default" + notification_type: "email" + notification_configuration: + host: "smtp.example.com" + port: 25 + sender: "tower0@example.com" + timeout: 30 + use_ssl: false + use_tls: false + password: "" + username: "" + recipients: ["admin@example.com"] + messages: + error: + started: + success: + workflow_approval: + - name: "Email notification differential" + organization: "Default" + notification_type: "email" + notification_configuration: + host: "smtp.example.com" + port: 25 + sender: "tower0@example.com" + timeout: 30 + use_ssl: false + use_tls: false + password: "" + username: "" + recipients: ["admin@example.com"] + messages: + error: + started: + success: + workflow_approval: + - name: "dummy_notification" + organization: "Dummy" + notification_type: "email" + notification_configuration: + host: "email.dummy.com" + port: 25 + sender: "sender@dummy.com" + timeout: 30 + use_ssl: false + use_tls: false + password: "" + username: "" + error_body: !unsafe "{{ job_friendly_name }} #{{ job.id }} had status {{ job.status }}, view details at {{ url }}\n\n{{ job_metadata }}" + recipients: ["receiver@dummy.com"] + denied_body: !unsafe "The approval node \"{{ approval_node_name }}\" was denied. {{ workflow_url }}\n\n{{ job_metadata }}" + running_body: !unsafe "The approval node \"{{ approval_node_name }}\" needs review. This approval node can be viewed at: {{ workflow_url }}\n\n{{ job_metadata + }}" + started_body: !unsafe "{{ job_friendly_name }} #{{ job.id }} had status {{ job.status }}, view details at {{ url }}\n\n{{ job_metadata }}" + success_body: !unsafe "{{ job_friendly_name }} #{{ job.id }} had status {{ job.status }}, view details at {{ url }}\n\n{{ job_metadata }}" + approved_body: !unsafe "The approval node \"{{ approval_node_name }}\" was approved. {{ workflow_url }}\n\n{{ job_metadata }}" + timed_out_body: !unsafe "The approval node \"{{ approval_node_name }}\" has timed out. {{ workflow_url }}\n\n{{ job_metadata }}" + messages: + error: + body: + message: + started: + body: + message: + success: + body: + message: + workflow_approval: + denied: + body: + message: + running: + body: + message: + approved: + body: + message: + timed_out: + body: + message: + - name: "irc-satqe-chat-notification" + organization: "Satellite" + notification_type: "irc" + notification_configuration: + port: 6667 + server: "irc.freenode.com" + targets: ["#my-channel"] + use_ssl: false + use_tls: false + nickname: "Ansible-Tower-Stage-Bot-01" + password: "" + messages: + success: + body: !unsafe '{"fields": {"project": {"id": "11111"},"summary": "Lab {{ job.status }} Ansible Tower {{ job.name }}","description": !unsafe "{{ job.status + }} in {{ job.name }} {{ job.id }} {{url}}","issuetype": {"id": "1"}}}' +... diff --git a/tests/configs/upgrade_configs/aap_24/organizations.yaml b/tests/configs/upgrade_configs/aap_24/organizations.yaml new file mode 100644 index 000000000..f7f2462c2 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/organizations.yaml @@ -0,0 +1,33 @@ +--- +controller_organizations: + - name: "Default" + description: "The default organization for Ansible Automation Platform" + - name: "Dummy" + description: "" + - name: "tests/orgname" + description: "" + - name: "Test-dispatch-dependencies" + description: "" + notification_templates_approvals: + - "Email notification" + - name: "Satellite" + description: "" + - name: "Recursive Workflows" + description: "Organization to show how to create and use a Workflow tha is calling another workflows" + - name: "Network - Router/Switch" + description: "" + - name: "test" + description: "" + - name: "edge" + description: "" + - name: "Workflows Demo" + description: "Contains demos of how different workflows can interact eachother" + - name: "Satellite Register" + description: "Contains demos of how different workflows can interact eachother" + - name: "CONTROLLER-ORG" + description: "Organization in CONTROLLER" + - name: "AWX-ORG" + description: "Organization in AWX" + - name: "Systems Engineering" + description: "" +... diff --git a/tests/configs/upgrade_configs/aap_24/projects.yaml b/tests/configs/upgrade_configs/aap_24/projects.yaml new file mode 100644 index 000000000..80a006898 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/projects.yaml @@ -0,0 +1,201 @@ +--- +controller_projects: + - name: "Demo Project" + description: "" + organization: "Default" + scm_type: "git" + scm_url: "https://github.com/ansible/ansible-tower-samples" + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: "Test Inventory source project" + description: "ansible-examples" + organization: "Default" + scm_type: "git" + scm_url: "https://github.com/ansible/ansible-examples.git" + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: "Test Inventory source project with credential" + description: "ansible-examples" + organization: "Default" + scm_type: "git" + scm_url: "https://github.com/ansible/ansible-examples.git" + scm_credential: "gitlab-personal-access-token for satqe_auto_droid" + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: "Test Project 2" + description: "Test Project 2" + organization: "Default" + scm_type: "git" + scm_url: "https://github.com/ansible/tower-example.git" + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: "Test Project" + description: "Test Project 1" + organization: "Default" + scm_type: "git" + scm_url: "https://github.com/ansible/tower-example.git" + scm_branch: "master" + scm_clean: "true" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: "Project_Dummy_1" + description: "" + organization: "Dummy" + scm_type: "git" + scm_url: "https://github.com/automationiberia/dummy-playbooks.git" + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: "Project_Dummy_2" + description: "" + organization: "Dummy" + scm_type: "git" + scm_url: "https://github.com/automationiberia/dummy-playbooks.git" + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: "Project_Dummy_3" + description: "" + organization: "Dummy" + scm_type: "git" + scm_url: "https://github.com/automationiberia/dummy-playbooks.git" + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: "Demo Project @ 08:33:46 @ 09:05:48" + description: "" + organization: "Network - Router/Switch" + scm_type: "git" + scm_url: "https://github.com/ansible/ansible-tower-samples" + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: "Controller CasC Examples Project" + description: "" + organization: "Recursive Workflows" + scm_type: "git" + scm_url: "https://github.com/automationiberia/controller-casc-examples.git" + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: "Recursive Workflows Project" + description: "" + organization: "Recursive Workflows" + scm_type: "git" + scm_url: "https://github.com/ansible/ansible-tower-samples" + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: "Test Inventory source project with credential" + description: "ansible-examples" + organization: "Satellite" + scm_type: "git" + scm_url: "https://github.com/ansible/ansible-examples.git" + scm_credential: "gitlab-personal-access-token for satqe_auto_droid" + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: "Test Inventory source project" + description: "ansible-examples" + organization: "Satellite" + scm_type: "git" + scm_url: "https://github.com/ansible/ansible-examples.git" + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: "Demo Project @ 08:33:46" + description: "" + organization: "tests/orgname" + scm_type: "git" + scm_url: "https://github.com/ansible/ansible-tower-samples" + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" +... diff --git a/tests/configs/upgrade_configs/aap_24/roles.yaml b/tests/configs/upgrade_configs/aap_24/roles.yaml new file mode 100644 index 000000000..7ad241424 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/roles.yaml @@ -0,0 +1,23 @@ +--- +controller_roles: + - team: "dummy" + credentials: + - "dummy" + role: "admin" + - team: "dummy" + organizations: + - "Default" + role: "execute" + - team: "team_test_1" + projects: + - "Demo Project" + role: "admin" + - user: "dummy" + organizations: + - "Dummy" + role: "member" + - user: "dummy" + target_teams: + - "dummy" + role: "member" +... diff --git a/tests/configs/upgrade_configs/aap_24/schedules.yaml b/tests/configs/upgrade_configs/aap_24/schedules.yaml new file mode 100644 index 000000000..8cf6e4f71 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/schedules.yaml @@ -0,0 +1,137 @@ +--- +controller_schedules: + - name: "Cleanup Job Schedule" + description: "Automatically Generated Schedule" + enabled: true + unified_job_template: "Cleanup Job Details" + dtstart: "2024-10-20T07:05:18Z" + dtend: "" + timezone: "UTC" + rrule: "DTSTART:20241015T070518Z RRULE:FREQ=WEEKLY;INTERVAL=1;BYDAY=SU" + extra_data: + days: "120" + scm_branch: "" + forks: 0 + job_slice_count: 0 + timeout: 0 + job_type: "" + job_tags: "" + skip_tags: "" + limit: "" + verbosity: 0 + - name: "Cleanup Activity Schedule" + description: "Automatically Generated Schedule" + enabled: true + unified_job_template: "Cleanup Activity Stream" + dtstart: "2024-10-15T07:05:18Z" + dtend: "" + timezone: "UTC" + rrule: "DTSTART:20241015T070518Z RRULE:FREQ=WEEKLY;INTERVAL=1;BYDAY=TU" + extra_data: + days: "355" + scm_branch: "" + forks: 0 + job_slice_count: 0 + timeout: 0 + job_type: "" + job_tags: "" + skip_tags: "" + limit: "" + verbosity: 0 + - name: "Cleanup Expired Sessions" + description: "Cleans out expired browser sessions" + enabled: true + unified_job_template: "Cleanup Expired Sessions" + dtstart: "2024-10-15T07:05:55Z" + dtend: "" + timezone: "UTC" + rrule: "DTSTART:20241015T070555Z RRULE:FREQ=WEEKLY;INTERVAL=1" + scm_branch: "" + forks: 0 + job_slice_count: 0 + timeout: 0 + job_type: "" + job_tags: "" + skip_tags: "" + limit: "" + verbosity: 0 + - name: "Cleanup Expired OAuth 2 Tokens" + description: "Removes expired OAuth 2 access and refresh tokens" + enabled: true + unified_job_template: "Cleanup Expired OAuth 2 Tokens" + dtstart: "2024-10-15T07:05:55Z" + dtend: "" + timezone: "UTC" + rrule: "DTSTART:20241015T070555Z RRULE:FREQ=WEEKLY;INTERVAL=1" + scm_branch: "" + forks: 0 + job_slice_count: 0 + timeout: 0 + job_type: "" + job_tags: "" + skip_tags: "" + limit: "" + verbosity: 0 + - name: "dummy" + description: "" + enabled: true + unified_job_template: "Job_Template_Dummy_1" + inventory: "Inventory_Dummy_1" + dtstart: "2023-07-17T22:00:00Z" + dtend: "2023-07-17T23:30:00Z" + timezone: "Europe/Berlin" + rrule: "DTSTART;TZID=Europe/Berlin:20230718T000000 RRULE:FREQ=MINUTELY;INTERVAL=10;COUNT=10" + scm_branch: "" + forks: 0 + job_slice_count: 0 + timeout: 0 + job_type: "" + job_tags: "" + skip_tags: "" + limit: "" + verbosity: 0 + - name: "Demo Schedule" + description: "A demonstration" + enabled: true + unified_job_template: "test-template-1" + inventory: "RHVM-01" + dtstart: "2019-12-19T13:05:51Z" + dtend: "2019-12-19T13:05:51Z" + timezone: "UTC" + rrule: "DTSTART:20191219T130551Z RRULE:FREQ=DAILY;INTERVAL=1;COUNT=1" + scm_branch: "" + forks: 0 + job_slice_count: 1 + timeout: 0 + job_type: "" + job_tags: "" + skip_tags: "" + limit: "" + diff_mode: false + verbosity: 0 + - name: "Demo Schedule 2" + description: "Another demonstration" + enabled: true + unified_job_template: "Demo Job Template 2" + inventory: "localhost" + instance_groups: + - "default" + dtstart: "2025-05-07T00:00:00Z" + dtend: "" + timezone: "UTC" + rrule: "DTSTART:20200101T000000Z RRULE:FREQ=HOURLY;INTERVAL=3" + execution_environment: "My EE" + scm_branch: "" + forks: 2 + job_slice_count: 1 + labels: + - "differential" + - "differential2" + timeout: 165 + job_type: "" + job_tags: "" + skip_tags: "" + limit: "all" + diff_mode: false + verbosity: 0 +... diff --git a/tests/configs/upgrade_configs/aap_24/team_roles.yaml b/tests/configs/upgrade_configs/aap_24/team_roles.yaml new file mode 100644 index 000000000..975b84e2b --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/team_roles.yaml @@ -0,0 +1,15 @@ +--- +controller_roles: + - team: "dummy" + credentials: + - "dummy" + role: "admin" + - team: "dummy" + organizations: + - "Default" + role: "execute" + - team: "team_test_1" + projects: + - "Demo Project" + role: "admin" +... diff --git a/tests/configs/upgrade_configs/aap_24/teams.yaml b/tests/configs/upgrade_configs/aap_24/teams.yaml new file mode 100644 index 000000000..3d8dd7b6b --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/teams.yaml @@ -0,0 +1,24 @@ +--- +controller_teams: + - name: "awx-team" + description: "" + organization: "AWX-ORG" + - name: "controller-team" + description: "" + organization: "CONTROLLER-ORG" + - name: "differential-1" + description: "" + organization: "Default" + - name: "differential-2" + description: "" + organization: "Default" + - name: "dummy" + description: "" + organization: "Dummy" + - name: "Systems Engineering" + description: "" + organization: "Systems Engineering" + - name: "team_test_1" + description: "" + organization: "test" +... diff --git a/tests/configs/upgrade_configs/aap_24/templates.yaml b/tests/configs/upgrade_configs/aap_24/templates.yaml new file mode 100644 index 000000000..0c907f883 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/templates.yaml @@ -0,0 +1,565 @@ +--- +controller_templates: + - name: "Demo Job Template" + description: "" + organization: "Default" + project: "Demo Project" + inventory: "Demo Inventory" + playbook: "hello_world.yml" + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: "run" + job_slice_count: 3 + use_fact_cache: false + credentials: + - "Demo Credential" + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + extra_vars: + my_extra_var: + - this + - is + - a + - list + my_extra_complex_var: !unsafe "{{ my_extra_var[0] }}" + my_extra_ultra_complex_var: !unsafe "{% if my_extra_var | length > 3 %}LARGE{% else %}SMALL" + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + execution_environment: "My EE" + host_config_key: "" + survey_enabled: true + survey_spec: + name: "" + spec: + - max: 1024 + min: 0 + type: multiplechoice + choices: + - a + - b + - c + default: !unsafe "b" + required: true + variable: test_issue39 + new_question: false + question_name: test issue39 + question_description: !unsafe "please copy-paste here the job id. You'll find a \"JOBS / ########\" it in the top-left area of job's page: + the #s are the job id." + - max: 1024 + min: 0 + type: multiselect + choices: + - hola + - mundo + default: !unsafe "hola\nmundo" + required: true + variable: test_multiplechoice + new_question: false + question_name: test multiplechoice + - max: 1024 + min: 0 + type: text + required: true + variable: test_text + new_question: false + question_name: test_text + - max: 1024 + min: 0 + type: password + default: !unsafe "''" + required: true + variable: test_pass + new_question: false + question_name: test_pass + - max: 1024 + min: 0 + type: textarea + default: !unsafe "Hola\nMon" + required: true + variable: test_textarea + new_question: true + question_name: test textarea + - max: 1024 + min: 0 + type: text + default: !unsafe "{{ text_value }}" + required: true + variable: test_vars + new_question: false + question_name: test_vars + - max: 1024 + min: 0 + type: multiselect + choices: + - !unsafe "{{ var_a }}" + - !unsafe "{{ var_b }}" + default: !unsafe "{{ var_a }}\n{{ var_b }}" + required: true + variable: test_multiselect_vars + new_question: true + question_name: test_multiselect_vars + - max: 1024 + min: 0 + type: multiselect + choices: + - !unsafe "{% if var_a == 'a' %} A {% else %} B {% endif %}" + default: !unsafe "{% if var_a == 'a' %} A {% else %} B {% endif %}" + required: true + variable: test_multiselect_vars2 + new_question: true + question_name: test_multiselect_vars2 + description: "" + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: "test-template-1" + description: "created by Ansible Playbook" + organization: "Default" + project: "Test Project" + inventory: "RHVM-01" + playbook: "helloworld.yml" + scm_branch: "" + forks: 0 + limit: "" + verbosity: 2 + job_type: "run" + job_slice_count: 1 + use_fact_cache: false + credentials: + - "admin@internal-RHVM-01" + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: true + ask_labels_on_launch: true + ask_forks_on_launch: true + ask_job_slice_count_on_launch: true + ask_timeout_on_launch: true + ask_instance_groups_on_launch: true + extra_vars: + target_hosts: infra-ansible-tower-01.example.com + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + labels: + - "Prod" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: true + - name: "Demo Job Template 2" + description: "" + organization: "Default" + project: "Test Project" + inventory: "localhost" + playbook: "helloworld.yml" + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: "run" + job_slice_count: 1 + use_fact_cache: false + credentials: + - "Demo Credential" + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: true + ask_limit_on_launch: true + ask_credential_on_launch: false + ask_execution_environment_on_launch: true + ask_labels_on_launch: true + ask_forks_on_launch: true + ask_job_slice_count_on_launch: true + ask_timeout_on_launch: true + ask_instance_groups_on_launch: true + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + execution_environment: "My EE" + host_config_key: "" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: true + - name: "Job_Template_Dummy_2" + description: "" + organization: "Dummy" + project: "Project_Dummy_2" + inventory: "Inventory_Dummy_2" + playbook: "readonly-playbooks.yml" + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: "run" + job_slice_count: 1 + use_fact_cache: false + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + labels: + - "dummy_2" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: "Job_Template_Dummy_3" + description: "" + organization: "Dummy" + project: "Project_Dummy_3" + inventory: "Inventory_Dummy_3" + playbook: "helloworld.yml" + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: "run" + job_slice_count: 1 + use_fact_cache: false + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + labels: + - "dummy_3" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: "Job_Template_Dummy_1" + description: "" + organization: "Dummy" + project: "Project_Dummy_1" + inventory: "Inventory_Dummy_1" + playbook: "helloworld.yml" + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: "run" + job_slice_count: 1 + use_fact_cache: false + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + labels: + - "dummy_1" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: "task3" + description: "" + organization: "Recursive Workflows" + project: "Controller CasC Examples Project" + inventory: "Recursive Workflows Inventory" + playbook: "playbooks/task3.yaml" + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: "run" + job_slice_count: 1 + use_fact_cache: false + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: "task2" + description: "" + organization: "Recursive Workflows" + project: "Controller CasC Examples Project" + inventory: "Recursive Workflows Inventory" + playbook: "playbooks/task2.yaml" + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: "run" + job_slice_count: 1 + use_fact_cache: false + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: "task1" + description: "" + organization: "Recursive Workflows" + project: "Controller CasC Examples Project" + inventory: "Recursive Workflows Inventory" + playbook: "playbooks/task1.yaml" + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: "run" + job_slice_count: 1 + use_fact_cache: false + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: true + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: "Parameterized Job Template" + description: "" + organization: "Recursive Workflows" + project: "Controller CasC Examples Project" + inventory: "Recursive Workflows Inventory" + playbook: "playbooks/simple-playbook.yaml" + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: "run" + job_slice_count: 1 + use_fact_cache: false + credentials: + - "Recursive Workflows Credential" + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: true + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: "Recursive Workflows Job Template" + description: "" + organization: "Recursive Workflows" + project: "Recursive Workflows Project" + inventory: "Recursive Workflows Inventory" + playbook: "hello_world.yml" + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: "run" + job_slice_count: 1 + use_fact_cache: false + credentials: + - "Recursive Workflows Credential" + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false +... diff --git a/tests/configs/upgrade_configs/aap_24/user_accounts.yaml b/tests/configs/upgrade_configs/aap_24/user_accounts.yaml new file mode 100644 index 000000000..78a0fbebc --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/user_accounts.yaml @@ -0,0 +1,75 @@ +--- +controller_user_accounts: + - username: "admin" + password: "redhat00" + email: "admin@example.com" + first_name: "" + last_name: "" + auditor: "false" + superuser: "true" + update_secrets: false + - username: "dummy" + password: "INITIAL" + email: "dummy@dummy.net" + first_name: "" + last_name: "" + auditor: "false" + superuser: "false" + update_secrets: false + - username: "controller_user" + password: "INITIAL" + email: "" + first_name: "" + last_name: "" + auditor: "false" + superuser: "false" + update_secrets: false + - username: "awx-org-user" + password: "INITIAL" + email: "awx-org-user@email.com" + first_name: "AWX" + last_name: "USER" + auditor: "false" + superuser: "false" + update_secrets: false + - username: "controller-org-user" + password: "INITIAL" + email: "controller-org-user@email.com" + first_name: "CONTROLLER" + last_name: "USER" + auditor: "false" + superuser: "false" + update_secrets: false + - username: "test" + password: "INITIAL" + email: "" + first_name: "test" + last_name: "" + auditor: "false" + superuser: "false" + update_secrets: false + - username: "satreguser" + password: "INITIAL" + email: "" + first_name: "Satellite Register User" + last_name: "" + auditor: "false" + superuser: "false" + update_secrets: false + - username: "ocpuser1" + password: "INITIAL" + email: "" + first_name: "" + last_name: "" + auditor: "false" + superuser: "true" + update_secrets: false + - username: "ocpuser2" + password: "INITIAL" + email: "" + first_name: "" + last_name: "" + auditor: "false" + superuser: "false" + update_secrets: false +... diff --git a/tests/configs/upgrade_configs/aap_24/user_roles.yaml b/tests/configs/upgrade_configs/aap_24/user_roles.yaml new file mode 100644 index 000000000..62799916c --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/user_roles.yaml @@ -0,0 +1,11 @@ +--- +controller_roles: + - user: "dummy" + organizations: + - "Dummy" + role: "member" + - user: "dummy" + target_teams: + - "dummy" + role: "member" +... diff --git a/tests/configs/upgrade_configs/aap_24/workflows.yaml b/tests/configs/upgrade_configs/aap_24/workflows.yaml new file mode 100644 index 000000000..54e1eb7ef --- /dev/null +++ b/tests/configs/upgrade_configs/aap_24/workflows.yaml @@ -0,0 +1,404 @@ +--- +controller_workflows: + - name: "Default Workflow" + description: !unsafe "default workflow" + organization: "Default" + simplified_workflow_nodes: + - identifier: "node101" + workflow_job_template: "Default Workflow" + unified_job_template: "Demo Job Template" + organization: "Default" + all_parents_must_converge: false + success_nodes: + - "node201" + - identifier: "node201" + workflow_job_template: "Default Workflow" + unified_job_template: "Demo Job Template" + organization: "Default" + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + survey_spec: + name: "survey" + description: "survey" + spec: + - max: 1024 + min: 0 + type: multiselect + choices: + - a + - b + - c + required: true + variable: test + new_question: true + question_name: !unsafe "test" + - name: "Simple workflow schema no state defined" + description: !unsafe "a basic workflow" + organization: "Default" + simplified_workflow_nodes: + - identifier: "nodensd101" + workflow_job_template: "Simple workflow schema no state defined" + unified_job_template: "test-template-1" + organization: "Default" + all_parents_must_converge: false + success_nodes: + - "nodensd201" + - identifier: "nodensd201" + workflow_job_template: "Simple workflow schema no state defined" + unified_job_template: "test-template-1" + organization: "Default" + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + labels: + - "Prod" + survey_enabled: false + - name: "Simple workflow schema2" + description: !unsafe "a basic workflow" + organization: "Default" + simplified_workflow_nodes: + - identifier: "nodeschema2101" + workflow_job_template: "Simple workflow schema2" + unified_job_template: "test-template-1" + organization: "Default" + all_parents_must_converge: false + success_nodes: + - "nodeschema2201" + - identifier: "nodeschema2201" + workflow_job_template: "Simple workflow schema2" + unified_job_template: "test-template-1" + organization: "Default" + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + labels: + - "Prod" + survey_enabled: false + - name: "Simple workflow schema" + description: !unsafe "a basic workflow" + organization: "Default" + simplified_workflow_nodes: + - identifier: "nodeschema101" + workflow_job_template: "Simple workflow schema" + unified_job_template: "test-template-1" + organization: "Default" + all_parents_must_converge: false + success_nodes: + - "nodeschema201" + - identifier: "nodeschema201" + workflow_job_template: "Simple workflow schema" + unified_job_template: "test-template-1" + organization: "Default" + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + labels: + - "Prod" + survey_enabled: false + - name: "MainWF" + description: !unsafe "" + organization: "Recursive Workflows" + simplified_workflow_nodes: + - identifier: "75044cd8-7938-4024-8e20-b148fb32292f" + workflow_job_template: "MainWF" + unified_job_template: "wf2" + organization: "Recursive Workflows" + all_parents_must_converge: false + - identifier: "c8eb1471-f303-43f1-8107-80caa81709d8" + workflow_job_template: "MainWF" + unified_job_template: "wf1" + organization: "Recursive Workflows" + all_parents_must_converge: false + always_nodes: + - "75044cd8-7938-4024-8e20-b148fb32292f" + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + - name: "wf2" + description: !unsafe "" + organization: "Recursive Workflows" + simplified_workflow_nodes: + - identifier: "6b19966d-958e-4b8d-9e13-06d738775e75" + workflow_job_template: "wf2" + unified_job_template: "task3" + organization: "Recursive Workflows" + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + - name: "wf1" + description: !unsafe "" + organization: "Recursive Workflows" + simplified_workflow_nodes: + - identifier: "6b19966d-958e-4b8d-9e13-06d738775e75" + workflow_job_template: "wf1" + unified_job_template: "task1" + organization: "Recursive Workflows" + all_parents_must_converge: false + always_nodes: + - "7529ff26-5ef6-4c10-84ab-320e0858f88e" + - identifier: "7529ff26-5ef6-4c10-84ab-320e0858f88e" + workflow_job_template: "wf1" + unified_job_template: "task2" + organization: "Recursive Workflows" + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + - name: "ParameterizedWorkflow2" + description: !unsafe "" + organization: "Recursive Workflows" + simplified_workflow_nodes: + - identifier: "ParameterizedWorflow2Node1" + workflow_job_template: "ParameterizedWorkflow2" + unified_job_template: "Parameterized Job Template" + organization: "Recursive Workflows" + all_parents_must_converge: false + extra_data: + param2: World + success_nodes: + - "ParameterizedWorflow2Node2" + - identifier: "ParameterizedWorflow2Node2" + workflow_job_template: "ParameterizedWorkflow2" + unified_job_template: "Parameterized Job Template" + organization: "Recursive Workflows" + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + extra_vars: + param1: Hello from workflow2 + survey_enabled: false + - name: "ParameterizedRecursiveWorkflowsMainWorkflow" + description: !unsafe "" + organization: "Recursive Workflows" + simplified_workflow_nodes: + - identifier: "prwmw1" + workflow_job_template: "ParameterizedRecursiveWorkflowsMainWorkflow" + unified_job_template: "ParameterizedWorkflow1" + organization: "Recursive Workflows" + all_parents_must_converge: false + success_nodes: + - "prwmw2" + - identifier: "prwmw2" + workflow_job_template: "ParameterizedRecursiveWorkflowsMainWorkflow" + unified_job_template: "ParameterizedWorkflow2" + organization: "Recursive Workflows" + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + extra_vars: + param2: world from Main + survey_enabled: false + - name: "ParameterizedWorkflow1" + description: !unsafe "" + organization: "Recursive Workflows" + simplified_workflow_nodes: + - identifier: "ParameterizedWorflow1Node1" + workflow_job_template: "ParameterizedWorkflow1" + unified_job_template: "Parameterized Job Template" + organization: "Recursive Workflows" + all_parents_must_converge: false + extra_data: + param2: World + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + - name: "RecursiveWorkflowsMainWorkflow" + description: !unsafe "" + organization: "Recursive Workflows" + simplified_workflow_nodes: + - identifier: "b0f1be76-649a-4a21-9e4b-c5ca652bda95" + workflow_job_template: "RecursiveWorkflowsMainWorkflow" + unified_job_template: "RecursiveWorkflowsWorkflow2" + organization: "Recursive Workflows" + all_parents_must_converge: false + - identifier: "31df88f5-d6e4-45ec-b4fa-60bbe91b6600" + workflow_job_template: "RecursiveWorkflowsMainWorkflow" + unified_job_template: "RecursiveWorkflowsWorkflow1" + organization: "Recursive Workflows" + all_parents_must_converge: false + success_nodes: + - "b0f1be76-649a-4a21-9e4b-c5ca652bda95" + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + - name: "RecursiveWorkflowsWorkflow2" + description: !unsafe "" + organization: "Recursive Workflows" + simplified_workflow_nodes: + - identifier: "8be3dc3e-64cc-473a-914c-28a23177ddce" + workflow_job_template: "RecursiveWorkflowsWorkflow2" + unified_job_template: "Recursive Workflows Job Template" + organization: "Recursive Workflows" + all_parents_must_converge: false + - identifier: "97783e98-f83b-4b07-9f6e-ca1ffc78af29" + workflow_job_template: "RecursiveWorkflowsWorkflow2" + unified_job_template: "Recursive Workflows Job Template" + organization: "Recursive Workflows" + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + - name: "RecursiveWorkflowsWorkflow1" + description: !unsafe "" + organization: "Recursive Workflows" + simplified_workflow_nodes: + - identifier: "8be3dc3e-64cc-473a-914c-28a23177ddce" + workflow_job_template: "RecursiveWorkflowsWorkflow1" + unified_job_template: "Recursive Workflows Job Template" + organization: "Recursive Workflows" + all_parents_must_converge: false + success_nodes: + - "97783e98-f83b-4b07-9f6e-ca1ffc78af29" + - identifier: "97783e98-f83b-4b07-9f6e-ca1ffc78af29" + workflow_job_template: "RecursiveWorkflowsWorkflow1" + unified_job_template: "Recursive Workflows Job Template" + organization: "Recursive Workflows" + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + - name: "test_workflow" + description: !unsafe "" + organization: "tests/orgname" + simplified_workflow_nodes: + - identifier: "527904ba-27bf-4532-8624-8c8fdfb2a568" + workflow_job_template: "test_workflow" + unified_job_template: "Demo Job Template" + organization: "tests/orgname" + all_parents_must_converge: false + extra_data: + test_issue39: b + test_multiplechoice: + - hola + - mundo + test_textarea: Hola\nMon + test_vars: !unsafe "{{ text_value }}" + test_multiselect_vars: + - !unsafe "{{ var_a }}" + - !unsafe "{{ var_b }}" + test_multiselect_vars2: + - !unsafe "{% if var_a == 'a' %} A {% else %} B {% endif %}" + test_text: test_text + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + extra_vars: + my_extra_var: + - this + - is + - a + - list + my_extra_complex_var: !unsafe "{{ my_extra_var[0] }}" + my_extra_ultra_complex_var: !unsafe "{% if my_extra_var | length > 3 %}LARGE{% else %}SMALL" + survey_enabled: false + survey_spec: + name: "survey" + description: "survey" + spec: + - max: 1024 + min: 0 + type: multiplechoice + choices: + - "a" + - "b" + - "c" + default: !unsafe "b" + required: true + variable: test_issue39 + new_question: false + question_name: !unsafe "test issue39" + question_description: !unsafe "please copy-paste here the job id. You'll find a \"JOBS / ########\" it in the top-left area of job's page: + the #s are the job id." + - max: 1024 + min: 0 + type: multiselect + choices: + - "hola" + - "mundo" + default: !unsafe "hola\nmundo" + required: true + variable: test_multiplechoice + new_question: false + question_name: !unsafe "test multiplechoice" + - max: 1024 + min: 0 + type: text + required: true + variable: test_text + new_question: false + question_name: !unsafe "test_text" + - max: 1024 + min: 0 + type: password + required: true + variable: test_pass + new_question: false + question_name: !unsafe "test_pass" + - max: 1024 + min: 0 + type: textarea + default: !unsafe "Hola\nMon" + required: true + variable: test_textarea + new_question: true + question_name: !unsafe "test textarea" + - max: 1024 + min: 0 + type: text + default: !unsafe "{{ text_value }}" + required: true + variable: test_vars + new_question: false + question_name: !unsafe "test_vars" + - max: 1024 + min: 0 + type: multiselect + choices: + - !unsafe "{{ var_a }}" + - !unsafe "{{ var_b }}" + default: !unsafe "{{ var_a }}\n{{ var_b }}" + required: true + variable: test_multiselect_vars + new_question: true + question_name: !unsafe "test_multiselect_vars" + - max: 1024 + min: 0 + type: multiselect + choices: + - !unsafe "{% if var_a == 'a' %} A {% else %} B {% endif %}" + default: !unsafe "{% if var_a == 'a' %} A {% else %} B {% endif %}" + required: true + variable: test_multiselect_vars2 + new_question: true + question_name: !unsafe "test_multiselect_vars2" +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_applications.yaml b/tests/configs/upgrade_configs/aap_25/aap_applications.yaml new file mode 100644 index 000000000..fa204f3d9 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_applications.yaml @@ -0,0 +1,31 @@ +--- +aap_applications: + - name: controller_application-app3 + description: "" + organization: Default + authorization_grant_type: password + redirect_uris: "" + skip_authorization: "false" + client_type: confidential + - name: dummy_application + description: "" + organization: Dummy + authorization_grant_type: password + redirect_uris: "" + skip_authorization: "false" + client_type: confidential + - name: controller_application-app1 + description: "" + organization: Satellite + authorization_grant_type: password + redirect_uris: "" + skip_authorization: "false" + client_type: public + - name: test_gateway_application + description: "" + organization: test + authorization_grant_type: authorization-code + redirect_uris: https://test_url + skip_authorization: "false" + client_type: confidential +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_credential_types.yaml b/tests/configs/upgrade_configs/aap_25/aap_credential_types.yaml new file mode 100644 index 000000000..6e7e651ac --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_credential_types.yaml @@ -0,0 +1,47 @@ +--- +aap_credential_types: + - name: dummy + description: "" + kind: cloud + inputs: + fields: + - id: rest_username + type: string + label: REST Username + - id: rest_password + type: string + label: REST Password + secret: true + required: + - rest_username + - rest_password + injectors: + env: + rest_password_env: !unsafe '{{ rest_password }}' + rest_username_env: !unsafe '{{ rest_username }}' + extra_vars: + rest_password: !unsafe '{{ rest_password }}' + rest_username: !unsafe '{{ rest_username }}' + - name: REST API Credential + description: REST API Credential + kind: cloud + inputs: + fields: + - id: rest_username + type: string + label: REST Username + - id: rest_password + type: string + label: REST Password + secret: true + required: + - rest_username + - rest_password + injectors: + env: + rest_password_env: !unsafe '{{ rest_password }}' + rest_username_env: !unsafe '{{ rest_username }}' + extra_vars: + rest_password: !unsafe '{{ rest_password }}' + rest_username: !unsafe '{{ rest_username }}' +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_credentials.yaml b/tests/configs/upgrade_configs/aap_25/aap_credentials.yaml new file mode 100644 index 000000000..5c24e83dc --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_credentials.yaml @@ -0,0 +1,227 @@ +--- +aap_credentials: + - name: AWX-Machine Credential + description: "" + credential_type: Machine + organization: AWX-ORG + inputs: + username: admin + - name: CONTROLLER-Machine Credential + description: "" + credential_type: Machine + organization: CONTROLLER-ORG + inputs: + username: admin + - name: CONTROLLER-Git-Credential + description: "" + credential_type: Source Control + organization: CONTROLLER-ORG + inputs: + username: awx-git-cred-temp + - name: Demo Credential + description: "" + credential_type: Machine + organization: Default + inputs: + username: root + become_method: "" + become_username: "" + - name: IBE_LINUX_IPU_RHEL6 + description: Credential to connect to the servers to be upgraded + credential_type: Machine + organization: Default + inputs: + username: + - name: IBE_LINUX_IPU_RHEL6_VAULT + description: Vault password to use to decrypt the vaulted variables + credential_type: Vault + organization: Default + - name: IBE_LINUX_IPU_RHEL6_GIT_CONNECTION + description: Git credential to clone the git repositories + credential_type: Source Control + organization: Default + inputs: + username: + - name: cyberark + description: CyberArk Lookup Credential + credential_type: CyberArk Central Credential Provider Lookup + organization: Default + inputs: + url: https://cyberark.example.com + - name: gitlab-team + description: "" + credential_type: Source Control + organization: Default + inputs: + username: username + - name: Ansible Galaxy + description: "" + credential_type: Ansible Galaxy/Automation Hub API Token + organization: Default + inputs: + url: https://galaxy.ansible.com/ + - name: Default Execution Environment Registry Credential + description: "" + credential_type: Container Registry + organization: Default + inputs: + host: registry.redhat.io + username: iaragone@redhat.com + verify_ssl: true + - name: Machine + description: "" + credential_type: Machine + organization: Default + inputs: + username: pgoku + become_method: "" + become_username: "" + - name: git-creds + description: "" + credential_type: Source Control + organization: Default + inputs: + username: root + - name: dummy + description: "" + credential_type: Machine + organization: Dummy + inputs: + username: dummy + - name: dummy_2 + description: "" + credential_type: Machine + organization: Dummy + inputs: + username: dummy_2 + - name: dummy_custom + description: "" + credential_type: dummy + organization: Dummy + inputs: + rest_username: dummy + - name: osbuild_pgoku_credential + description: "" + credential_type: Machine + organization: edge + inputs: + username: pgoku + become_method: "" + become_username: "" + - name: Recursive Workflows Credential + description: "" + credential_type: Machine + organization: Recursive Workflows + inputs: + username: admin + - name: Automation Hub Container Registry + description: "" + credential_type: Container Registry + organization: Recursive Workflows + inputs: + host: aap-all-in-one.iam.lab + username: admin + verify_ssl: true + - name: AAP Self Connection + description: "" + credential_type: Red Hat Ansible Automation Platform + organization: Recursive Workflows + inputs: + host: https://aapstdalone.bcnconsulting.com/ + username: admin + verify_ssl: false + - name: AD1 Credential + description: "" + credential_type: Machine + organization: Recursive Workflows + inputs: + username: admin + - name: AD2 Credential + description: "" + credential_type: Machine + organization: Recursive Workflows + inputs: + username: admin + - name: Default Execution Environment Registry Credential + description: "" + credential_type: Container Registry + organization: Recursive Workflows + inputs: + host: registry.redhat.io + username: iaragone@redhat.com + verify_ssl: true + - name: Ansible Galaxy Recursive Workflows + description: "" + credential_type: Ansible Galaxy/Automation Hub API Token + organization: Recursive Workflows + inputs: + url: https://galaxy.ansible.com/ + - name: gitlab-user + description: "" + credential_type: Source Control + organization: Satellite + inputs: + username: username + - name: satlab-admin-vault + description: satlab-admin-vault password aka vault_secret + credential_type: Vault + organization: Satellite + - name: gitlab-personal-access-token for satqe_auto_droid + description: General purpose token that can be used by anyone for satlab-admin(or other private) repo clone + credential_type: Source Control + organization: Satellite + inputs: + username: gitlab + - name: machine-creds-with-jenkins-pvt-key + description: This credential can be used with any vm that contains jenkins_public key in authorized keys + credential_type: Machine + organization: Satellite + inputs: + username: root + - name: admin@internal-RHVM-01 + description: infra-rhvm-01 creds for inventory sources. + credential_type: Red Hat Virtualization + organization: Satellite + inputs: + host: https://example.com/ovirt-engine/api + username: user + - name: Satellite Register - pgoku_github + description: "" + credential_type: Source Control + organization: Satellite Register + inputs: + username: git + - name: Satellite Register - pgoku + description: "" + credential_type: Machine + organization: Satellite Register + inputs: + username: pgoku + become_method: sudo + become_username: root + - name: Satellite Register - Vault + description: "" + credential_type: Vault + organization: Satellite Register + inputs: + vault_id: "" + - name: Satellite + description: "" + credential_type: Red Hat Satellite 6 + organization: Workflows Demo + inputs: + host: https://satellite.bcnconsulting.com/ + username: admin + - name: Vault + description: "" + credential_type: Vault + organization: Workflows Demo + inputs: + vault_id: "" + - name: Ansible Galaxy Workflows Demo + description: "" + credential_type: Ansible Galaxy/Automation Hub API Token + organization: Workflows Demo + inputs: + url: https://galaxy.ansible.com/ +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_execution_environments.yaml b/tests/configs/upgrade_configs/aap_25/aap_execution_environments.yaml new file mode 100644 index 000000000..19ae5551e --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_execution_environments.yaml @@ -0,0 +1,23 @@ +--- +aap_execution_environments: + - name: Minimal execution environment + description: "" + image: registry.redhat.io/ansible-automation-platform-24/ee-minimal-rhel8:latest + pull: missing + - name: Default execution environment + description: "" + image: registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel8:latest + pull: missing + - name: Automation Hub Minimal execution environment + description: "" + image: aap-all-in-one.iam.lab/ee-minimal-rhel8:latest + pull: missing + - name: Automation Hub Default execution environment + description: "" + image: aap-all-in-one.iam.lab/ee-supported-rhel8:latest + pull: missing + - name: My EE + description: "" + image: quay.io/ansible/awx-ee + pull: always +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_groups.yaml b/tests/configs/upgrade_configs/aap_25/aap_groups.yaml new file mode 100644 index 000000000..60e5c01ff --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_groups.yaml @@ -0,0 +1,18 @@ +--- +aap_groups: + - name: dummy_group + description: "" + inventory: Inventory_Dummy_1 + hosts: + - dummy + - name: dummy_group + description: "" + inventory: Inventory_Dummy_2 + hosts: + - dummy + - name: dummy_group + description: "" + inventory: Inventory_Dummy_3 + hosts: + - dummy +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_hosts.yaml b/tests/configs/upgrade_configs/aap_25/aap_hosts.yaml new file mode 100644 index 000000000..5adfe03bb --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_hosts.yaml @@ -0,0 +1,66 @@ +--- +aap_hosts: + - name: localhost + description: "" + inventory: Demo Inventory + variables: + ansible_connection: local + ansible_python_interpreter: !unsafe '{{ ansible_playbook_python }}' + - name: localhost2 + description: "" + inventory: Demo Inventory + variables: + ansible_connection: local + ansible_python_interpreter: !unsafe '{{ ansible_playbook_python }}' + - name: localhost3 + description: "" + inventory: Demo Inventory + variables: + ansible_connection: local + ansible_python_interpreter: !unsafe '{{ ansible_playbook_python }}' + - name: localhost + description: "" + inventory: Demo Inventory + variables: + ansible_connection: local + ansible_python_interpreter: !unsafe '{{ ansible_playbook_python }}' + - name: localhost2 + description: "" + inventory: Demo Inventory + variables: + ansible_connection: local + ansible_python_interpreter: !unsafe '{{ ansible_playbook_python }}' + - name: localhost3 + description: "" + inventory: Demo Inventory + variables: + ansible_connection: local + ansible_python_interpreter: !unsafe '{{ ansible_playbook_python }}' + - name: dummy + description: "" + inventory: Inventory_Dummy_1 + variables: + ansible_host: 127.0.0.1 + - name: dummy + description: "" + inventory: Inventory_Dummy_2 + variables: + ansible_host: 127.0.0.1 + - name: dummy + description: "" + inventory: Inventory_Dummy_3 + variables: + ansible_host: 127.0.0.1 + - name: localhost + description: "" + inventory: Recursive Workflows Inventory + variables: + ansible_connection: local + ansible_python_interpreter: !unsafe '{{ ansible_playbook_python }}' + - name: localhost + description: "" + inventory: localhost + variables: + ansible_connection: local + some_var: some_val +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_inventories.yaml b/tests/configs/upgrade_configs/aap_25/aap_inventories.yaml new file mode 100644 index 000000000..72dce4f80 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_inventories.yaml @@ -0,0 +1,52 @@ +--- +aap_inventories: + - name: Demo Inventory + description: "" + organization: Default + host_filter: "" + prevent_instance_group_fallback: false + - name: test_smart + description: "" + organization: Default + host_filter: name__icontains=local + kind: smart + prevent_instance_group_fallback: false + - name: Inventory_Dummy_1 + description: "" + organization: Dummy + host_filter: "" + prevent_instance_group_fallback: false + - name: Inventory_Dummy_2 + description: "" + organization: Dummy + host_filter: "" + prevent_instance_group_fallback: false + - name: Inventory_Dummy_3 + description: "" + organization: Dummy + host_filter: "" + prevent_instance_group_fallback: false + - name: Recursive Workflows Inventory + description: "" + organization: Recursive Workflows + host_filter: "" + prevent_instance_group_fallback: false + - name: localhost + description: inventory for localhost + organization: Satellite + host_filter: "" + prevent_instance_group_fallback: false + - name: RHVM-02 + description: created by Ansible Playbook - for RHVM-02 + organization: Satellite + host_filter: "" + prevent_instance_group_fallback: true + - name: RHVM-01 + description: created by Ansible Playbook - for RHVM-01 + organization: Satellite + host_filter: "" + prevent_instance_group_fallback: false + variables: + remote_subnet: !unsafe '{% if site == ''SITE-2'' %}10.100.{% else %}10.200.{% endif%}' + site_subnet: !unsafe '{% if site == ''SITE-2'' %}10.200.{% else %}10.100.{% endif%}' +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_inventory_sources.yaml b/tests/configs/upgrade_configs/aap_25/aap_inventory_sources.yaml new file mode 100644 index 000000000..a893f2982 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_inventory_sources.yaml @@ -0,0 +1,14 @@ +--- +aap_inventory_sources: + - name: RHVM-01 + description: "" + organization: Satellite + source: scm + limit: "" + source_project: Test Inventory source project + source_path: phillips_hue/hosts + inventory: RHVM-01 + update_on_launch: "true" + overwrite: "true" + credential: admin@internal-RHVM-01 +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_labels.yaml b/tests/configs/upgrade_configs/aap_25/aap_labels.yaml new file mode 100644 index 000000000..37ab4232f --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_labels.yaml @@ -0,0 +1,19 @@ +--- +aap_labels: + - name: test + organization: Default + - name: Prod + organization: Default + - name: differential + organization: Default + - name: differential2 + organization: Default + - name: dummy_1 + organization: Dummy + - name: dummy_2 + organization: Dummy + - name: dummy_3 + organization: Dummy + - name: Dev + organization: Satellite +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_notifications.yaml b/tests/configs/upgrade_configs/aap_25/aap_notifications.yaml new file mode 100644 index 000000000..cbafa978b --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_notifications.yaml @@ -0,0 +1,121 @@ +--- +notification_templates: + - name: Email notification + organization: Default + notification_type: email + notification_configuration: + host: smtp.example.com + port: 25 + sender: tower0@example.com + timeout: 30 + use_ssl: false + use_tls: false + password: "" + username: "" + recipients: + - admin@example.com + messages: + error: + started: + success: + workflow_approval: + - name: Email notification differential + organization: Default + notification_type: email + notification_configuration: + host: smtp.example.com + port: 25 + sender: tower0@example.com + timeout: 30 + use_ssl: false + use_tls: false + password: "" + username: "" + recipients: + - admin@example.com + messages: + error: + started: + success: + workflow_approval: + - name: dummy_notification + organization: Dummy + notification_type: email + notification_configuration: + host: email.dummy.com + port: 25 + sender: sender@dummy.com + timeout: 30 + use_ssl: false + use_tls: false + password: "" + username: "" + error_body: !unsafe |- + {{ job_friendly_name }} #{{ job.id }} had status {{ job.status }}, view details at {{ url }} + + {{ job_metadata }} + recipients: + - receiver@dummy.com + denied_body: !unsafe |- + The approval node "{{ approval_node_name }}" was denied. {{ workflow_url }} + + {{ job_metadata }} + running_body: !unsafe |- + The approval node "{{ approval_node_name }}" needs review. This approval node can be viewed at: {{ workflow_url }} + + {{ job_metadata }} + started_body: !unsafe |- + {{ job_friendly_name }} #{{ job.id }} had status {{ job.status }}, view details at {{ url }} + + {{ job_metadata }} + success_body: !unsafe |- + {{ job_friendly_name }} #{{ job.id }} had status {{ job.status }}, view details at {{ url }} + + {{ job_metadata }} + approved_body: !unsafe |- + The approval node "{{ approval_node_name }}" was approved. {{ workflow_url }} + + {{ job_metadata }} + timed_out_body: !unsafe |- + The approval node "{{ approval_node_name }}" has timed out. {{ workflow_url }} + + {{ job_metadata }} + messages: + error: + body: + message: + started: + body: + message: + success: + body: + message: + workflow_approval: + denied: + body: + message: + running: + body: + message: + approved: + body: + message: + timed_out: + body: + message: + - name: irc-satqe-chat-notification + organization: Satellite + notification_type: irc + notification_configuration: + port: 6667 + server: irc.freenode.com + targets: + - '#my-channel' + use_ssl: false + use_tls: false + nickname: Ansible-Tower-Stage-Bot-01 + password: "" + messages: + success: + body: !unsafe '{"fields": {"project": {"id": "11111"},"summary": "Lab {{ job.status }} Ansible Tower {{ job.name }}","description": !unsafe "{{ job.status }} in {{ job.name }} {{ job.id }} {{url}}","issuetype": {"id": "1"}}}' +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_organizations.yaml b/tests/configs/upgrade_configs/aap_25/aap_organizations.yaml new file mode 100644 index 000000000..0b8664998 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_organizations.yaml @@ -0,0 +1,33 @@ +--- +aap_organizations: + - name: Default + description: The default organization for Ansible Automation Platform + - name: Dummy + description: "" + - name: tests/orgname + description: "" + - name: Test-dispatch-dependencies + description: "" + notification_templates_approvals: + - Email notification + - name: Satellite + description: "" + - name: Recursive Workflows + description: Organization to show how to create and use a Workflow tha is calling another workflows + - name: Network - Router/Switch + description: "" + - name: test + description: "" + - name: edge + description: "" + - name: Workflows Demo + description: Contains demos of how different workflows can interact eachother + - name: Satellite Register + description: Contains demos of how different workflows can interact eachother + - name: CONTROLLER-ORG + description: Organization in CONTROLLER + - name: AWX-ORG + description: Organization in AWX + - name: Systems Engineering + description: "" +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_projects.yaml b/tests/configs/upgrade_configs/aap_25/aap_projects.yaml new file mode 100644 index 000000000..8f1d81329 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_projects.yaml @@ -0,0 +1,201 @@ +--- +aap_projects: + - name: Demo Project + description: "" + organization: Default + scm_type: git + scm_url: https://github.com/ansible/ansible-tower-samples + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: Test Inventory source project + description: ansible-examples + organization: Default + scm_type: git + scm_url: https://github.com/ansible/ansible-examples.git + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: Test Inventory source project with credential + description: ansible-examples + organization: Default + scm_type: git + scm_url: https://github.com/ansible/ansible-examples.git + scm_credential: gitlab-personal-access-token for satqe_auto_droid + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: Test Project 2 + description: Test Project 2 + organization: Default + scm_type: git + scm_url: https://github.com/ansible/tower-example.git + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: Test Project + description: Test Project 1 + organization: Default + scm_type: git + scm_url: https://github.com/ansible/tower-example.git + scm_branch: master + scm_clean: "true" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: Project_Dummy_1 + description: "" + organization: Dummy + scm_type: git + scm_url: https://github.com/automationiberia/dummy-playbooks.git + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: Project_Dummy_2 + description: "" + organization: Dummy + scm_type: git + scm_url: https://github.com/automationiberia/dummy-playbooks.git + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: Project_Dummy_3 + description: "" + organization: Dummy + scm_type: git + scm_url: https://github.com/automationiberia/dummy-playbooks.git + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: Demo Project @ 08:33:46 @ 09:05:48 + description: "" + organization: Network - Router/Switch + scm_type: git + scm_url: https://github.com/ansible/ansible-tower-samples + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: Controller CasC Examples Project + description: "" + organization: Recursive Workflows + scm_type: git + scm_url: https://github.com/automationiberia/controller-casc-examples.git + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: Recursive Workflows Project + description: "" + organization: Recursive Workflows + scm_type: git + scm_url: https://github.com/ansible/ansible-tower-samples + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: Test Inventory source project with credential + description: ansible-examples + organization: Satellite + scm_type: git + scm_url: https://github.com/ansible/ansible-examples.git + scm_credential: gitlab-personal-access-token for satqe_auto_droid + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: Test Inventory source project + description: ansible-examples + organization: Satellite + scm_type: git + scm_url: https://github.com/ansible/ansible-examples.git + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" + - name: Demo Project @ 08:33:46 + description: "" + organization: tests/orgname + scm_type: git + scm_url: https://github.com/ansible/ansible-tower-samples + scm_branch: "" + scm_clean: "false" + scm_delete_on_update: "false" + scm_update_on_launch: "false" + scm_update_cache_timeout: "0" + scm_refspec: "" + allow_override: "false" + update_project: "false" + timeout: "0" +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_roles.yaml b/tests/configs/upgrade_configs/aap_25/aap_roles.yaml new file mode 100644 index 000000000..d090d429f --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_roles.yaml @@ -0,0 +1,23 @@ +--- +aap_roles: + - team: dummy + credentials: + - dummy + role: admin + - team: dummy + organizations: + - Default + role: execute + - team: team_test_1 + projects: + - Demo Project + role: admin + - user: dummy + organizations: + - Dummy + role: member + - user: dummy + target_teams: + - dummy + role: member +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_schedules.yaml b/tests/configs/upgrade_configs/aap_25/aap_schedules.yaml new file mode 100644 index 000000000..49a8114f8 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_schedules.yaml @@ -0,0 +1,137 @@ +--- +aap_schedules: + - name: Cleanup Job Schedule + description: Automatically Generated Schedule + enabled: true + unified_job_template: Cleanup Job Details + dtstart: "2024-10-20T07:05:18Z" + dtend: "" + timezone: UTC + rrule: DTSTART:20241015T070518Z RRULE:FREQ=WEEKLY;INTERVAL=1;BYDAY=SU + extra_data: + days: "120" + scm_branch: "" + forks: 0 + job_slice_count: 0 + timeout: 0 + job_type: "" + job_tags: "" + skip_tags: "" + limit: "" + verbosity: 0 + - name: Cleanup Activity Schedule + description: Automatically Generated Schedule + enabled: true + unified_job_template: Cleanup Activity Stream + dtstart: "2024-10-15T07:05:18Z" + dtend: "" + timezone: UTC + rrule: DTSTART:20241015T070518Z RRULE:FREQ=WEEKLY;INTERVAL=1;BYDAY=TU + extra_data: + days: "355" + scm_branch: "" + forks: 0 + job_slice_count: 0 + timeout: 0 + job_type: "" + job_tags: "" + skip_tags: "" + limit: "" + verbosity: 0 + - name: Cleanup Expired Sessions + description: Cleans out expired browser sessions + enabled: true + unified_job_template: Cleanup Expired Sessions + dtstart: "2024-10-15T07:05:55Z" + dtend: "" + timezone: UTC + rrule: DTSTART:20241015T070555Z RRULE:FREQ=WEEKLY;INTERVAL=1 + scm_branch: "" + forks: 0 + job_slice_count: 0 + timeout: 0 + job_type: "" + job_tags: "" + skip_tags: "" + limit: "" + verbosity: 0 + - name: Cleanup Expired OAuth 2 Tokens + description: Removes expired OAuth 2 access and refresh tokens + enabled: true + unified_job_template: Cleanup Expired OAuth 2 Tokens + dtstart: "2024-10-15T07:05:55Z" + dtend: "" + timezone: UTC + rrule: DTSTART:20241015T070555Z RRULE:FREQ=WEEKLY;INTERVAL=1 + scm_branch: "" + forks: 0 + job_slice_count: 0 + timeout: 0 + job_type: "" + job_tags: "" + skip_tags: "" + limit: "" + verbosity: 0 + - name: dummy + description: "" + enabled: true + unified_job_template: Job_Template_Dummy_1 + inventory: Inventory_Dummy_1 + dtstart: "2023-07-17T22:00:00Z" + dtend: "2023-07-17T23:30:00Z" + timezone: Europe/Berlin + rrule: DTSTART;TZID=Europe/Berlin:20230718T000000 RRULE:FREQ=MINUTELY;INTERVAL=10;COUNT=10 + scm_branch: "" + forks: 0 + job_slice_count: 0 + timeout: 0 + job_type: "" + job_tags: "" + skip_tags: "" + limit: "" + verbosity: 0 + - name: Demo Schedule + description: A demonstration + enabled: true + unified_job_template: test-template-1 + inventory: RHVM-01 + dtstart: "2019-12-19T13:05:51Z" + dtend: "2019-12-19T13:05:51Z" + timezone: UTC + rrule: DTSTART:20191219T130551Z RRULE:FREQ=DAILY;INTERVAL=1;COUNT=1 + scm_branch: "" + forks: 0 + job_slice_count: 1 + timeout: 0 + job_type: "" + job_tags: "" + skip_tags: "" + limit: "" + diff_mode: false + verbosity: 0 + - name: Demo Schedule 2 + description: Another demonstration + enabled: true + unified_job_template: Demo Job Template 2 + inventory: localhost + instance_groups: + - default + dtstart: "2025-05-07T00:00:00Z" + dtend: "" + timezone: UTC + rrule: DTSTART:20200101T000000Z RRULE:FREQ=HOURLY;INTERVAL=3 + execution_environment: My EE + scm_branch: "" + forks: 2 + job_slice_count: 1 + labels: + - differential + - differential2 + timeout: 165 + job_type: "" + job_tags: "" + skip_tags: "" + limit: all + diff_mode: false + verbosity: 0 +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_teams.yaml b/tests/configs/upgrade_configs/aap_25/aap_teams.yaml new file mode 100644 index 000000000..f029700df --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_teams.yaml @@ -0,0 +1,24 @@ +--- +aap_teams: + - name: awx-team + description: "" + organization: AWX-ORG + - name: controller-team + description: "" + organization: CONTROLLER-ORG + - name: differential-1 + description: "" + organization: Default + - name: differential-2 + description: "" + organization: Default + - name: dummy + description: "" + organization: Dummy + - name: Systems Engineering + description: "" + organization: Systems Engineering + - name: team_test_1 + description: "" + organization: test +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_templates.yaml b/tests/configs/upgrade_configs/aap_25/aap_templates.yaml new file mode 100644 index 000000000..beafd8df1 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_templates.yaml @@ -0,0 +1,570 @@ +--- +aap_templates: + - name: Demo Job Template + description: "" + organization: Default + project: Demo Project + inventory: Demo Inventory + playbook: hello_world.yml + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: run + job_slice_count: 3 + use_fact_cache: false + credentials: + - Demo Credential + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + extra_vars: + my_extra_var: + - this + - is + - a + - list + my_extra_complex_var: !unsafe '{{ my_extra_var[0] }}' + my_extra_ultra_complex_var: !unsafe '{% if my_extra_var | length > 3 %}LARGE{% else %}SMALL' + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + execution_environment: My EE + host_config_key: "" + survey_enabled: true + survey_spec: + name: "" + spec: + - max: 1024 + min: 0 + type: multiplechoice + choices: + - a + - b + - c + default: !unsafe b + required: true + variable: test_issue39 + new_question: false + question_name: test issue39 + question_description: !unsafe 'please copy-paste here the job id. You''ll find a "JOBS / ########" it in the top-left area of job''s page: the #s are the job id.' + - max: 1024 + min: 0 + type: multiselect + choices: + - hola + - mundo + default: !unsafe |- + hola + mundo + required: true + variable: test_multiplechoice + new_question: false + question_name: test multiplechoice + - max: 1024 + min: 0 + type: text + required: true + variable: test_text + new_question: false + question_name: test_text + - max: 1024 + min: 0 + type: password + default: !unsafe '''''' + required: true + variable: test_pass + new_question: false + question_name: test_pass + - max: 1024 + min: 0 + type: textarea + default: !unsafe |- + Hola + Mon + required: true + variable: test_textarea + new_question: true + question_name: test textarea + - max: 1024 + min: 0 + type: text + default: !unsafe '{{ text_value }}' + required: true + variable: test_vars + new_question: false + question_name: test_vars + - max: 1024 + min: 0 + type: multiselect + choices: + - !unsafe '{{ var_a }}' + - !unsafe '{{ var_b }}' + default: !unsafe |- + {{ var_a }} + {{ var_b }} + required: true + variable: test_multiselect_vars + new_question: true + question_name: test_multiselect_vars + - max: 1024 + min: 0 + type: multiselect + choices: + - !unsafe '{% if var_a == ''a'' %} A {% else %} B {% endif %}' + default: !unsafe '{% if var_a == ''a'' %} A {% else %} B {% endif %}' + required: true + variable: test_multiselect_vars2 + new_question: true + question_name: test_multiselect_vars2 + description: "" + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: test-template-1 + description: created by Ansible Playbook + organization: Default + project: Test Project + inventory: RHVM-01 + playbook: helloworld.yml + scm_branch: "" + forks: 0 + limit: "" + verbosity: 2 + job_type: run + job_slice_count: 1 + use_fact_cache: false + credentials: + - admin@internal-RHVM-01 + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: true + ask_labels_on_launch: true + ask_forks_on_launch: true + ask_job_slice_count_on_launch: true + ask_timeout_on_launch: true + ask_instance_groups_on_launch: true + extra_vars: + target_hosts: infra-ansible-tower-01.example.com + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + labels: + - Prod + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: true + - name: Demo Job Template 2 + description: "" + organization: Default + project: Test Project + inventory: localhost + playbook: helloworld.yml + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: run + job_slice_count: 1 + use_fact_cache: false + credentials: + - Demo Credential + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: true + ask_limit_on_launch: true + ask_credential_on_launch: false + ask_execution_environment_on_launch: true + ask_labels_on_launch: true + ask_forks_on_launch: true + ask_job_slice_count_on_launch: true + ask_timeout_on_launch: true + ask_instance_groups_on_launch: true + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + execution_environment: My EE + host_config_key: "" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: true + - name: Job_Template_Dummy_2 + description: "" + organization: Dummy + project: Project_Dummy_2 + inventory: Inventory_Dummy_2 + playbook: readonly-playbooks.yml + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: run + job_slice_count: 1 + use_fact_cache: false + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + labels: + - dummy_2 + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: Job_Template_Dummy_3 + description: "" + organization: Dummy + project: Project_Dummy_3 + inventory: Inventory_Dummy_3 + playbook: helloworld.yml + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: run + job_slice_count: 1 + use_fact_cache: false + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + labels: + - dummy_3 + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: Job_Template_Dummy_1 + description: "" + organization: Dummy + project: Project_Dummy_1 + inventory: Inventory_Dummy_1 + playbook: helloworld.yml + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: run + job_slice_count: 1 + use_fact_cache: false + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + labels: + - dummy_1 + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: task3 + description: "" + organization: Recursive Workflows + project: Controller CasC Examples Project + inventory: Recursive Workflows Inventory + playbook: playbooks/task3.yaml + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: run + job_slice_count: 1 + use_fact_cache: false + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: task2 + description: "" + organization: Recursive Workflows + project: Controller CasC Examples Project + inventory: Recursive Workflows Inventory + playbook: playbooks/task2.yaml + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: run + job_slice_count: 1 + use_fact_cache: false + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: task1 + description: "" + organization: Recursive Workflows + project: Controller CasC Examples Project + inventory: Recursive Workflows Inventory + playbook: playbooks/task1.yaml + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: run + job_slice_count: 1 + use_fact_cache: false + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: true + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: Parameterized Job Template + description: "" + organization: Recursive Workflows + project: Controller CasC Examples Project + inventory: Recursive Workflows Inventory + playbook: playbooks/simple-playbook.yaml + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: run + job_slice_count: 1 + use_fact_cache: false + credentials: + - Recursive Workflows Credential + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: true + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false + - name: Recursive Workflows Job Template + description: "" + organization: Recursive Workflows + project: Recursive Workflows Project + inventory: Recursive Workflows Inventory + playbook: hello_world.yml + scm_branch: "" + forks: 0 + limit: "" + verbosity: 0 + job_type: run + job_slice_count: 1 + use_fact_cache: false + credentials: + - Recursive Workflows Credential + allow_simultaneous: false + ask_scm_branch_on_launch: false + ask_diff_mode_on_launch: false + ask_tags_on_launch: false + ask_skip_tags_on_launch: false + ask_job_type_on_launch: false + ask_verbosity_on_launch: false + ask_variables_on_launch: false + ask_inventory_on_launch: false + ask_limit_on_launch: false + ask_credential_on_launch: false + ask_execution_environment_on_launch: false + ask_labels_on_launch: false + ask_forks_on_launch: false + ask_job_slice_count_on_launch: false + ask_timeout_on_launch: false + ask_instance_groups_on_launch: false + job_tags: "" + force_handlers: false + skip_tags: "" + start_at_task: "" + timeout: 0 + host_config_key: "" + survey_enabled: false + become_enabled: false + diff_mode: false + webhook_service: "" + prevent_instance_group_fallback: false +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_user_accounts.yaml b/tests/configs/upgrade_configs/aap_25/aap_user_accounts.yaml new file mode 100644 index 000000000..cd2324498 --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_user_accounts.yaml @@ -0,0 +1,75 @@ +--- +aap_user_accounts: + - username: admin + password: redhat00 + email: admin@example.com + first_name: "" + last_name: "" + auditor: "false" + superuser: "true" + update_secrets: false + - username: dummy + password: INITIAL + email: dummy@dummy.net + first_name: "" + last_name: "" + auditor: "false" + superuser: "false" + update_secrets: false + - username: controller_user + password: INITIAL + email: "" + first_name: "" + last_name: "" + auditor: "false" + superuser: "false" + update_secrets: false + - username: awx-org-user + password: INITIAL + email: awx-org-user@email.com + first_name: AWX + last_name: USER + auditor: "false" + superuser: "false" + update_secrets: false + - username: controller-org-user + password: INITIAL + email: controller-org-user@email.com + first_name: CONTROLLER + last_name: USER + auditor: "false" + superuser: "false" + update_secrets: false + - username: test + password: INITIAL + email: "" + first_name: test + last_name: "" + auditor: "false" + superuser: "false" + update_secrets: false + - username: satreguser + password: INITIAL + email: "" + first_name: Satellite Register User + last_name: "" + auditor: "false" + superuser: "false" + update_secrets: false + - username: ocpuser1 + password: INITIAL + email: "" + first_name: "" + last_name: "" + auditor: "false" + superuser: "true" + update_secrets: false + - username: ocpuser2 + password: INITIAL + email: "" + first_name: "" + last_name: "" + auditor: "false" + superuser: "false" + update_secrets: false +... diff --git a/tests/configs/upgrade_configs/aap_25/aap_workflows.yaml b/tests/configs/upgrade_configs/aap_25/aap_workflows.yaml new file mode 100644 index 000000000..1f32bdb5a --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/aap_workflows.yaml @@ -0,0 +1,409 @@ +--- +aap_workflows: + - name: Default Workflow + description: !unsafe default workflow + organization: Default + simplified_workflow_nodes: + - identifier: node101 + workflow_job_template: Default Workflow + unified_job_template: Demo Job Template + organization: Default + all_parents_must_converge: false + success_nodes: + - node201 + - identifier: node201 + workflow_job_template: Default Workflow + unified_job_template: Demo Job Template + organization: Default + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + survey_spec: + name: survey + description: survey + spec: + - max: 1024 + min: 0 + type: multiselect + choices: + - a + - b + - c + required: true + variable: test + new_question: true + question_name: !unsafe test + - name: Simple workflow schema no state defined + description: !unsafe a basic workflow + organization: Default + simplified_workflow_nodes: + - identifier: nodensd101 + workflow_job_template: Simple workflow schema no state defined + unified_job_template: test-template-1 + organization: Default + all_parents_must_converge: false + success_nodes: + - nodensd201 + - identifier: nodensd201 + workflow_job_template: Simple workflow schema no state defined + unified_job_template: test-template-1 + organization: Default + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + labels: + - Prod + survey_enabled: false + - name: Simple workflow schema2 + description: !unsafe a basic workflow + organization: Default + simplified_workflow_nodes: + - identifier: nodeschema2101 + workflow_job_template: Simple workflow schema2 + unified_job_template: test-template-1 + organization: Default + all_parents_must_converge: false + success_nodes: + - nodeschema2201 + - identifier: nodeschema2201 + workflow_job_template: Simple workflow schema2 + unified_job_template: test-template-1 + organization: Default + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + labels: + - Prod + survey_enabled: false + - name: Simple workflow schema + description: !unsafe a basic workflow + organization: Default + simplified_workflow_nodes: + - identifier: nodeschema101 + workflow_job_template: Simple workflow schema + unified_job_template: test-template-1 + organization: Default + all_parents_must_converge: false + success_nodes: + - nodeschema201 + - identifier: nodeschema201 + workflow_job_template: Simple workflow schema + unified_job_template: test-template-1 + organization: Default + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + labels: + - Prod + survey_enabled: false + - name: MainWF + description: !unsafe + organization: Recursive Workflows + simplified_workflow_nodes: + - identifier: 75044cd8-7938-4024-8e20-b148fb32292f + workflow_job_template: MainWF + unified_job_template: wf2 + organization: Recursive Workflows + all_parents_must_converge: false + - identifier: c8eb1471-f303-43f1-8107-80caa81709d8 + workflow_job_template: MainWF + unified_job_template: wf1 + organization: Recursive Workflows + all_parents_must_converge: false + always_nodes: + - 75044cd8-7938-4024-8e20-b148fb32292f + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + - name: wf2 + description: !unsafe + organization: Recursive Workflows + simplified_workflow_nodes: + - identifier: 6b19966d-958e-4b8d-9e13-06d738775e75 + workflow_job_template: wf2 + unified_job_template: task3 + organization: Recursive Workflows + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + - name: wf1 + description: !unsafe + organization: Recursive Workflows + simplified_workflow_nodes: + - identifier: 6b19966d-958e-4b8d-9e13-06d738775e75 + workflow_job_template: wf1 + unified_job_template: task1 + organization: Recursive Workflows + all_parents_must_converge: false + always_nodes: + - 7529ff26-5ef6-4c10-84ab-320e0858f88e + - identifier: 7529ff26-5ef6-4c10-84ab-320e0858f88e + workflow_job_template: wf1 + unified_job_template: task2 + organization: Recursive Workflows + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + - name: ParameterizedWorkflow2 + description: !unsafe + organization: Recursive Workflows + simplified_workflow_nodes: + - identifier: ParameterizedWorflow2Node1 + workflow_job_template: ParameterizedWorkflow2 + unified_job_template: Parameterized Job Template + organization: Recursive Workflows + all_parents_must_converge: false + extra_data: + param2: World + success_nodes: + - ParameterizedWorflow2Node2 + - identifier: ParameterizedWorflow2Node2 + workflow_job_template: ParameterizedWorkflow2 + unified_job_template: Parameterized Job Template + organization: Recursive Workflows + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + extra_vars: + param1: Hello from workflow2 + survey_enabled: false + - name: ParameterizedRecursiveWorkflowsMainWorkflow + description: !unsafe + organization: Recursive Workflows + simplified_workflow_nodes: + - identifier: prwmw1 + workflow_job_template: ParameterizedRecursiveWorkflowsMainWorkflow + unified_job_template: ParameterizedWorkflow1 + organization: Recursive Workflows + all_parents_must_converge: false + success_nodes: + - prwmw2 + - identifier: prwmw2 + workflow_job_template: ParameterizedRecursiveWorkflowsMainWorkflow + unified_job_template: ParameterizedWorkflow2 + organization: Recursive Workflows + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + extra_vars: + param2: world from Main + survey_enabled: false + - name: ParameterizedWorkflow1 + description: !unsafe + organization: Recursive Workflows + simplified_workflow_nodes: + - identifier: ParameterizedWorflow1Node1 + workflow_job_template: ParameterizedWorkflow1 + unified_job_template: Parameterized Job Template + organization: Recursive Workflows + all_parents_must_converge: false + extra_data: + param2: World + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + - name: RecursiveWorkflowsMainWorkflow + description: !unsafe + organization: Recursive Workflows + simplified_workflow_nodes: + - identifier: b0f1be76-649a-4a21-9e4b-c5ca652bda95 + workflow_job_template: RecursiveWorkflowsMainWorkflow + unified_job_template: RecursiveWorkflowsWorkflow2 + organization: Recursive Workflows + all_parents_must_converge: false + - identifier: 31df88f5-d6e4-45ec-b4fa-60bbe91b6600 + workflow_job_template: RecursiveWorkflowsMainWorkflow + unified_job_template: RecursiveWorkflowsWorkflow1 + organization: Recursive Workflows + all_parents_must_converge: false + success_nodes: + - b0f1be76-649a-4a21-9e4b-c5ca652bda95 + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + - name: RecursiveWorkflowsWorkflow2 + description: !unsafe + organization: Recursive Workflows + simplified_workflow_nodes: + - identifier: 8be3dc3e-64cc-473a-914c-28a23177ddce + workflow_job_template: RecursiveWorkflowsWorkflow2 + unified_job_template: Recursive Workflows Job Template + organization: Recursive Workflows + all_parents_must_converge: false + - identifier: 97783e98-f83b-4b07-9f6e-ca1ffc78af29 + workflow_job_template: RecursiveWorkflowsWorkflow2 + unified_job_template: Recursive Workflows Job Template + organization: Recursive Workflows + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + - name: RecursiveWorkflowsWorkflow1 + description: !unsafe + organization: Recursive Workflows + simplified_workflow_nodes: + - identifier: 8be3dc3e-64cc-473a-914c-28a23177ddce + workflow_job_template: RecursiveWorkflowsWorkflow1 + unified_job_template: Recursive Workflows Job Template + organization: Recursive Workflows + all_parents_must_converge: false + success_nodes: + - 97783e98-f83b-4b07-9f6e-ca1ffc78af29 + - identifier: 97783e98-f83b-4b07-9f6e-ca1ffc78af29 + workflow_job_template: RecursiveWorkflowsWorkflow1 + unified_job_template: Recursive Workflows Job Template + organization: Recursive Workflows + all_parents_must_converge: false + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + survey_enabled: false + - name: test_workflow + description: !unsafe + organization: tests/orgname + simplified_workflow_nodes: + - identifier: 527904ba-27bf-4532-8624-8c8fdfb2a568 + workflow_job_template: test_workflow + unified_job_template: Demo Job Template + organization: tests/orgname + all_parents_must_converge: false + extra_data: + test_issue39: b + test_multiplechoice: + - hola + - mundo + test_textarea: Hola\nMon + test_vars: !unsafe '{{ text_value }}' + test_multiselect_vars: + - !unsafe '{{ var_a }}' + - !unsafe '{{ var_b }}' + test_multiselect_vars2: + - !unsafe '{% if var_a == ''a'' %} A {% else %} B {% endif %}' + test_text: test_text + ask_variables_on_launch: false + allow_simultaneous: false + ask_limit_on_launch: false + ask_inventory_on_launch: false + extra_vars: + my_extra_var: + - this + - is + - a + - list + my_extra_complex_var: !unsafe '{{ my_extra_var[0] }}' + my_extra_ultra_complex_var: !unsafe '{% if my_extra_var | length > 3 %}LARGE{% else %}SMALL' + survey_enabled: false + survey_spec: + name: survey + description: survey + spec: + - max: 1024 + min: 0 + type: multiplechoice + choices: + - a + - b + - c + default: !unsafe b + required: true + variable: test_issue39 + new_question: false + question_name: !unsafe test issue39 + question_description: !unsafe 'please copy-paste here the job id. You''ll find a "JOBS / ########" it in the top-left area of job''s page: the #s are the job id.' + - max: 1024 + min: 0 + type: multiselect + choices: + - hola + - mundo + default: !unsafe |- + hola + mundo + required: true + variable: test_multiplechoice + new_question: false + question_name: !unsafe test multiplechoice + - max: 1024 + min: 0 + type: text + required: true + variable: test_text + new_question: false + question_name: !unsafe test_text + - max: 1024 + min: 0 + type: password + required: true + variable: test_pass + new_question: false + question_name: !unsafe test_pass + - max: 1024 + min: 0 + type: textarea + default: !unsafe |- + Hola + Mon + required: true + variable: test_textarea + new_question: true + question_name: !unsafe test textarea + - max: 1024 + min: 0 + type: text + default: !unsafe '{{ text_value }}' + required: true + variable: test_vars + new_question: false + question_name: !unsafe test_vars + - max: 1024 + min: 0 + type: multiselect + choices: + - !unsafe '{{ var_a }}' + - !unsafe '{{ var_b }}' + default: !unsafe |- + {{ var_a }} + {{ var_b }} + required: true + variable: test_multiselect_vars + new_question: true + question_name: !unsafe test_multiselect_vars + - max: 1024 + min: 0 + type: multiselect + choices: + - !unsafe '{% if var_a == ''a'' %} A {% else %} B {% endif %}' + default: !unsafe '{% if var_a == ''a'' %} A {% else %} B {% endif %}' + required: true + variable: test_multiselect_vars2 + new_question: true + question_name: !unsafe test_multiselect_vars2 +... diff --git a/tests/configs/upgrade_configs/aap_25/gateway_authenticator_maps.yaml b/tests/configs/upgrade_configs/aap_25/gateway_authenticator_maps.yaml new file mode 100644 index 000000000..20e456c7c --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/gateway_authenticator_maps.yaml @@ -0,0 +1,171 @@ +--- +gateway_authenticator_maps: + - name: administrators + authenticator: IDM LDAP + map_type: is_superuser + revoke: true + triggers: + groups: + has_and: + - cn=clusteradmins,cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + - name: Team1 + authenticator: IDM LDAP + map_type: team + role: Team Member + organization: Default + team: Team1 + revoke: true + triggers: + groups: + has_and: + - cn=team1,cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + - name: Team2 + authenticator: IDM LDAP + map_type: team + role: Team Member + organization: Default + team: Team2 + revoke: true + triggers: + groups: + has_and: + - cn=team2,cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + - name: Organization1 Admins + authenticator: IDM LDAP + map_type: organization + role: Organization Admin + organization: Organization1 + team: Organization1 + revoke: true + triggers: + groups: + has_and: + - cn=organization1admins,cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + - name: Organization2 Admins + authenticator: IDM LDAP + map_type: organization + role: Organization Admin + organization: Organization2 + team: Organization2 + revoke: true + triggers: + groups: + has_and: + - cn=organization2admins,cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + - name: Organization1 Members + authenticator: IDM LDAP + map_type: organization + role: Organization Member + organization: Organization1 + team: Organization1 + revoke: true + triggers: + groups: + has_and: + - cn=organization1,cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + - name: Organization2 Members + authenticator: IDM LDAP + map_type: organization + role: Organization Member + organization: Organization2 + team: Organization2 + revoke: true + triggers: + groups: + has_and: + - cn=organization2,cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + - name: Is Superuser + authenticator: RHSSO + map_type: is_superuser + revoke: true + triggers: + attributes: + member: + contains: /AAPAdmins + join_condition: or + - name: Is Auditor + authenticator: RHSSO + map_type: role + role: Platform Auditor + revoke: true + triggers: + attributes: + member: + contains: /AAPAuditors + join_condition: or + - name: Dummy + authenticator: RHSSO + map_type: team + role: Team Member + organization: Dummy + team: Dummy + revoke: true + triggers: + never: {} + - name: Default + authenticator: RHSSO + map_type: team + role: Team Member + organization: Default + team: Default + revoke: true + triggers: + groups: + has_and: + - arnold.schwarzenegger@example.net + - name: Systems Engineering + authenticator: RHSSO + map_type: team + role: Team Member + organization: Systems Engineering + team: Systems Engineering + revoke: true + triggers: + groups: + has_and: + - /^[^@]+?@example\\.net$/ + - name: Dummy Admins + authenticator: IDM LDAP + map_type: organization + role: Organization Admin + organization: Dummy + revoke: true + triggers: + always: {} + - name: Systems Engineering Admins + authenticator: IDM LDAP + map_type: organization + role: Organization Admin + organization: Systems Engineering + revoke: false + triggers: + groups: + has_and: + - arnold.schwarzenegger@example.net + - name: Dummy Members + authenticator: IDM LDAP + map_type: organization + role: Organization Member + organization: Dummy + revoke: true + triggers: + never: {} + - name: Default Members + authenticator: IDM LDAP + map_type: organization + role: Organization Member + organization: Default + revoke: true + triggers: + groups: + has_and: + - arnold.schwarzenegger@example.net + - name: Systems Engineering Members + authenticator: IDM LDAP + map_type: organization + role: Organization Member + organization: Systems Engineering + revoke: false + triggers: + always: {} +... diff --git a/tests/configs/upgrade_configs/aap_25/gateway_authenticators.yaml b/tests/configs/upgrade_configs/aap_25/gateway_authenticators.yaml new file mode 100644 index 000000000..c04d49e5a --- /dev/null +++ b/tests/configs/upgrade_configs/aap_25/gateway_authenticators.yaml @@ -0,0 +1,73 @@ +--- +gateway_authenticators: + - name: IDM LDAP + enabled: true + create_objects: true + remove_users: true + configuration: + BIND_DN: uid=admin,cn=users,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + BIND_PASSWORD: redhat00 + CONNECTION_OPTIONS: {} + GROUP_SEARCH: + - cn=groups,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + - SCOPE_SUBTREE + - (objectClass=groupofnames) + GROUP_TYPE: MemberDNGroupType + GROUP_TYPE_PARAMS: + name_attr: cn + member_attr: member + SERVER_URI: + - ldap://34.175.181.254:389 + START_TLS: "false" + USER_ATTR_MAP: + email: mail + last_name: sn + first_name: givenName + USER_DN_TEMPLATE: uid=%(user)s,cn=users,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + USER_SEARCH: + - cn=users,cn=accounts,dc=c,dc=openenv-6hrc4,dc=internal + - SCOPE_SUBTREE + - (cn=%(user)s) + type: ansible_base.authentication.authenticator_plugins.ldap + - name: RHSSO + enabled: true + create_objects: true + remove_users: false + configuration: + ADDITIONAL_UNVERIFIED_ARGS: + GET_ALL_EXTRA_DATA: true + CALLBACK_URL: 'TODO: THIS MUST BE AUTO-GENERATED BY THE AUTHENTICATOR AND UPDATED INTO THE IdP SERVER' + EXTRA_DATA: [] + IDP_ATTR_EMAIL: email + IDP_ATTR_FIRST_NAME: first_name + IDP_ATTR_LAST_NAME: last_name + IDP_ATTR_USERNAME: username + IDP_ATTR_USER_PERMANENT_ID: name_id + IDP_ENTITY_ID: https://aapsso.iam.lab:8443/auth/realms/aap + IDP_GROUPS: groups + IDP_URL: https://aapsso.iam.lab:8443/auth/realms/aap/protocol/saml + IDP_X509_CERT: '-----BEGIN CERTIFICATE----- MIIDtzCCAp+gAwIBAgIUC1kApqTujxI1TZMSbwihEG1SbEUwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCRVMxFDASBgNVBAgMC0Nhc3RlbGzDg8KzMQ0wCwYDVQQHDARPbmRhMRAwDgYDVQQKDAdpYW0ubGFiMQwwCgYDVQQLDANsYWIxFzAVBgNVBAMMDmFhcHNzby5pYW0ubGFiMB4XDTI1MDYwNjA3MDEzNVoXDTM1MDYwNDA3MDEzNVowazELMAkGA1UEBhMCRVMxFDASBgNVBAgMC0Nhc3RlbGzDg8KzMQ0wCwYDVQQHDARPbmRhMRAwDgYDVQQKDAdpYW0ubGFiMQwwCgYDVQQLDANsYWIxFzAVBgNVBAMMDmFhcHNzby5pYW0ubGFiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3N279zWZ4F5NqMcyfci8JFrKUHrw7LQI6Gf9OE5rq59grLggFl0nUd7oBEX9+v7alge0k3zQrtq4XgYtpbL3JeejOfXFUyDiNiL7iDKyYJ6XlTwsEccSbrCCorEsnyJ9JVcon26sKLvR1BHmFL3XgoRunJehflOPoPOuUoaIn4/5mIYa8VZ0/vG5oyDEYjW7EuzeBBl/j9XF3wfgDTBtWyBO7MxhvVQdYItL+0lrRQqM5+lbr1sMkBHbg0tPzdMZJHZOZ8NDPFdwZ50wOFeN+RUl6I1EehOmbhd+pfLjZQE21DNW8NSZKSK3hT99M86y6t/qfA5VlNzshy3RLafR9QIDAQABo1MwUTAdBgNVHQ4EFgQUb2Pa/ydOsOYcFfUc6pL76Haf09IwHwYDVR0jBBgwFoAUb2Pa/ydOsOYcFfUc6pL76Haf09IwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxT9JRVzRRHJszR+6C/EbcYfr/rohmRa7r52fr8s4s5VaV0rI1Jah9Xb9z+xDeE7EtUg4ccB9mXoBhgd162XK+gn3wEjOIV8yAcQLfePda8p7CJW4tKvmNGZxyyJDAQmDbrY9IVn480tjNSDmxtt5gVnOJtqyqzC5IBmCa0U3PURi+0B79mjITuTrOGDa3HnbfIMqG+EHAxoEn48HCRAiRjiwdCoisT2PMm1VZtJZzMuUh+KhQRFCJBPB8VocFt1hsOQN1ywvLowOOW4i7uop3TLRE8V7QE74P/7Nld9yJ4N6GnJTgvM/fyJ7HMeX5VUAZphztC31ncXvpK+p137sFA== -----END CERTIFICATE-----' + ORG_INFO: + en-US: + url: https://aapsso.iam.lab:8443 + name: RHSSO + displayname: RHSSO + SECURITY_CONFIG: + wantMessagesSigned: true + authnRequestsSigned: true + wantAssertionsSigned: true + requestedAuthnContext: false + SP_ENTITY_ID: https://aap24.iam.lab + SP_EXTRA: + sign_request: true + requestedAuthnContext: false + SP_PRIVATE_KEY: 'TODO: ' + SP_PUBLIC_CERT: '-----BEGIN CERTIFICATE----- MIICuTCCAaECBgGXRCJWBTANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVodHRwczovL2FhcDI1LmlhbS5sYWIwHhcNMjUwNjA2MDcyNDUwWhcNMzUwNjA2MDcyNjMwWjAgMR4wHAYDVQQDDBVodHRwczovL2FhcDI1LmlhbS5sYWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMHrQ3jOPsLOG9VBPb3AW84yH+gl+KqIEJwrs1JHGVdasP3+HhABVCjl4IGo7FEuDyERycM4CfdBbhAjL7Yzw1Wt4u9UD8ZhEiGWcn76Zk8QrodKRVTOqUd6hnI1pBrgKoRbQKspaBhCSK7QUv22MQoZozragis9sthzg5tRZZow+twH8hOUrgPGaNUoDZ0On2hYZDMztsIJ5Bswvdfq/yvzMtuBbmzMZU8Gi+C5WLDj78d1rxX/xbO7TR+Wo7s9gDy01IlgQVH40KEFD+W/O2BU28aDLRVx1RVb7IsW7av6sHGxqXp8O465tqr35Kly3n4RwgKtJAYCGyjQWVBUkRAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFrmWowYbcwAb/Wa63kWPolpglkiN129T3CEepOy3wf0Bz4JLAveFaQQUYQWaUA0GVHEY1dXFGf7Z3aXcVT2jqpvp8+qc84ihIWL9UUMGTQk9qgJkDT2/RL/87kT+qhdS7ORDAmYRkqwwZ7LEy9JmLexTrSjqCDKXeabR08PRBcxr7g9cJNlk5TLX6yvYrKP3r2hvPqaa3JwMpIiHbtlrszvD+Xrjn35I2mEir0EvNdYru/42ZONBMhVHgwpRontVf6pM7U6JWC69kUC80b3AkKgDcjG1PqjwOombgRq4rywQXUEVJGBZAsjQYieRwqw3hQR5jy8xUEgRcSRxRvigM0= -----END CERTIFICATE-----' + SUPPORT_CONTACT: + givenName: Arnold Schwarzenegger + emailAddress: arnold.schwarzenegger@example.net + TECHNICAL_CONTACT: + givenName: Arnold Schwarzenegger + emailAddress: arnold.schwarzenegger@example.net + type: ansible_base.authentication.authenticator_plugins.saml +...