[pull] devel from ansible:devel#572
Open
pull[bot] wants to merge 2113 commits into
Open
Conversation
settings.SUBSCRIPTIONS_USERNAME and settings.SUBSCRIPTIONS_CLIENT_ID should be mutually exclusive. This is because the POST to api/v2/config/attach/ accepts only a subscription_id, and infers which credentials to use based on settings. If both are set, it is ambiguous and can lead to unexpected 400s when attempting to attach a license. Signed-off-by: Seth Foster <[email protected]>
* added sonar config file and started cleaning up * we do not place the report at the root of the repo * limit scope to only the awx directory and its contents * update exclusions for things in awx/ that we don't want covered
Removed 'UI' from the list of component names in the PR template.
* prometheus-client returns an additional value as of v.0.22.0 * add license, remove outdated ones, add new embedded sources * update requirements and UPGRADE BLOCKERs in README
…6093) * Requirements POC docs from Claude Code eval * Removed unnecessary reference. * Excluded custom DRF configurations per @AlanCoding * Implement review changes from @chrismeyersfsu --------- Co-authored-by: Peter Braun <[email protected]>
Moved the AddField operation before the RunPython operations for 'rename_jts' and 'rename_projects' in migration 0200_template_name_constraint.py. This ensures the new 'org_unique' field exists before related data migrations are executed. Fix ``` django.db.utils.ProgrammingError: column main_unifiedjobtemplate.org_unique does not exist ``` while applying migration 0200_template_name_constraint.py when there's a job template or poject with duplicate name in the same org
* add new file to separate out the schema check so that it is no longer part of CI check and won't cacuse the whole workflow to fail * remove old API schema check from ci.yml
* actually upload PR coverage reports and inject PR number if report is generated from a PR * upload general report of devel on merge and make things kinda pretty
Bump receptor collection version to 2.0.6
* Fix CI: Use Python 3.13 for ansible-test compatibility ansible-test only supports Python 3.11, 3.12, and 3.13. Changed collection-integration jobs from '3.x' to '3.13' to avoid using Python 3.14 which is not supported. * Fix ansible-test Python version for CI integration tests ansible-test only supports Python 3.11, 3.12, and 3.13. Added ANSIBLE_TEST_PYTHON_VERSION variable to explicitly pass --python 3.13 flag to ansible-test integration command. This prevents ansible-test from auto-detecting and using Python 3.14.0, which is not supported. * Fix CI: Execute ansible-test with Python 3.13 to avoid unsupported Python 3.14 * Fix CI: Use Python 3.13 across all jobs to avoid Python 3.14 compatibility issues * Fix CI: Use 'python' and 'ansible.test' module for Python 3.13 compatibility * Fix CI: Use 'python' instead of 'python3' for Python 3.13 compatibility * Fix CI: Ensure ansible-test uses Python 3.13 environment explicitly * Fix: Remove silent failure check for ansible-core in test suite * Fix CI: Export PYTHONPATH to make awxkit available to ansible-test * Fix CI: Use 'python' in run_awx_devel to maintain Python 3.13 environment * Fix CI: Remove setup-python from awx_devel_image that was resetting Python 3.13 to 3.14
* AAP-45927 Add drf-spectacular - Remove drf-yasg - Add drf-spectacular * move SPECTACULAR_SETTINGS from development_defaults.py to defaults.py * move SPECTACULAR_SETTINGS from development_defaults.py to defaults.py * Fix swagger tests: enable schema endpoints in all modes Schema endpoints were restricted to development mode, causing test_swagger_generation.py to fail. Made schema URLs available in all modes and fixed deprecated Django warning filters in pytest.ini. * remove swagger from Makefile * remove swagger from Makefile * change docker-compose-build-swagger to docker-compose-build-schema * remove MODE * remove unused import * Update genschema to use drf-spectacular with awx-link dependency - Add awx-link as dependency for genschema targets to ensure package metadata exists - Remove --validate --fail-on-warn flags (schema needs improvements first) - Add genschema-yaml target for YAML output - Add schema.yaml to .gitignore * Fix detect-schema-change to not fail on schema differences Add '-' prefix to diff command so Make ignores its exit status. diff returns exit code 1 when files differ, which is expected behavior for schema change detection, not an error. * Truncate schema diff summary to stay under GitHub's 1MB limit Limit schema diff output in job summary to first 1000 lines to avoid exceeding GitHub's 1MB step summary size limit. Add message indicating when diff is truncated and direct users to job logs or artifacts for full output. * readd MODE * add drf-spectacular to requirements.in and the requirements.txt generated from the script * Add drf-spectacular BSD license file Required for test_python_licenses test to pass now that drf-spectacular is in requirements.txt. * add licenses * Add comprehensive unit tests for CustomAutoSchema Adds 15 unit tests for awx/api/schema.py to improve SonarCloud test coverage. Tests cover all code paths in CustomAutoSchema including: - get_tags() method with various scenarios (swagger_topic, serializer Meta.model, view.model, exception handling, fallbacks, warnings) - is_deprecated() method with different view configurations - Edge cases and priority ordering All tests passing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]> * remove unused imports --------- Co-authored-by: Claude <[email protected]>
* Change Swagger UI endpoint from /api/swagger/ to /api/docs/ - Update URL pattern to use /docs/ instead of /swagger/ - Update API root response to show 'docs' key instead of 'swagger' - Add authentication requirement for schema documentation endpoints - Update contact email to [email protected] The schema endpoints (/api/docs/, /api/schema/, /api/redoc/) now require authentication to prevent unauthorized access to API documentation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]> * Require authentication for all schema endpoints including /api/schema/ Create custom view classes that enforce authentication for all schema endpoints to prevent inconsistent access control where UI views required authentication but the raw schema endpoint remained publicly accessible. This ensures all schema endpoints (/api/schema/, /api/docs/, /api/redoc/) consistently require authentication. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]> * Add unit tests for authenticated schema view classes Add test coverage for the new AuthenticatedSpectacular* view classes to ensure they properly require authentication. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]> * remove unused import --------- Co-authored-by: Claude <[email protected]>
Modify the invocation of @task_awx to accept timeout and on_duplicate keyword arguments. These arguments are only used in the new dispatcher implementation. Add decorator params: - timeout - on_duplicate to tasks to ensure better recovery for stuck or long-running processes. --------- Signed-off-by: Seth Foster <[email protected]>
* add force flag to refspec * Development of git --amend test * Update awx/main/tests/live/tests/conftest.py Co-authored-by: Alan Rominger <[email protected]> --------- Co-authored-by: AlanCoding <[email protected]>
…#15463) * Move PG version check to check_db command Move to utils, check in pre_migrate signal * Add back in environment var skip * Add tests for compliance tests Assisted-By: claude
…6477) Co-authored-by: Stevenson Michel <[email protected]>
* AAP-65883: Refactor clear_setting_cache to use DAB shared utility Delegate cache invalidation logic to ansible_base.lib.cache.tasks.clear_cache, passing AWX-specific dependent key resolution (settings_registry) and post-invalidation hook (LOG_AGGREGATOR_LEVEL reconfiguration) as callbacks. Requires: ansible/django-ansible-base AAP-65883/dab-cache-invalidation-job Assisted-by: Claude Code / Opus 4.6 (Anthropic) * AAP-65883: Extract helper functions to module level Move _resolve_setting_dependents and _post_setting_invalidation out of clear_setting_cache for better stack traces and independent testability per review feedback (John Westcott). Assisted-by: Claude Code / Opus 4.6 (Anthropic)
Move plugin loading to lazy-on-first-access, DB sync to dispatcher Remove credential type and inventory plugin loading from Django's app.ready() path. In-memory registries (ManagedCredentialType.registry and InventorySourceOptions.injectors) are now populated lazily on first access via LazyLoadDict, a dict subclass that calls a loader function on the first read operation. This ensures web workers, dispatcher workers, and management commands all get the registries populated exactly when needed, without eager loading at startup. The DB sync (CredentialType.setup_tower_managed_defaults) is moved to the dispatcher's startup task, where it only needs to run once per deployment rather than in every Django process. Co-Authored-By: Alan Rominger <[email protected]> Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
The aap_token parameter was added to the collection argspec and docs in #16025, but nothing consumed it after token auth was removed in #15623: modules silently ignored the token and fell back to basic auth, breaking token authentication through the AAP gateway. Wire it up so requests authenticate with the provided token (e.g. one issued by the AAP gateway, which validates it and proxies to the controller): - Send "Authorization: Bearer <token>" in make_request when aap_token is set, skipping the basic-auth login probe; basic auth is unchanged when no token is given - Accept the token as a string or as the dict set as a fact by the ansible.platform.token module ({token: ..., id: ...}), which is the documented cross-collection mint/use/delete workflow - Restore controller_oauthtoken and tower_oauthtoken as aliases for back-compat with pre-#15623 playbooks, matching downstream - Forward aap_token through the controller_api lookup and controller inventory plugins via short_params, and add the missing CONTROLLER_OAUTH_TOKEN/TOWER_OAUTH_TOKEN env sources to the plugin doc fragment (plugins resolve env vars from doc fragments, not env_fallback); AAP_TOKEN is no longer marked deprecated there - Support tokens in the awxkit-based export/import modules - Add unit tests covering the Bearer header for both token forms, the aliases, the bad-dict failure, and the basic-auth fallback Verified end-to-end against a live gateway-fronted AAP 2.7 deployment: modules, the lookup plugin, both aliases, all env sources, dict-form tokens, job launch/wait, and a clean HTTP 401 on an invalid token. Co-Authored-By: Claude Fable 5 <[email protected]>
…16500) * Restore oauth_token backward compatibility for collection token auth The aap_token rename (c8981e3) restored module-level token auth but left two interfaces from earlier collection releases broken: - The lookup (controller_api) and inventory (controller) plugins previously declared an oauth_token option. Add oauth_token as an alias of aap_token in the auth_plugin doc fragment and in AUTH_ARGSPEC so query(..., oauth_token=...) and inventory YAML keys keep working. - tower_cli.cfg-style config files used an oauth_token key under [general]; it was silently ignored after the rename, quietly degrading auth. load_config() now also reads the legacy oauth_token key and maps it to aap_token, with the new aap_token key winning when both are present. aap_token remains the canonical attribute used by _parse_aap_token() and the Bearer header logic. Also make the test helper compatible with ansible-core 2.21+, which requires a serialization profile alongside _ANSIBLE_ARGS, and extend the tests to cover the oauth_token alias and legacy config file key. No changelog fragment added: awx_collection has no changelogs/ directory on devel. Co-Authored-By: Claude Opus 4.8 <[email protected]> * Document oauth_token alias in module auth doc fragment The oauth_token alias was added to aap_token in AUTH_ARGSPEC but not to the module doc fragment, failing the validate-modules sanity check (undocumented argument alias). Co-Authored-By: Claude Opus 4.8 <[email protected]> * Generalize version references in compat comments Co-Authored-By: Claude Opus 4.8 <[email protected]> --------- Co-authored-by: Claude Opus 4.8 <[email protected]>
fix: resolve SonarCloud security rating C (AAP-79142) Replace regex-based substring checks with plain `in` operator in awxkit page.py to eliminate ReDoS vulnerability (python:S5852). Remove stray empty Pipfile that triggered missing lockfile warning (text:S8565). Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
feat: inject x-ai-description from overlay file during schema generation Many endpoints have human-readable AI descriptions that were added downstream in aap-mcp-server (PRs #73 and #119) but never backported as @extend_schema_if_available decorators. This causes 470 out of 631 x-ai-description entries to be lost every time the spec is regenerated. Add a JSON overlay file (openapi_ai_descriptions.json) containing the missing descriptions keyed by operationId, and a drf-spectacular postprocessing hook that merges them into the generated schema for any operation that doesn't already have x-ai-description from a decorator. Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
The aap-openapi-specs repo requires commit signatures via org ruleset. Switch from git commit+push to the GitHub Git Data API which automatically signs commits, satisfying the required_signatures rule. Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
* [AAP-78392] Optimize HostManager.active_count() with cache and functional index active_count() runs a full sequential scan with LOWER()+DISTINCT on main_host for every license check. At customer scale this consumed 74.5 minutes of DB time over 4 hours (47K calls at 93ms avg). Add a 60-second Redis-backed cache via the existing memoize decorator to reduce call volume by ~99.5%. Add a functional btree index on LOWER(name) to eliminate the sequential scan for the remaining calls. * Use AddIndexConcurrently instead of AddIndex in the migration for host name lower index * Revert AddIndexConcurrently to AddIndex for CI compatibility The api-migrations CI job runs against SQLite which does not support PostgreSQL-specific AddIndexConcurrently. Standard AddIndex works across all backends and the brief write lock during production upgrades is acceptable for this table size. * Remove functional index, keep cache-only fix per reviewer feedback Drop the LOWER(name) functional index and migration to minimize the change footprint. ---- Co-authored-by: Claude Opus 4.6 <[email protected]>
…eries (#16501) * Fix cartesian product in organization user/admin count queries The organizations list and detail endpoints annotated each org with user and admin counts using two Count() calls that traverse the Role.members M2M. Django generated two LEFT JOINs on the same through table, crossing every member row with every admin row before COUNT(DISTINCT) reduced the product. At scale (2,617 members × 46,233 admins) this produced 120M intermediate rows and 96-second query times, causing 504 timeouts. Replace with independent Subquery expressions that each query main_rbac_roles_members separately - no cross product. Fixes: AAP-72817 Fixes: AAP-72480 * Fix variable names which do not meet coding standards * Fix formatting inconsistency in organization detail subquery annotation Break the long .annotate() line across multiple lines to match the style used in mixin.py. * Rewrite org count subqueries to use DAB RBAC models Replace old RBAC Role.members.through subqueries with RoleUserAssignment-based correlated subqueries, querying managed RoleDefinitions ('Organization Member' / 'Organization Admin') directly. This aligns with the DAB RBAC migration direction and eliminates dependency on the deprecated ImplicitRoleField M2M tables for these counts. Update test fixtures to use RoleDefinition.give_permission() and add setup_managed_roles where needed. * Fix collection tests: set up managed role definitions The DAB RBAC migration to use RoleUserAssignment subqueries in organization views requires managed role definitions (Organization Member, Organization Admin) to exist in the test database. Add an autouse fixture to the collection test conftest that calls setup_managed_role_definitions() before each test. * Add setup_managed_roles fixture to functional tests hitting org views Tests that hit organization list/detail views now require the setup_managed_roles fixture to pre-create the Organization Member and Organization Admin RoleDefinition objects used by the DAB RBAC subqueries. * Revert setup_managed_roles from ext_auditor tests The setup_managed_roles fixture conflicts with the ext_auditor_rd fixture by deleting the Alien Auditor role definition. These tests don't need it — the defensive view code handles missing role definitions gracefully. * Handle missing Organization Member/Admin role definitions gracefully Use filter().first() instead of get() for RoleDefinition lookups in organization list and detail views. Returns 0 for user/admin counts when role definitions are not yet created, preventing 500 errors in environments where post_migrate signals haven't run. * Cast OuterRef('pk') to TextField for RoleUserAssignment.object_id comparison RoleUserAssignment.object_id is a TextField, but OuterRef('pk') on Organization produces an integer. PostgreSQL strictly rejects text = integer comparisons. Use Cast() to explicitly convert the PK to text. --------- Co-authored-by: Claude Opus 4.6 <[email protected]>
…or cpu and memory values set to 0. (#16499) Updating the remediation condition on line 636 to check for cpu and memory values set to 0.
Signed-off-by: Ryan Williams <[email protected]> Co-authored-by: Claude Sonnet 4.6 (1M context) <[email protected]>
…16510) fix: use GPG-signed commits in spec sync workflow Switch from unsigned GitHub API commits to GPG-signed git commits using the aap-api-bot GPG key (OPENAPI_SPEC_SYNC_GPG_PRIVATE_KEY). The aap-openapi-specs repo requires signed commits via org ruleset. The previous API-based approach didn't sign commits because GitHub only auto-signs API commits for GitHub App tokens, not user PATs. This matches the pattern used by EDA and Gateway teams for their spec sync workflows. Also fixes template injection risk by using env vars instead of direct ${{ }} expansion in shell context. Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
…plate.accessible_pk_qs() (#16513) * Use _actor_role_filter() in UnifiedJobTemplate.accessible_pk_qs() Replace `role__in=accessor.has_roles.all()` with the optimized `_actor_role_filter()` subquery pattern from django-ansible-base. The old pattern causes a 3-table JOIN through RoleUserAssignment -> ObjectRole -> RoleEvaluation on every non-superuser request. _actor_role_filter() skips the ObjectRole table entirely by using a direct subquery on RoleUserAssignment.object_role_id, eliminating the intermediate JOIN and reducing query time for /api/v2/unified_jobs/ requests by non-superusers.
…API response (#16512) * feat(analytics): ANSTRAT-2268 log request_id, account_number, org_id from ingress API response Log the ingress API success response fields (request_id, account_number, org_id) in the controller task log when gather_analytics tarballs are uploaded. This enables support engineers to trace uploads through to Kibana without source code modifications. * style(analytics): use f-strings in _log_shipping_response to match codebase conventions * style(analytics): fix black formatting in test assertions
…16511) Instances reporting cpu=0 or memory=0 with no errors would be transitioned to READY state. Treat zero cpu/memory as an error so the node stays offline until a valid health check is received. Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
* Fix: handle cursor-paginated API responses in get_one() DAB PR #1025 switched role_team_assignments and role_user_assignments endpoints from PageNumberPagination to CursorPagination. Cursor pagination returns {results, next, previous} without a count field, causing get_one() to fail with "The endpoint did not provide count and results". When the response includes results but no count, infer count from len(results). Also guard get_all_endpoint() against missing count.
…16520) Forward-port of ansible/tower#7537 for the devel branch. When running awxkit's tox tests, pytest picks up the root pytest.ini which pulls in pytest-django options (--reuse-db, --nomigrations, DJANGO_SETTINGS_MODULE) and Django-specific filterwarnings. Since the awxkit tox environment does not install Django or pytest-django, these cause test collection to fail. The root cause is that pytest.ini has absolute priority in pytest's config discovery — it searches all ancestor directories for pytest.ini before falling back to tox.ini's [pytest] section. A [pytest] section in awxkit/tox.ini alone cannot prevent the root config from being used. Fix by: - Adding awxkit/pytest.ini to act as the primary config boundary (pytest.ini has the highest priority in config discovery, so its presence in awxkit/ stops the upward search before reaching root) - Adding explicit `test` path argument to the pytest command in awxkit/tox.ini so pytest discovers tests correctly - Adding `testpaths` and `python_files` to the [pytest] section in awxkit/tox.ini as a secondary config boundary - Adding awxkit/conftest.py that registers the Django-specific CLI options and INI keys as harmless no-ops, as a further safety net Co-authored-by: Claude Opus 4.6 <[email protected]>
…te filepath (#16516) * Fix SonarCloud security rating by removing user-controlled data from sqlite filepath Replace os.path.basename(sys.argv[0]) with a hardcoded 'unknown' fallback in RecordedQueryLog.write() to eliminate path injection via CLI arguments. This resolves SonarCloud rule pythonsecurity:S8706 and helps restore the AWX security rating from C to A. Closes: AAP-80006 Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * Remove unused sys import from test_db.py Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> --------- Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
…dle (#16522) * Refactor result_stdout_raw_handle to use parameterized COPY SQL. Replace f-string SQL construction with psycopg.sql composables and bound parameters so security scans no longer flag formatted raw SQL in the unified jobs stdout path. Fix sqlite_copy mock rendering for psycopg3 SQL composables. * Fix sqlite_copy mock without psycopg SQL internals. Load stdout from the first populated event table instead of rendering psycopg composables, which use version-specific private attributes. * Use sql.Literal in COPY query for Django cursor.copy compatibility. Django's cursor.copy() does not forward bind parameters to psycopg, which caused stdout API 500s against real PostgreSQL.
) * AAP-81082 Eliminate LEFT OUTER JOINs in unified job RBAC query UnifiedJobAccess.filtered_queryset() used field-traversal Q objects (inventoryupdate__inventory_source__inventory__id__in=...) which Django translates into LEFT OUTER JOINs. This forces PostgreSQL to scan all rows in main_unifiedjob before filtering — at scale, 99.84% are discarded. Replace with pk__in subqueries that generate IN (SELECT ...) instead, allowing PostgreSQL to skip the unconditional join. EXPLAIN ANALYZE shows a 28% reduction in execution time (496ms -> 355ms), with larger gains expected under concurrent load. * AAP-81082 Eliminate LEFT OUTER JOINs in RBAC filtered_queryset methods Replace field-traversal Q objects with pk__in subqueries across all Access classes that query polymorphic or M2M tables, preventing Django from generating unconditional LEFT OUTER JOINs. Also migrate legacy _accessible_pk_qs / accessible_pk_qs calls to DAB RBAC access_ids_qs. Affected: UnifiedJobAccess, UnifiedJobTemplateAccess, JobAccess, JobEventAccess, LabelAccess. * Fix docstring
#16531) Replace hardcoded credentials in subscriptions module examples The EXAMPLES block contained values that looked like real client credentials. Replace them with obvious placeholders and add a username/password example. Co-authored-by: Claude Opus 4.6 <[email protected]>
…ostSummary (#16530) AAP-81517 — Optimize HostList API: conditional DISTINCT + composite index Make .distinct() conditional on host_filter being set — without it the RBAC IN subquery on a direct FK cannot produce duplicates, so DISTINCT is pure overhead. Add composite index (host_id, id DESC) on main_jobhostsummary so the with_latest_summary_id() correlated subquery can use an index-only top-1 scan instead of scanning and sorting. Co-authored-by: Claude Opus 4.6 <[email protected]>
The awx-operator molecule kind test intermittently times out after 15 minutes on GitHub Actions runners, causing flaky CI failures. Bump the bash-level timeout from 15m to 20m (step-level timeout-minutes: 60 is unchanged). Closes: AAP-81583 Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
…16533) * AAP-81860 — Eliminate LEFT OUTER JOINs in ActivityStream RBAC query ActivityStreamAccess.filtered_queryset() used field-traversal Q objects (e.g. Q(host__inventory__in=...)) across 18 M2M relationships, which Django translates into LEFT OUTER JOINs. This forces PostgreSQL to join all intermediary tables before filtering, making it the #2 DB consumer at 483s in a 10-minute Scale Lab window. Replace all M2M field traversals with pk__in subqueries using .through intermediary tables, following the same pattern proven in AAP-81082 (28% improvement for unified job RBAC). This changes the SQL from LEFT OUTER JOIN to IN (SELECT ...) semi-joins, allowing PostgreSQL to skip the unconditional joins. Also: - Remove .distinct() (no longer needed without M2M JOINs) - Remove unnecessary if-truthy checks that evaluated subqueries as boolean before including them (5 extra DB roundtrips per request) - Migrate accessible_pk_qs(user, 'read_role') to access_ids_qs(user, 'view') for direct DAB RBAC API usage * Use .exists() instead of queryset truth-test for auditing_orgs guard Avoids evaluating the full queryset when checking whether the user has auditing orgs — .exists() issues a cheaper SELECT 1 … LIMIT 1 instead. * Restore .exists() guards for resource-type Q branches Re-add conditional guards around inventory, credential, project, job template, workflow job template, and team Q branches. Uses .exists() (cheap SELECT 1 LIMIT 1) instead of the old queryset truth-test to avoid unnecessary query evaluation while still preventing generation of an overly complex query when the user has no access to a given resource type. --------- Co-authored-by: Claude Opus 4.6 <[email protected]>
#16461) feat: add exclude query parameter to unified_jobs and jobs list endpoints Allow clients to exclude heavy fields (artifacts, extra_vars) from list responses via ?exclude=artifacts,extra_vars. These fields are now included by default instead of being stripped. Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]>
…target crede… (#16523) Fix credential_input_source to handle state: absent when target credential is missing The credential_input_source module would error when trying to delete a credential input source (state: absent) if the target credential didn't exist. This breaks idempotent playbook runs where cleanup tasks assume resources may already be gone. The fix only applies to state: absent; state: present still correctly fails when the target credential doesn't exist. Co-authored-by: Liam Allen <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )