search

ansible / awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
Other
13.5k stars 3.34k forks source link

Allow Kubernetes credentials on SCM inventories #15165

Open David-Igou opened 2 weeks ago

David-Igou commented 2 weeks ago

Please confirm the following

Feature type

Enhancement to Existing Feature

Feature Summary

I am working with a usecase involving the kubevirt dynamic inventory plugin, which requires Kuberentes credentials be injected into the inventory sync, AWX does not allow the "Openshift/Kubernetes token" default credential type to be attached to inventories. The current workaround is to create a custom credential with the same behavior as the default one, which will be allowed, but feels quite silly.

Select the relevant components

Steps to reproduce

Create a SCM based inventory that leveraged an inventory plugin which requires to authenticate to a kubernetes API, ie kubevirt.core

Current results

User is unable to attach k8s token credentials

Sugested feature result

Users will have a consistent experience leveraging this inventory and not have to create a custom credential that is identical in behavior to a preexisting one because they arbitrarily cannot attach the default one to inventories

Additional information

With as many inventory plugins as we see present now, I don't really see a point in limiting what credential types can be attached to scm inventory sources at all.

TheRealHaoLiu commented 2 weeks ago

agree, I did something similar before and had to create a custom credential type.

TheRealHaoLiu commented 3 days ago

https://github.com/ansible/awx/blob/devel/awx/main/models/credential/__init__.py/#L1098-L1132 this is where the kubernetes credenetial type is defined

adding injector to this should work

contribution welcome, marking this issue as good first issue

TheRealHaoLiu commented 3 days ago

dug a bit further... kuberentes credential type already has injector and usable in job template... fantastic

as for inventory source (type SCM) the UI explicitly query /api/v2/credentials/?credential_type__kind=cloud...

reclassifying kubernetes credential from kubernetes to "cloud" would allow us to use kubernetes credential to be use in inventory source...

but im not sure if that's the right way to do this... @chrismeyersfsu @AlanCoding thoughts?