Merge branch 'main' into AAP-15000_trim_docker_image

ansible · Dec 12, 2023 · 7a1808b · 7a1808b
2 parents 3dbdf77 + a028493
commit 7a1808b
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,7 @@
 ### Added
 - ssl_verify option now also supports "true" or "false" values
 - Support for standalone boolean in conditions
+- Add basic auth to controller
 
 ### Fixed
 

diff --git a/ansible_rulebook/cli.py b/ansible_rulebook/cli.py
@@ -130,6 +130,18 @@ def get_parser() -> argparse.ArgumentParser:
         "via env var EDA_CONTROLLER_TOKEN",
         default=os.environ.get("EDA_CONTROLLER_TOKEN", ""),
     )
+    parser.add_argument(
+        "--controller-username",
+        help="Controller API authentication username, can also be passed "
+        "via env var EDA_CONTROLLER_USERNAME",
+        default=os.environ.get("EDA_CONTROLLER_USERNAME", ""),
+    )
+    parser.add_argument(
+        "--controller-password",
+        help="Controller API authentication password, can also be passed "
+        "via env var EDA_CONTROLLER_PASSWORD",
+        default=os.environ.get("EDA_CONTROLLER_PASSWORD", ""),
+    )
     parser.add_argument(
         "--controller-ssl-verify",
         help="How to verify SSL when connecting to the "
@@ -234,13 +246,20 @@ def main(args: List[str] = None) -> int:
     validate_args(args)
 
     if args.controller_url:
+        job_template_runner.host = args.controller_url
+        if args.controller_ssl_verify:
+            job_template_runner.verify_ssl = args.controller_ssl_verify
+
         if args.controller_token:
-            job_template_runner.host = args.controller_url
             job_template_runner.token = args.controller_token
-            if args.controller_ssl_verify:
-                job_template_runner.verify_ssl = args.controller_ssl_verify
+        elif args.controller_username and args.controller_password:
+            job_template_runner.username = args.controller_username
+            job_template_runner.password = args.controller_password
         else:
-            print("Error: controller_token is required")
+            print(
+                "Error: controller_token or",
+                "controller_username and controller_password is required",
+            )
             return 1
 
     if args.id:

diff --git a/ansible_rulebook/job_template_runner.py b/ansible_rulebook/job_template_runner.py
@@ -39,10 +39,17 @@ class JobTemplateRunner:
     JOB_COMPLETION_STATUSES = ["successful", "failed", "error", "canceled"]
 
     def __init__(
-        self, host: str = "", token: str = "", verify_ssl: str = "yes"
+        self,
+        host: str = "",
+        token: str = "",
+        username: str = "",
+        password: str = "",
+        verify_ssl: str = "yes",
     ):
         self.token = token
         self.host = host
+        self.username = username
+        self.password = password
         self.verify_ssl = verify_ssl
         self.refresh_delay = float(
             os.environ.get("EDA_JOB_TEMPLATE_REFRESH_DELAY", 10.0)
@@ -59,6 +66,7 @@ def _create_session(self):
             self._session = aiohttp.ClientSession(
                 connector=aiohttp.TCPConnector(limit=limit),
                 headers=self._auth_headers(),
+                auth=self._basic_auth(),
                 raise_for_status=True,
             )
 
@@ -79,7 +87,14 @@ async def get_config(self) -> dict:
         return await self._get_page(self.CONFIG_SLUG, {})
 
     def _auth_headers(self) -> dict:
-        return dict(Authorization=f"Bearer {self.token}")
+        if self.token:
+            return dict(Authorization=f"Bearer {self.token}")
+
+    def _basic_auth(self) -> aiohttp.BasicAuth:
+        if self.username and self.password:
+            return aiohttp.BasicAuth(
+                login=self.username, password=self.password
+            )
 
     @cached_property
     def _sslcontext(self) -> Union[bool, ssl.SSLContext]:

diff --git a/docs/actions.rst b/docs/actions.rst
@@ -121,7 +121,7 @@ run_job_template
 Run a job template.
 
 .. note::
-    ``--controller-url`` and ``--controller-token`` cmd options must be provided to use this action
+    ``--controller-url`` and either ``--controller-token`` or ``--controller-username`` and ``--controller-password`` cmd options must be provided to use this action
 
     In order to access event information under the ``ansible_eda`` namespace, be sure to check the box for "Prompt on launch" for the Variables field within the job template. Alternatively, a survey can be created that includes the variable ``ansible_eda``. Similarly, if you plan to limit host execution based on event information, enable "Prompt on launch" for the Limit field within the job template.
 
@@ -173,7 +173,7 @@ run_workflow_template
 Run a workflow template.
 
 .. note::
-    ``--controller-url`` and ``--controller-token`` cmd options must be provided to use this action
+    ``--controller-url`` and either ``--controller-token`` or ``--controller-username`` and ``--controller-password`` cmd options must be provided to use this action
 
 .. note::
     You can define the environment variable ``EDA_CONTROLLER_CONNECTION_LIMIT`` to limit the number of concurrent connections to the controller. The default is 30.