fix: invalid f-string and oidc url for insights plugin

jessicamack · Jan 20, 2025 · 46403e4 · 46403e4
1 parent 492c7a1
commit 46403e4
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 5 deletions.
diff --git a/awx/playbooks/action_plugins/insights.py b/awx/playbooks/action_plugins/insights.py
@@ -6,10 +6,11 @@
 import re
 
 import requests
-from urllib.parse import urljoin
 
 from ansible.plugins.action import ActionBase
 
+DEFAULT_OIDC_ENDPOINT = 'https://sso.redhat.com/auth/realms/redhat-external'
+
 
 class ActionModule(ActionBase):
     def save_playbook(self, proj_path, remediation, content):
@@ -36,7 +37,9 @@ def write_version(self, proj_path, etag):
             f.write(etag)
 
     def _obtain_auth_token(self, oidc_endpoint, client_id, client_secret):
-        main_url = urljoin(oidc_endpoint, '/.well-known/openid-configuration')
+        if oidc_endpoint.endswith('/'):
+            oidc_endpoint = oidc_endpoint.rstrip('/')
+        main_url = oidc_endpoint + '/.well-known/openid-configuration'
         response = requests.get(url=main_url, headers={'Accept': 'application/json'})
         data = {}
         if response.status_code != 200:
@@ -80,7 +83,7 @@ def run(self, tmp=None, task_vars=None):
         password = self._task.args.get('password', None)
         client_id = self._task.args.get('client_id', None)
         client_secret = self._task.args.get('client_secret', None)
-        oidc_endpoint = self._task.args.get('oidc_endpoint', None)
+        oidc_endpoint = self._task.args.get('oidc_endpoint', DEFAULT_OIDC_ENDPOINT)
 
         session.headers.update(
             {
@@ -95,7 +98,7 @@ def run(self, tmp=None, task_vars=None):
                 result['failed'] = data['failed']
                 result['msg'] = data['msg']
                 return result
-            session.headers.update({'Authorization': f'{result['token_type']} {result['token']}'})
+            session.headers.update({'Authorization': f'{data["token_type"]} {data["token"]}'})
         elif authentication == 'basic' or (username and password):
             session.auth = requests.auth.HTTPBasicAuth(username, password)
 

diff --git a/awx/playbooks/project_update.yml b/awx/playbooks/project_update.yml
@@ -21,7 +21,9 @@
 # gpg_pubkey: the GPG public key to use for validation, when enabled
 # client_id: Red Hat service account client ID; required for the 'service_account' authentication method used against the Insights API
 # client_secret: Red Hat service account client secret; required for the 'service_account' authentication method used against the Insights API
-# oidc_endpoint: OpenID Connect URL for 'service_account' authentication method.
+# authentication: The authentication method to use against the Insights API
+# client_id and client_secret are required for the 'service_account' authentication method
+# scm_username and scm_password are required for the 'basic' authentication method
 
 - hosts: localhost
   gather_facts: false