Need help to change CORS policy in AWX 20.0.1

[Alex Rivera]

Hello everyone, 

I just noticed a service that invokes the AWX API from another website is not working because of AWX's CORS policies.

Back there in version 15x I was using Docker and just updated this file under /etc/tower in the awx-web container:

settings.py

and added these lines:

MIDDLEWARE = ['corsheaders.middleware.CorsMiddleware'] + MIDDLEWARE
CORS_ORIGIN_ALLOW_ALL = True

Reboot the containers and that's it

But now with the Kubernetes deployment I have no idea how to customize this awx-web container, it just pulls it from quay.io as I can see in the configuration.

I'm using a custom Execution Environment that I've built with the ansible-builder, but idk if there's a similar tool for web container.

Do I need to modify the https://quay.io/repository/ansible/awx image? And if so, how do I make the operator use my own image?

I'm guessing through the awx.yml?

Something like this? has anyone tried this?

  web_images:
    - image: quay.io/<username>/<custom-awx-image:tag>
  

Any help is appreciated.

Thanks in advance!

Regards

Alex

[Vincent Rubiolo]

Hi Alex,

For customizing settings.py, did you try https://github.com/ansible/awx-operator#extra-settings?

Concerning overriding the image used, I am not sure this is how to do it, esp. w.r.t the fact that the variable is underscore-prefixed, hence meaning an internal scope: https://github.com/ansible/awx-operator/blob/devel/roles/installer/defaults/main.yml#L127

Let us know how it goes,

Vincent

[Alex Rivera]

Hi Vincent, 

Thanks! that worked just for what I needed! I ended up modifying the AWX image but that's no longer needed and it wasn't working anyways because AWX ConfigMaps wasn't getting updated and /etc/tower/settings.py had the default values.

With what you mentioned it added the values I needed for the CORS policy.

Before I was getting this error:

"https://<url:port> has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requestes resource."

I just changed the spec in my awx.yaml

spec:

  extra_settings:
    - setting: MIDDLEWARE
      value: "['corsheaders.middleware.CorsMiddleware'] + MIDDLEWARE"
    - setting: CORS_ORIGIN_ALLOW_ALL
      value: "True"

kubectl deploy -f awx.yaml

and AWX ConfigMaps was updated in Kubernetes, I noticed the containers didn't update its settings.py even when the ConfigMaps was OK, I had to downscale deployment to 0 and back to 3 in my case so the changes were sent to the AWX containers.

Sent the REST API call again and now is working as intended.

Thank you!

Regards

Alex

[Alex Rivera]

Typo: the correct kubectl command used was:

kubectl apply -f awx.yaml

[Vincent Rubiolo]

Hi Alex,

Thanks for reporting back and taking the time to explain what you did, this will be useful to others as well!

On Wednesday, March 16, 2022 at 2:05:21 AM UTC+1 alex....@gmail.com wrote:

and AWX ConfigMaps was updated in Kubernetes, I noticed the containers didn't update its settings.py even when the ConfigMaps was OK, I had to downscale deployment to 0 and back to 3 in my case so the changes were sent to the AWX containers

Yes, that is expected I think. The custom settings in settings.py are injected at pod deployment time. After that, it will depend on what the AWX Custom Resource Definition/CRD associated controllers monitors. Some make it so that a change like yours is propagated automatically when the value changes; for others, the pod has to be redeployed manually/deployment scaled down and up accordingly.

Vincent