From 31c2e1a45084a9cd031c2d428e5cae9f6de48520 Mon Sep 17 00:00:00 2001
From: John Westcott IV <john.westcott.iv@redhat.com>
Date: Wed, 7 Dec 2022 14:09:36 -0500
Subject: [PATCH 1/7] Only allow promote and stage to run on the awx repo

---
 .github/workflows/promote.yml | 1 +
 .github/workflows/stage.yml   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml
index 820494d303..594b213e49 100644
--- a/.github/workflows/promote.yml
+++ b/.github/workflows/promote.yml
@@ -10,6 +10,7 @@ on:
 
 jobs:
   promote:
+    if: github.repository == 'ansible/awx'
     runs-on: ubuntu-latest
     steps:
       - name: Checkout awx
diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 042b6b7b0d..192f307d50 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -21,6 +21,7 @@ on:
 
 jobs:
   stage:
+    if: github.repository == 'ansible/awx'
     runs-on: ubuntu-latest
     permissions:
       packages: write

From e2cee10767c36b659a5e26431a8f7fbf21a1c955 Mon Sep 17 00:00:00 2001
From: John Westcott IV <32551173+john-westcott-iv@users.noreply.github.com>
Date: Thu, 8 Dec 2022 16:34:13 -0500
Subject: [PATCH 2/7] Update .github/workflows/promote.yml

Co-authored-by: Shane McDonald <me@shanemcd.com>
---
 .github/workflows/promote.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/promote.yml b/.github/workflows/promote.yml
index 594b213e49..45dec2b283 100644
--- a/.github/workflows/promote.yml
+++ b/.github/workflows/promote.yml
@@ -10,7 +10,7 @@ on:
 
 jobs:
   promote:
-    if: github.repository == 'ansible/awx'
+    if: endsWith(github.repository, '/awx') 
     runs-on: ubuntu-latest
     steps:
       - name: Checkout awx

From 5d96ee084d787e18354b4eaa0fa8eec818090ad2 Mon Sep 17 00:00:00 2001
From: John Westcott IV <john.westcott.iv@redhat.com>
Date: Thu, 8 Dec 2022 16:36:04 -0500
Subject: [PATCH 3/7] Adding endswith(awx) to stage

---
 .github/workflows/stage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 192f307d50..1e28952e0f 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -21,7 +21,7 @@ on:
 
 jobs:
   stage:
-    if: github.repository == 'ansible/awx'
+    if: endsWith(github.repository, '/awx')
     runs-on: ubuntu-latest
     permissions:
       packages: write

From fd6605932a4d8c30bf4308cb06dca5197ae73eb4 Mon Sep 17 00:00:00 2001
From: John Westcott IV <john.westcott.iv@redhat.com>
Date: Tue, 24 Jan 2023 12:02:49 -0500
Subject: [PATCH 4/7] Adding exception if unable to find the controler plane ee

---
 awx/main/utils/execution_environments.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/awx/main/utils/execution_environments.py b/awx/main/utils/execution_environments.py
index 02e6a8b701..7b197287b3 100644
--- a/awx/main/utils/execution_environments.py
+++ b/awx/main/utils/execution_environments.py
@@ -1,4 +1,5 @@
 import os
+import logging
 from pathlib import Path
 
 from django.conf import settings
@@ -6,8 +7,15 @@ from django.conf import settings
 from awx.main.models.execution_environments import ExecutionEnvironment
 
 
+logger = logging.getLogger(__name__)
+
+
 def get_control_plane_execution_environment():
-    return ExecutionEnvironment.objects.filter(organization=None, managed=True).first()
+    ee = ExecutionEnvironment.objects.filter(organization=None, managed=True).first()
+    if ee == None:
+        logger.error('Failed to find control plane ee, there are no managed EEs without organizations')
+        raise RuntimeError("Failed to find default control plane EE")
+    return ee
 
 
 def get_default_execution_environment():

From eb9431ee1f8433bdb479919fafa6493c935fb8c9 Mon Sep 17 00:00:00 2001
From: John Westcott IV <john.westcott.iv@redhat.com>
Date: Tue, 24 Jan 2023 12:03:10 -0500
Subject: [PATCH 5/7] Fixing hard coded project

---
 awx/main/tasks/jobs.py            | 2 +-
 awx/main/tests/unit/test_tasks.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/awx/main/tasks/jobs.py b/awx/main/tasks/jobs.py
index a726a418c0..d453a2364b 100644
--- a/awx/main/tasks/jobs.py
+++ b/awx/main/tasks/jobs.py
@@ -311,7 +311,7 @@ class BaseTask(object):
         env['AWX_PRIVATE_DATA_DIR'] = private_data_dir
 
         if self.instance.execution_environment is None:
-            raise RuntimeError('The project could not sync because there is no Execution Environment.')
+            raise RuntimeError(f'The {self.model.__name__} could not run because there is no Execution Environment.')
 
         return env
 
diff --git a/awx/main/tests/unit/test_tasks.py b/awx/main/tests/unit/test_tasks.py
index 9a59e091d1..c3d472deb6 100644
--- a/awx/main/tests/unit/test_tasks.py
+++ b/awx/main/tests/unit/test_tasks.py
@@ -1972,7 +1972,7 @@ def test_project_update_no_ee(mock_me):
     with pytest.raises(RuntimeError) as e:
         task.build_env(job, {})
 
-    assert 'The project could not sync because there is no Execution Environment' in str(e.value)
+    assert 'The ProjectUpdate could not run because there is no Execution Environment' in str(e.value)
 
 
 @pytest.mark.parametrize(

From 26a888547d5ee2a9fce17bf1548f2dc52fd7627b Mon Sep 17 00:00:00 2001
From: John Westcott IV <john.westcott.iv@redhat.com>
Date: Tue, 14 Feb 2023 14:49:58 -0500
Subject: [PATCH 6/7] Fixing variable with duplicate name which was causing
 errors with LDAP team addition

---
 awx/sso/backends.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/awx/sso/backends.py b/awx/sso/backends.py
index c55f24e7de..3cc605e0aa 100644
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@@ -385,10 +385,10 @@ def on_populate_user(sender, **kwargs):
             logger.warning('LDAP user {} has {} > max {} characters'.format(user.username, field, max_len))
 
     org_map = getattr(backend.settings, 'ORGANIZATION_MAP', {})
-    team_map = getattr(backend.settings, 'TEAM_MAP', {})
+    team_map_settings = getattr(backend.settings, 'TEAM_MAP', {})
     orgs_list = list(org_map.keys())
     team_map = {}
-    for team_name, team_opts in team_map.items():
+    for team_name, team_opts in team_map_settings.items():
         if not team_opts.get('organization', None):
             # You can't save the LDAP config in the UI w/o an org (or '' or null as the org) so if we somehow got this condition its an error
             logger.error("Team named {} in LDAP team map settings is invalid due to missing organization".format(team_name))
@@ -416,7 +416,7 @@ def on_populate_user(sender, **kwargs):
 
     # Compute in memory what the state is of the different LDAP teams
     desired_team_states = {}
-    for team_name, team_opts in team_map.items():
+    for team_name, team_opts in team_map_settings.items():
         if 'organization' not in team_opts:
             continue
         users_opts = team_opts.get('users', None)

From 7f50679e68eb90ef2886fd02af02454d3fc62951 Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Wed, 15 Feb 2023 14:54:46 -0500
Subject: [PATCH 7/7] Do not create setting with invalid value in data
 migration (#13576)

* Do not create setting with invalid value in data migration

* Add test for conf app data migration
---
 awx/conf/migrations/_ldap_group_type.py      |  9 +++++--
 awx/conf/tests/functional/test_migrations.py | 25 ++++++++++++++++++++
 2 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 awx/conf/tests/functional/test_migrations.py

diff --git a/awx/conf/migrations/_ldap_group_type.py b/awx/conf/migrations/_ldap_group_type.py
index b6580f8cae..378f934342 100644
--- a/awx/conf/migrations/_ldap_group_type.py
+++ b/awx/conf/migrations/_ldap_group_type.py
@@ -1,7 +1,11 @@
 import inspect
 
 from django.conf import settings
-from django.utils.timezone import now
+
+import logging
+
+
+logger = logging.getLogger('awx.conf.migrations')
 
 
 def fill_ldap_group_type_params(apps, schema_editor):
@@ -15,7 +19,7 @@ def fill_ldap_group_type_params(apps, schema_editor):
         entry = qs[0]
         group_type_params = entry.value
     else:
-        entry = Setting(key='AUTH_LDAP_GROUP_TYPE_PARAMS', value=group_type_params, created=now(), modified=now())
+        return  # for new installs we prefer to use the default value
 
     init_attrs = set(inspect.getfullargspec(group_type.__init__).args[1:])
     for k in list(group_type_params.keys()):
@@ -23,4 +27,5 @@ def fill_ldap_group_type_params(apps, schema_editor):
             del group_type_params[k]
 
     entry.value = group_type_params
+    logger.warning(f'Migration updating AUTH_LDAP_GROUP_TYPE_PARAMS with value {entry.value}')
     entry.save()
diff --git a/awx/conf/tests/functional/test_migrations.py b/awx/conf/tests/functional/test_migrations.py
new file mode 100644
index 0000000000..d3fddb292b
--- /dev/null
+++ b/awx/conf/tests/functional/test_migrations.py
@@ -0,0 +1,25 @@
+import pytest
+
+from awx.conf.migrations._ldap_group_type import fill_ldap_group_type_params
+from awx.conf.models import Setting
+
+from django.apps import apps
+
+
+@pytest.mark.django_db
+def test_fill_group_type_params_no_op():
+    fill_ldap_group_type_params(apps, 'dont-use-me')
+    assert Setting.objects.count() == 0
+
+
+@pytest.mark.django_db
+def test_keep_old_setting_with_default_value():
+    Setting.objects.create(key='AUTH_LDAP_GROUP_TYPE', value={'name_attr': 'cn', 'member_attr': 'member'})
+    fill_ldap_group_type_params(apps, 'dont-use-me')
+    assert Setting.objects.count() == 1
+    s = Setting.objects.first()
+    assert s.value == {'name_attr': 'cn', 'member_attr': 'member'}
+
+
+# NOTE: would be good to test the removal of attributes by migration
+# but this requires fighting with the validator and is not done here