External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-02 09:18:48 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #692 from AlanCoding/vault_credential_check

Browse Source 
Modify JT access tests to reflect new vault_credential reality
This commit is contained in:
Alan Rominger
2017-11-29 10:40:35 -05:00
committed by GitHub
parent 53460db4d7 1481a62b23
commit 070a12a10c
1 changed files with 31 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
awx/main/tests/functional/test_rbac_job_templates.py
View File

@@ -1,7 +1,10 @@
import mock import mock
import pytest import pytest
from rest_framework.exceptions import PermissionDenied
from awx.api.versioning import reverse from awx.api.versioning import reverse
from awx.api.serializers import JobTemplateSerializer
from awx.main.access import ( from awx.main.access import (
BaseAccess, BaseAccess,
JobTemplateAccess, JobTemplateAccess,
@@ -132,15 +135,38 @@ class TestJobTemplateCredentials:
assert JobTemplateAccess(rando).can_attach( assert JobTemplateAccess(rando).can_attach(
job_template, credential, 'credentials', {}) job_template, credential, 'credentials', {})
def test_job_template_vault_cred_check(self, job_template, vault_credential, rando): def test_job_template_vault_cred_check(self, mocker, job_template, vault_credential, rando, project):
# TODO: remove in 3.3
job_template.admin_role.members.add(rando) job_template.admin_role.members.add(rando)
# not allowed to use the vault cred # not allowed to use the vault cred
assert not JobTemplateAccess(rando).can_change( # this is checked in the serializer validate method, not access.py
job_template, {'credentials': [vault_credential.pk]}) view = mocker.MagicMock()
view.request = mocker.MagicMock()
view.request.user = rando
serializer = JobTemplateSerializer(job_template, context={'view': view})
with pytest.raises(PermissionDenied):
serializer.validate({
'vault_credential': vault_credential.pk,
'project': project, # necessary because job_template fixture fails validation
'ask_inventory_on_launch': True,
})
def test_new_jt_with_vault(self, vault_credential, project, rando): def test_new_jt_with_vault(self, mocker, vault_credential, project, rando):
project.admin_role.members.add(rando) project.admin_role.members.add(rando)
assert not JobTemplateAccess(rando).can_add({'credentials': [vault_credential.pk], 'project': project.pk}) # TODO: remove in 3.3
# this is checked in the serializer validate method, not access.py
view = mocker.MagicMock()
view.request = mocker.MagicMock()
view.request.user = rando
serializer = JobTemplateSerializer(context={'view': view})
with pytest.raises(PermissionDenied):
serializer.validate({
'vault_credential': vault_credential.pk,
'project': project,
'playbook': 'helloworld.yml',
'ask_inventory_on_launch': True,
'name': 'asdf'
})
@pytest.mark.django_db @pytest.mark.django_db