Extend become_method to model field validation as well

awx/main/constants.py

@@ -17,6 +17,7 @@ PRIVILEGE_ESCALATION_METHODS = [
     ('enable', _('Enable')), ('doas', _('Doas')),
     ('sudo', _('Sudo')), ('su', _('Su')), ('pbrun', _('Pbrun')), ('pfexec', _('Pfexec')),
     ('dzdo', _('DZDO')), ('pmrun', _('Pmrun')), ('runas', _('Runas'))]
+CHOICES_PRIVILEGE_ESCALATION_METHODS = [('', _('None'))] + PRIVILEGE_ESCALATION_METHODS
 ANSI_SGR_PATTERN = re.compile(r'\x1b\[[0-9;]*m')
 CAN_CANCEL = ('new', 'pending', 'waiting', 'running')
 ACTIVE_STATES = CAN_CANCEL

awx/main/fields.py

@@ -4,6 +4,7 @@
 # Python
 import copy
 import json
+import operator
 import re
 import six
 import urllib
@@ -45,7 +46,7 @@ from awx.main.utils.filters import SmartFilter
 from awx.main.utils.encryption import encrypt_value, decrypt_value, get_encryption_key
 from awx.main.validators import validate_ssh_private_key
 from awx.main.models.rbac import batch_role_ancestor_rebuilding, Role
-from awx.main.constants import PRIVILEGE_ESCALATION_METHODS
+from awx.main.constants import CHOICES_PRIVILEGE_ESCALATION_METHODS
 from awx.main import utils
 
 
@@ -507,6 +508,9 @@ class CredentialInputField(JSONSchemaField):
         properties = {}
         for field in model_instance.credential_type.inputs.get('fields', []):
             field = field.copy()
+            if field['type'] == 'become_method':
+                field.pop('type')
+                field['choices'] = map(operator.itemgetter(0), CHOICES_PRIVILEGE_ESCALATION_METHODS)
             properties[field['id']] = field
             if field.get('choices', []):
                 field['enum'] = field['choices'][:]
@@ -720,7 +724,7 @@ class CredentialTypeInputField(JSONSchemaField):
                     )
                 else:
                     field['type'] = 'string'
-                    field['choices'] = PRIVILEGE_ESCALATION_METHODS
+                    field['choices'] = CHOICES_PRIVILEGE_ESCALATION_METHODS
 
             for key in ('choices', 'multiline', 'format', 'secret',):
                 if key in field and field['type'] != 'string':

awx/main/models/credential/__init__.py

@@ -4,7 +4,6 @@ from collections import OrderedDict
 import functools
 import json
 import logging
-import operator
 import os
 import re
 import stat
@@ -22,7 +21,6 @@ from django.utils.encoding import force_text
 
 # AWX
 from awx.api.versioning import reverse
-from awx.main.constants import PRIVILEGE_ESCALATION_METHODS
 from awx.main.fields import (ImplicitRoleField, CredentialInputField,
                              CredentialTypeInputField,
                              CredentialTypeInjectorField)
@@ -35,6 +33,7 @@ from awx.main.models.rbac import (
     ROLE_SINGLETON_SYSTEM_AUDITOR,
 )
 from awx.main.utils import encrypt_field
+from awx.main.constants import CHOICES_PRIVILEGE_ESCALATION_METHODS
 from . import injectors as builtin_injectors
 
 __all__ = ['Credential', 'CredentialType', 'V1Credential', 'build_safe_env']
@@ -165,7 +164,7 @@ class V1Credential(object):
             max_length=32,
             blank=True,
             default='',
-            choices=[('', _('None'))] + PRIVILEGE_ESCALATION_METHODS,
+            choices=CHOICES_PRIVILEGE_ESCALATION_METHODS,
             help_text=_('Privilege escalation method.')
         ),
         'become_username': models.CharField(
@@ -708,8 +707,7 @@ def ssh(cls):
             }, {
                 'id': 'become_method',
                 'label': 'Privilege Escalation Method',
-                'choices': map(operator.itemgetter(0),
-                               V1Credential.FIELDS['become_method'].choices),
+                'type': 'become_method',
                 'help_text': ('Specify a method for "become" operations. This is '
                               'equivalent to specifying the --become-method '
                               'Ansible parameter.')