External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-07 19:51:08 -03:30
Code Issues Packages Projects Releases Wiki Activity

enforce True or False for boolean credential injectors

Browse Source 
see: https://github.com/ansible/tower/issues/2038
This commit is contained in:
Ryan Petrello
2018-06-13 16:37:39 -04:00
parent 2a983e3dec
commit 0bcbccba33
3 changed files with 49 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
awx/main/models/credential/__init__.py
View File

@@ -623,6 +623,11 @@ class CredentialType(CommonModelNameNotUnique):
if len(value): if len(value):
namespace[field_name] = value namespace[field_name] = value
# default missing boolean fields to False
for field in self.inputs.get('fields', []):
if field['type'] == 'boolean' and field['id'] not in credential.inputs.keys():
namespace[field['id']] = safe_namespace[field['id']] = False
file_tmpls = self.injectors.get('file', {}) file_tmpls = self.injectors.get('file', {})
# If any file templates are provided, render the files and update the # If any file templates are provided, render the files and update the
# special `tower` template namespace so the filename can be # special `tower` template namespace so the filename can be

56
awx/main/tests/unit/test_tasks.py
View File

@@ -1122,19 +1122,22 @@ class TestJobCredentials(TestJobExecution):
self.run_pexpect.side_effect = run_pexpect_side_effect self.run_pexpect.side_effect = run_pexpect_side_effect
self.task.run(self.pk) self.task.run(self.pk)
def test_net_credentials(self): @pytest.mark.parametrize('authorize, expected_authorize', [
[True, '1'],
[False, '0'],
[None, '0'],
])
def test_net_credentials(self, authorize, expected_authorize):
net = CredentialType.defaults['net']() net = CredentialType.defaults['net']()
credential = Credential( inputs = {
pk=1, 'username': 'bob',
credential_type=net, 'password': 'secret',
inputs = { 'ssh_key_data': self.EXAMPLE_PRIVATE_KEY,
'username': 'bob', 'authorize_password': 'authorizeme'
'password': 'secret', }
'ssh_key_data': self.EXAMPLE_PRIVATE_KEY, if authorize is not None:
'authorize': True, inputs['authorize'] = authorize
'authorize_password': 'authorizeme' credential = Credential(pk=1,credential_type=net, inputs = inputs)
}
)
for field in ('password', 'ssh_key_data', 'authorize_password'): for field in ('password', 'ssh_key_data', 'authorize_password'):
credential.inputs[field] = encrypt_field(credential, field) credential.inputs[field] = encrypt_field(credential, field)
self.instance.credentials.add(credential) self.instance.credentials.add(credential)
@@ -1143,8 +1146,9 @@ class TestJobCredentials(TestJobExecution):
args, cwd, env, stdout = args args, cwd, env, stdout = args
assert env['ANSIBLE_NET_USERNAME'] == 'bob' assert env['ANSIBLE_NET_USERNAME'] == 'bob'
assert env['ANSIBLE_NET_PASSWORD'] == 'secret' assert env['ANSIBLE_NET_PASSWORD'] == 'secret'
assert env['ANSIBLE_NET_AUTHORIZE'] == '1' assert env['ANSIBLE_NET_AUTHORIZE'] == expected_authorize
assert env['ANSIBLE_NET_AUTH_PASS'] == 'authorizeme' if authorize:
assert env['ANSIBLE_NET_AUTH_PASS'] == 'authorizeme'
assert open(env['ANSIBLE_NET_SSH_KEYFILE'], 'rb').read() == self.EXAMPLE_PRIVATE_KEY assert open(env['ANSIBLE_NET_SSH_KEYFILE'], 'rb').read() == self.EXAMPLE_PRIVATE_KEY
return ['successful', 0] return ['successful', 0]
@@ -2141,6 +2145,30 @@ class TestInventoryUpdateCredentials(TestJobExecution):
self.task.run(self.pk) self.task.run(self.pk)
assert self.instance.job_env['TOWER_PASSWORD'] == tasks.HIDDEN_PASSWORD assert self.instance.job_env['TOWER_PASSWORD'] == tasks.HIDDEN_PASSWORD
def test_tower_source_ssl_verify_empty(self):
tower = CredentialType.defaults['tower']()
self.instance.source = 'tower'
self.instance.instance_filters = '12345'
inputs = {
'host': 'https://tower.example.org',
'username': 'bob',
'password': 'secret',
}
def get_cred():
cred = Credential(pk=1, credential_type=tower, inputs = inputs)
cred.inputs['password'] = encrypt_field(cred, 'password')
return cred
self.instance.get_cloud_credential = get_cred
def run_pexpect_side_effect(*args, **kwargs):
args, cwd, env, stdout = args
assert env['TOWER_VERIFY_SSL'] == 'False'
return ['successful', 0]
self.run_pexpect.side_effect = run_pexpect_side_effect
self.task.run(self.pk)
def test_awx_task_env(self): def test_awx_task_env(self):
gce = CredentialType.defaults['gce']() gce = CredentialType.defaults['gce']()
self.instance.source = 'gce' self.instance.source = 'gce'

2
docs/CHANGELOG.md
View File

@@ -19,6 +19,8 @@
* Removed `TOWER_HOST` as a default environment variable in job running environment * Removed `TOWER_HOST` as a default environment variable in job running environment
due to conflict with tower credential type. Playbook authors should replace their due to conflict with tower credential type. Playbook authors should replace their
use with `AWX_HOST`. [[#1727](https://github.com/ansible/awx/issues/1727)] use with `AWX_HOST`. [[#1727](https://github.com/ansible/awx/issues/1727)]
* Boolean fields for custom credential types will now always default extra_vars and
environment variables to `False` when a value is not provided. [[#2038](https://github.com/ansible/tower/issues/2038)]
* Add validation to prevent string "$encrypted$" from becoming a literal * Add validation to prevent string "$encrypted$" from becoming a literal
survey question default [[#518](https://github.com/ansible/awx/issues/518)]. survey question default [[#518](https://github.com/ansible/awx/issues/518)].
* Enable the `--export` option for `ansible-inventory` via the environment * Enable the `--export` option for `ansible-inventory` via the environment