diff --git a/awx/main/access.py b/awx/main/access.py index 187247416e..3946d0a08f 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -358,8 +358,12 @@ class HostAccess(BaseAccess): # this hack is in here so the test code can function # but still go down *most* of the license code path. validation_info['free_instances'] = 99999999 + validation_info['time_remaining'] = 99999999 + validation_info['grace_period_remaining'] = 99999999 - if not validation_info.get('demo') and validation_info.get('time_remaining') <= 0: + if validation_info.get('time_remaining', None) is None: + raise PermissionDenied("license is missing") + if validation_info.get('grace_period_remaining') <= 0: raise PermissionDenied("license has expired") if validation_info.get('free_instances', 0) > 0: @@ -987,6 +991,21 @@ class JobAccess(BaseAccess): return self.can_read(obj) def can_start(self, obj): + reader = TaskSerializer() + validation_info = reader.from_file() + + if 'test' in sys.argv: + validation_info['free_instances'] = 99999999 + validation_info['time_remaining'] = 99999999 + validation_info['grace_period_remaining'] = 99999999 + + if validation_info.get('time_remaining', None) is None: + raise PermissionDenied("license is missing") + if validation_info.get("grace_period_remaining") <= 0: + raise PermissionDenied("license has expired") + if validation_info.get('free_instances', 0) < 0: + raise PermissionDenied("Host Count exceeds available instances") + dep_access = self.user.can_access(Inventory, 'read', obj.inventory) and \ self.user.can_access(Project, 'read', obj.project) return self.can_read(obj) and obj.can_start and dep_access diff --git a/awx/main/tests/inventory.py b/awx/main/tests/inventory.py index 0458a75ebc..8f3e89945d 100644 --- a/awx/main/tests/inventory.py +++ b/awx/main/tests/inventory.py @@ -274,7 +274,7 @@ class InventoryTest(BaseTest): inventories_2 = reverse('api:inventory_detail', args=(self.inventory_b.pk,)) hosts = reverse('api:host_list') groups = reverse('api:group_list') - + self.create_test_license_file() # a super user can add hosts (but inventory ID is required) inv = Inventory.objects.create( diff --git a/awx/main/tests/licenses.py b/awx/main/tests/licenses.py index f800f2379e..87ed867021 100644 --- a/awx/main/tests/licenses.py +++ b/awx/main/tests/licenses.py @@ -70,4 +70,43 @@ class LicenseTests(BaseTest): assert vdata['valid_key'] == True assert vdata['compliant'] == False + def test_expired_licenses(self): + reader = TaskSerializer() + writer = TaskEngager( + company_name='Tower', + contact_name='Tower Admin', + contact_email='tower@ansible.com', + license_date=int(time.time() - 3600), + instance_count=100, + trial=True) + strdata = writer.get_string() + vdata = reader.from_string(strdata) + assert vdata['compliant'] == False + assert vdata['grace_period_remaining'] < 0 + + writer = TaskEngager( + company_name='Tower', + contact_name='Tower Admin', + contact_email='tower@ansible.com', + license_date=int(time.time() - 2592001), + instance_count=100, + trial=False) + strdata = writer.get_string() + vdata = reader.from_string(strdata) + + assert vdata['compliant'] == False + assert vdata['grace_period_remaining'] < 0 + + writer = TaskEngager( + company_name='Tower', + contact_name='Tower Admin', + contact_email='tower@ansible.com', + license_date=int(time.time() - 3600), + instance_count=100, + trial=False) + strdata = writer.get_string() + vdata = reader.from_string(strdata) + + assert vdata['compliant'] == False + assert vdata['grace_period_remaining'] > 0