From 11e924b344c7dbfc8870b8d6d57b4d9dafd0d11a Mon Sep 17 00:00:00 2001 From: Aaron Tan Date: Fri, 25 Aug 2017 16:47:08 -0400 Subject: [PATCH] Disallow custom inventory sources from using meaningless credentials --- awx/main/models/inventory.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/awx/main/models/inventory.py b/awx/main/models/inventory.py index 2dc712450c..e13db5f749 100644 --- a/awx/main/models/inventory.py +++ b/awx/main/models/inventory.py @@ -1143,6 +1143,11 @@ class InventorySourceOptions(BaseModel): # from the instance metadata instead of those explicitly provided. elif self.source in CLOUD_PROVIDERS and self.source != 'ec2': raise ValidationError(_('Credential is required for a cloud source.')) + elif self.source == 'custom' and cred and cred.credential_type.kind in ('scm', 'ssh', 'insights', 'vault'): + raise ValidationError(_( + 'Credentials of type machine, source control, insights and vault are ' + 'disallowed for custom inventory sources.' + )) return cred def clean_source_regions(self): @@ -1400,7 +1405,7 @@ class InventorySource(UnifiedJobTemplate, InventorySourceOptions): self.source == 'scm' and \ InventorySource.objects.filter( Q(inventory=self.inventory, - update_on_project_update=True, source='scm') & + update_on_project_update=True, source='scm') & ~Q(id=self.id)).exists(): raise ValidationError(_("More than one SCM-based inventory source with update on project update per-inventory not allowed.")) return self.update_on_project_update @@ -1409,7 +1414,7 @@ class InventorySource(UnifiedJobTemplate, InventorySourceOptions): if self.update_on_project_update is True and \ self.source == 'scm' and \ self.update_on_launch is True: - raise ValidationError(_("Cannot update SCM-based inventory source on launch if set to update on project update. " + raise ValidationError(_("Cannot update SCM-based inventory source on launch if set to update on project update. " "Instead, configure the corresponding source project to update on launch.")) return self.update_on_launch