From 14ce50c845b4ae02fe3f788ed8e76cf371cd8241 Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Sat, 12 Nov 2016 21:06:54 -0500 Subject: [PATCH] implement copying of WFJT objects --- awx/api/serializers.py | 5 +- awx/api/urls.py | 1 + awx/api/views.py | 27 +++- awx/main/access.py | 79 +++++----- awx/main/models/__init__.py | 1 + awx/main/models/mixins.py | 4 + awx/main/models/unified_jobs.py | 33 ++++ awx/main/models/workflow.py | 141 +++++++++--------- awx/main/tests/factories/tower.py | 2 + .../tests/functional/models/test_workflow.py | 20 ++- .../tests/functional/test_rbac_workflow.py | 27 +++- 11 files changed, 228 insertions(+), 112 deletions(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 3103703039..bb964f2be0 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -339,7 +339,7 @@ class BaseSerializer(serializers.ModelSerializer): if hasattr(self, 'show_capabilities'): view = self.context.get('view', None) parent_obj = None - if view and hasattr(view, 'parent_model'): + if view and hasattr(view, 'parent_model') and hasattr(view, 'get_parent_object'): parent_obj = view.get_parent_object() if view and view.request and view.request.user: user_capabilities = get_user_capabilities( @@ -2203,7 +2203,7 @@ class SystemJobCancelSerializer(SystemJobSerializer): class WorkflowJobTemplateSerializer(LabelsListMixin, UnifiedJobTemplateSerializer): - show_capabilities = ['start', 'edit', 'delete'] + show_capabilities = ['start', 'edit', 'copy', 'delete'] class Meta: model = WorkflowJobTemplate @@ -2215,6 +2215,7 @@ class WorkflowJobTemplateSerializer(LabelsListMixin, UnifiedJobTemplateSerialize workflow_jobs = reverse('api:workflow_job_template_jobs_list', args=(obj.pk,)), schedules = reverse('api:workflow_job_template_schedules_list', args=(obj.pk,)), launch = reverse('api:workflow_job_template_launch', args=(obj.pk,)), + copy = reverse('api:workflow_job_template_copy', args=(obj.pk,)), workflow_nodes = reverse('api:workflow_job_template_workflow_nodes_list', args=(obj.pk,)), labels = reverse('api:workflow_job_template_label_list', args=(obj.pk,)), activity_stream = reverse('api:workflow_job_template_activity_stream_list', args=(obj.pk,)), diff --git a/awx/api/urls.py b/awx/api/urls.py index c4349303b6..b155bd63a6 100644 --- a/awx/api/urls.py +++ b/awx/api/urls.py @@ -262,6 +262,7 @@ workflow_job_template_urls = patterns('awx.api.views', url(r'^(?P[0-9]+)/$', 'workflow_job_template_detail'), url(r'^(?P[0-9]+)/workflow_jobs/$', 'workflow_job_template_jobs_list'), url(r'^(?P[0-9]+)/launch/$', 'workflow_job_template_launch'), + url(r'^(?P[0-9]+)/copy/$', 'workflow_job_template_copy'), url(r'^(?P[0-9]+)/schedules/$', 'workflow_job_template_schedules_list'), url(r'^(?P[0-9]+)/survey_spec/$', 'workflow_job_template_survey_spec'), url(r'^(?P[0-9]+)/workflow_nodes/$', 'workflow_job_template_workflow_nodes_list'), diff --git a/awx/api/views.py b/awx/api/views.py index 60fddf4bb7..b699be976f 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -2916,6 +2916,31 @@ class WorkflowJobTemplateDetail(RetrieveUpdateDestroyAPIView): always_allow_superuser = False new_in_310 = True +class WorkflowJobTemplateCopy(GenericAPIView): + + model = WorkflowJobTemplate + parent_model = WorkflowJobTemplate + serializer_class = EmptySerializer + new_in_310 = True + + def get(self, request, *args, **kwargs): + obj = self.get_object() + data = {} + copy_TF, messages = request.user.can_access_with_errors(self.model, 'copy', obj) + data['can_copy'] = copy_TF + data['warnings'] = messages + return Response(data) + + def post(self, request, *args, **kwargs): + obj = self.get_object() + if not request.user.can_access(self.model, 'copy', obj): + return PermissionDenied() + new_wfjt = obj.user_copy(request.user) + data = OrderedDict() + data.update(WorkflowJobTemplateSerializer( + new_wfjt, context=self.get_serializer_context()).to_representation(new_wfjt)) + return Response(data, status=status.HTTP_201_CREATED) + class WorkflowJobTemplateLabelList(JobTemplateLabelList): parent_model = WorkflowJobTemplate @@ -2952,7 +2977,7 @@ class WorkflowJobTemplateLaunch(RetrieveAPIView): prompted_fields, ignored_fields = obj._accept_or_ignore_job_kwargs(**request.data) - new_job = obj.create_unified_job(**prompted_fields) + new_job = obj.create_workflow_job(**prompted_fields) new_job.signal_start(**prompted_fields) data = OrderedDict() diff --git a/awx/main/access.py b/awx/main/access.py index 9059b4c7d0..57f46b8242 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -24,7 +24,7 @@ from awx.main.models.mixins import ResourceMixin from awx.main.task_engine import TaskEnhancer from awx.conf.license import LicenseForbids -__all__ = ['get_user_queryset', 'check_user_access', +__all__ = ['get_user_queryset', 'check_user_access', 'check_user_access_with_errors', 'user_accessible_objects', 'user_admin_role', 'StateConflict',] @@ -124,6 +124,20 @@ def check_user_access(user, model_class, action, *args, **kwargs): return False +def check_user_access_with_errors(user, model_class, action, *args, **kwargs): + ''' + Return T/F permission and summary of problems with the action. + ''' + for access_class in access_registry.get(model_class, []): + access_instance = access_class(user, save_messages=True) + access_method = getattr(access_instance, 'can_%s' % action, None) + result = access_method(*args, **kwargs) + logger.debug('%s.%s %r returned %r', access_instance.__class__.__name__, + access_method.__name__, args, result) + return (result, access_instance.messages) + return (False, '') + + def get_user_capabilities(user, instance, **kwargs): ''' Returns a dictionary of capabilities the user has on the particular @@ -160,8 +174,11 @@ class BaseAccess(object): model = None - def __init__(self, user): + def __init__(self, user, save_messages=False): self.user = user + self.save_messages = save_messages + if save_messages: + self.messages = {} def get_queryset(self): if self.user.is_superuser or self.user.is_system_auditor: @@ -346,13 +363,8 @@ class BaseAccess(object): user_capabilities['start'] = False continue - # Preprocessing before the access method is called - data = {} - if method == 'add': - if isinstance(obj, JobTemplate): - data['reference_obj'] = obj - # Compute permission + data = {} access_method = getattr(self, "can_%s" % method) if method in ['change']: # 3 args user_capabilities[display_method] = access_method(obj, data) @@ -1094,6 +1106,9 @@ class JobTemplateAccess(BaseAccess): else: return False + def can_copy(self, obj): + return self.can_add({'reference_obj': obj}) + def can_start(self, obj, validate_license=True): # Check license. if validate_license: @@ -1486,7 +1501,7 @@ class WorkflowJobNodeAccess(BaseAccess): return False -# TODO: revisit for survey logic, notification attachments? +# TODO: notification attachments? class WorkflowJobTemplateAccess(BaseAccess): ''' I can only see/manage Workflow Job Templates if I'm a super user @@ -1518,37 +1533,33 @@ class WorkflowJobTemplateAccess(BaseAccess): if not data: # So the browseable API will work return Organization.accessible_objects(self.user, 'admin_role').exists() - # if reference_obj is provided, determine if it can be coppied - reference_obj = data.pop('reference_obj', None) - if reference_obj: - for node in reference_obj.workflow_job_template_nodes.all(): - if node.inventory and self.user not in node.inventory.use_role: - return False - if node.credential and self.user not in node.credential.use_role: - return False - if node.unified_job_template: - if isinstance(node.unified_job_template, SystemJobTemplate): - if not self.user.is_superuser: - return False - elif isinstance(node.unified_job_template, JobTemplate): - if self.user not in node.unified_job_template.execute_role: - return False - elif isinstance(node.unified_job_template, Project): - if self.user not in node.unified_job_template.update_role: - return False - elif isinstance(node.unified_job_template, InventorySource): - if not self.user.can_access(InventorySource, 'start', node.unified_job_template): - return False - else: - return False - return True - # will check this if surveys are added to WFJT if 'survey_enabled' in data and data['survey_enabled']: self.check_license(feature='surveys') return self.check_related('organization', Organization, data, mandatory=True) + def can_copy(self, obj): + if self.save_messages: + wfjt_errors = {} + qs = obj.workflow_job_template_nodes + qs.select_related('unified_job_template', 'inventory', 'credential') + for node in qs.all(): + node_errors = {} + if node.inventory and self.user not in node.inventory.use_role: + node_errors['inventory'] = 'Prompted inventory %s can not be coppied.' % node.inventory.name + if node.credential and self.user not in node.credential.use_role: + node_errors['credential'] = 'Prompted credential %s can not be coppied.' % node.credential.name + ujt = node.unified_job_template + if ujt and not self.user.can_access(UnifiedJobTemplate, 'start', ujt): + node_errors['unified_job_template'] = ( + 'Prompted %s %s can not be coppied.' % (ujt._meta.verbose_name_raw, ujt.name)) + if node_errors: + wfjt_errors[node.id] = node_errors + self.messages.update(wfjt_errors) + + return self.check_related('organization', Organization, {}, obj=obj, mandatory=True) + def can_start(self, obj, validate_license=True): if validate_license: # check basic license, node count diff --git a/awx/main/models/__init__.py b/awx/main/models/__init__.py index e08c1f8eb8..b962456e48 100644 --- a/awx/main/models/__init__.py +++ b/awx/main/models/__init__.py @@ -48,6 +48,7 @@ from awx.main.access import * # noqa User.add_to_class('get_queryset', get_user_queryset) User.add_to_class('can_access', check_user_access) +User.add_to_class('can_access_with_errors', check_user_access_with_errors) User.add_to_class('accessible_objects', user_accessible_objects) User.add_to_class('admin_role', user_admin_role) diff --git a/awx/main/models/mixins.py b/awx/main/models/mixins.py index 887d139573..c09488f7db 100644 --- a/awx/main/models/mixins.py +++ b/awx/main/models/mixins.py @@ -79,6 +79,10 @@ class SurveyJobTemplateMixin(models.Model): default={}, ) + @classmethod + def _get_unified_jt_copy_names(cls): + return cls._get_unified_job_field_names() + ['survey_spec', 'survey_enabled'] + def survey_password_variables(self): vars = [] if self.survey_enabled and 'spec' in self.survey_spec: diff --git a/awx/main/models/unified_jobs.py b/awx/main/models/unified_jobs.py index 7e95e5abd7..51ca7765fb 100644 --- a/awx/main/models/unified_jobs.py +++ b/awx/main/models/unified_jobs.py @@ -10,6 +10,7 @@ import os import os.path from collections import OrderedDict from StringIO import StringIO +from datetime import datetime # Django from django.conf import settings @@ -357,6 +358,38 @@ class UnifiedJobTemplate(PolymorphicModel, CommonModelNameNotUnique, Notificatio return unified_job + def copy_unified_jt(self): + ''' + Create a copy of this unified job template. + ''' + unified_jt_class = self.__class__ + create_kwargs = {} + m2m_fields = {} + for field_name in self._get_unified_jt_copy_names(): + # Foreign keys can be specified as field_name or field_name_id. + id_field_name = '%s_id' % field_name + if hasattr(self, id_field_name): + value = getattr(self, id_field_name) + if hasattr(value, 'id'): + value = value.id + create_kwargs[id_field_name] = value + elif hasattr(self, field_name): + field_obj = self._meta.get_field_by_name(field_name)[0] + # Many to Many can be specified as field_name + if isinstance(field_obj, models.ManyToManyField): + m2m_fields[field_name] = getattr(self, field_name) + else: + create_kwargs[field_name] = getattr(self, field_name) + time_now = datetime.now() + create_kwargs['name'] = create_kwargs['name'] + ' copy ' + time_now.strftime('%Y:%m:%d %H:%M:%S') + unified_jt = unified_jt_class(**create_kwargs) + unified_jt.save() + for field_name, src_field_value in m2m_fields.iteritems(): + dest_field = getattr(unified_jt, field_name) + dest_field.add(*list(src_field_value.all().values_list('id', flat=True))) + return unified_jt + + class UnifiedJobTypeStringMixin(object): @classmethod def _underscore_to_camel(cls, word): diff --git a/awx/main/models/workflow.py b/awx/main/models/workflow.py index d09d01d6cd..ef0c05f75d 100644 --- a/awx/main/models/workflow.py +++ b/awx/main/models/workflow.py @@ -159,6 +159,18 @@ class WorkflowNodeBase(CreatedModifiedModel): return ['workflow_job', 'unified_job_template', 'inventory', 'credential', 'char_prompts'] + def create_workflow_job_node(self, **kwargs): + ''' + Create a new workflow job node based on this workflow node. + ''' + create_kwargs = {} + for field_name in self._get_workflow_job_field_names(): + if field_name in kwargs: + create_kwargs[field_name] = kwargs[field_name] + elif hasattr(self, field_name): + create_kwargs[field_name] = getattr(self, field_name) + return WorkflowJobNode.objects.create(**create_kwargs) + class WorkflowJobTemplateNode(WorkflowNodeBase): workflow_job_template = models.ForeignKey( @@ -173,17 +185,24 @@ class WorkflowJobTemplateNode(WorkflowNodeBase): def get_absolute_url(self): return reverse('api:workflow_job_template_node_detail', args=(self.pk,)) - def create_workflow_job_node(self, **kwargs): + def create_wfjt_node_copy(self, user, workflow_job_template=None): ''' - Create a new workflow job node based on this workflow node. + Copy this node to a new WFJT, leaving out related fields the user + is not allowed to access ''' create_kwargs = {} for field_name in self._get_workflow_job_field_names(): - if field_name in kwargs: - create_kwargs[field_name] = kwargs[field_name] - elif hasattr(self, field_name): - create_kwargs[field_name] = getattr(self, field_name) - return WorkflowJobNode.objects.create(**create_kwargs) + if hasattr(self, field_name): + item = getattr(self, field_name) + if field_name in ['inventory', 'credential']: + if not user.can_access(item.__class__, 'use', item): + continue + if field_name in ['unified_job_template']: + if not user.can_access(item.__class__, 'start', item): + continue + create_kwargs[field_name] = item + create_kwargs['workflow_job_template'] = workflow_job_template + return self.__class__.objects.create(**create_kwargs) class WorkflowJobNode(WorkflowNodeBase): @@ -248,14 +267,14 @@ class WorkflowJobNode(WorkflowNodeBase): if password_dict: data['survey_passwords'] = password_dict # process extra_vars - # TODO: still lack consensus about variable precedence extra_vars = {} - if self.workflow_job and self.workflow_job.extra_vars: - extra_vars.update(self.workflow_job.extra_vars_dict) if aa_dict: functional_aa_dict = copy(aa_dict) functional_aa_dict.pop('_ansible_no_log', None) extra_vars.update(functional_aa_dict) + # Workflow Job extra_vars higher precedence than ancestor artifacts + if self.workflow_job and self.workflow_job.extra_vars: + extra_vars.update(self.workflow_job.extra_vars_dict) if extra_vars: data['extra_vars'] = extra_vars # ensure that unified jobs created by WorkflowJobs are marked @@ -274,6 +293,35 @@ class WorkflowJobOptions(BaseModel): extra_vars_dict = VarsDictProperty('extra_vars', True) + @property + def workflow_nodes(self): + raise NotImplementedError() + + def _create_workflow_nodes(self, old_node_list, user=None): + node_links = {} + for old_node in old_node_list: + if user: + new_node = old_node.create_wfjt_node_copy(user, workflow_job_template=self) + else: + new_node = old_node.create_workflow_job_node(workflow_job=self) + node_links[old_node.pk] = new_node + return node_links + + def _inherit_node_relationships(self, old_node_list, node_links): + for old_node in old_node_list: + new_node = node_links[old_node.pk] + for relationship in ['always_nodes', 'success_nodes', 'failure_nodes']: + old_manager = getattr(old_node, relationship) + for old_child_node in old_manager.all(): + new_child_node = node_links[old_child_node.pk] + new_manager = getattr(new_node, relationship) + new_manager.add(new_child_node) + + def copy_nodes_from_original(self, original=None, user=None): + old_node_list = original.workflow_nodes.prefetch_related('always_nodes', 'success_nodes', 'failure_nodes').all() + node_links = self._create_workflow_nodes(old_node_list, user=user) + self._inherit_node_relationships(old_node_list, node_links) + class WorkflowJobTemplate(UnifiedJobTemplate, WorkflowJobOptions, SurveyJobTemplateMixin, ResourceMixin): class Meta: @@ -298,6 +346,10 @@ class WorkflowJobTemplate(UnifiedJobTemplate, WorkflowJobOptions, SurveyJobTempl 'organization.auditor_role', 'execute_role', 'admin_role' ]) + @property + def workflow_nodes(self): + return self.workflow_job_template_nodes + @classmethod def _get_unified_job_class(cls): return WorkflowJob @@ -326,21 +378,10 @@ class WorkflowJobTemplate(UnifiedJobTemplate, WorkflowJobOptions, SurveyJobTempl return dict(error=list(error_notification_templates), success=list(success_notification_templates), any=list(any_notification_templates)) - # TODO: Surveys - #def create_job(self, **kwargs): - # ''' - # Create a new job based on this template. - # ''' - # return self.create_unified_job(**kwargs) - - # TODO: Delete create_unified_job here and explicitly call create_workflow_job() .. figure out where the call is - def create_unified_job(self, **kwargs): - - #def create_workflow_job(self, **kwargs): - #workflow_job = self.create_unified_job(**kwargs) - workflow_job = super(WorkflowJobTemplate, self).create_unified_job(**kwargs) - workflow_job.inherit_job_template_workflow_nodes() + def create_workflow_job(self, **kwargs): + workflow_job = self.create_unified_job(**kwargs) + workflow_job.copy_nodes_from_original(original=self) return workflow_job def _accept_or_ignore_job_kwargs(self, extra_vars=None, **kwargs): @@ -377,51 +418,13 @@ class WorkflowJobTemplate(UnifiedJobTemplate, WorkflowJobOptions, SurveyJobTempl warning_data[node.pk] = node_prompts_warnings return warning_data - -class WorkflowJobInheritNodesMixin(object): - def _inherit_relationship(self, old_node, new_node, node_ids_map, node_type): - old_related_nodes = self._get_all_by_type(old_node, node_type) - new_node_type_mgr = getattr(new_node, node_type) - - for old_related_node in old_related_nodes: - new_related_node = self._get_workflow_job_node_by_id(node_ids_map[old_related_node.id]) - new_node_type_mgr.add(new_related_node) - - ''' - Create a WorkflowJobNode for each WorkflowJobTemplateNode - ''' - def _create_workflow_job_nodes(self, old_nodes): - return [old_node.create_workflow_job_node(workflow_job=self) for old_node in old_nodes] - - def _map_workflow_job_nodes(self, old_nodes, new_nodes): - node_ids_map = {} - - for i, old_node in enumerate(old_nodes): - node_ids_map[old_node.id] = new_nodes[i].id - - return node_ids_map - - def _get_workflow_job_template_nodes(self): - return self.workflow_job_template.workflow_job_template_nodes.all() - - def _get_workflow_job_node_by_id(self, id): - return WorkflowJobNode.objects.get(id=id) - - def _get_all_by_type(self, node, node_type): - return getattr(node, node_type).all() - - def inherit_job_template_workflow_nodes(self): - old_nodes = self._get_workflow_job_template_nodes() - new_nodes = self._create_workflow_job_nodes(old_nodes) - node_ids_map = self._map_workflow_job_nodes(old_nodes, new_nodes) - - for index, old_node in enumerate(old_nodes): - new_node = new_nodes[index] - for node_type in ['success_nodes', 'failure_nodes', 'always_nodes']: - self._inherit_relationship(old_node, new_node, node_ids_map, node_type) + def user_copy(self, user): + new_wfjt = self.copy_unified_jt() + new_wfjt.copy_nodes_from_original(original=self, user=user) + return new_wfjt -class WorkflowJob(UnifiedJob, WorkflowJobOptions, SurveyJobMixin, JobNotificationMixin, WorkflowJobInheritNodesMixin): +class WorkflowJob(UnifiedJob, WorkflowJobOptions, SurveyJobMixin, JobNotificationMixin): class Meta: app_label = 'main' ordering = ('id',) @@ -435,6 +438,10 @@ class WorkflowJob(UnifiedJob, WorkflowJobOptions, SurveyJobMixin, JobNotificatio on_delete=models.SET_NULL, ) + @property + def workflow_nodes(self): + return self.workflow_job_nodes + @classmethod def _get_parent_field_name(cls): return 'workflow_job_template' diff --git a/awx/main/tests/factories/tower.py b/awx/main/tests/factories/tower.py index 975adde43b..6d8d87e60a 100644 --- a/awx/main/tests/factories/tower.py +++ b/awx/main/tests/factories/tower.py @@ -393,6 +393,8 @@ def create_workflow_job_template(name, organization=None, persisted=True, **kwar if 'survey' in kwargs: spec = create_survey_spec(kwargs['survey']) + else: + spec = {} wfjt = mk_workflow_job_template(name, organization=organization, diff --git a/awx/main/tests/functional/models/test_workflow.py b/awx/main/tests/functional/models/test_workflow.py index 1a9cbb4b0b..aec7e1f07d 100644 --- a/awx/main/tests/functional/models/test_workflow.py +++ b/awx/main/tests/functional/models/test_workflow.py @@ -53,7 +53,7 @@ class TestWorkflowJob: return wfj def test_inherit_job_template_workflow_nodes(self, mocker, workflow_job): - workflow_job.inherit_job_template_workflow_nodes() + workflow_job.copy_nodes_from_original(original=workflow_job.workflow_job_template) nodes = WorkflowJob.objects.get(id=workflow_job.id).workflow_job_nodes.all().order_by('created') assert nodes[0].success_nodes.filter(id=nodes[1].id).exists() @@ -134,6 +134,24 @@ class TestWorkflowJobTemplate: assert (test_view.is_valid_relation(nodes[2], node_assoc_1) == {'Error': 'Cannot associate failure_nodes when always_nodes have been associated.'}) + def test_wfjt_copy(self, wfjt, job_template, inventory, admin_user): + old_nodes = wfjt.workflow_job_template_nodes.all() + node1 = old_nodes[1] + node1.unified_job_template = job_template + node1.save() + node2 = old_nodes[2] + node2.inventory = inventory + node2.save() + new_wfjt = wfjt.user_copy(admin_user) + for fd in ['description', 'survey_spec', 'survey_enabled', 'extra_vars']: + assert getattr(wfjt, fd) == getattr(new_wfjt, fd) + assert len(new_wfjt.workflow_job_template_nodes.all()) == 3 + nodes = new_wfjt.workflow_job_template_nodes.all() + assert nodes[0].success_nodes.all()[0] == nodes[1] + assert nodes[1].failure_nodes.all()[0] == nodes[2] + assert nodes[1].unified_job_template == job_template + assert nodes[2].inventory == inventory + @pytest.mark.django_db class TestWorkflowJobFailure: diff --git a/awx/main/tests/functional/test_rbac_workflow.py b/awx/main/tests/functional/test_rbac_workflow.py index f61d8dadcc..80eae5af8b 100644 --- a/awx/main/tests/functional/test_rbac_workflow.py +++ b/awx/main/tests/functional/test_rbac_workflow.py @@ -47,13 +47,6 @@ class TestWorkflowJobTemplateAccess: assert org_admin in wfjt.execute_role assert org_admin in wfjt.read_role - def test_jt_blocks_copy(self, wfjt_with_nodes, org_admin): - """I want to copy a workflow JT in my organization, but someone - included a job template that I don't have access to, so I can - not copy the WFJT as-is""" - access = WorkflowJobTemplateAccess(org_admin) - assert not access.can_add({'reference_obj': wfjt_with_nodes}) - @pytest.mark.django_db class TestWorkflowJobTemplateNodeAccess: @@ -77,3 +70,23 @@ class TestWorkflowJobAccess: workflow_job.save() access = WorkflowJobAccess(rando) assert access.can_cancel(workflow_job) + + def test_workflow_copy_warnings_inv(self, wfjt, rando, inventory): + ''' + The user `rando` does not have access to the prompted inventory in a + node inside the workflow - test surfacing this information + ''' + wfjt.workflow_job_template_nodes.create(inventory=inventory) + access = WorkflowJobTemplateAccess(rando, save_messages=True) + assert not access.can_copy(wfjt) + warnings = access.messages + assert 1 in warnings + assert 'inventory' in warnings[1] + + def test_workflow_copy_warnings_jt(self, wfjt, rando, job_template): + wfjt.workflow_job_template_nodes.create(unified_job_template=job_template) + access = WorkflowJobTemplateAccess(rando, save_messages=True) + assert not access.can_copy(wfjt) + warnings = access.messages + assert 1 in warnings + assert 'unified_job_template' in warnings[1]