External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-04-10 12:39:22 -02:30
Code Issues Packages Projects Releases Wiki Activity

validate against unencrypted values at spawn point

Browse Source
This commit is contained in:
AlanCoding
2017-12-15 10:47:23 -05:00
parent 74bf058d62
commit 1e1839915d
4 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
awx/api/serializers.py
View File

@@ -3137,7 +3137,8 @@ class LaunchConfigurationBaseSerializer(BaseSerializer):
raise serializers.ValidationError(errors) raise serializers.ValidationError(errors)
# Model `.save` needs the container dict, not the psuedo fields # Model `.save` needs the container dict, not the psuedo fields
attrs['char_prompts'] = mock_obj.char_prompts if mock_obj.char_prompts:
attrs['char_prompts'] = mock_obj.char_prompts
# Insert survey_passwords to track redacted variables # Insert survey_passwords to track redacted variables
if 'extra_data' in attrs: if 'extra_data' in attrs:

3
awx/main/models/jobs.py
View File

@@ -355,7 +355,8 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, SurveyJobTemplateMixin, Resour
rejected_data = {} rejected_data = {}
accepted_vars, rejected_vars, errors_dict = self.accept_or_ignore_variables( accepted_vars, rejected_vars, errors_dict = self.accept_or_ignore_variables(
kwargs.get('extra_vars', {}), kwargs.get('extra_vars', {}),
_exclude_errors=exclude_errors) _exclude_errors=exclude_errors,
extra_passwords=kwargs.get('survey_passwords', {}))
if accepted_vars: if accepted_vars:
prompted_data['extra_vars'] = accepted_vars prompted_data['extra_vars'] = accepted_vars
if rejected_vars: if rejected_vars:

9
awx/main/models/mixins.py
View File

@@ -253,7 +253,7 @@ class SurveyJobTemplateMixin(models.Model):
choice_list)) choice_list))
return errors return errors
def _accept_or_ignore_variables(self, data, errors=None, _exclude_errors=()): def _accept_or_ignore_variables(self, data, errors=None, _exclude_errors=(), extra_passwords=None):
survey_is_enabled = (self.survey_enabled and self.survey_spec) survey_is_enabled = (self.survey_enabled and self.survey_spec)
extra_vars = data.copy() extra_vars = data.copy()
if errors is None: if errors is None:
@@ -265,8 +265,13 @@ class SurveyJobTemplateMixin(models.Model):
# Check for data violation of survey rules # Check for data violation of survey rules
survey_errors = [] survey_errors = []
for survey_element in self.survey_spec.get("spec", []): for survey_element in self.survey_spec.get("spec", []):
element_errors = self._survey_element_validation(survey_element, data)
key = survey_element.get('variable', None) key = survey_element.get('variable', None)
if extra_passwords and key in extra_passwords and data.get(key, None):
element_errors = self._survey_element_validation(survey_element, {
key: decrypt_value(get_encryption_key('value', pk=None), data[key])
})
else:
element_errors = self._survey_element_validation(survey_element, data)
if element_errors: if element_errors:
survey_errors += element_errors survey_errors += element_errors

8
awx/main/models/unified_jobs.py
View File

@@ -441,7 +441,7 @@ class UnifiedJobTemplate(PolymorphicModel, CommonModelNameNotUnique, Notificatio
errors[field_name] = [_("Field is not allowed on launch.")] errors[field_name] = [_("Field is not allowed on launch.")]
return ({}, kwargs, errors) return ({}, kwargs, errors)
def accept_or_ignore_variables(self, data, errors=None, _exclude_errors=()): def accept_or_ignore_variables(self, data, errors=None, _exclude_errors=(), extra_passwords=None):
''' '''
If subclasses accept any `variables` or `extra_vars`, they should If subclasses accept any `variables` or `extra_vars`, they should
define _accept_or_ignore_variables to place those variables in the accepted dict, define _accept_or_ignore_variables to place those variables in the accepted dict,
@@ -459,7 +459,11 @@ class UnifiedJobTemplate(PolymorphicModel, CommonModelNameNotUnique, Notificatio
# SurveyJobTemplateMixin cannot override any methods because of # SurveyJobTemplateMixin cannot override any methods because of
# resolution order, forced by how metaclass processes fields, # resolution order, forced by how metaclass processes fields,
# thus the need for hasattr check # thus the need for hasattr check
return self._accept_or_ignore_variables(data, errors, _exclude_errors=_exclude_errors) if extra_passwords:
return self._accept_or_ignore_variables(
data, errors, _exclude_errors=_exclude_errors, extra_passwords=extra_passwords)
else:
return self._accept_or_ignore_variables(data, errors, _exclude_errors=_exclude_errors)
elif data: elif data:
errors['extra_vars'] = [ errors['extra_vars'] = [
_('Variables {list_of_keys} provided, but this template cannot accept variables.'.format( _('Variables {list_of_keys} provided, but this template cannot accept variables.'.format(