From b117e14e19e71e0e04df78b3b48f8250946c7b7c Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Fri, 24 Apr 2015 08:26:12 -0400 Subject: [PATCH 1/5] created a serializer for job template launch endpoint --- awx/api/serializers.py | 50 ++++++++++++++++++++++++++++++++++++++++++ awx/api/views.py | 35 ++++++----------------------- 2 files changed, 57 insertions(+), 28 deletions(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 25317c33de..2fdecb910b 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -6,6 +6,7 @@ import json import re import logging from dateutil import rrule +from ast import literal_eval # PyYAML import yaml @@ -1690,6 +1691,55 @@ class AdHocCommandEventSerializer(BaseSerializer): res['host'] = reverse('api:host_detail', args=(obj.host.pk,)) return res +class JobLaunchSerializer(BaseSerializer): + passwords_needed_to_start = serializers.Field(source='passwords_needed_to_start') + can_start_without_user_input = serializers.Field(source='can_start_without_user_input') + variables_needed_to_start = serializers.Field(source='variables_needed_to_start') + credential_id = serializers.IntegerField(write_only=True, required=False) + errors = serializers.IntegerField(read_only=True) # only 'visible' when returning errors + credential = serializers.IntegerField(write_only=True, required=False) + credential_id = serializers.IntegerField(write_only=True, required=False) + extra_vars = serializers.CharField(write_only=True, required=False) + + class Meta: + model = JobTemplate + fields = ('can_start_without_user_input', 'passwords_needed_to_start', 'extra_vars', + 'ask_variables_on_launch', 'survey_enabled', 'variables_needed_to_start', + 'credential_id', 'credential') + + def to_native(self, obj): + res = super(JobLaunchSerializer, self).to_native(obj) + if obj: + res['credential_needed_to_start'] = obj.credential is None + res['survey_enabled'] = obj.survey_enabled and 'spec' in obj.survey_spec + return res + + def validate(self, attrs): + obj = self.context.get('obj') + if obj.survey_enabled and 'spec' in obj.survey_spec: + try: + extra_vars = literal_eval(attrs.get('extra_vars', {})) + except Exception: + if not isinstance(extra_vars, dict): + raise serializers.ValidationError({ + 'extra_vars': "Invalid format. JSON expected." + }) + validation_errors = obj.survey_variable_validation(extra_vars) + if validation_errors: + raise serializers.ValidationError({ + 'variables_needed_to_start': validation_errors + }) + return attrs + + def validate_errors(self, attrs): + obj = self.context.get('obj') + if obj.credential is None and 'credential' not in attrs and 'credential_id' not in attrs: + raise serializers.ValidationError("Credential not provided") + if obj.job_type != PERM_INVENTORY_SCAN and (obj.project is None or not obj.project.active): + raise serializers.ValidationError("Job Template Project is missing or undefined") + if obj.inventory is None or not obj.inventory.active: + return serializers.ValidationError("Job Template Inventory is missing or undefined") + return attrs class ScheduleSerializer(BaseSerializer): diff --git a/awx/api/views.py b/awx/api/views.py index d18c5ae6ea..36a80d24ed 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -1434,42 +1434,21 @@ class JobTemplateDetail(RetrieveUpdateDestroyAPIView): return super(JobTemplateDetail, self).destroy(request, *args, **kwargs) -class JobTemplateLaunch(GenericAPIView): +class JobTemplateLaunch(RetrieveAPIView, GenericAPIView): model = JobTemplate - # FIXME: Add serializer class to define fields in OPTIONS request! + serializer_class = JobLaunchSerializer is_job_start = True - def get(self, request, *args, **kwargs): - obj = self.get_object() - data = {} - data['can_start_without_user_input'] = obj.can_start_without_user_input() - data['passwords_needed_to_start'] = obj.passwords_needed_to_start - data['ask_variables_on_launch'] = obj.ask_variables_on_launch - data['variables_needed_to_start'] = obj.variables_needed_to_start - data['credential_needed_to_start'] = obj.credential is None - data['survey_enabled'] = obj.survey_enabled and 'spec' in obj.survey_spec - return Response(data) - def post(self, request, *args, **kwargs): obj = self.get_object() if not request.user.can_access(self.model, 'start', obj): raise PermissionDenied() - if obj.survey_enabled and 'spec' in obj.survey_spec: - if request.DATA == "": - request_data = {} - else: - request_data = request.DATA - validation_errors = obj.survey_variable_validation(request_data.get('extra_vars', {})) - if validation_errors: - return Response(dict(variables_needed_to_start=validation_errors), - status=status.HTTP_400_BAD_REQUEST) - if obj.credential is None and ('credential' not in request.DATA and 'credential_id' not in request.DATA): - return Response(dict(errors="Credential not provided"), status=status.HTTP_400_BAD_REQUEST) - if obj.job_type != PERM_INVENTORY_SCAN and (obj.project is None or not obj.project.active): - return Response(dict(errors="Job Template Project is missing or undefined"), status=status.HTTP_400_BAD_REQUEST) - if obj.inventory is None or not obj.inventory.active: - return Response(dict(errors="Job Template Inventory is missing or undefined"), status=status.HTTP_400_BAD_REQUEST) + + serializer = self.serializer_class(data=request.DATA, context={'obj': obj}) + if not serializer.is_valid(): + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) + new_job = obj.create_unified_job(**request.DATA) result = new_job.signal_start(**request.DATA) if not result: From f34876643009a2a37957835c8ca190cb478342f6 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Fri, 24 Apr 2015 09:44:23 -0400 Subject: [PATCH 2/5] fixed how validation errors are propogated. Also, don not allow job template to launch unless credential are available --- awx/api/serializers.py | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 2fdecb910b..1981db61f8 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -1696,7 +1696,7 @@ class JobLaunchSerializer(BaseSerializer): can_start_without_user_input = serializers.Field(source='can_start_without_user_input') variables_needed_to_start = serializers.Field(source='variables_needed_to_start') credential_id = serializers.IntegerField(write_only=True, required=False) - errors = serializers.IntegerField(read_only=True) # only 'visible' when returning errors + #errors = serializers.CharField(read_only=True) # only 'visible' when returning errors credential = serializers.IntegerField(write_only=True, required=False) credential_id = serializers.IntegerField(write_only=True, required=False) extra_vars = serializers.CharField(write_only=True, required=False) @@ -1707,10 +1707,15 @@ class JobLaunchSerializer(BaseSerializer): 'ask_variables_on_launch', 'survey_enabled', 'variables_needed_to_start', 'credential_id', 'credential') + def cred_valid(self, obj): + if obj.credential is not None: + return obj.credential.active + return False + def to_native(self, obj): res = super(JobLaunchSerializer, self).to_native(obj) if obj: - res['credential_needed_to_start'] = obj.credential is None + res['credential_needed_to_start'] = not self.cred_valid(obj) res['survey_enabled'] = obj.survey_enabled and 'spec' in obj.survey_spec return res @@ -1729,16 +1734,13 @@ class JobLaunchSerializer(BaseSerializer): raise serializers.ValidationError({ 'variables_needed_to_start': validation_errors }) - return attrs - def validate_errors(self, attrs): - obj = self.context.get('obj') - if obj.credential is None and 'credential' not in attrs and 'credential_id' not in attrs: - raise serializers.ValidationError("Credential not provided") + if not self.cred_valid(obj) and ('credential' not in attrs and 'credential_id' not in attrs): + raise serializers.ValidationError({'errors': ["Credential not provided"]}) if obj.job_type != PERM_INVENTORY_SCAN and (obj.project is None or not obj.project.active): - raise serializers.ValidationError("Job Template Project is missing or undefined") + raise serializers.ValidationError({'errors': ["Job Template Project is missing or undefined"]}) if obj.inventory is None or not obj.inventory.active: - return serializers.ValidationError("Job Template Inventory is missing or undefined") + return serializers.ValidationError({'errors': ["Job Template Inventory is missing or undefined"]}) return attrs class ScheduleSerializer(BaseSerializer): From aaf3a191e4637e978fb7c137576058540e232695 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Fri, 24 Apr 2015 09:45:50 -0400 Subject: [PATCH 3/5] removed commented out code --- awx/api/serializers.py | 1 - 1 file changed, 1 deletion(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 1981db61f8..5ceb7de8dd 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -1696,7 +1696,6 @@ class JobLaunchSerializer(BaseSerializer): can_start_without_user_input = serializers.Field(source='can_start_without_user_input') variables_needed_to_start = serializers.Field(source='variables_needed_to_start') credential_id = serializers.IntegerField(write_only=True, required=False) - #errors = serializers.CharField(read_only=True) # only 'visible' when returning errors credential = serializers.IntegerField(write_only=True, required=False) credential_id = serializers.IntegerField(write_only=True, required=False) extra_vars = serializers.CharField(write_only=True, required=False) From 0d26a700a6857baa7009b7d52b46829c71d58727 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Fri, 24 Apr 2015 12:18:19 -0400 Subject: [PATCH 4/5] sanitize request.DATA before passing to jobs --- awx/api/serializers.py | 73 ++++++++++++++++++++++++++---------------- awx/api/views.py | 4 ++- 2 files changed, 49 insertions(+), 28 deletions(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 5ceb7de8dd..b4ce8835d7 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -1696,50 +1696,69 @@ class JobLaunchSerializer(BaseSerializer): can_start_without_user_input = serializers.Field(source='can_start_without_user_input') variables_needed_to_start = serializers.Field(source='variables_needed_to_start') credential_id = serializers.IntegerField(write_only=True, required=False) - credential = serializers.IntegerField(write_only=True, required=False) - credential_id = serializers.IntegerField(write_only=True, required=False) - extra_vars = serializers.CharField(write_only=True, required=False) + credential_needed_to_start = serializers.SerializerMethodField('get_credential_needed_to_start') + survey_enabled = serializers.SerializerMethodField('get_survey_enabled') class Meta: model = JobTemplate fields = ('can_start_without_user_input', 'passwords_needed_to_start', 'extra_vars', 'ask_variables_on_launch', 'survey_enabled', 'variables_needed_to_start', - 'credential_id', 'credential') + 'credential_id', 'credential', 'credential_needed_to_start',) + read_only_fields = ('ask_variables_on_launch',) + write_only_fields = ('credential','extra_vars',) def cred_valid(self, obj): if obj.credential is not None: return obj.credential.active return False - def to_native(self, obj): - res = super(JobLaunchSerializer, self).to_native(obj) + def get_credential_needed_to_start(self, obj): if obj: - res['credential_needed_to_start'] = not self.cred_valid(obj) - res['survey_enabled'] = obj.survey_enabled and 'spec' in obj.survey_spec - return res + return not self.cred_valid(obj) + return True + + def get_survey_enabled(self, obj): + if obj: + return obj.survey_enabled and 'spec' in obj.survey_spec + return False + + def validate_extra_vars(self, attrs, source): + extra_vars = attrs.get(source, {}) + if not extra_vars: + return attrs + + try: + extra_vars = literal_eval(extra_vars) + attrs['extra_vars'] = extra_vars + except Exception: + if not isinstance(extra_vars, dict): + raise serializers.ValidationError("Invalid format. JSON expected.") + return attrs + + def validate_variables_needed_to_start(self, attrs, source): + obj = self.context.get('obj') + + if self.get_survey_enabled(obj): + validation_errors = obj.survey_variable_validation(attrs.get('extra_vars', {})) + if validation_errors: + raise serializers.ValidationError(validation_errors) + return attrs def validate(self, attrs): obj = self.context.get('obj') - if obj.survey_enabled and 'spec' in obj.survey_spec: - try: - extra_vars = literal_eval(attrs.get('extra_vars', {})) - except Exception: - if not isinstance(extra_vars, dict): - raise serializers.ValidationError({ - 'extra_vars': "Invalid format. JSON expected." - }) - validation_errors = obj.survey_variable_validation(extra_vars) - if validation_errors: - raise serializers.ValidationError({ - 'variables_needed_to_start': validation_errors - }) - - if not self.cred_valid(obj) and ('credential' not in attrs and 'credential_id' not in attrs): - raise serializers.ValidationError({'errors': ["Credential not provided"]}) + data = self.context.get('data') + sanitary_fields = ('credential', 'credential_id', 'extra_vars') + if not self.cred_valid(obj) and (attrs.get('credential', None) is None and attrs.get('credential_id', None) is None): + raise serializers.ValidationError(dict(errors=["Credential not provided"])) if obj.job_type != PERM_INVENTORY_SCAN and (obj.project is None or not obj.project.active): - raise serializers.ValidationError({'errors': ["Job Template Project is missing or undefined"]}) + raise serializers.ValidationError(dict(errors=["Job Template Project is missing or undefined"])) if obj.inventory is None or not obj.inventory.active: - return serializers.ValidationError({'errors': ["Job Template Inventory is missing or undefined"]}) + raise serializers.ValidationError(dict(errors=["Job Template Inventory is missing or undefined"])) + + data.clear() + for field in sanitary_fields: + if field in attrs: + data[field] = attrs[field] return attrs class ScheduleSerializer(BaseSerializer): diff --git a/awx/api/views.py b/awx/api/views.py index 36a80d24ed..499ef8b2c7 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -1445,7 +1445,9 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView): if not request.user.can_access(self.model, 'start', obj): raise PermissionDenied() - serializer = self.serializer_class(data=request.DATA, context={'obj': obj}) + # Note: is_valid() may modify request.DATA + # It will remove any key/value pair who's key is not credential, credential_id, or extra_vars + serializer = self.serializer_class(data=request.DATA, context={'obj': obj, 'data': request.DATA}) if not serializer.is_valid(): return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) From 299b0d78c833308b4d36cf852b1bd60935f61948 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Fri, 24 Apr 2015 12:43:48 -0400 Subject: [PATCH 5/5] removed the need to access data in the serializer. It's now clear what params a job template launch takes --- awx/api/serializers.py | 10 ++-------- awx/api/views.py | 12 +++++++----- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index b4ce8835d7..617bc48517 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -1695,7 +1695,6 @@ class JobLaunchSerializer(BaseSerializer): passwords_needed_to_start = serializers.Field(source='passwords_needed_to_start') can_start_without_user_input = serializers.Field(source='can_start_without_user_input') variables_needed_to_start = serializers.Field(source='variables_needed_to_start') - credential_id = serializers.IntegerField(write_only=True, required=False) credential_needed_to_start = serializers.SerializerMethodField('get_credential_needed_to_start') survey_enabled = serializers.SerializerMethodField('get_survey_enabled') @@ -1703,7 +1702,7 @@ class JobLaunchSerializer(BaseSerializer): model = JobTemplate fields = ('can_start_without_user_input', 'passwords_needed_to_start', 'extra_vars', 'ask_variables_on_launch', 'survey_enabled', 'variables_needed_to_start', - 'credential_id', 'credential', 'credential_needed_to_start',) + 'credential', 'credential_needed_to_start',) read_only_fields = ('ask_variables_on_launch',) write_only_fields = ('credential','extra_vars',) @@ -1746,8 +1745,7 @@ class JobLaunchSerializer(BaseSerializer): def validate(self, attrs): obj = self.context.get('obj') - data = self.context.get('data') - sanitary_fields = ('credential', 'credential_id', 'extra_vars') + if not self.cred_valid(obj) and (attrs.get('credential', None) is None and attrs.get('credential_id', None) is None): raise serializers.ValidationError(dict(errors=["Credential not provided"])) if obj.job_type != PERM_INVENTORY_SCAN and (obj.project is None or not obj.project.active): @@ -1755,10 +1753,6 @@ class JobLaunchSerializer(BaseSerializer): if obj.inventory is None or not obj.inventory.active: raise serializers.ValidationError(dict(errors=["Job Template Inventory is missing or undefined"])) - data.clear() - for field in sanitary_fields: - if field in attrs: - data[field] = attrs[field] return attrs class ScheduleSerializer(BaseSerializer): diff --git a/awx/api/views.py b/awx/api/views.py index 499ef8b2c7..a2b3cd699b 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -1445,14 +1445,16 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView): if not request.user.can_access(self.model, 'start', obj): raise PermissionDenied() - # Note: is_valid() may modify request.DATA - # It will remove any key/value pair who's key is not credential, credential_id, or extra_vars - serializer = self.serializer_class(data=request.DATA, context={'obj': obj, 'data': request.DATA}) + serializer = self.serializer_class(data=request.DATA, context={'obj': obj}) if not serializer.is_valid(): return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) - new_job = obj.create_unified_job(**request.DATA) - result = new_job.signal_start(**request.DATA) + kv = { + 'credential': serializer.object.credential, + 'extra_vars': serializer.object.extra_vars + } + new_job = obj.create_unified_job(**kv) + result = new_job.signal_start(**kv) if not result: data = dict(passwords_needed_to_start=new_job.passwords_needed_to_start) new_job.delete()