External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-11 11:27:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

don't allow isolated instances in IG.policy_instance_list

Browse Source 
see: https://github.com/ansible/tower/issues/2394
This commit is contained in:
Ryan Petrello
2018-07-11 09:29:46 -04:00
parent 92b44246a6
commit 387f7d3d67
2 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/api/serializers.py
View File

@@ -4696,6 +4696,8 @@ class InstanceGroupSerializer(BaseSerializer):
raise serializers.ValidationError(_('Duplicate entry {}.').format(instance_name)) raise serializers.ValidationError(_('Duplicate entry {}.').format(instance_name))
if not Instance.objects.filter(hostname=instance_name).exists(): if not Instance.objects.filter(hostname=instance_name).exists():
raise serializers.ValidationError(_('{} is not a valid hostname of an existing instance.').format(instance_name)) raise serializers.ValidationError(_('{} is not a valid hostname of an existing instance.').format(instance_name))
if Instance.objects.get(hostname=instance_name).is_isolated():
raise serializers.ValidationError(_('Isolated instances may not be added or removed from instances groups via the API.'))
return value return value
def validate_name(self, value): def validate_name(self, value):

11
awx/main/tests/functional/api/test_instance_group.py
View File

@@ -133,6 +133,16 @@ def test_prevent_isolated_instance_added_to_non_isolated_instance_group(post, ad
assert u"Isolated instances may not be added or removed from instances groups via the API." == resp.data['error'] assert u"Isolated instances may not be added or removed from instances groups via the API." == resp.data['error']
@pytest.mark.django_db
def test_prevent_isolated_instance_added_to_non_isolated_instance_group_via_policy_list(patch, admin, instance, instance_group, isolated_instance_group):
url = reverse("api:instance_group_detail", kwargs={'pk': instance_group.pk})
assert True is instance.is_isolated()
resp = patch(url, {'policy_instance_list': [instance.hostname]}, admin)
assert [u"Isolated instances may not be added or removed from instances groups via the API."] == resp.data['policy_instance_list']
assert instance_group.policy_instance_list == []
@pytest.mark.django_db @pytest.mark.django_db
def test_prevent_isolated_instance_removal_from_isolated_instance_group(post, admin, instance, instance_group, isolated_instance_group): def test_prevent_isolated_instance_removal_from_isolated_instance_group(post, admin, instance, instance_group, isolated_instance_group):
url = reverse("api:instance_group_instance_list", kwargs={'pk': isolated_instance_group.pk}) url = reverse("api:instance_group_instance_list", kwargs={'pk': isolated_instance_group.pk})
@@ -140,4 +150,3 @@ def test_prevent_isolated_instance_removal_from_isolated_instance_group(post, ad
assert True is instance.is_isolated() assert True is instance.is_isolated()
resp = post(url, {'disassociate': True, 'id': instance.id}, admin, expect=400) resp = post(url, {'disassociate': True, 'id': instance.id}, admin, expect=400)
assert u"Isolated instances may not be added or removed from instances groups via the API." == resp.data['error'] assert u"Isolated instances may not be added or removed from instances groups via the API." == resp.data['error']