From d0f05ac2cdc04ea69ee3a88f2f4455025e19890e Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Mon, 27 Apr 2015 09:47:48 -0400 Subject: [PATCH 1/5] send the id of the credential to the job execution, not the credential object itself --- awx/api/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/awx/api/views.py b/awx/api/views.py index a2b3cd699b..1a684c4e5e 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -1450,7 +1450,7 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView): return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) kv = { - 'credential': serializer.object.credential, + 'credential': serializer.object.credential.pk, 'extra_vars': serializer.object.extra_vars } new_job = obj.create_unified_job(**kv) From 086ae8f9add9c9e1897368b0b148cbf4cc602991 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Mon, 27 Apr 2015 13:31:57 -0400 Subject: [PATCH 2/5] allow credential_id to job template launch. Funnel credential_id into credential. --- awx/api/views.py | 3 +++ awx/main/tests/jobs/jobs_monolithic.py | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/awx/api/views.py b/awx/api/views.py index 1a684c4e5e..3c87ba613f 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -1445,6 +1445,9 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView): if not request.user.can_access(self.model, 'start', obj): raise PermissionDenied() + if 'credential' not in request.DATA and 'credential_id' in request.DATA: + request.DATA['credential'] = request.DATA['credential_id'] + serializer = self.serializer_class(data=request.DATA, context={'obj': obj}) if not serializer.is_valid(): return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) diff --git a/awx/main/tests/jobs/jobs_monolithic.py b/awx/main/tests/jobs/jobs_monolithic.py index 65d0e7aa66..b4c6c554f6 100644 --- a/awx/main/tests/jobs/jobs_monolithic.py +++ b/awx/main/tests/jobs/jobs_monolithic.py @@ -482,24 +482,37 @@ class JobTemplateTest(BaseJobTestMixin, django.test.TestCase): # Invalid auth can't trigger the launch endpoint self.check_invalid_auth(launch_url, {}, methods=('post',)) + # Implicit, attached credentials with self.current_user(self.user_sue): response = self.post(launch_url, {}, expect=202) j = Job.objects.get(pk=response['job']) self.assertTrue(j.status == 'new') + # Explicit, override credentials with self.current_user(self.user_sue): response = self.post(launch_url, {'credential': self.cred_doug.pk}, expect=202) j = Job.objects.get(pk=response['job']) self.assertTrue(j.status == 'new') + self.assertEqual(j.credential.pk, self.cred_doug.pk) + + # Explicit, override credentials + with self.current_user(self.user_sue): + response = self.post(launch_url, {'credential_id': self.cred_doug.pk}, expect=202) + j = Job.objects.get(pk=response['job']) + self.assertTrue(j.status == 'new') + self.assertEqual(j.credential.pk, self.cred_doug.pk) # Can't launch a job template without a credential defined (or if we # pass an invalid/inactive credential value). with self.current_user(self.user_sue): response = self.post(no_launch_url, {}, expect=400) response = self.post(no_launch_url, {'credential': 0}, expect=400) + response = self.post(no_launch_url, {'credential_id': 0}, expect=400) response = self.post(no_launch_url, {'credential': 'one'}, expect=400) + response = self.post(no_launch_url, {'credential_id': 'one'}, expect=400) self.cred_doug.mark_inactive() response = self.post(no_launch_url, {'credential': self.cred_doug.pk}, expect=400) + response = self.post(no_launch_url, {'credential_id': self.cred_doug.pk}, expect=400) # Job Templates without projects can not be launched with self.current_user(self.user_sue): From 90037bbc2fdb07b7dc9565160e85b48070033fd3 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Mon, 27 Apr 2015 14:15:35 -0400 Subject: [PATCH 3/5] fill in api browser with needed extra_vars passwords and credential --- awx/api/serializers.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 5bf92ab2b3..844799ec7c 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -1706,6 +1706,17 @@ class JobLaunchSerializer(BaseSerializer): read_only_fields = ('ask_variables_on_launch',) write_only_fields = ('credential','extra_vars',) + def to_native(self, obj): + res = super(JobLaunchSerializer, self).to_native(obj) + view = self.context.get('view', None) + if hasattr(view, '_raw_data_form_marker'): + if obj.passwords_needed_to_start: + password_keys = dict([(p, u'') for p in obj.passwords_needed_to_start]) + res.update(dict(extra_vars=password_keys)) + if self.get_credential_needed_to_start(obj) is True: + res.update(dict(credential='')) + return res + def get_credential_needed_to_start(self, obj): return not (obj and obj.credential and obj.credential.active) From c29e5f40be00ffa426a75f39ff5291f73f2df8a0 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Mon, 27 Apr 2015 14:24:54 -0400 Subject: [PATCH 4/5] save state --- awx/api/serializers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 844799ec7c..eeac81071b 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -1709,7 +1709,7 @@ class JobLaunchSerializer(BaseSerializer): def to_native(self, obj): res = super(JobLaunchSerializer, self).to_native(obj) view = self.context.get('view', None) - if hasattr(view, '_raw_data_form_marker'): + if obj and hasattr(view, '_raw_data_form_marker'): if obj.passwords_needed_to_start: password_keys = dict([(p, u'') for p in obj.passwords_needed_to_start]) res.update(dict(extra_vars=password_keys)) From 8a050dbc970fd21bc6459b789d7add5249b9b90a Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Mon, 27 Apr 2015 14:54:57 -0400 Subject: [PATCH 5/5] generate passwords in validate and pass back through context --- awx/api/serializers.py | 16 +++++++++++++++- awx/api/views.py | 5 ++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index eeac81071b..7fe0897805 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -1712,7 +1712,7 @@ class JobLaunchSerializer(BaseSerializer): if obj and hasattr(view, '_raw_data_form_marker'): if obj.passwords_needed_to_start: password_keys = dict([(p, u'') for p in obj.passwords_needed_to_start]) - res.update(dict(extra_vars=password_keys)) + res.update(password_keys) if self.get_credential_needed_to_start(obj) is True: res.update(dict(credential='')) return res @@ -1733,6 +1733,20 @@ class JobLaunchSerializer(BaseSerializer): attrs[source] = credential return attrs + def validate_passwords_needed_to_start(self, attrs, source): + obj = self.context.get('obj') + passwords = self.context.get('passwords') + data = self.context.get('data') + + # fill passwords dict with request data passwords + if obj.passwords_needed_to_start: + try: + for p in obj.passwords_needed_to_start: + passwords[p] = data.get(p) + except KeyError: + raise serializers.ValidationError(obj.passwords_needed_to_start) + return attrs + def validate_extra_vars(self, attrs, source): extra_vars = attrs.get(source, {}) if not extra_vars: diff --git a/awx/api/views.py b/awx/api/views.py index 3c87ba613f..699f816e9f 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -1448,7 +1448,8 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView): if 'credential' not in request.DATA and 'credential_id' in request.DATA: request.DATA['credential'] = request.DATA['credential_id'] - serializer = self.serializer_class(data=request.DATA, context={'obj': obj}) + passwords = {} + serializer = self.serializer_class(data=request.DATA, context={'obj': obj, 'data': request.DATA, 'passwords': passwords}) if not serializer.is_valid(): return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) @@ -1456,6 +1457,8 @@ class JobTemplateLaunch(RetrieveAPIView, GenericAPIView): 'credential': serializer.object.credential.pk, 'extra_vars': serializer.object.extra_vars } + kv.update(passwords) + new_job = obj.create_unified_job(**kv) result = new_job.signal_start(**kv) if not result: