mirror of
https://github.com/ansible/awx.git
synced 2026-01-16 04:10:44 -03:30
Wayne Witzel III
commit
55b06e4d8b
@ -2211,15 +2211,15 @@ class JobTemplateCallback(GenericAPIView):
|
||||
return set()
|
||||
# Find the host objects to search for a match.
|
||||
obj = self.get_object()
|
||||
qs = obj.inventory.hosts
|
||||
hosts = obj.inventory.hosts.all()
|
||||
# First try for an exact match on the name.
|
||||
try:
|
||||
return set([qs.get(name__in=remote_hosts)])
|
||||
return set([hosts.get(name__in=remote_hosts)])
|
||||
except (Host.DoesNotExist, Host.MultipleObjectsReturned):
|
||||
pass
|
||||
# Next, try matching based on name or ansible_ssh_host variable.
|
||||
matches = set()
|
||||
for host in qs.all():
|
||||
for host in hosts:
|
||||
ansible_ssh_host = host.variables_dict.get('ansible_ssh_host', '')
|
||||
if ansible_ssh_host in remote_hosts:
|
||||
matches.add(host)
|
||||
@ -2228,8 +2228,9 @@ class JobTemplateCallback(GenericAPIView):
|
||||
matches.add(host)
|
||||
if len(matches) == 1:
|
||||
return matches
|
||||
|
||||
# Try to resolve forward addresses for each host to find matches.
|
||||
for host in qs.all():
|
||||
for host in hosts:
|
||||
hostnames = set([host.name])
|
||||
ansible_ssh_host = host.variables_dict.get('ansible_ssh_host', '')
|
||||
if ansible_ssh_host:
|
||||
@ -3376,7 +3377,7 @@ class RoleList(ListAPIView):
|
||||
|
||||
def get_queryset(self):
|
||||
if self.request.user.is_superuser:
|
||||
return Role.objects
|
||||
return Role.objects.all()
|
||||
return Role.visible_roles(self.request.user)
|
||||
|
||||
|
||||
@ -3399,7 +3400,7 @@ class RoleUsersList(SubListCreateAttachDetachAPIView):
|
||||
def get_queryset(self):
|
||||
role = self.get_parent_object()
|
||||
self.check_parent_access(role)
|
||||
return role.members
|
||||
return role.members.all()
|
||||
|
||||
def post(self, request, *args, **kwargs):
|
||||
# Forbid implicit role creation here
|
||||
@ -3455,7 +3456,7 @@ class RoleParentsList(SubListAPIView):
|
||||
# XXX: This should be the intersection between the roles of the user
|
||||
# and the roles that the requesting user has access to see
|
||||
role = Role.objects.get(pk=self.kwargs['pk'])
|
||||
return role.parents
|
||||
return role.parents.all()
|
||||
|
||||
class RoleChildrenList(SubListAPIView):
|
||||
|
||||
|
||||
@ -468,7 +468,7 @@ class InventorySourceAccess(BaseAccess):
|
||||
model = InventorySource
|
||||
|
||||
def get_queryset(self):
|
||||
qs = self.model.objects
|
||||
qs = self.model.objects.all()
|
||||
qs = qs.select_related('created_by', 'modified_by', 'group', 'inventory')
|
||||
inventory_ids = set(self.user.get_queryset(Inventory).values_list('id', flat=True))
|
||||
return qs.filter(Q(inventory_id__in=inventory_ids) |
|
||||
|
||||
@ -67,7 +67,7 @@ def resolve_role_field(obj, field):
|
||||
|
||||
if len(field_components) == 1:
|
||||
if type(obj) is not ImplicitRoleDescriptor and type(obj) is not Role:
|
||||
raise Exception(smart_text('{} refers to a {}, not an ImplicitRoleField or Role').format(field, type(obj)))
|
||||
raise Exception(smart_text('{} refers to a {}, not an ImplicitRoleField or Role'.format(field, type(obj))))
|
||||
ret.append(obj)
|
||||
else:
|
||||
if type(obj) is ManyRelatedObjectsDescriptor:
|
||||
|
||||
@ -35,10 +35,10 @@ def migrate_users(apps, schema_editor):
|
||||
for user in User.objects.iterator():
|
||||
try:
|
||||
Role.objects.get(content_type=ContentType.objects.get_for_model(User), object_id=user.id)
|
||||
logger.info(smart_text("found existing role for user: {}").format(user.username))
|
||||
logger.info(smart_text("found existing role for user: {}".format(user.username)))
|
||||
except Role.DoesNotExist:
|
||||
role = Role.objects.create(
|
||||
singleton_name = smart_text('{}-admin_role').format(user.username),
|
||||
singleton_name = smart_text('{}-admin_role'.format(user.username)),
|
||||
content_object = user,
|
||||
)
|
||||
role.members.add(user)
|
||||
@ -48,11 +48,11 @@ def migrate_users(apps, schema_editor):
|
||||
create=1, read=1, write=1, delete=1, update=1,
|
||||
execute=1, scm_update=1, use=1,
|
||||
)
|
||||
logger.info(smart_text("migrating to new role for user: {}").format(user.username))
|
||||
logger.info(smart_text("migrating to new role for user: {}".format(user.username)))
|
||||
|
||||
if user.is_superuser:
|
||||
Role.singleton('System Administrator').members.add(user)
|
||||
logger.warning(smart_text("added superuser: {}").format(user.username))
|
||||
logger.warning(smart_text("added superuser: {}".format(user.username)))
|
||||
|
||||
@log_migration
|
||||
def migrate_organization(apps, schema_editor):
|
||||
@ -60,10 +60,10 @@ def migrate_organization(apps, schema_editor):
|
||||
for org in Organization.objects.iterator():
|
||||
for admin in org.deprecated_admins.all():
|
||||
org.admin_role.members.add(admin)
|
||||
logger.info(smart_text("added admin: {}, {}").format(org.name, admin.username))
|
||||
logger.info(smart_text("added admin: {}, {}".format(org.name, admin.username)))
|
||||
for user in org.deprecated_users.all():
|
||||
org.auditor_role.members.add(user)
|
||||
logger.info(smart_text("added auditor: {}, {}").format(org.name, user.username))
|
||||
logger.info(smart_text("added auditor: {}, {}".format(org.name, user.username)))
|
||||
|
||||
@log_migration
|
||||
def migrate_team(apps, schema_editor):
|
||||
@ -71,7 +71,7 @@ def migrate_team(apps, schema_editor):
|
||||
for t in Team.objects.iterator():
|
||||
for user in t.deprecated_users.all():
|
||||
t.member_role.members.add(user)
|
||||
logger.info(smart_text("team: {}, added user: {}").format(t.name, user.username))
|
||||
logger.info(smart_text("team: {}, added user: {}".format(t.name, user.username)))
|
||||
|
||||
def attrfunc(attr_path):
|
||||
'''attrfunc returns a function that will
|
||||
@ -145,7 +145,7 @@ def migrate_credential(apps, schema_editor):
|
||||
_update_credential_parents(results[0].inventory.organization, cred)
|
||||
else:
|
||||
_discover_credentials(results, cred, attrfunc('inventory.organization'))
|
||||
logger.info(smart_text("added Credential(name={}, kind={}, host={}) at organization level").format(cred.name, cred.kind, cred.host))
|
||||
logger.info(smart_text("added Credential(name={}, kind={}, host={}) at organization level".format(cred.name, cred.kind, cred.host)))
|
||||
continue
|
||||
|
||||
projs = Project.objects.filter(credential=cred).all()
|
||||
@ -154,7 +154,7 @@ def migrate_credential(apps, schema_editor):
|
||||
_update_credential_parents(projs[0].organization, cred)
|
||||
else:
|
||||
_discover_credentials(projs, cred, attrfunc('organization'))
|
||||
logger.info(smart_text("added Credential(name={}, kind={}, host={}) at organization level").format(cred.name, cred.kind, cred.host))
|
||||
logger.info(smart_text("added Credential(name={}, kind={}, host={}) at organization level".format(cred.name, cred.kind, cred.host)))
|
||||
continue
|
||||
|
||||
if cred.deprecated_team is not None:
|
||||
@ -162,14 +162,14 @@ def migrate_credential(apps, schema_editor):
|
||||
cred.deprecated_team.member_role.children.add(cred.usage_role)
|
||||
cred.deprecated_user, cred.deprecated_team = None, None
|
||||
cred.save()
|
||||
logger.info(smart_text("added Credential(name={}, kind={}, host={}) at user level").format(cred.name, cred.kind, cred.host))
|
||||
logger.info(smart_text("added Credential(name={}, kind={}, host={}) at user level".format(cred.name, cred.kind, cred.host)))
|
||||
elif cred.deprecated_user is not None:
|
||||
cred.deprecated_user.admin_role.children.add(cred.owner_role)
|
||||
cred.deprecated_user, cred.deprecated_team = None, None
|
||||
cred.save()
|
||||
logger.info(smart_text("added Credential(name={}, kind={}, host={}) at user level").format(cred.name, cred.kind, cred.host, ))
|
||||
logger.info(smart_text("added Credential(name={}, kind={}, host={}) at user level".format(cred.name, cred.kind, cred.host, )))
|
||||
else:
|
||||
logger.warning(smart_text("orphaned credential found Credential(name={}, kind={}, host={}), superuser only").format(cred.name, cred.kind, cred.host, ))
|
||||
logger.warning(smart_text("orphaned credential found Credential(name={}, kind={}, host={}), superuser only".format(cred.name, cred.kind, cred.host, )))
|
||||
|
||||
|
||||
@log_migration
|
||||
@ -195,7 +195,7 @@ def migrate_inventory(apps, schema_editor):
|
||||
elif perm.permission_type == 'run':
|
||||
pass
|
||||
else:
|
||||
raise Exception(smart_text('Unhandled permission type for inventory: {}').format( perm.permission_type))
|
||||
raise Exception(smart_text('Unhandled permission type for inventory: {}'.format( perm.permission_type)))
|
||||
if perm.run_ad_hoc_commands:
|
||||
execrole = inventory.executor_role
|
||||
|
||||
@ -204,14 +204,14 @@ def migrate_inventory(apps, schema_editor):
|
||||
perm.team.member_role.children.add(role)
|
||||
if execrole:
|
||||
perm.team.member_role.children.add(execrole)
|
||||
logger.info(smart_text('added Team({}) access to Inventory({})').format(perm.team.name, inventory.name))
|
||||
logger.info(smart_text('added Team({}) access to Inventory({})'.format(perm.team.name, inventory.name)))
|
||||
|
||||
if perm.user:
|
||||
if role:
|
||||
role.members.add(perm.user)
|
||||
if execrole:
|
||||
execrole.members.add(perm.user)
|
||||
logger.info(smart_text('added User({}) access to Inventory({})').format(perm.user.username, inventory.name))
|
||||
logger.info(smart_text('added User({}) access to Inventory({})'.format(perm.user.username, inventory.name)))
|
||||
|
||||
@log_migration
|
||||
def migrate_projects(apps, schema_editor):
|
||||
@ -244,14 +244,14 @@ def migrate_projects(apps, schema_editor):
|
||||
if first_org is None:
|
||||
# For the first org, re-use our existing Project object, so don't do the below duplication effort
|
||||
first_org = org
|
||||
project.name = first_org.name + ' - ' + original_project_name
|
||||
project.name = smart_text('{} - {}'.format(first_org.name, original_project_name))
|
||||
project.organization = first_org
|
||||
project.save()
|
||||
else:
|
||||
new_prj = Project.objects.create(
|
||||
created = project.created,
|
||||
description = project.description,
|
||||
name = org.name + ' - ' + original_project_name,
|
||||
name = smart_text('{} - {}'.format(org.name, original_project_name)),
|
||||
old_pk = project.old_pk,
|
||||
created_by_id = project.created_by_id,
|
||||
scm_type = project.scm_type,
|
||||
@ -265,7 +265,7 @@ def migrate_projects(apps, schema_editor):
|
||||
credential = project.credential,
|
||||
organization = org
|
||||
)
|
||||
logger.warning(smart_text('cloning Project({}) onto {} as Project({})').format(original_project_name, org, new_prj))
|
||||
logger.warning(smart_text('cloning Project({}) onto {} as Project({})'.format(original_project_name, org, new_prj)))
|
||||
job_templates = JobTemplate.objects.filter(inventory__organization=org).all()
|
||||
for jt in job_templates:
|
||||
jt.project = new_prj
|
||||
@ -275,26 +275,26 @@ def migrate_projects(apps, schema_editor):
|
||||
for project in Project.objects.iterator():
|
||||
if project.organization is None and project.created_by is not None:
|
||||
project.admin_role.members.add(project.created_by)
|
||||
logger.warn(smart_text('adding Project({}) admin: {}').format(project.name, project.created_by.username))
|
||||
logger.warn(smart_text('adding Project({}) admin: {}'.format(project.name, project.created_by.username)))
|
||||
|
||||
for team in project.deprecated_teams.all():
|
||||
team.member_role.children.add(project.member_role)
|
||||
logger.info(smart_text('adding Team({}) access for Project({})').format(team.name, project.name))
|
||||
logger.info(smart_text('adding Team({}) access for Project({})'.format(team.name, project.name)))
|
||||
|
||||
if project.organization is not None:
|
||||
for user in project.organization.deprecated_users.all():
|
||||
project.member_role.members.add(user)
|
||||
logger.info(smart_text('adding Organization({}) member access to Project({})').format(project.organization.name, project.name))
|
||||
logger.info(smart_text('adding Organization({}) member access to Project({})'.format(project.organization.name, project.name)))
|
||||
|
||||
for perm in Permission.objects.filter(project=project):
|
||||
# All perms at this level just imply a user or team can read
|
||||
if perm.team:
|
||||
perm.team.member_role.children.add(project.member_role)
|
||||
logger.info(smart_text('adding Team({}) access for Project({})').format(perm.team.name, project.name))
|
||||
logger.info(smart_text('adding Team({}) access for Project({})'.format(perm.team.name, project.name)))
|
||||
|
||||
if perm.user:
|
||||
project.member_role.members.add(perm.user)
|
||||
logger.info(smart_text('adding User({}) access for Project({})').format(perm.user.username, project.name))
|
||||
logger.info(smart_text('adding User({}) access for Project({})'.format(perm.user.username, project.name)))
|
||||
|
||||
|
||||
@log_migration
|
||||
@ -355,12 +355,12 @@ def migrate_job_templates(apps, schema_editor):
|
||||
for team in Team.objects.iterator():
|
||||
if permission.filter(team=team).exists():
|
||||
team.member_role.children.add(jt.executor_role)
|
||||
logger.info(smart_text('adding Team({}) access to JobTemplate({})').format(team.name, jt.name))
|
||||
logger.info(smart_text('adding Team({}) access to JobTemplate({})'.format(team.name, jt.name)))
|
||||
|
||||
for user in User.objects.iterator():
|
||||
if permission.filter(user=user).exists():
|
||||
jt.executor_role.members.add(user)
|
||||
logger.info(smart_text('adding User({}) access to JobTemplate({})').format(user.username, jt.name))
|
||||
logger.info(smart_text('adding User({}) access to JobTemplate({})'.format(user.username, jt.name)))
|
||||
|
||||
if jt.accessible_by(user, {'execute': True}):
|
||||
# If the job template is already accessible by the user, because they
|
||||
@ -370,4 +370,4 @@ def migrate_job_templates(apps, schema_editor):
|
||||
|
||||
if old_access.check_user_access(user, jt.__class__, 'start', jt, False):
|
||||
jt.executor_role.members.add(user)
|
||||
logger.info(smart_text('adding User({}) access to JobTemplate({})').format(user.username, jt.name))
|
||||
logger.info(smart_text('adding User({}) access to JobTemplate({})'.format(user.username, jt.name)))
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user