External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-02 01:08:48 -03:30
Code Issues Packages Projects Releases Wiki Activity

adjusting Credential model and migrations

Browse Source
This commit is contained in:
Wayne Witzel III
2016-06-10 13:23:32 -04:00
parent 2c05df064b
commit 5754b4bb2c
4 changed files with 55 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/main/access.py
View File

@@ -600,6 +600,10 @@ class CredentialAccess(BaseAccess):
if not self.can_add(data): if not self.can_add(data):
return False return False
if obj.organization:
if self.user in obj.organization.admin_role:
return True
return self.user in obj.owner_role return self.user in obj.owner_role
def can_delete(self, obj): def can_delete(self, obj):

6
awx/main/migrations/0008_v300_rbac_changes.py
View File

@@ -86,7 +86,11 @@ class Migration(migrations.Migration):
name='credential', name='credential',
unique_together=set([]), unique_together=set([]),
), ),
migrations.AddField(
model_name='credential',
name='organization',
field=models.ForeignKey(related_name='credentials', default=None, blank=True, to='main.Organization', null=True),
),
# #
# New RBAC models and fields # New RBAC models and fields

45
awx/main/migrations/_rbac.py
View File

@@ -123,10 +123,10 @@ def attrfunc(attr_path):
return attr return attr
def _update_credential_parents(org, cred): def _update_credential_parents(org, cred):
org.admin_role.children.add(cred.owner_role) cred.organization = org
cred.save() cred.save()
def _discover_credentials(instances, cred, orgfunc): def _discover_credentials(apps, instances, cred, orgfunc):
'''_discover_credentials will find shared credentials across '''_discover_credentials will find shared credentials across
organizations. If a shared credential is found, it will duplicate organizations. If a shared credential is found, it will duplicate
the credential, ensure the proper role permissions are added to the new the credential, ensure the proper role permissions are added to the new
@@ -139,6 +139,8 @@ def _discover_credentials(instances, cred, orgfunc):
orgfunc is a function that when called with an instance from instances orgfunc is a function that when called with an instance from instances
will produce an Organization object. will produce an Organization object.
''' '''
Credential = apps.get_model('main', "Credential")
orgs = defaultdict(list) orgs = defaultdict(list)
for inst in instances: for inst in instances:
try: try:
@@ -161,17 +163,38 @@ def _discover_credentials(instances, cred, orgfunc):
_update_credential_parents(org, cred) _update_credential_parents(org, cred)
else: else:
# Create a new credential # Create a new credential
cred.pk = None new_cred = Credential.objects.create(
cred.save() kind = cred.kind,
cloud = cred.cloud,
# Unlink the old information from the new credential host = cred.host,
cred.owner_role, cred.use_role = None, None username = cred.username,
cred.save() password = cred.password,
security_token = cred.security_token,
project = cred.project,
domain = cred.domain,
ssh_key_data = cred.ssh_key_data,
ssh_key_unlock = cred.ssh_key_unlock,
become_method = cred.become_method,
become_username = cred.become_username,
become_password = cred.become_password,
vault_password = cred.vault_password,
authorize = cred.authorize,
authorize_password = cred.authorize_password,
client = cred.client,
secret = cred.secret,
subscription = cred.subscription,
tenant = cred.tenant,
created = cred.created,
modified = cred.modified,
created_by_id = cred.created_by_id,
modified_by_id = cred.modified_by_id,
)
for i in orgs[org]: for i in orgs[org]:
i.credential = cred i.credential = new_cred
i.save() i.save()
_update_credential_parents(org, cred)
_update_credential_parents(org, new_cred)
@log_migration @log_migration
def migrate_credential(apps, schema_editor): def migrate_credential(apps, schema_editor):
@@ -187,7 +210,7 @@ def migrate_credential(apps, schema_editor):
if len(results) == 1: if len(results) == 1:
_update_credential_parents(results[0].inventory.organization, cred) _update_credential_parents(results[0].inventory.organization, cred)
else: else:
_discover_credentials(results, cred, attrfunc('inventory.organization')) _discover_credentials(apps, results, cred, attrfunc('inventory.organization'))
logger.info(smart_text(u"added Credential(name={}, kind={}, host={}) at organization level".format(cred.name, cred.kind, cred.host))) logger.info(smart_text(u"added Credential(name={}, kind={}, host={}) at organization level".format(cred.name, cred.kind, cred.host)))
projs = Project.objects.filter(credential=cred).all() projs = Project.objects.filter(credential=cred).all()

13
awx/main/models/credential.py
View File

@@ -78,6 +78,14 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin):
on_delete=models.CASCADE, on_delete=models.CASCADE,
related_name='deprecated_credentials', related_name='deprecated_credentials',
) )
organization = models.ForeignKey(
'Organization',
null=True,
default=None,
blank=True,
on_delete=models.CASCADE,
related_name='credentials',
)
kind = models.CharField( kind = models.CharField(
max_length=32, max_length=32,
choices=KIND_CHOICES, choices=KIND_CHOICES,
@@ -209,7 +217,10 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin):
], ],
) )
use_role = ImplicitRoleField( use_role = ImplicitRoleField(
parent_role=['owner_role'] parent_role=[
'organization.admin_role',
'owner_role',
]
) )
read_role = ImplicitRoleField(parent_role=[ read_role = ImplicitRoleField(parent_role=[
'singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR, 'singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR,