From 5e398e4a252245e2da2ced2964c21873804d736e Mon Sep 17 00:00:00 2001 From: Aaron Tan Date: Mon, 26 Jun 2017 10:58:05 -0400 Subject: [PATCH] Add Tower configuration category validation for TACACS+ --- awx/sso/conf.py | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/awx/sso/conf.py b/awx/sso/conf.py index 90b4552b0e..f682f429b3 100644 --- a/awx/sso/conf.py +++ b/awx/sso/conf.py @@ -7,8 +7,11 @@ from django.conf import settings from django.core.urlresolvers import reverse from django.utils.translation import ugettext_lazy as _ +# Django REST Framework +from rest_framework import serializers + # Tower -from awx.conf import register +from awx.conf import register, register_validate from awx.sso import fields from awx.main.validators import validate_private_key, validate_certificate from awx.sso.validators import * # noqa @@ -1083,3 +1086,23 @@ register( placeholder=SOCIAL_AUTH_TEAM_MAP_PLACEHOLDER, feature_required='enterprise_auth', ) + + +def tacacs_validate(serializer, attrs): + if not serializer.instance: + return attrs + errors = [] + host = serializer.instance.TACACSPLUS_HOST + if 'TACACSPLUS_HOST' in attrs: + host = attrs['TACACSPLUS_HOST'] + secret = serializer.instance.TACACSPLUS_SECRET + if 'TACACSPLUS_SECRET' in attrs: + secret = attrs['TACACSPLUS_SECRET'] + if bool(host) ^ bool(secret): + errors.append('TACACSPLUS_HOST and TACACSPLUS_SECRET can only be both empty or both populated.') + if errors: + raise serializers.ValidationError(_('\n'.join(errors))) + return attrs + + +register_validate('tacacsplus', tacacs_validate)