External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-07 11:41:08 -03:30
Code Issues Packages Projects Releases Wiki Activity

update migrations for RBAC

Browse Source
This commit is contained in:
Wayne Witzel III
2016-05-13 11:36:44 -04:00
parent 1da2727f5d
commit 6a6194cc43
2 changed files with 17 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
awx/main/migrations/0008_v300_rbac_changes.py
View File

@@ -137,11 +137,6 @@ class Migration(migrations.Migration):
name='roleancestorentry', name='roleancestorentry',
index_together=set([('ancestor', 'content_type_id', 'object_id'), ('ancestor', 'content_type_id', 'role_field'), ('ancestor', 'descendent')]), index_together=set([('ancestor', 'content_type_id', 'object_id'), ('ancestor', 'content_type_id', 'role_field'), ('ancestor', 'descendent')]),
), ),
migrations.AddField(
model_name='credential',
name='auditor_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'singleton:system_auditor'], to='main.Role', null=b'True'),
),
migrations.AddField( migrations.AddField(
model_name='credential', model_name='credential',
name='owner_role', name='owner_role',
@@ -155,27 +150,17 @@ class Migration(migrations.Migration):
migrations.AddField( migrations.AddField(
model_name='credential', model_name='credential',
name='read_role', name='read_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'use_role', b'auditor_role', b'owner_role'], to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'singleton:system_auditor', b'use_role', b'owner_role'], to='main.Role', null=b'True'),
), ),
migrations.AddField( migrations.AddField(
model_name='custominventoryscript', model_name='custominventoryscript',
name='admin_role', name='admin_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'organization.admin_role', to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'organization.admin_role', to='main.Role', null=b'True'),
), ),
migrations.AddField(
model_name='custominventoryscript',
name='auditor_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'organization.auditor_role', to='main.Role', null=b'True'),
),
migrations.AddField(
model_name='custominventoryscript',
name='member_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'organization.member_role', to='main.Role', null=b'True'),
),
migrations.AddField( migrations.AddField(
model_name='custominventoryscript', model_name='custominventoryscript',
name='read_role', name='read_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'auditor_role', b'member_role', b'admin_role'], to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'organization.auditor_role', b'organization.member_role', b'admin_role'], to='main.Role', null=b'True'),
), ),
migrations.AddField( migrations.AddField(
model_name='group', model_name='group',
@@ -187,11 +172,6 @@ class Migration(migrations.Migration):
name='adhoc_role', name='adhoc_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'inventory.adhoc_role', b'parents.adhoc_role', b'admin_role'], to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'inventory.adhoc_role', b'parents.adhoc_role', b'admin_role'], to='main.Role', null=b'True'),
), ),
migrations.AddField(
model_name='group',
name='auditor_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'inventory.auditor_role', b'parents.auditor_role'], to='main.Role', null=b'True'),
),
migrations.AddField( migrations.AddField(
model_name='group', model_name='group',
name='execute_role', name='execute_role',
@@ -205,7 +185,7 @@ class Migration(migrations.Migration):
migrations.AddField( migrations.AddField(
model_name='group', model_name='group',
name='read_role', name='read_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'execute_role', b'update_role', b'auditor_role', b'admin_role'], to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'inventory.read_role', b'parents.read_role', b'execute_role', b'update_role', b'admin_role'], to='main.Role', null=b'True'),
), ),
migrations.AddField( migrations.AddField(
model_name='inventory', model_name='inventory',
@@ -215,12 +195,7 @@ class Migration(migrations.Migration):
migrations.AddField( migrations.AddField(
model_name='inventory', model_name='inventory',
name='adhoc_role', name='adhoc_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'admin_role'], to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'admin_role', to='main.Role', null=b'True'),
),
migrations.AddField(
model_name='inventory',
name='auditor_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'organization.auditor_role', to='main.Role', null=b'True'),
), ),
migrations.AddField( migrations.AddField(
model_name='inventory', model_name='inventory',
@@ -230,28 +205,23 @@ class Migration(migrations.Migration):
migrations.AddField( migrations.AddField(
model_name='inventory', model_name='inventory',
name='update_role', name='update_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'admin_role'], to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'admin_role', to='main.Role', null=b'True'),
), ),
migrations.AddField( migrations.AddField(
model_name='inventory', model_name='inventory',
name='use_role', name='use_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'admin_role'], to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'admin_role', to='main.Role', null=b'True'),
), ),
migrations.AddField( migrations.AddField(
model_name='inventory', model_name='inventory',
name='read_role', name='read_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'auditor_role', b'execute_role', b'update_role', b'use_role', b'admin_role'], to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'organization.auditor_role', b'execute_role', b'update_role', b'use_role', b'admin_role'], to='main.Role', null=b'True'),
), ),
migrations.AddField( migrations.AddField(
model_name='jobtemplate', model_name='jobtemplate',
name='admin_role', name='admin_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[(b'project.admin_role', b'inventory.admin_role')], to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[(b'project.admin_role', b'inventory.admin_role')], to='main.Role', null=b'True'),
), ),
migrations.AddField(
model_name='jobtemplate',
name='auditor_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[(b'project.auditor_role', b'inventory.auditor_role')], to='main.Role', null=b'True'),
),
migrations.AddField( migrations.AddField(
model_name='jobtemplate', model_name='jobtemplate',
name='execute_role', name='execute_role',
@@ -260,7 +230,7 @@ class Migration(migrations.Migration):
migrations.AddField( migrations.AddField(
model_name='jobtemplate', model_name='jobtemplate',
name='read_role', name='read_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'execute_role', b'auditor_role', b'admin_role'], to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[(b'project.organization.auditor_role', b'inventory.organization.auditor_role'), b'execute_role', b'admin_role'], to='main.Role', null=b'True'),
), ),
migrations.AddField( migrations.AddField(
model_name='organization', model_name='organization',
@@ -289,34 +259,24 @@ class Migration(migrations.Migration):
), ),
migrations.AddField( migrations.AddField(
model_name='project', model_name='project',
name='auditor_role', name='use_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'organization.auditor_role', b'singleton:system_auditor'], to='main.Role', null=b'True'),
),
migrations.AddField(
model_name='project',
name='member_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'admin_role', to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'admin_role', to='main.Role', null=b'True'),
), ),
migrations.AddField( migrations.AddField(
model_name='project', model_name='project',
name='scm_update_role', name='update_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'admin_role', to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'admin_role', to='main.Role', null=b'True'),
), ),
migrations.AddField( migrations.AddField(
model_name='project', model_name='project',
name='read_role', name='read_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'member_role', b'auditor_role', b'scm_update_role'], to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'organization.auditor_role', b'singleton:system_auditor', b'use_role', b'update_role'], to='main.Role', null=b'True'),
), ),
migrations.AddField( migrations.AddField(
model_name='team', model_name='team',
name='admin_role', name='admin_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'organization.admin_role', to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'organization.admin_role', to='main.Role', null=b'True'),
), ),
migrations.AddField(
model_name='team',
name='auditor_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=b'organization.auditor_role', to='main.Role', null=b'True'),
),
migrations.AddField( migrations.AddField(
model_name='team', model_name='team',
name='member_role', name='member_role',
@@ -325,6 +285,6 @@ class Migration(migrations.Migration):
migrations.AddField( migrations.AddField(
model_name='team', model_name='team',
name='read_role', name='read_role',
field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'admin_role', b'auditor_role', b'member_role'], to='main.Role', null=b'True'), field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'admin_role', b'organization.auditor_role', b'member_role'], to='main.Role', null=b'True'),
), ),
] ]

10
awx/main/migrations/_rbac.py
View File

@@ -219,7 +219,7 @@ def migrate_inventory(apps, schema_editor):
if perm.permission_type == 'admin': if perm.permission_type == 'admin':
return inventory.admin_role return inventory.admin_role
elif perm.permission_type == 'read': elif perm.permission_type == 'read':
return inventory.auditor_role return inventory.read_role
elif perm.permission_type == 'write': elif perm.permission_type == 'write':
return inventory.update_role return inventory.update_role
elif perm.permission_type == 'check' or perm.permission_type == 'run' or perm.permission_type == 'create': elif perm.permission_type == 'check' or perm.permission_type == 'run' or perm.permission_type == 'create':
@@ -320,22 +320,22 @@ def migrate_projects(apps, schema_editor):
logger.warn(smart_text(u'adding Project({}) admin: {}'.format(project.name, project.created_by.username))) logger.warn(smart_text(u'adding Project({}) admin: {}'.format(project.name, project.created_by.username)))
for team in project.deprecated_teams.all(): for team in project.deprecated_teams.all():
team.member_role.children.add(project.member_role) team.member_role.children.add(project.use_role)
logger.info(smart_text(u'adding Team({}) access for Project({})'.format(team.name, project.name))) logger.info(smart_text(u'adding Team({}) access for Project({})'.format(team.name, project.name)))
if project.organization is not None: if project.organization is not None:
for user in project.organization.deprecated_users.all(): for user in project.organization.deprecated_users.all():
project.member_role.members.add(user) project.use_role.members.add(user)
logger.info(smart_text(u'adding Organization({}) member access to Project({})'.format(project.organization.name, project.name))) logger.info(smart_text(u'adding Organization({}) member access to Project({})'.format(project.organization.name, project.name)))
for perm in Permission.objects.filter(project=project): for perm in Permission.objects.filter(project=project):
# All perms at this level just imply a user or team can read # All perms at this level just imply a user or team can read
if perm.team: if perm.team:
perm.team.member_role.children.add(project.member_role) perm.team.member_role.children.add(project.use_role)
logger.info(smart_text(u'adding Team({}) access for Project({})'.format(perm.team.name, project.name))) logger.info(smart_text(u'adding Team({}) access for Project({})'.format(perm.team.name, project.name)))
if perm.user: if perm.user:
project.member_role.members.add(perm.user) project.use_role.members.add(perm.user)
logger.info(smart_text(u'adding User({}) access for Project({})'.format(perm.user.username, project.name))) logger.info(smart_text(u'adding User({}) access for Project({})'.format(perm.user.username, project.name)))