External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-04-05 01:59:25 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13 from ryanpetrello/fix-7252

Browse Source 
allow Job Templates to launch with *only* a vault credential
This commit is contained in:
Ryan Petrello
2017-07-24 16:36:44 -04:00
committed by GitHub
parent ca2671f17e b0f5d2f82d
commit 6b6b4de205
4 changed files with 54 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
awx/api/serializers.py
View File

@@ -2460,12 +2460,17 @@ class JobTemplateSerializer(JobTemplateMixin, UnifiedJobTemplateSerializer, JobO
inventory = get_field_from_model_or_attrs('inventory') inventory = get_field_from_model_or_attrs('inventory')
credential = get_field_from_model_or_attrs('credential') credential = get_field_from_model_or_attrs('credential')
vault_credential = get_field_from_model_or_attrs('vault_credential')
project = get_field_from_model_or_attrs('project') project = get_field_from_model_or_attrs('project')
prompting_error_message = _("Must either set a default value or ask to prompt on launch.") prompting_error_message = _("Must either set a default value or ask to prompt on launch.")
if project is None: if project is None:
raise serializers.ValidationError({'project': _("Job types 'run' and 'check' must have assigned a project.")}) raise serializers.ValidationError({'project': _("Job types 'run' and 'check' must have assigned a project.")})
elif credential is None and not get_field_from_model_or_attrs('ask_credential_on_launch'): elif all([
credential is None,
vault_credential is None,
not get_field_from_model_or_attrs('ask_credential_on_launch'),
]):
raise serializers.ValidationError({'credential': prompting_error_message}) raise serializers.ValidationError({'credential': prompting_error_message})
elif inventory is None and not get_field_from_model_or_attrs('ask_inventory_on_launch'): elif inventory is None and not get_field_from_model_or_attrs('ask_inventory_on_launch'):
raise serializers.ValidationError({'inventory': prompting_error_message}) raise serializers.ValidationError({'inventory': prompting_error_message})

6
awx/main/models/jobs.py
View File

@@ -314,10 +314,12 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, SurveyJobTemplateMixin, Resour
resources_needed_to_start.append('inventory') resources_needed_to_start.append('inventory')
if not self.ask_inventory_on_launch: if not self.ask_inventory_on_launch:
validation_errors['inventory'] = [_("Job Template must provide 'inventory' or allow prompting for it."),] validation_errors['inventory'] = [_("Job Template must provide 'inventory' or allow prompting for it."),]
if self.credential is None: if self.credential is None and self.vault_credential is None:
resources_needed_to_start.append('credential') resources_needed_to_start.append('credential')
if not self.ask_credential_on_launch: if not self.ask_credential_on_launch:
validation_errors['credential'] = [_("Job Template must provide 'credential' or allow prompting for it."),] validation_errors['credential'] = [_("Job Template must provide 'credential' or allow prompting for it."),]
elif self.credential is None and self.ask_credential_on_launch:
resources_needed_to_start.append('credential')
# Job type dependent checks # Job type dependent checks
if self.project is None: if self.project is None:
@@ -695,7 +697,7 @@ class Job(UnifiedJob, JobOptions, SurveyJobMixin, JobNotificationMixin, TaskMana
if not super(Job, self).can_start: if not super(Job, self).can_start:
return False return False
if not (self.credential): if not (self.credential) and not (self.vault_credential):
return False return False
return True return True

41
awx/main/tests/functional/api/test_job_runtime_params.py
View File

@@ -316,6 +316,47 @@ def test_job_launch_JT_enforces_unique_extra_credential_kinds(machine_credential
assert validated is False assert validated is False
@pytest.mark.django_db
def test_job_launch_with_no_credentials(deploy_jobtemplate):
deploy_jobtemplate.credential = None
deploy_jobtemplate.vault_credential = None
serializer = JobLaunchSerializer(
instance=deploy_jobtemplate, data={},
context={'obj': deploy_jobtemplate, 'data': {}, 'passwords': {}})
validated = serializer.is_valid()
assert validated is False
assert serializer.errors['credential'] == ["Job Template 'credential' is missing or undefined."]
@pytest.mark.django_db
def test_job_launch_with_only_vault_credential(vault_credential, deploy_jobtemplate):
deploy_jobtemplate.credential = None
deploy_jobtemplate.vault_credential = vault_credential
serializer = JobLaunchSerializer(
instance=deploy_jobtemplate, data={},
context={'obj': deploy_jobtemplate, 'data': {}, 'passwords': {}})
validated = serializer.is_valid()
assert validated
prompted_fields, ignored_fields = deploy_jobtemplate._accept_or_ignore_job_kwargs(**{})
job_obj = deploy_jobtemplate.create_unified_job(**prompted_fields)
assert job_obj.vault_credential.pk == vault_credential.pk
@pytest.mark.django_db
def test_job_launch_with_vault_credential_ask_for_machine(vault_credential, deploy_jobtemplate):
deploy_jobtemplate.credential = None
deploy_jobtemplate.ask_credential_on_launch = True
deploy_jobtemplate.vault_credential = vault_credential
serializer = JobLaunchSerializer(
instance=deploy_jobtemplate, data={},
context={'obj': deploy_jobtemplate, 'data': {}, 'passwords': {}})
validated = serializer.is_valid()
assert validated is False
assert serializer.errors['credential'] == ["Job Template 'credential' is missing or undefined."]
@pytest.mark.django_db @pytest.mark.django_db
def test_job_launch_JT_with_default_vault_credential(machine_credential, vault_credential, deploy_jobtemplate): def test_job_launch_JT_with_default_vault_credential(machine_credential, vault_credential, deploy_jobtemplate):
deploy_jobtemplate.credential = machine_credential deploy_jobtemplate.credential = machine_credential

4
awx/ui/client/src/templates/job_templates/multi-credential/multi-credential.directive.js
View File

@@ -21,6 +21,7 @@ export default ['templateUrl', '$compile',
if (!$scope.selectedCredentials) { if (!$scope.selectedCredentials) {
$scope.selectedCredentials = { $scope.selectedCredentials = {
machine: null, machine: null,
vault: null,
extra: [] extra: []
}; };
} }
@@ -39,7 +40,8 @@ export default ['templateUrl', '$compile',
} }
$scope.credentialNotPresent = !$scope.prompt && $scope.credentialNotPresent = !$scope.prompt &&
$scope.selectedCredentials.machine === null; $scope.selectedCredentials.machine === null &&
$scope.selectedCredentials.vault === null;
}); });
$scope.removeCredential = function(credToRemove) { $scope.removeCredential = function(credToRemove) {