External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-24 20:35:02 -02:30
Code Issues Packages Projects Releases Wiki Activity

remove /api/v1 and deprecated credential fields

Browse Source
This commit is contained in:
Ryan Petrello
2019-03-12 17:12:16 -04:00
parent 176f8632e5
commit 6da445f7c0
43 changed files with 271 additions and 2211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

227
awx/main/tests/functional/api/test_job_template.py
View File

@@ -19,148 +19,27 @@ from rest_framework.exceptions import ValidationError
@pytest.mark.django_db
@pytest.mark.parametrize(
"grant_project, grant_credential, grant_inventory, expect", [
(True, True, True, 201),
(True, True, False, 403),
(True, False, True, 403),
(False, True, True, 403),
"grant_project, grant_inventory, expect", [
(True, True, 201),
(True, False, 403),
(False, True, 403),
]
)
def test_create(post, project, machine_credential, inventory, alice, grant_project, grant_credential, grant_inventory, expect):
def test_create(post, project, machine_credential, inventory, alice, grant_project, grant_inventory, expect):
if grant_project:
project.use_role.members.add(alice)
if grant_credential:
machine_credential.use_role.members.add(alice)
if grant_inventory:
inventory.use_role.members.add(alice)
r = post(reverse('api:job_template_list'), {
'name': 'Some name',
'project': project.id,
'credential': machine_credential.id, # TODO: remove in 3.3
'inventory': inventory.id,
'playbook': 'helloworld.yml',
}, alice)
if expect == 201:
jt = JobTemplate.objects.get(id=r.data['id'])
assert set(jt.credentials.values_list('id', flat=True)) == set([machine_credential.id])
assert r.status_code == expect
# TODO: remove in 3.3
@pytest.mark.django_db
def test_create_with_v1_deprecated_credentials(get, post, project, machine_credential, credential, net_credential, inventory, alice):
project.use_role.members.add(alice)
machine_credential.use_role.members.add(alice)
credential.use_role.members.add(alice)
net_credential.use_role.members.add(alice)
inventory.use_role.members.add(alice)
pk = post(reverse('api:job_template_list', kwargs={'version': 'v1'}), {
'name': 'Some name',
'project': project.id,
'credential': machine_credential.id,
'cloud_credential': credential.id,
'network_credential': net_credential.id,
'inventory': inventory.id,
'playbook': 'helloworld.yml',
}, alice, expect=201).data['id']
url = reverse('api:job_template_detail', kwargs={'version': 'v1', 'pk': pk})
response = get(url, alice)
assert response.data.get('cloud_credential') == credential.pk
assert response.data.get('network_credential') == net_credential.pk
# TODO: remove in 3.3
@pytest.mark.django_db
def test_create_with_empty_v1_deprecated_credentials(get, post, project, machine_credential, inventory, alice):
project.use_role.members.add(alice)
machine_credential.use_role.members.add(alice)
inventory.use_role.members.add(alice)
pk = post(reverse('api:job_template_list', kwargs={'version': 'v1'}), {
'name': 'Some name',
'project': project.id,
'credential': machine_credential.id,
'cloud_credential': None,
'network_credential': None,
'inventory': inventory.id,
'playbook': 'helloworld.yml',
}, alice, expect=201).data['id']
url = reverse('api:job_template_detail', kwargs={'version': 'v1', 'pk': pk})
response = get(url, alice)
assert response.data.get('cloud_credential') is None
assert response.data.get('network_credential') is None
# TODO: remove in 3.3
@pytest.mark.django_db
def test_create_v1_rbac_check(get, post, project, credential, net_credential, rando):
project.use_role.members.add(rando)
base_kwargs = dict(
name = 'Made with cloud/net creds I have no access to',
project = project.id,
ask_inventory_on_launch = True,
ask_credential_on_launch = True,
playbook = 'helloworld.yml',
)
base_kwargs['cloud_credential'] = credential.pk
post(reverse('api:job_template_list', kwargs={'version': 'v1'}), base_kwargs, rando, expect=403)
base_kwargs.pop('cloud_credential')
base_kwargs['network_credential'] = net_credential.pk
post(reverse('api:job_template_list', kwargs={'version': 'v1'}), base_kwargs, rando, expect=403)
# TODO: remove as each field tested has support removed
@pytest.mark.django_db
def test_jt_deprecated_summary_fields(
project, inventory,
machine_credential, net_credential, vault_credential,
mocker):
jt = JobTemplate.objects.create(
project=project,
inventory=inventory,
playbook='helloworld.yml'
)
class MockView:
kwargs = {}
request = None
class MockRequest:
version = 'v1'
user = None
view = MockView()
request = MockRequest()
view.request = request
serializer = JobTemplateSerializer(instance=jt, context={'view': view, 'request': request})
for kwargs in [{}, {'pk': 1}]: # detail vs. list view
for version in ['v1', 'v2']:
view.kwargs = kwargs
request.version = version
sf = serializer.get_summary_fields(jt)
assert 'credential' not in sf
assert 'vault_credential' not in sf
jt.credentials.add(machine_credential, net_credential, vault_credential)
view.kwargs = {'pk': 1}
for version in ['v1', 'v2']:
request.version = version
sf = serializer.get_summary_fields(jt)
assert 'credential' in sf
assert sf['credential'] # not empty dict
assert 'vault_credential' in sf
assert sf['vault_credential']
@pytest.mark.django_db
def test_extra_credential_creation(get, post, organization_factory, job_template_factory, credentialtype_aws):
objs = organization_factory("org", superusers=['admin'])
@@ -293,79 +172,6 @@ def test_attach_extra_credential_wrong_kind_xfail(get, post, organization_factor
assert response.data.get('count') == 0
# TODO: remove in 3.3
@pytest.mark.django_db
def test_v1_extra_credentials_detail(get, organization_factory, job_template_factory, credential, net_credential):
objs = organization_factory("org", superusers=['admin'])
jt = job_template_factory("jt", organization=objs.organization,
inventory='test_inv', project='test_proj').job_template
jt.credentials.add(credential)
jt.credentials.add(net_credential)
jt.save()
url = reverse('api:job_template_detail', kwargs={'version': 'v1', 'pk': jt.pk})
response = get(url, user=objs.superusers.admin)
assert response.data.get('cloud_credential') == credential.pk
assert response.data.get('network_credential') == net_credential.pk
# TODO: remove in 3.3
@pytest.mark.django_db
def test_v1_set_extra_credentials_assignment(get, patch, organization_factory, job_template_factory, credential, net_credential):
objs = organization_factory("org", superusers=['admin'])
jt = job_template_factory("jt", organization=objs.organization,
inventory='test_inv', project='test_proj').job_template
jt.save()
url = reverse('api:job_template_detail', kwargs={'version': 'v1', 'pk': jt.pk})
response = patch(url, {
'cloud_credential': credential.pk,
'network_credential': net_credential.pk
}, objs.superusers.admin)
assert response.status_code == 200
url = reverse('api:job_template_detail', kwargs={'version': 'v1', 'pk': jt.pk})
response = get(url, user=objs.superusers.admin)
assert response.status_code == 200
assert response.data.get('cloud_credential') == credential.pk
assert response.data.get('network_credential') == net_credential.pk
url = reverse('api:job_template_detail', kwargs={'version': 'v1', 'pk': jt.pk})
response = patch(url, {
'cloud_credential': None,
'network_credential': None,
}, objs.superusers.admin)
assert response.status_code == 200
url = reverse('api:job_template_detail', kwargs={'version': 'v1', 'pk': jt.pk})
response = get(url, user=objs.superusers.admin)
assert response.status_code == 200
assert response.data.get('cloud_credential') is None
assert response.data.get('network_credential') is None
@pytest.mark.django_db
def test_filter_by_v1(get, organization_factory, job_template_factory, credential, net_credential):
objs = organization_factory("org", superusers=['admin'])
jt = job_template_factory("jt", organization=objs.organization,
inventory='test_inv', project='test_proj').job_template
jt.credentials.add(credential)
jt.credentials.add(net_credential)
jt.save()
for query in (
('cloud_credential', str(credential.pk)),
('network_credential', str(net_credential.pk))
):
url = reverse('api:job_template_list', kwargs={'version': 'v1'})
response = get(
url,
user=objs.superusers.admin,
QUERY_STRING='='.join(query)
)
assert response.data.get('count') == 1
@pytest.mark.django_db
@pytest.mark.parametrize(
"grant_project, grant_inventory, expect", [
@@ -588,29 +394,6 @@ def test_launch_with_extra_credentials_not_allowed(get, post, organization_facto
assert resp.data.get('count') == 0
@pytest.mark.django_db
def test_v1_launch_with_extra_credentials(get, post, organization_factory,
job_template_factory, machine_credential,
credential, net_credential):
# launch requests to `/api/v1/job_templates/N/launch/` should ignore
# `extra_credentials`, as they're only supported in v2 of the API.
objs = organization_factory("org", superusers=['admin'])
jt = job_template_factory("jt", organization=objs.organization,
inventory='test_inv', project='test_proj').job_template
jt.ask_credential_on_launch = True
jt.save()
resp = post(
reverse('api:job_template_launch', kwargs={'pk': jt.pk, 'version': 'v1'}),
dict(
credential=machine_credential.pk,
extra_credentials=[credential.pk, net_credential.pk]
),
objs.superusers.admin, expect=400
)
assert 'Field is not allowed for use with v1 API' in resp.data.get('extra_credentials')
@pytest.mark.django_db
def test_jt_without_project(inventory):
data = dict(name="Test", job_type="run",