Configure Tower in Tower:

* Add separate Django app for configuration: awx.conf. * Migrate from existing main.TowerSettings model to conf.Setting. * Add settings wrapper to allow get/set/del via django.conf.settings. * Update existing references to tower_settings to use django.conf.settings. * Add a settings registry to allow for each Django app to register configurable settings. * Support setting validation and conversion using Django REST Framework fields. * Add /api/v1/settings/ to display a list of setting categories. * Add /api/v1/settings/<slug>/ to display all settings in a category as a single object. * Allow PUT/PATCH to update setting singleton, DELETE to reset to defaults. * Add "all" category to display all settings across categories. * Add "changed" category to display only settings configured in the database. * Support per-user settings via "user" category (/api/v1/settings/user/). * Support defaults for user settings via "user-defaults" category (/api/v1/settings/user-defaults/). * Update serializer metadata to support category, category_slug and placeholder on OPTIONS responses. * Update serializer metadata to handle child fields of a list/dict. * Hide raw data form in browsable API for OPTIONS and DELETE. * Combine existing licensing code into single "TaskEnhancer" class. * Move license helper functions from awx.api.license into awx.conf.license. * Update /api/v1/config/ to read/verify/update license using TaskEnhancer and settings wrapper. * Add support for caching settings accessed via settings wrapper. * Invalidate cached settings when Setting model changes or is deleted. * Preload all database settings into cache on first access via settings wrapper. * Add support for read-only settings than can update their value depending on other settings. * Use setting_changed signal whenever a setting changes. * Register configurable authentication, jobs, system and ui settings. * Register configurable LDAP, RADIUS and social auth settings. * Add custom fields and validators for URL, LDAP, RADIUS and social auth settings. * Rewrite existing validator for Credential ssh_private_key to support validating private keys, certs or combinations of both. * Get all unit/functional tests working with above changes. * Add "migrate_to_database_settings" command to determine settings to be migrated into the database and comment them out when set in Python settings files. * Add support for migrating license key from file to database. * Remove database-configuable settings from local_settings.py example files. * Update setup role to no longer install files for database-configurable settings. f 94ff6ee More settings work. f af4c4e0 Even more db settings stuff. f 96ea9c0 More settings, attempt at singleton serializer for settings. f 937c760 More work on singleton/category views in API, add code to comment out settings in Python files, work on command to migrate settings to database. f 425b0d3 Minor fixes for sprint demo. f ea402a4 Add support for read-only settings, cleanup license engine, get license support working with DB settings. f ec289e4 Rename migration, minor fixmes, update setup role. f 603640b Rewrite key/cert validator, finish adding social auth fields, hook up signals for setting_changed, use None to imply a setting is not set. f 67d1b5a Get functional/unit tests passing. f 2919b62 Flake8 fixes. f e62f421 Add redbaron to requirements, get file to database migration working (except for license). f c564508 Add support for migrating license file. f 982f767 Add support for regex in social map fields.
2026-04-05 01:59:25 -02:30 · 2016-09-26 22:14:47 -04:00
parent 609a3e6f2f
commit 6ebe45b1bd
92 changed files with 4401 additions and 1791 deletions
--- a/awx/main/tests/unit/test_validators.py
+++ b/awx/main/tests/unit/test_validators.py
@@ -0,0 +1,91 @@
+from django.core.exceptions import ValidationError
+from awx.main.validators import (
+    validate_private_key,
+    validate_certificate,
+    validate_ssh_private_key,
+)
+from awx.main.tests.data.ssh import (
+    TEST_SSH_RSA1_KEY_DATA,
+    TEST_SSH_KEY_DATA,
+    TEST_SSH_KEY_DATA_LOCKED,
+    TEST_OPENSSH_KEY_DATA,
+    TEST_OPENSSH_KEY_DATA_LOCKED,
+    TEST_SSH_CERT_KEY,
+)
+
+import pytest
+
+def test_valid_rsa_key():
+    valid_key = TEST_SSH_KEY_DATA
+    pem_objects = validate_private_key(valid_key)
+    assert pem_objects[0]['key_type'] == 'rsa'
+    assert not pem_objects[0]['key_enc']
+    with pytest.raises(ValidationError):
+        validate_certificate(valid_key)
+    pem_objects = validate_ssh_private_key(valid_key)
+    assert pem_objects[0]['key_type'] == 'rsa'
+    assert not pem_objects[0]['key_enc']
+
+def test_valid_locked_rsa_key():
+    valid_key = TEST_SSH_KEY_DATA_LOCKED
+    pem_objects = validate_private_key(valid_key)
+    assert pem_objects[0]['key_type'] == 'rsa'
+    assert pem_objects[0]['key_enc']
+    with pytest.raises(ValidationError):
+        validate_certificate(valid_key)
+    pem_objects = validate_ssh_private_key(valid_key)
+    assert pem_objects[0]['key_type'] == 'rsa'
+    assert pem_objects[0]['key_enc']
+
+def test_invalid_rsa_key():
+    invalid_key = TEST_SSH_KEY_DATA.replace('-----END', '----END')
+    with pytest.raises(ValidationError):
+        validate_private_key(invalid_key)
+    with pytest.raises(ValidationError):
+        validate_certificate(invalid_key)
+    with pytest.raises(ValidationError):
+        validate_ssh_private_key(invalid_key)
+
+def test_valid_openssh_key():
+    valid_key = TEST_OPENSSH_KEY_DATA
+    pem_objects = validate_private_key(valid_key)
+    assert pem_objects[0]['key_type'] == 'ed25519'
+    assert not pem_objects[0]['key_enc']
+    with pytest.raises(ValidationError):
+        validate_certificate(valid_key)
+    pem_objects = validate_ssh_private_key(valid_key)
+    assert pem_objects[0]['key_type'] == 'ed25519'
+    assert not pem_objects[0]['key_enc']
+
+def test_valid_locked_openssh_key():
+    valid_key = TEST_OPENSSH_KEY_DATA_LOCKED
+    pem_objects = validate_private_key(valid_key)
+    assert pem_objects[0]['key_type'] == 'ed25519'
+    assert pem_objects[0]['key_enc']
+    with pytest.raises(ValidationError):
+        validate_certificate(valid_key)
+    pem_objects = validate_ssh_private_key(valid_key)
+    assert pem_objects[0]['key_type'] == 'ed25519'
+    assert pem_objects[0]['key_enc']
+    
+def test_valid_rsa1_key():
+    valid_key = TEST_SSH_RSA1_KEY_DATA
+    pem_objects = validate_ssh_private_key(valid_key)
+    assert pem_objects[0]['key_type'] == 'rsa1'
+    assert not pem_objects[0]['key_enc']
+    with pytest.raises(ValidationError):
+        validate_certificate(valid_key)
+    pem_objects = validate_ssh_private_key(valid_key)
+    assert pem_objects[0]['key_type'] == 'rsa1'
+    assert not pem_objects[0]['key_enc']
+
+def test_cert_with_key():
+    cert_with_key = TEST_SSH_CERT_KEY
+    with pytest.raises(ValidationError):
+        validate_private_key(cert_with_key)
+    with pytest.raises(ValidationError):
+        validate_certificate(cert_with_key)
+    pem_objects = validate_ssh_private_key(cert_with_key)
+    assert pem_objects[0]['type'] == 'CERTIFICATE'
+    assert pem_objects[1]['key_type'] == 'rsa'
+    assert not pem_objects[1]['key_enc']