From 7098ef8da5120b3bcd7874d1e42c571c0587a07d Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Fri, 15 Apr 2016 11:01:08 -0400 Subject: [PATCH] usage_role -> use_role --- awx/main/migrations/0008_v300_rbac_changes.py | 4 ++-- awx/main/migrations/_rbac.py | 6 ++--- awx/main/models/credential.py | 2 +- awx/main/models/inventory.py | 2 +- .../tests/functional/test_rbac_credential.py | 6 ++--- .../tests/functional/test_rbac_job_start.py | 4 ++-- awx/main/tests/job_base.py | 22 +++++++++---------- 7 files changed, 23 insertions(+), 23 deletions(-) diff --git a/awx/main/migrations/0008_v300_rbac_changes.py b/awx/main/migrations/0008_v300_rbac_changes.py index f6d0afc34a..b35b860997 100644 --- a/awx/main/migrations/0008_v300_rbac_changes.py +++ b/awx/main/migrations/0008_v300_rbac_changes.py @@ -109,7 +109,7 @@ class Migration(migrations.Migration): ), migrations.AddField( model_name='credential', - name='usage_role', + name='use_role', field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'May use this credential, but not read sensitive portions or modify it', parent_role=None, to='main.Role', role_name=b'Credential User', null=b'True', permissions={b'use': True}), ), migrations.AddField( @@ -169,7 +169,7 @@ class Migration(migrations.Migration): ), migrations.AddField( model_name='inventory', - name='usage_role', + name='use_role', field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'May use this inventory, but not read sensitive portions or modify it', parent_role=None, to='main.Role', role_name=b'Inventory User', null=b'True', permissions={b'use': True}), ), migrations.AddField( diff --git a/awx/main/migrations/_rbac.py b/awx/main/migrations/_rbac.py index 46f9151e38..9dd22baba4 100644 --- a/awx/main/migrations/_rbac.py +++ b/awx/main/migrations/_rbac.py @@ -113,7 +113,7 @@ def attrfunc(attr_path): def _update_credential_parents(org, cred): org.admin_role.children.add(cred.owner_role) - org.member_role.children.add(cred.usage_role) + org.member_role.children.add(cred.use_role) cred.deprecated_user, cred.deprecated_team = None, None cred.save() @@ -147,7 +147,7 @@ def _discover_credentials(instances, cred, orgfunc): # Unlink the old information from the new credential cred.deprecated_user, cred.deprecated_team = None, None - cred.owner_role, cred.usage_role = None, None + cred.owner_role, cred.use_role = None, None cred.save() for i in orgs[org]: @@ -189,7 +189,7 @@ def migrate_credential(apps, schema_editor): if cred.deprecated_team is not None: cred.deprecated_team.admin_role.children.add(cred.owner_role) - cred.deprecated_team.member_role.children.add(cred.usage_role) + cred.deprecated_team.member_role.children.add(cred.use_role) cred.deprecated_user, cred.deprecated_team = None, None cred.save() logger.info(smart_text(u"added Credential(name={}, kind={}, host={}) at user level".format(cred.name, cred.kind, cred.host))) diff --git a/awx/main/models/credential.py b/awx/main/models/credential.py index 1b20476c58..3d09cf462e 100644 --- a/awx/main/models/credential.py +++ b/awx/main/models/credential.py @@ -182,7 +182,7 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin): 'singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR, ], ) - usage_role = ImplicitRoleField( + use_role = ImplicitRoleField( role_name='Credential User', role_description='May use this credential, but not read sensitive portions or modify it', ) diff --git a/awx/main/models/inventory.py b/awx/main/models/inventory.py index 8348575564..846b735e1b 100644 --- a/awx/main/models/inventory.py +++ b/awx/main/models/inventory.py @@ -110,7 +110,7 @@ class Inventory(CommonModel, ResourceMixin): role_name='Inventory Updater', role_description='May update the inventory', ) - usage_role = ImplicitRoleField( + use_role = ImplicitRoleField( role_name='Inventory User', role_description='May use this inventory, but not read sensitive portions or modify it', ) diff --git a/awx/main/tests/functional/test_rbac_credential.py b/awx/main/tests/functional/test_rbac_credential.py index 39a4767ad6..61653a0fae 100644 --- a/awx/main/tests/functional/test_rbac_credential.py +++ b/awx/main/tests/functional/test_rbac_credential.py @@ -19,9 +19,9 @@ def test_credential_migration_user(credential, user, permissions): assert credential.accessible_by(u, permissions['admin']) @pytest.mark.django_db -def test_credential_usage_role(credential, user, permissions): +def test_credential_use_role(credential, user, permissions): u = user('user', False) - credential.usage_role.members.add(u) + credential.use_role.members.add(u) assert credential.accessible_by(u, permissions['usage']) @pytest.mark.django_db @@ -34,7 +34,7 @@ def test_credential_migration_team_member(credential, team, user, permissions): # No permissions pre-migration (this happens automatically so we patch this) team.admin_role.children.remove(credential.owner_role) - team.member_role.children.remove(credential.usage_role) + team.member_role.children.remove(credential.use_role) assert not credential.accessible_by(u, permissions['admin']) rbac.migrate_credential(apps, None) diff --git a/awx/main/tests/functional/test_rbac_job_start.py b/awx/main/tests/functional/test_rbac_job_start.py index 0bbdc3242e..18060126e1 100644 --- a/awx/main/tests/functional/test_rbac_job_start.py +++ b/awx/main/tests/functional/test_rbac_job_start.py @@ -33,7 +33,7 @@ def test_job_template_start_access(deploy_jobtemplate, user): def test_credential_use_access(machine_credential, user): common_user = user('test-user', False) - machine_credential.usage_role.members.add(common_user) + machine_credential.use_role.members.add(common_user) assert common_user.can_access(Credential, 'use', machine_credential) @@ -42,6 +42,6 @@ def test_credential_use_access(machine_credential, user): def test_inventory_use_access(inventory, user): common_user = user('test-user', False) - inventory.usage_role.members.add(common_user) + inventory.use_role.members.add(common_user) assert common_user.can_access(Inventory, 'use', inventory) diff --git a/awx/main/tests/job_base.py b/awx/main/tests/job_base.py index 9cea21e2cd..f3a579f8c5 100644 --- a/awx/main/tests/job_base.py +++ b/awx/main/tests/job_base.py @@ -295,14 +295,14 @@ class BaseJobTestMixin(BaseTestMixin): password='ASK', created_by=self.user_sue, ) - self.cred_bob.usage_role.members.add(self.user_bob) + self.cred_bob.use_role.members.add(self.user_bob) self.cred_chuck = Credential.objects.create( username='chuck', ssh_key_data=TEST_SSH_KEY_DATA, created_by=self.user_sue, ) - self.cred_chuck.usage_role.members.add(self.user_chuck) + self.cred_chuck.use_role.members.add(self.user_chuck) self.cred_doug = Credential.objects.create( username='doug', @@ -310,7 +310,7 @@ class BaseJobTestMixin(BaseTestMixin): 'is why we dont\'t let doug actually run jobs.', created_by=self.user_sue, ) - self.cred_doug.usage_role.members.add(self.user_doug) + self.cred_doug.use_role.members.add(self.user_doug) self.cred_eve = Credential.objects.create( username='eve', @@ -320,14 +320,14 @@ class BaseJobTestMixin(BaseTestMixin): become_password='ASK', created_by=self.user_sue, ) - self.cred_eve.usage_role.members.add(self.user_eve) + self.cred_eve.use_role.members.add(self.user_eve) self.cred_frank = Credential.objects.create( username='frank', password='fr@nk the t@nk', created_by=self.user_sue, ) - self.cred_frank.usage_role.members.add(self.user_frank) + self.cred_frank.use_role.members.add(self.user_frank) self.cred_greg = Credential.objects.create( username='greg', @@ -335,21 +335,21 @@ class BaseJobTestMixin(BaseTestMixin): ssh_key_unlock='ASK', created_by=self.user_sue, ) - self.cred_greg.usage_role.members.add(self.user_greg) + self.cred_greg.use_role.members.add(self.user_greg) self.cred_holly = Credential.objects.create( username='holly', password='holly rocks', created_by=self.user_sue, ) - self.cred_holly.usage_role.members.add(self.user_holly) + self.cred_holly.use_role.members.add(self.user_holly) self.cred_iris = Credential.objects.create( username='iris', password='ASK', created_by=self.user_sue, ) - self.cred_iris.usage_role.members.add(self.user_iris) + self.cred_iris.use_role.members.add(self.user_iris) # Each operations team also has shared credentials they can use. self.cred_ops_east = Credential.objects.create( @@ -358,14 +358,14 @@ class BaseJobTestMixin(BaseTestMixin): ssh_key_unlock=TEST_SSH_KEY_DATA_UNLOCK, created_by = self.user_sue, ) - self.team_ops_east.member_role.children.add(self.cred_ops_east.usage_role) + self.team_ops_east.member_role.children.add(self.cred_ops_east.use_role) self.cred_ops_west = Credential.objects.create( username='west', password='Heading270', created_by = self.user_sue, ) - self.team_ops_west.member_role.children.add(self.cred_ops_west.usage_role) + self.team_ops_west.member_role.children.add(self.cred_ops_west.use_role) # FIXME: This code can be removed (probably) @@ -391,7 +391,7 @@ class BaseJobTestMixin(BaseTestMixin): password='HeadingNone', created_by = self.user_sue, ) - self.team_ops_testers.member_role.children.add(self.cred_ops_test.usage_role) + self.team_ops_testers.member_role.children.add(self.cred_ops_test.use_role) self.ops_east_permission = Permission.objects.create( inventory = self.inv_ops_east,