From cf6c4fe7acb1afc67efee892b44701ec888212db Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Tue, 24 Jan 2017 13:03:57 -0500 Subject: [PATCH 1/4] mask the default value for survey_spec password fields --- awx/api/views.py | 17 ++++++++++++++++- awx/main/models/mixins.py | 7 +++++-- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/awx/api/views.py b/awx/api/views.py index 579cfe37fa..4f904645ae 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -2420,7 +2420,13 @@ class JobTemplateSurveySpec(GenericAPIView): if not feature_enabled('surveys'): raise LicenseForbids(_('Your license does not allow ' 'adding surveys.')) - return Response(obj.survey_spec) + survey_spec = obj.survey_spec + for pos, field in enumerate(survey_spec['spec']): + if field.get('type') == 'password': + if 'default' in field and field['default']: + field['default'] = '$encrypted$' + + return Response(survey_spec) def post(self, request, *args, **kwargs): obj = self.get_object() @@ -2446,6 +2452,7 @@ class JobTemplateSurveySpec(GenericAPIView): return Response(dict(error=_("'spec' doesn't contain any items.")), status=status.HTTP_400_BAD_REQUEST) idx = 0 variable_set = set() + for survey_item in new_spec["spec"]: if not isinstance(survey_item, dict): return Response(dict(error=_("Survey question %s is not a json object.") % str(idx)), status=status.HTTP_400_BAD_REQUEST) @@ -2462,7 +2469,15 @@ class JobTemplateSurveySpec(GenericAPIView): variable_set.add(survey_item['variable']) if "required" not in survey_item: return Response(dict(error=_("'required' missing from survey question %s.") % str(idx)), status=status.HTTP_400_BAD_REQUEST) + + if survey_item["type"] == "password": + if "default" in survey_item and survey_item["default"].startswith('$encrypted$'): + old_spec = obj.survey_spec + for old_item in old_spec['spec']: + if old_item['variable'] == survey_item['variable']: + survey_item['default'] = old_item['default'] idx += 1 + obj.survey_spec = new_spec obj.save(update_fields=['survey_spec']) return Response() diff --git a/awx/main/models/mixins.py b/awx/main/models/mixins.py index 07a346964b..c929cb99fd 100644 --- a/awx/main/models/mixins.py +++ b/awx/main/models/mixins.py @@ -108,8 +108,10 @@ class SurveyJobTemplateMixin(models.Model): # Overwrite with job template extra vars with survey default vars if self.survey_enabled and 'spec' in self.survey_spec: for survey_element in self.survey_spec.get("spec", []): - if 'default' in survey_element and survey_element['default']: - extra_vars[survey_element['variable']] = survey_element['default'] + if survey_element.get('type') == 'password': + if 'default' in survey_element and survey_element['default'].startswith('$encrypted$'): + continue + extra_vars[survey_element['variable']] = survey_element['default'] # transform to dict if 'extra_vars' in kwargs: @@ -148,6 +150,7 @@ class SurveyJobTemplateMixin(models.Model): if 'max' in survey_element and survey_element['max'] not in ["", None] and len(data[survey_element['variable']]) > int(survey_element['max']): errors.append("'%s' value %s is too large (must be no more than %s)." % (survey_element['variable'], data[survey_element['variable']], survey_element['max'])) + elif survey_element['type'] == 'integer': if survey_element['variable'] in data: if type(data[survey_element['variable']]) != int: From 735f5d14b3e189bcebffb36c1ebe70965e5637d3 Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Tue, 24 Jan 2017 16:39:41 -0500 Subject: [PATCH 2/4] ensure that launching respects default values --- awx/api/views.py | 2 +- awx/main/models/mixins.py | 21 ++++++++++++--------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/awx/api/views.py b/awx/api/views.py index 4f904645ae..63321ac537 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -2450,9 +2450,9 @@ class JobTemplateSurveySpec(GenericAPIView): return Response(dict(error=_("'spec' must be a list of items.")), status=status.HTTP_400_BAD_REQUEST) if len(new_spec["spec"]) < 1: return Response(dict(error=_("'spec' doesn't contain any items.")), status=status.HTTP_400_BAD_REQUEST) + idx = 0 variable_set = set() - for survey_item in new_spec["spec"]: if not isinstance(survey_item, dict): return Response(dict(error=_("Survey question %s is not a json object.") % str(idx)), status=status.HTTP_400_BAD_REQUEST) diff --git a/awx/main/models/mixins.py b/awx/main/models/mixins.py index c929cb99fd..f9a638c6b7 100644 --- a/awx/main/models/mixins.py +++ b/awx/main/models/mixins.py @@ -105,14 +105,6 @@ class SurveyJobTemplateMixin(models.Model): # Job Template extra_vars extra_vars = self.extra_vars_dict - # Overwrite with job template extra vars with survey default vars - if self.survey_enabled and 'spec' in self.survey_spec: - for survey_element in self.survey_spec.get("spec", []): - if survey_element.get('type') == 'password': - if 'default' in survey_element and survey_element['default'].startswith('$encrypted$'): - continue - extra_vars[survey_element['variable']] = survey_element['default'] - # transform to dict if 'extra_vars' in kwargs: kwargs_extra_vars = kwargs['extra_vars'] @@ -120,6 +112,18 @@ class SurveyJobTemplateMixin(models.Model): else: kwargs_extra_vars = {} + # Overwrite with job template extra vars with survey default vars + if self.survey_enabled and 'spec' in self.survey_spec: + for survey_element in self.survey_spec.get("spec", []): + if survey_element.get('type') == 'password': + default = survey_element.get('default', None) + variable_key = survey_element['variable'] + if default is not None and variable_key in kwargs_extra_vars: + value = kwargs_extra_vars[variable_key] + if value.startswith('$encrypted$') and value != default: + kwargs_extra_vars[variable_key] = default + extra_vars[survey_element['variable']] = survey_element['default'] + # Overwrite job template extra vars with explicit job extra vars # and add on job extra vars extra_vars.update(kwargs_extra_vars) @@ -150,7 +154,6 @@ class SurveyJobTemplateMixin(models.Model): if 'max' in survey_element and survey_element['max'] not in ["", None] and len(data[survey_element['variable']]) > int(survey_element['max']): errors.append("'%s' value %s is too large (must be no more than %s)." % (survey_element['variable'], data[survey_element['variable']], survey_element['max'])) - elif survey_element['type'] == 'integer': if survey_element['variable'] in data: if type(data[survey_element['variable']]) != int: From fba1fa83d0c33b0d77356049aac641223a327e2a Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Tue, 24 Jan 2017 16:44:42 -0500 Subject: [PATCH 3/4] reduce, reuse, recycle --- awx/main/models/mixins.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/awx/main/models/mixins.py b/awx/main/models/mixins.py index f9a638c6b7..9512e334fc 100644 --- a/awx/main/models/mixins.py +++ b/awx/main/models/mixins.py @@ -115,14 +115,14 @@ class SurveyJobTemplateMixin(models.Model): # Overwrite with job template extra vars with survey default vars if self.survey_enabled and 'spec' in self.survey_spec: for survey_element in self.survey_spec.get("spec", []): + default = survey_element['default'] + variable_key = survey_element['variable'] if survey_element.get('type') == 'password': - default = survey_element.get('default', None) - variable_key = survey_element['variable'] - if default is not None and variable_key in kwargs_extra_vars: - value = kwargs_extra_vars[variable_key] - if value.startswith('$encrypted$') and value != default: + if variable_key in kwargs_extra_vars: + kw_value = kwargs_extra_vars[variable_key] + if kw_value.startswith('$encrypted$') and kw_value != default: kwargs_extra_vars[variable_key] = default - extra_vars[survey_element['variable']] = survey_element['default'] + extra_vars[variable_key] = default # Overwrite job template extra vars with explicit job extra vars # and add on job extra vars From df9bb829fcfd1b23a15147c1a8503fb03915389d Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Tue, 24 Jan 2017 16:53:48 -0500 Subject: [PATCH 4/4] fix KeyError with spec --- awx/api/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/awx/api/views.py b/awx/api/views.py index 63321ac537..57ede93ded 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -2421,7 +2421,7 @@ class JobTemplateSurveySpec(GenericAPIView): raise LicenseForbids(_('Your license does not allow ' 'adding surveys.')) survey_spec = obj.survey_spec - for pos, field in enumerate(survey_spec['spec']): + for pos, field in enumerate(survey_spec.get('spec', [])): if field.get('type') == 'password': if 'default' in field and field['default']: field['default'] = '$encrypted$'