for /api/v1/ requests, filter out v2 (custom) credentials

see: #5877
2026-01-19 21:51:26 -03:30 · 2017-04-20 12:49:59 -04:00 · 2017-04-20 12:49:59 -04:00 · 83dc4f6757
commit 83dc4f6757
parent e65ef35acf
3 changed files with 91 additions and 0 deletions
--- a/awx/api/filters.py
+++ b/awx/api/filters.py
@ -33,6 +33,18 @@ class MongoFilterBackend(BaseFilterBackend):
        return queryset


+class V1CredentialFilterBackend(BaseFilterBackend):
+    '''
+    For /api/v1/ requests, filter out v2 (custom) credentials
+    '''
+
+    def filter_queryset(self, request, queryset, view):
+        from awx.api.versioning import get_request_version
+        if get_request_version(request) == 1:
+            queryset = queryset.filter(credential_type__managed_by_tower=True)
+        return queryset
+
+
 class TypeFilterBackend(BaseFilterBackend):
    '''
    Filter on type field now returned with all objects.
--- a/awx/api/views.py
+++ b/awx/api/views.py
@ -62,6 +62,7 @@ from awx.main.tasks import send_notifications
 from awx.main.access import get_user_queryset
 from awx.main.ha import is_ha_environment
 from awx.api.authentication import TaskAuthentication, TokenGetAuthentication
+from awx.api.filters import V1CredentialFilterBackend
 from awx.api.generics import get_view_name
 from awx.api.generics import * # noqa
 from awx.api.versioning import reverse, get_request_version
@ -1507,6 +1508,7 @@ class CredentialList(ListCreateAPIView):
    model = Credential
    serializer_class = CredentialSerializerCreate
    capabilities_prefetch = ['admin', 'use']
+    filter_backends = ListCreateAPIView.filter_backends + [V1CredentialFilterBackend]


 class CredentialOwnerUsersList(SubListAPIView):
@ -1542,6 +1544,7 @@ class UserCredentialsList(SubListCreateAPIView):
    serializer_class = UserCredentialSerializerCreate
    parent_model = User
    parent_key = 'user'
+    filter_backends = SubListCreateAPIView.filter_backends + [V1CredentialFilterBackend]

    def get_queryset(self):
        user = self.get_parent_object()
@ -1558,6 +1561,7 @@ class TeamCredentialsList(SubListCreateAPIView):
    serializer_class = TeamCredentialSerializerCreate
    parent_model = Team
    parent_key = 'team'
+    filter_backends = SubListCreateAPIView.filter_backends + [V1CredentialFilterBackend]

    def get_queryset(self):
        team = self.get_parent_object()
@ -1574,6 +1578,7 @@ class OrganizationCredentialList(SubListCreateAPIView):
    serializer_class = OrganizationCredentialSerializerCreate
    parent_model = Organization
    parent_key = 'organization'
+    filter_backends = SubListCreateAPIView.filter_backends + [V1CredentialFilterBackend]

    def get_queryset(self):
        organization = self.get_parent_object()
@ -1592,6 +1597,7 @@ class CredentialDetail(RetrieveUpdateDestroyAPIView):

    model = Credential
    serializer_class = CredentialSerializer
+    filter_backends = RetrieveUpdateDestroyAPIView.filter_backends + [V1CredentialFilterBackend]


 class CredentialActivityStreamList(ActivityStreamEnforcementMixin, SubListAPIView):
--- a/awx/main/tests/functional/api/test_credential.py
+++ b/awx/main/tests/functional/api/test_credential.py
@ -33,6 +33,79 @@ def test_filter_by_v1_kind(get, admin, organization, kind, total):
    assert response.data['count'] == total


+@pytest.mark.django_db
+def test_custom_credentials_not_in_v1_api_list(get, admin, organization):
+    """
+    'Custom' credentials (those not managed by Tower) shouldn't be visible from
+    the V1 credentials API list
+    """
+    credential_type = CredentialType(
+        kind='cloud',
+        name='MyCloud',
+        inputs = {
+            'fields': [{
+                'id': 'password',
+                'label': 'Password',
+                'type': 'string',
+                'secret': True
+            }]
+        }
+    )
+    credential_type.save()
+    cred = Credential(
+        credential_type=credential_type,
+        name='Best credential ever',
+        organization=organization,
+        inputs={
+            'password': u'secret'
+        }
+    )
+    cred.save()
+
+    response = get(
+        reverse('api:credential_list', kwargs={'version': 'v1'}),
+        admin
+    )
+    assert response.status_code == 200
+    assert response.data['count'] == 0
+
+
+@pytest.mark.django_db
+def test_custom_credentials_not_in_v1_api_detail(get, admin, organization):
+    """
+    'Custom' credentials (those not managed by Tower) shouldn't be visible from
+    the V1 credentials API detail
+    """
+    credential_type = CredentialType(
+        kind='cloud',
+        name='MyCloud',
+        inputs = {
+            'fields': [{
+                'id': 'password',
+                'label': 'Password',
+                'type': 'string',
+                'secret': True
+            }]
+        }
+    )
+    credential_type.save()
+    cred = Credential(
+        credential_type=credential_type,
+        name='Best credential ever',
+        organization=organization,
+        inputs={
+            'password': u'secret'
+        }
+    )
+    cred.save()
+
+    response = get(
+        reverse('api:credential_detail', kwargs={'version': 'v1', 'pk': cred.pk}),
+        admin
+    )
+    assert response.status_code == 404
+
+
@pytest.mark.django_db
 def test_filter_by_v1_invalid_kind(get, admin, organization):
    response = get(