External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-13 04:17:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

for /api/v1/ requests, filter out v2 (custom) credentials

Browse Source 
see: #5877
This commit is contained in:
Ryan Petrello
2017-04-20 12:49:59 -04:00
parent e65ef35acf
commit 83dc4f6757
3 changed files with 91 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
awx/api/filters.py
View File

@@ -33,6 +33,18 @@ class MongoFilterBackend(BaseFilterBackend):
return queryset return queryset
class V1CredentialFilterBackend(BaseFilterBackend):
'''
For /api/v1/ requests, filter out v2 (custom) credentials
'''
def filter_queryset(self, request, queryset, view):
from awx.api.versioning import get_request_version
if get_request_version(request) == 1:
queryset = queryset.filter(credential_type__managed_by_tower=True)
return queryset
class TypeFilterBackend(BaseFilterBackend): class TypeFilterBackend(BaseFilterBackend):
''' '''
Filter on type field now returned with all objects. Filter on type field now returned with all objects.

6
awx/api/views.py
View File

@@ -62,6 +62,7 @@ from awx.main.tasks import send_notifications
from awx.main.access import get_user_queryset from awx.main.access import get_user_queryset
from awx.main.ha import is_ha_environment from awx.main.ha import is_ha_environment
from awx.api.authentication import TaskAuthentication, TokenGetAuthentication from awx.api.authentication import TaskAuthentication, TokenGetAuthentication
from awx.api.filters import V1CredentialFilterBackend
from awx.api.generics import get_view_name from awx.api.generics import get_view_name
from awx.api.generics import * # noqa from awx.api.generics import * # noqa
from awx.api.versioning import reverse, get_request_version from awx.api.versioning import reverse, get_request_version
@@ -1507,6 +1508,7 @@ class CredentialList(ListCreateAPIView):
model = Credential model = Credential
serializer_class = CredentialSerializerCreate serializer_class = CredentialSerializerCreate
capabilities_prefetch = ['admin', 'use'] capabilities_prefetch = ['admin', 'use']
filter_backends = ListCreateAPIView.filter_backends + [V1CredentialFilterBackend]
class CredentialOwnerUsersList(SubListAPIView): class CredentialOwnerUsersList(SubListAPIView):
@@ -1542,6 +1544,7 @@ class UserCredentialsList(SubListCreateAPIView):
serializer_class = UserCredentialSerializerCreate serializer_class = UserCredentialSerializerCreate
parent_model = User parent_model = User
parent_key = 'user' parent_key = 'user'
filter_backends = SubListCreateAPIView.filter_backends + [V1CredentialFilterBackend]
def get_queryset(self): def get_queryset(self):
user = self.get_parent_object() user = self.get_parent_object()
@@ -1558,6 +1561,7 @@ class TeamCredentialsList(SubListCreateAPIView):
serializer_class = TeamCredentialSerializerCreate serializer_class = TeamCredentialSerializerCreate
parent_model = Team parent_model = Team
parent_key = 'team' parent_key = 'team'
filter_backends = SubListCreateAPIView.filter_backends + [V1CredentialFilterBackend]
def get_queryset(self): def get_queryset(self):
team = self.get_parent_object() team = self.get_parent_object()
@@ -1574,6 +1578,7 @@ class OrganizationCredentialList(SubListCreateAPIView):
serializer_class = OrganizationCredentialSerializerCreate serializer_class = OrganizationCredentialSerializerCreate
parent_model = Organization parent_model = Organization
parent_key = 'organization' parent_key = 'organization'
filter_backends = SubListCreateAPIView.filter_backends + [V1CredentialFilterBackend]
def get_queryset(self): def get_queryset(self):
organization = self.get_parent_object() organization = self.get_parent_object()
@@ -1592,6 +1597,7 @@ class CredentialDetail(RetrieveUpdateDestroyAPIView):
model = Credential model = Credential
serializer_class = CredentialSerializer serializer_class = CredentialSerializer
filter_backends = RetrieveUpdateDestroyAPIView.filter_backends + [V1CredentialFilterBackend]
class CredentialActivityStreamList(ActivityStreamEnforcementMixin, SubListAPIView): class CredentialActivityStreamList(ActivityStreamEnforcementMixin, SubListAPIView):

73
awx/main/tests/functional/api/test_credential.py
View File

@@ -33,6 +33,79 @@ def test_filter_by_v1_kind(get, admin, organization, kind, total):
assert response.data['count'] == total assert response.data['count'] == total
@pytest.mark.django_db
def test_custom_credentials_not_in_v1_api_list(get, admin, organization):
"""
'Custom' credentials (those not managed by Tower) shouldn't be visible from
the V1 credentials API list
"""
credential_type = CredentialType(
kind='cloud',
name='MyCloud',
inputs = {
'fields': [{
'id': 'password',
'label': 'Password',
'type': 'string',
'secret': True
}]
}
)
credential_type.save()
cred = Credential(
credential_type=credential_type,
name='Best credential ever',
organization=organization,
inputs={
'password': u'secret'
}
)
cred.save()
response = get(
reverse('api:credential_list', kwargs={'version': 'v1'}),
admin
)
assert response.status_code == 200
assert response.data['count'] == 0
@pytest.mark.django_db
def test_custom_credentials_not_in_v1_api_detail(get, admin, organization):
"""
'Custom' credentials (those not managed by Tower) shouldn't be visible from
the V1 credentials API detail
"""
credential_type = CredentialType(
kind='cloud',
name='MyCloud',
inputs = {
'fields': [{
'id': 'password',
'label': 'Password',
'type': 'string',
'secret': True
}]
}
)
credential_type.save()
cred = Credential(
credential_type=credential_type,
name='Best credential ever',
organization=organization,
inputs={
'password': u'secret'
}
)
cred.save()
response = get(
reverse('api:credential_detail', kwargs={'version': 'v1', 'pk': cred.pk}),
admin
)
assert response.status_code == 404
@pytest.mark.django_db @pytest.mark.django_db
def test_filter_by_v1_invalid_kind(get, admin, organization): def test_filter_by_v1_invalid_kind(get, admin, organization):
response = get( response = get(