diff --git a/awx/api/views/root.py b/awx/api/views/root.py index 922041c8b5..44b8cb293b 100644 --- a/awx/api/views/root.py +++ b/awx/api/views/root.py @@ -17,6 +17,8 @@ from rest_framework.permissions import AllowAny, IsAuthenticated from rest_framework.response import Response from rest_framework import status +import requests + from awx.api.generics import APIView from awx.main.ha import is_ha_environment from awx.main.utils import ( @@ -248,14 +250,39 @@ class ApiV2ConfigView(APIView): logger.info(smart_text(u"Invalid JSON submitted for license."), extra=dict(actor=request.user.username)) return Response({"error": _("Invalid JSON")}, status=status.HTTP_400_BAD_REQUEST) + try: from awx.main.utils.common import get_licenser license_data = json.loads(data_actual) + if license_data.get('rh_password') == '$encrypted$': + license_data['rh_password'] = settings.REDHAT_PASSWORD license_data_validated = get_licenser(**license_data).validate() - except Exception: - logger.warning(smart_text(u"Invalid license submitted."), - extra=dict(actor=request.user.username)) - return Response({"error": _("Invalid License")}, status=status.HTTP_400_BAD_REQUEST) + if license_data_validated.get('valid_key') and 'license_key' not in license_data: + if license_data.get('rh_username') and license_data.get('rh_password'): + settings.REDHAT_USERNAME = license_data['rh_username'] + settings.REDHAT_PASSWORD = license_data['rh_password'] + license_data = { + "eula_accepted": eula_accepted, + "features": license_data_validated['features'], + "license_type": license_data_validated['license_type'], + "license_date": license_data_validated['license_date'], + "license_key": license_data_validated['license_key'], + "instance_count": license_data_validated['instance_count'], + } + if license_data_validated.get('trial'): + license_data['trial'] = True + except Exception as exc: + msg = _("Invalid License") + if ( + isinstance(exc, requests.exceptions.HTTPError) and + getattr(getattr(exc, 'response', None), 'status_code', None) == 401 + ): + msg = _("The provided credentials are invalid (HTTP 401).") + if isinstance(exc, ValueError) and exc.args: + msg = exc.args[0] + logger.exception(smart_text(u"Invalid license submitted."), + extra=dict(actor=request.user.username)) + return Response({"error": msg}, status=status.HTTP_400_BAD_REQUEST) # If the license is valid, write it to the database. if license_data_validated['valid_key']: diff --git a/awx/main/access.py b/awx/main/access.py index 1a87eff38a..e9957656de 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -317,10 +317,19 @@ class BaseAccess(object): validation_info['time_remaining'] = 99999999 validation_info['grace_period_remaining'] = 99999999 + report_violation = lambda message: logger.error(message) + + if ( + validation_info.get('trial', False) is True or + validation_info['instance_count'] == 10 # basic 10 license + ): + def report_violation(message): + raise PermissionDenied(message) + if check_expiration and validation_info.get('time_remaining', None) is None: raise PermissionDenied(_("License is missing.")) - if check_expiration and validation_info.get("grace_period_remaining") <= 0: - raise PermissionDenied(_("License has expired.")) + elif check_expiration and validation_info.get("grace_period_remaining") <= 0: + report_violation(_("License has expired.")) free_instances = validation_info.get('free_instances', 0) available_instances = validation_info.get('available_instances', 0) @@ -328,11 +337,11 @@ class BaseAccess(object): if add_host_name: host_exists = Host.objects.filter(name=add_host_name).exists() if not host_exists and free_instances == 0: - raise PermissionDenied(_("License count of %s instances has been reached.") % available_instances) + report_violation(_("License count of %s instances has been reached.") % available_instances) elif not host_exists and free_instances < 0: - raise PermissionDenied(_("License count of %s instances has been exceeded.") % available_instances) + report_violation(_("License count of %s instances has been exceeded.") % available_instances) elif not add_host_name and free_instances < 0: - raise PermissionDenied(_("Host count exceeds available instances.")) + report_violation(_("Host count exceeds available instances.")) def check_org_host_limit(self, data, add_host_name=None): validation_info = get_licenser().validate() diff --git a/awx/main/management/commands/inventory_import.py b/awx/main/management/commands/inventory_import.py index 6ae7ba69d5..7a23c1a63f 100644 --- a/awx/main/management/commands/inventory_import.py +++ b/awx/main/management/commands/inventory_import.py @@ -919,7 +919,8 @@ class Command(BaseCommand): new_count = Host.objects.active_count() if time_remaining <= 0 and not license_info.get('demo', False): logger.error(LICENSE_EXPIRED_MESSAGE) - raise CommandError("License has expired!") + if license_info.get('trial', False) is True: + raise CommandError("License has expired!") # special check for tower-type inventory sources # but only if running the plugin TOWER_SOURCE_FILES = ['tower.yml', 'tower.yaml'] @@ -936,7 +937,11 @@ class Command(BaseCommand): logger.error(DEMO_LICENSE_MESSAGE % d) else: logger.error(LICENSE_MESSAGE % d) - raise CommandError('License count exceeded!') + if ( + license_info.get('trial', False) is True or + license_info['instance_count'] == 10 # basic 10 license + ): + raise CommandError('License count exceeded!') def check_org_host_limit(self): license_info = get_licenser().validate()