From 87ffded77427117bf4dde55db1391dbd294c4142 Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Fri, 24 Jun 2016 16:55:07 -0400 Subject: [PATCH] renaming Credential.owner_role -> Credential.admin_role --- awx/api/serializers.py | 14 +++++++------- awx/api/views.py | 6 +++--- awx/main/access.py | 2 +- .../management/commands/create_preload_data.py | 2 +- awx/main/migrations/0008_v300_rbac_changes.py | 6 +++--- .../migrations/0025_v300_update_rbac_parents.py | 2 +- awx/main/migrations/0026_v300_credential_unique.py | 2 +- awx/main/migrations/_rbac.py | 6 +++--- awx/main/models/credential.py | 6 +++--- awx/main/models/rbac.py | 2 -- awx/main/tests/base.py | 2 +- awx/main/tests/functional/conftest.py | 2 +- awx/main/tests/functional/test_rbac_credential.py | 14 +++++++------- .../tests/functional/test_rbac_job_templates.py | 6 +++--- awx/main/tests/job_base.py | 8 ++++---- awx/main/tests/old/inventory.py | 12 ++++++------ awx/main/tests/old/projects.py | 6 +++--- awx/main/tests/old/schedules.py | 2 +- awx/main/tests/old/tasks.py | 2 +- tools/data_generators/rbac_dummy_data_generator.py | 4 ++-- 20 files changed, 52 insertions(+), 54 deletions(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 0825b08c4c..7f3a2c15f7 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -1645,11 +1645,11 @@ class CredentialSerializer(BaseSerializer): owner_teams = reverse('api:credential_owner_teams_list', args=(obj.pk,)), )) - parents = obj.owner_role.parents.exclude(object_id__isnull=True) + parents = obj.admin_role.parents.exclude(object_id__isnull=True) if parents.count() > 0: res.update({parents[0].content_type.name:parents[0].content_object.get_absolute_url()}) - elif obj.owner_role.members.count() > 0: - user = obj.owner_role.members.first() + elif obj.admin_role.members.count() > 0: + user = obj.admin_role.members.first() res.update({'user': reverse('api:user_detail', args=(user.pk,))}) return res @@ -1658,7 +1658,7 @@ class CredentialSerializer(BaseSerializer): summary_dict = super(CredentialSerializer, self).get_summary_fields(obj) summary_dict['owners'] = [] - for user in obj.owner_role.members.all(): + for user in obj.admin_role.members.all(): summary_dict['owners'].append({ 'id': user.pk, 'type': 'user', @@ -1667,7 +1667,7 @@ class CredentialSerializer(BaseSerializer): 'url': reverse('api:user_detail', args=(user.pk,)), }) - for parent in obj.owner_role.parents.exclude(object_id__isnull=True).all(): + for parent in obj.admin_role.parents.exclude(object_id__isnull=True).all(): summary_dict['owners'].append({ 'id': parent.content_object.pk, 'type': camelcase_to_underscore(parent.content_object.__class__.__name__), @@ -1721,9 +1721,9 @@ class CredentialSerializerCreate(CredentialSerializer): team = validated_data.pop('team', None) credential = super(CredentialSerializerCreate, self).create(validated_data) if user: - credential.owner_role.members.add(user) + credential.admin_role.members.add(user) if team: - credential.owner_role.parents.add(team.member_role) + credential.admin_role.parents.add(team.member_role) return credential diff --git a/awx/api/views.py b/awx/api/views.py index 25c75ae2a2..ac954d677d 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -1332,7 +1332,7 @@ class CredentialOwnerUsersList(SubListAPIView): model = User serializer_class = UserSerializer parent_model = Credential - relationship = 'owner_role.members' + relationship = 'admin_role.members' new_in_300 = True @@ -1349,7 +1349,7 @@ class CredentialOwnerTeamsList(SubListAPIView): raise PermissionDenied() content_type = ContentType.objects.get_for_model(self.model) - teams = [c.content_object.pk for c in credential.owner_role.parents.filter(content_type=content_type)] + teams = [c.content_object.pk for c in credential.admin_role.parents.filter(content_type=content_type)] return self.model.objects.filter(pk__in=teams) @@ -1382,7 +1382,7 @@ class TeamCredentialsList(SubListCreateAPIView): self.check_parent_access(team) visible_creds = Credential.accessible_objects(self.request.user, 'read_role') - team_creds = Credential.objects.filter(owner_role__parents=team.member_role) + team_creds = Credential.objects.filter(admin_role__parents=team.member_role) return team_creds & visible_creds diff --git a/awx/main/access.py b/awx/main/access.py index e8607f6f74..4fac7b7228 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -613,7 +613,7 @@ class CredentialAccess(BaseAccess): if self.user in obj.organization.admin_role: return True - return self.user in obj.owner_role + return self.user in obj.admin_role def can_delete(self, obj): # Unassociated credentials may be marked deleted by anyone, though we diff --git a/awx/main/management/commands/create_preload_data.py b/awx/main/management/commands/create_preload_data.py index b7443401fd..a6b1e41f0d 100644 --- a/awx/main/management/commands/create_preload_data.py +++ b/awx/main/management/commands/create_preload_data.py @@ -33,7 +33,7 @@ class Command(BaseCommand): c = Credential.objects.create(name='Demo Credential', username=superuser.username, created_by=superuser) - c.owner_role.members.add(superuser) + c.admin_role.members.add(superuser) i = Inventory.objects.create(name='Demo Inventory', organization=o, created_by=superuser) diff --git a/awx/main/migrations/0008_v300_rbac_changes.py b/awx/main/migrations/0008_v300_rbac_changes.py index 7e3b2ad1f1..12ceefb4f9 100644 --- a/awx/main/migrations/0008_v300_rbac_changes.py +++ b/awx/main/migrations/0008_v300_rbac_changes.py @@ -143,18 +143,18 @@ class Migration(migrations.Migration): ), migrations.AddField( model_name='credential', - name='owner_role', + name='admin_role', field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'singleton:system_administrator'], to='main.Role', null=b'True'), ), migrations.AddField( model_name='credential', name='use_role', - field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'owner_role'], to='main.Role', null=b'True'), + field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'admin_role'], to='main.Role', null=b'True'), ), migrations.AddField( model_name='credential', name='read_role', - field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'singleton:system_auditor', b'use_role', b'owner_role'], to='main.Role', null=b'True'), + field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'singleton:system_auditor', b'use_role', b'admin_role'], to='main.Role', null=b'True'), ), migrations.AddField( model_name='custominventoryscript', diff --git a/awx/main/migrations/0025_v300_update_rbac_parents.py b/awx/main/migrations/0025_v300_update_rbac_parents.py index d2ceaab73b..00776ac3b9 100644 --- a/awx/main/migrations/0025_v300_update_rbac_parents.py +++ b/awx/main/migrations/0025_v300_update_rbac_parents.py @@ -15,7 +15,7 @@ class Migration(migrations.Migration): migrations.AlterField( model_name='credential', name='use_role', - field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'organization.admin_role', b'owner_role'], to='main.Role', null=b'True'), + field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'organization.admin_role', b'admin_role'], to='main.Role', null=b'True'), ), migrations.AlterField( model_name='team', diff --git a/awx/main/migrations/0026_v300_credential_unique.py b/awx/main/migrations/0026_v300_credential_unique.py index 0d9e8d3591..b354ce3d62 100644 --- a/awx/main/migrations/0026_v300_credential_unique.py +++ b/awx/main/migrations/0026_v300_credential_unique.py @@ -20,7 +20,7 @@ class Migration(migrations.Migration): migrations.AlterField( model_name='credential', name='read_role', - field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'singleton:system_auditor', b'use_role', b'owner_role', b'organization.auditor_role'], to='main.Role', null=b'True'), + field=awx.main.fields.ImplicitRoleField(related_name='+', parent_role=[b'singleton:system_auditor', b'use_role', b'admin_role', b'organization.auditor_role'], to='main.Role', null=b'True'), ), migrations.RunPython(migration_utils.set_current_apps_for_migrations), migrations.RunPython(rbac.rebuild_role_hierarchy), diff --git a/awx/main/migrations/_rbac.py b/awx/main/migrations/_rbac.py index cba2c598e1..ee4100431e 100644 --- a/awx/main/migrations/_rbac.py +++ b/awx/main/migrations/_rbac.py @@ -164,7 +164,7 @@ def _discover_credentials(instances, cred, orgfunc): cred.organization = None cred.save() - cred.owner_role, cred.use_role = None, None + cred.admin_role, cred.use_role = None, None for i in orgs[org]: i.credential = cred @@ -198,11 +198,11 @@ def migrate_credential(apps, schema_editor): logger.info(smart_text(u"added Credential(name={}, kind={}, host={}) at organization level".format(cred.name, cred.kind, cred.host))) if cred.deprecated_team is not None: - cred.deprecated_team.member_role.children.add(cred.owner_role) + cred.deprecated_team.member_role.children.add(cred.admin_role) cred.save() logger.info(smart_text(u"added Credential(name={}, kind={}, host={}) at user level".format(cred.name, cred.kind, cred.host))) elif cred.deprecated_user is not None: - cred.owner_role.members.add(cred.deprecated_user) + cred.admin_role.members.add(cred.deprecated_user) cred.save() logger.info(smart_text(u"added Credential(name={}, kind={}, host={}) at user level".format(cred.name, cred.kind, cred.host, ))) else: diff --git a/awx/main/models/credential.py b/awx/main/models/credential.py index 824493e8ac..1bd11ec68e 100644 --- a/awx/main/models/credential.py +++ b/awx/main/models/credential.py @@ -212,7 +212,7 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin): default='', help_text=_('Tenant identifier for this credential'), ) - owner_role = ImplicitRoleField( + admin_role = ImplicitRoleField( parent_role=[ 'singleton:' + ROLE_SINGLETON_SYSTEM_ADMINISTRATOR, ], @@ -220,14 +220,14 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin): use_role = ImplicitRoleField( parent_role=[ 'organization.admin_role', - 'owner_role', + 'admin_role', ] ) read_role = ImplicitRoleField(parent_role=[ 'singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR, 'organization.auditor_role', 'use_role', - 'owner_role', + 'admin_role', ]) @property diff --git a/awx/main/models/rbac.py b/awx/main/models/rbac.py index fd07a213f4..4edeb587c7 100644 --- a/awx/main/models/rbac.py +++ b/awx/main/models/rbac.py @@ -40,7 +40,6 @@ role_names = { 'auditor_role' : 'Auditor', 'execute_role' : 'Execute', 'member_role' : 'Member', - 'owner_role' : 'Owner', 'read_role' : 'Read', 'update_role' : 'Update', 'use_role' : 'Use', @@ -54,7 +53,6 @@ role_descriptions = { 'auditor_role' : 'Can view all settings for the %s', 'execute_role' : 'May run the job template', 'member_role' : 'User is a member of the %s', - 'owner_role' : 'Owns and can manage all aspects of this %s', 'read_role' : 'May view settings for the %s', 'update_role' : 'May update project or inventory or group using the configured source update system', 'use_role' : 'Can use the %s in a job template', diff --git a/awx/main/tests/base.py b/awx/main/tests/base.py index 789bbb8c86..6257e26438 100644 --- a/awx/main/tests/base.py +++ b/awx/main/tests/base.py @@ -387,7 +387,7 @@ class BaseTestMixin(QueueTestMixin, MockCommonlySlowTestMixin): user = opts['user'] del opts['user'] cred = Credential.objects.create(**opts) - cred.owner_role.members.add(user) + cred.admin_role.members.add(user) return cred def setup_instances(self): diff --git a/awx/main/tests/functional/conftest.py b/awx/main/tests/functional/conftest.py index 75f8851125..5e6ef333bb 100644 --- a/awx/main/tests/functional/conftest.py +++ b/awx/main/tests/functional/conftest.py @@ -159,7 +159,7 @@ def machine_credential(): @pytest.fixture def org_credential(organization, credential): - credential.owner_role.parents.add(organization.admin_role) + credential.admin_role.parents.add(organization.admin_role) return credential @pytest.fixture diff --git a/awx/main/tests/functional/test_rbac_credential.py b/awx/main/tests/functional/test_rbac_credential.py index 31536a06f0..4a05403233 100644 --- a/awx/main/tests/functional/test_rbac_credential.py +++ b/awx/main/tests/functional/test_rbac_credential.py @@ -16,7 +16,7 @@ def test_credential_migration_user(credential, user, permissions): rbac.migrate_credential(apps, None) - assert u in credential.owner_role + assert u in credential.admin_role @pytest.mark.django_db def test_two_teams_same_cred_name(organization_factory): @@ -28,8 +28,8 @@ def test_two_teams_same_cred_name(organization_factory): rbac.migrate_credential(apps, None) - assert objects.teams.team1.member_role in cred1.owner_role.parents.all() - assert objects.teams.team2.member_role in cred2.owner_role.parents.all() + assert objects.teams.team1.member_role in cred1.admin_role.parents.all() + assert objects.teams.team2.member_role in cred2.admin_role.parents.all() @pytest.mark.django_db def test_credential_use_role(credential, user, permissions): @@ -46,14 +46,14 @@ def test_credential_migration_team_member(credential, team, user, permissions): # No permissions pre-migration (this happens automatically so we patch this) - team.admin_role.children.remove(credential.owner_role) + team.admin_role.children.remove(credential.admin_role) team.member_role.children.remove(credential.use_role) - assert u not in credential.owner_role + assert u not in credential.admin_role rbac.migrate_credential(apps, None) # Admin permissions post migration - assert u in credential.owner_role + assert u in credential.admin_role @pytest.mark.django_db def test_credential_migration_team_admin(credential, team, user, permissions): @@ -104,7 +104,7 @@ def test_credential_access_admin(user, team, credential): # credential is now part of a team # that is part of an organization # that I am an admin for - credential.owner_role.parents.add(team.admin_role) + credential.admin_role.parents.add(team.admin_role) credential.save() cred = Credential.objects.create(kind='aws', name='test-cred') diff --git a/awx/main/tests/functional/test_rbac_job_templates.py b/awx/main/tests/functional/test_rbac_job_templates.py index 28d4571378..c8cc2b8502 100644 --- a/awx/main/tests/functional/test_rbac_job_templates.py +++ b/awx/main/tests/functional/test_rbac_job_templates.py @@ -205,9 +205,9 @@ def test_job_template_access_org_admin(jt_objects, rando): jt_objects.inventory.organization.admin_role.members.add(rando) # Assign organization permission in the same way the create view does organization = jt_objects.inventory.organization - jt_objects.credential.owner_role.parents.add(organization.admin_role) - jt_objects.cloud_credential.owner_role.parents.add(organization.admin_role) - jt_objects.network_credential.owner_role.parents.add(organization.admin_role) + jt_objects.credential.admin_role.parents.add(organization.admin_role) + jt_objects.cloud_credential.admin_role.parents.add(organization.admin_role) + jt_objects.network_credential.admin_role.parents.add(organization.admin_role) proj_pk = jt_objects.project.pk assert access.can_add(dict(inventory=jt_objects.inventory.pk, project=proj_pk)) diff --git a/awx/main/tests/job_base.py b/awx/main/tests/job_base.py index c7f21a40a6..d215c0fb25 100644 --- a/awx/main/tests/job_base.py +++ b/awx/main/tests/job_base.py @@ -269,14 +269,14 @@ class BaseJobTestMixin(BaseTestMixin): password=TEST_SSH_KEY_DATA, created_by=self.user_sue, ) - self.cred_sue.owner_role.members.add(self.user_sue) + self.cred_sue.admin_role.members.add(self.user_sue) self.cred_sue_ask = Credential.objects.create( username='sue', password='ASK', created_by=self.user_sue, ) - self.cred_sue_ask.owner_role.members.add(self.user_sue) + self.cred_sue_ask.admin_role.members.add(self.user_sue) self.cred_sue_ask_many = Credential.objects.create( username='sue', @@ -288,7 +288,7 @@ class BaseJobTestMixin(BaseTestMixin): ssh_key_unlock='ASK', created_by=self.user_sue, ) - self.cred_sue_ask_many.owner_role.members.add(self.user_sue) + self.cred_sue_ask_many.admin_role.members.add(self.user_sue) self.cred_bob = Credential.objects.create( username='bob', @@ -384,7 +384,7 @@ class BaseJobTestMixin(BaseTestMixin): password='Heading0', created_by = self.user_sue, ) - self.team_ops_north.member_role.children.add(self.cred_ops_north.owner_role) + self.team_ops_north.member_role.children.add(self.cred_ops_north.admin_role) self.cred_ops_test = Credential.objects.create( username='testers', diff --git a/awx/main/tests/old/inventory.py b/awx/main/tests/old/inventory.py index 9c4dee8294..efa952e64a 100644 --- a/awx/main/tests/old/inventory.py +++ b/awx/main/tests/old/inventory.py @@ -1434,7 +1434,7 @@ class InventoryUpdatesTest(BaseTransactionTest): credential = Credential.objects.create(kind='aws', username=source_username, password=source_password) - credential.owner_role.members.add(self.super_django_user) + credential.admin_role.members.add(self.super_django_user) # Set parent group name to one that might be created by the sync. group = self.group group.name = 'ec2' @@ -1521,7 +1521,7 @@ class InventoryUpdatesTest(BaseTransactionTest): username=source_username, password=source_password, security_token=source_token) - credential.owner_role.members.add(self.super_django_user) + credential.admin_role.members.add(self.super_django_user) # Set parent group name to one that might be created by the sync. group = self.group group.name = 'ec2' @@ -1543,7 +1543,7 @@ class InventoryUpdatesTest(BaseTransactionTest): username=source_username, password=source_password, security_token="BADTOKEN") - credential.owner_role.members.add(self.super_django_user) + credential.admin_role.members.add(self.super_django_user) # Set parent group name to one that might be created by the sync. group = self.group @@ -1578,7 +1578,7 @@ class InventoryUpdatesTest(BaseTransactionTest): credential = Credential.objects.create(kind='aws', username=source_username, password=source_password) - credential.owner_role.members.add(self.super_django_user) + credential.admin_role.members.add(self.super_django_user) group = self.group group.name = 'AWS Inventory' group.save() @@ -1706,7 +1706,7 @@ class InventoryUpdatesTest(BaseTransactionTest): credential = Credential.objects.create(kind='rax', username=source_username, password=source_password) - credential.owner_role.members.add(self.super_django_user) + credential.admin_role.members.add(self.super_django_user) # Set parent group name to one that might be created by the sync. group = self.group group.name = 'DFW' @@ -1759,7 +1759,7 @@ class InventoryUpdatesTest(BaseTransactionTest): username=source_username, password=source_password, host=source_host) - credential.owner_role.members.add(self.super_django_user) + credential.admin_role.members.add(self.super_django_user) inventory_source = self.update_inventory_source(self.group, source='vmware', credential=credential) # Check first without instance_id set (to import by name only). diff --git a/awx/main/tests/old/projects.py b/awx/main/tests/old/projects.py index b6b75ecd4b..01c459b794 100644 --- a/awx/main/tests/old/projects.py +++ b/awx/main/tests/old/projects.py @@ -506,7 +506,7 @@ class ProjectUpdatesTest(BaseTransactionTest): u = kw['user'] del kw['user'] credential = Credential.objects.create(**kw) - credential.owner_role.members.add(u) + credential.admin_role.members.add(u) kwargs['credential'] = credential project = Project.objects.create(**kwargs) project_path = project.get_project_path(check_if_exists=False) @@ -1418,7 +1418,7 @@ class ProjectUpdatesTest(BaseTransactionTest): inventory=self.inventory) self.group.hosts.add(self.host) self.credential = Credential.objects.create(name='test-creds') - self.credential.owner_role.members.add(self.super_django_user) + self.credential.admin_role.members.add(self.super_django_user) self.project = self.create_project( name='my public git project over https', scm_type='git', @@ -1454,7 +1454,7 @@ class ProjectUpdatesTest(BaseTransactionTest): inventory=self.inventory) self.group.hosts.add(self.host) self.credential = Credential.objects.create(name='test-creds') - self.credential.owner_role.members.add(self.super_django_user) + self.credential.admin_role.members.add(self.super_django_user) self.project = self.create_project( name='my private git project over https', scm_type='git', diff --git a/awx/main/tests/old/schedules.py b/awx/main/tests/old/schedules.py index 441c1e2002..6433ee1351 100644 --- a/awx/main/tests/old/schedules.py +++ b/awx/main/tests/old/schedules.py @@ -62,7 +62,7 @@ class ScheduleTest(BaseTest): self.organizations[1].member_role.members.add(self.diff_org_user) self.cloud_source = Credential.objects.create(kind='awx', username='Dummy', password='Dummy') - self.cloud_source.owner_role.members.add(self.super_django_user) + self.cloud_source.admin_role.members.add(self.super_django_user) self.first_inventory = Inventory.objects.create(name='test_inventory', description='for org 0', organization=self.organizations[0]) self.first_inventory.hosts.create(name='host_1') diff --git a/awx/main/tests/old/tasks.py b/awx/main/tests/old/tasks.py index 05a39fb75b..fdd30bf854 100644 --- a/awx/main/tests/old/tasks.py +++ b/awx/main/tests/old/tasks.py @@ -283,7 +283,7 @@ class RunJobTest(BaseJobExecutionTest): user = opts['user'] del opts['user'] self.cloud_credential = Credential.objects.create(**opts) - self.cloud_credential.owner_role.members.add(user) + self.cloud_credential.admin_role.members.add(user) return self.cloud_credential def create_test_project(self, playbook_content, role_playbooks=None): diff --git a/tools/data_generators/rbac_dummy_data_generator.py b/tools/data_generators/rbac_dummy_data_generator.py index cf26cb3da3..ad90dc74a9 100755 --- a/tools/data_generators/rbac_dummy_data_generator.py +++ b/tools/data_generators/rbac_dummy_data_generator.py @@ -216,7 +216,7 @@ try: sys.stdout.flush() credential_id = ids['credential'] credential = Credential.objects.create(name='%s Credential %d User %d' % (prefix, credential_id, user_idx)) - credential.owner_role.members.add(user) + credential.admin_role.members.add(user) credentials.append(credential) user_idx += 1 print('') @@ -232,7 +232,7 @@ try: sys.stdout.flush() credential_id = ids['credential'] credential = Credential.objects.create(name='%s Credential %d team %d' % (prefix, credential_id, team_idx)) - credential.owner_role.parents.add(team.member_role) + credential.admin_role.parents.add(team.member_role) credentials.append(credential) team_idx += 1 print('')