validate galaxy server settings

involves some changes to the redact code
2026-01-13 02:50:02 -03:30 · 2019-08-27 11:32:35 -04:00 · 2019-08-27 11:32:35 -04:00 · 8bda048e6d
commit 8bda048e6d
parent 093bf6877b
2 changed files with 49 additions and 3 deletions
--- a/awx/main/conf.py
+++ b/awx/main/conf.py
@ -762,4 +762,51 @@ def logging_validate(serializer, attrs):
    return attrs


+def galaxy_validate(serializer, attrs):
+    """Ansible Galaxy config options have mutual exclusivity rules, these rules
+    are enforced here on serializer validation so that users will not be able
+    to save settings which obviously break all project updates.
+    """
+    galaxy_fields = ('url', 'username', 'password', 'token')
+    if not any('PRIVATE_GALAXY_{}'.format(subfield.upper()) in attrs for subfield in galaxy_fields):
+        return attrs
+
+    def _new_value(field_name):
+        if field_name in attrs:
+            return attrs[field_name]
+        elif not serializer.instance:
+            return ''
+        return getattr(serializer.instance, field_name, '')
+
+    galaxy_data = {}
+    for subfield in galaxy_fields:
+        galaxy_data[subfield] = _new_value('PRIVATE_GALAXY_{}'.format(subfield.upper()))
+    errors = {}
+    print('galaxy data')
+    print(galaxy_data)
+    if not galaxy_data['url']:
+        for k, v in galaxy_data.items():
+            if v:
+                setting_name = 'PRIVATE_GALAXY_{}'.format(k.upper())
+                errors.setdefault(setting_name, [])
+                errors[setting_name].append(_(
+                    'Cannot provide field if PRIVATE_GALAXY_URL is not set.'
+                ))
+
+    if (galaxy_data['password'] or galaxy_data['username']) and galaxy_data['token']:
+        for k in ('password', 'username', 'token'):
+            setting_name = 'PRIVATE_GALAXY_{}'.format(k.upper())
+            if setting_name in attrs:
+                errors.setdefault(setting_name, [])
+                errors[setting_name].append(_(
+                    'Setting PRIVATE_GALAXY_TOKEN is mutually exclusive with '
+                    'PRIVATE_GALAXY_USERNAME and PRIVATE_GALAXY_PASSWORD.'
+                ))
+
+    if errors:
+        raise serializers.ValidationError(errors)
+    return attrs
+
+
 register_validate('logging', logging_validate)
+register_validate('jobs', galaxy_validate)
--- a/awx/main/redact.py
+++ b/awx/main/redact.py
@ -15,7 +15,7 @@ class UriCleaner(object):
        if settings.PRIVATE_GALAXY_URL:
            exclude_list = (settings.PUBLIC_GALAXY_URL, settings.PRIVATE_GALAXY_URL)
        else:
-            exclude_list = (settings.PUBLIC_GALAXY_URL)
+            exclude_list = (settings.PUBLIC_GALAXY_URL,)
        redactedtext = cleartext
        text_index = 0
        while True:
@ -25,7 +25,7 @@ class UriCleaner(object):
            uri_str = match.group(1)
            # Do not redact items from the exclude list
            if any(uri_str.startswith(exclude_uri) for exclude_uri in exclude_list):
-                text_index = match.start() + len(UriCleaner.REPLACE_STR)
+                text_index = match.start() + len(uri_str)
                continue
            try:
                # May raise a ValueError if invalid URI for one reason or another
@ -62,7 +62,6 @@ class UriCleaner(object):
                redactedtext = t
                if text_index >= len(redactedtext):
                    text_index = len(redactedtext) - 1
-                print('URL string old: {} new: {}'.format(uri_str_old, uri_str))
            except ValueError:
                # Invalid URI, redact the whole URI to be safe
                redactedtext = redactedtext[:match.start()] + UriCleaner.REPLACE_STR + redactedtext[match.end():]