From 8bda048e6d0b2ffc35b1ce5b86d4c5feaba8aa5d Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Tue, 27 Aug 2019 11:32:35 -0400
Subject: [PATCH] validate galaxy server settings

involves some changes to the redact code
---
 awx/main/conf.py   | 47 ++++++++++++++++++++++++++++++++++++++++++++++
 awx/main/redact.py |  5 ++---
 2 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/awx/main/conf.py b/awx/main/conf.py
index a4c144a351..efb6af7d21 100644
--- a/awx/main/conf.py
+++ b/awx/main/conf.py
@@ -762,4 +762,51 @@ def logging_validate(serializer, attrs):
     return attrs
 
 
+def galaxy_validate(serializer, attrs):
+    """Ansible Galaxy config options have mutual exclusivity rules, these rules
+    are enforced here on serializer validation so that users will not be able
+    to save settings which obviously break all project updates.
+    """
+    galaxy_fields = ('url', 'username', 'password', 'token')
+    if not any('PRIVATE_GALAXY_{}'.format(subfield.upper()) in attrs for subfield in galaxy_fields):
+        return attrs
+
+    def _new_value(field_name):
+        if field_name in attrs:
+            return attrs[field_name]
+        elif not serializer.instance:
+            return ''
+        return getattr(serializer.instance, field_name, '')
+
+    galaxy_data = {}
+    for subfield in galaxy_fields:
+        galaxy_data[subfield] = _new_value('PRIVATE_GALAXY_{}'.format(subfield.upper()))
+    errors = {}
+    print('galaxy data')
+    print(galaxy_data)
+    if not galaxy_data['url']:
+        for k, v in galaxy_data.items():
+            if v:
+                setting_name = 'PRIVATE_GALAXY_{}'.format(k.upper())
+                errors.setdefault(setting_name, [])
+                errors[setting_name].append(_(
+                    'Cannot provide field if PRIVATE_GALAXY_URL is not set.'
+                ))
+
+    if (galaxy_data['password'] or galaxy_data['username']) and galaxy_data['token']:
+        for k in ('password', 'username', 'token'):
+            setting_name = 'PRIVATE_GALAXY_{}'.format(k.upper())
+            if setting_name in attrs:
+                errors.setdefault(setting_name, [])
+                errors[setting_name].append(_(
+                    'Setting PRIVATE_GALAXY_TOKEN is mutually exclusive with '
+                    'PRIVATE_GALAXY_USERNAME and PRIVATE_GALAXY_PASSWORD.'
+                ))
+
+    if errors:
+        raise serializers.ValidationError(errors)
+    return attrs
+
+
 register_validate('logging', logging_validate)
+register_validate('jobs', galaxy_validate)
diff --git a/awx/main/redact.py b/awx/main/redact.py
index fce725f427..dc9f060666 100644
--- a/awx/main/redact.py
+++ b/awx/main/redact.py
@@ -15,7 +15,7 @@ class UriCleaner(object):
         if settings.PRIVATE_GALAXY_URL:
             exclude_list = (settings.PUBLIC_GALAXY_URL, settings.PRIVATE_GALAXY_URL)
         else:
-            exclude_list = (settings.PUBLIC_GALAXY_URL)
+            exclude_list = (settings.PUBLIC_GALAXY_URL,)
         redactedtext = cleartext
         text_index = 0
         while True:
@@ -25,7 +25,7 @@ class UriCleaner(object):
             uri_str = match.group(1)
             # Do not redact items from the exclude list
             if any(uri_str.startswith(exclude_uri) for exclude_uri in exclude_list):
-                text_index = match.start() + len(UriCleaner.REPLACE_STR)
+                text_index = match.start() + len(uri_str)
                 continue
             try:
                 # May raise a ValueError if invalid URI for one reason or another
@@ -62,7 +62,6 @@ class UriCleaner(object):
                 redactedtext = t
                 if text_index >= len(redactedtext):
                     text_index = len(redactedtext) - 1
-                print('URL string old: {} new: {}'.format(uri_str_old, uri_str))
             except ValueError:
                 # Invalid URI, redact the whole URI to be safe
                 redactedtext = redactedtext[:match.start()] + UriCleaner.REPLACE_STR + redactedtext[match.end():]