External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-01 00:38:45 -03:30
Code Issues Packages Projects Releases Wiki Activity

Add new credential become methods, inject instead of set in database

Browse Source
This commit is contained in:
Wayne Witzel III
2018-04-20 11:51:49 -04:00
parent 44470200a2
commit 8fa98d0d54
5 changed files with 40 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
awx/main/constants.py
View File

@@ -14,6 +14,7 @@ __all__ = [
CLOUD_PROVIDERS = ('azure_rm', 'ec2', 'gce', 'vmware', 'openstack', 'rhv', 'satellite6', 'cloudforms', 'tower') CLOUD_PROVIDERS = ('azure_rm', 'ec2', 'gce', 'vmware', 'openstack', 'rhv', 'satellite6', 'cloudforms', 'tower')
SCHEDULEABLE_PROVIDERS = CLOUD_PROVIDERS + ('custom', 'scm',) SCHEDULEABLE_PROVIDERS = CLOUD_PROVIDERS + ('custom', 'scm',)
PRIVILEGE_ESCALATION_METHODS = [ PRIVILEGE_ESCALATION_METHODS = [
('', _('None')), ('enable', _('Enable')), ('doas', _('Doas')),
('sudo', _('Sudo')), ('su', _('Su')), ('pbrun', _('Pbrun')), ('pfexec', _('Pfexec')), ('sudo', _('Sudo')), ('su', _('Su')), ('pbrun', _('Pbrun')), ('pfexec', _('Pfexec')),
('dzdo', _('DZDO')), ('pmrun', _('Pmrun')), ('runas', _('Runas'))] ('dzdo', _('DZDO')), ('pmrun', _('Pmrun')), ('runas', _('Runas'))]
ANSI_SGR_PATTERN = re.compile(r'\x1b\[[0-9;]*m') ANSI_SGR_PATTERN = re.compile(r'\x1b\[[0-9;]*m')

14
awx/main/fields.py
View File

@@ -45,6 +45,7 @@ from awx.main.utils.filters import SmartFilter
from awx.main.utils.encryption import encrypt_value, decrypt_value, get_encryption_key from awx.main.utils.encryption import encrypt_value, decrypt_value, get_encryption_key
from awx.main.validators import validate_ssh_private_key from awx.main.validators import validate_ssh_private_key
from awx.main.models.rbac import batch_role_ancestor_rebuilding, Role from awx.main.models.rbac import batch_role_ancestor_rebuilding, Role
from awx.main.constants import PRIVILEGE_ESCALATION_METHODS
from awx.main import utils from awx.main import utils
@@ -649,7 +650,7 @@ class CredentialTypeInputField(JSONSchemaField):
'items': { 'items': {
'type': 'object', 'type': 'object',
'properties': { 'properties': {
'type': {'enum': ['string', 'boolean']}, 'type': {'enum': ['string', 'boolean', 'become_method']},
'format': {'enum': ['ssh_private_key']}, 'format': {'enum': ['ssh_private_key']},
'choices': { 'choices': {
'type': 'array', 'type': 'array',
@@ -710,6 +711,17 @@ class CredentialTypeInputField(JSONSchemaField):
# If no type is specified, default to string # If no type is specified, default to string
field['type'] = 'string' field['type'] = 'string'
if field['type'] == 'become_method':
if not model_instance.managed_by_tower:
raise django_exceptions.ValidationError(
_('{0} is a reserved type name'.format(field['type'])),
code='invalid',
params={'value': value},
)
else:
field['type'] = 'string'
field['choices'] = PRIVILEGE_ESCALATION_METHODS
for key in ('choices', 'multiline', 'format', 'secret',): for key in ('choices', 'multiline', 'format', 'secret',):
if key in field and field['type'] != 'string': if key in field and field['type'] != 'string':
raise django_exceptions.ValidationError( raise django_exceptions.ValidationError(

18
awx/main/migrations/0035_v330_credtype_remove_become_methods.py Normal file
View File

@@ -0,0 +1,18 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
# AWX
from awx.main.migrations import _credentialtypes as credentialtypes
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('main', '0034_v330_more_oauth2_help_text'),
]
operations = [
migrations.RunPython(credentialtypes.remove_become_methods),
]

6
awx/main/migrations/_credentialtypes.py
View File

@@ -197,3 +197,9 @@ def add_azure_cloud_environment_field(apps, schema_editor):
name='Microsoft Azure Resource Manager') name='Microsoft Azure Resource Manager')
azure_rm_credtype.inputs = CredentialType.defaults.get('azure_rm')().inputs azure_rm_credtype.inputs = CredentialType.defaults.get('azure_rm')().inputs
azure_rm_credtype.save() azure_rm_credtype.save()
def remove_become_methods(apps, schema_editor):
become_credtype = CredentialType.objects.get(kind='ssh')
become_credtype.inputs = CredentialType.defaults.get('ssh')().inputs
become_credtype.save()

4
awx/main/models/credential/__init__.py
View File

@@ -165,7 +165,7 @@ class V1Credential(object):
max_length=32, max_length=32,
blank=True, blank=True,
default='', default='',
choices=[('', _('None'))] + PRIVILEGE_ESCALATION_METHODS, choices=PRIVILEGE_ESCALATION_METHODS,
help_text=_('Privilege escalation method.') help_text=_('Privilege escalation method.')
), ),
'become_username': models.CharField( 'become_username': models.CharField(
@@ -516,7 +516,7 @@ class CredentialType(CommonModelNameNotUnique):
if field['id'] == field_id: if field['id'] == field_id:
if 'choices' in field: if 'choices' in field:
return field['choices'][0] return field['choices'][0]
return {'string': '', 'boolean': False}[field['type']] return {'string': '', 'boolean': False, 'become_method': ''}[field['type']]
@classmethod @classmethod
def default(cls, f): def default(cls, f):