From 9cad45feacaf4e8c691a802cb3461791a8e863ae Mon Sep 17 00:00:00 2001 From: Lila Yasin Date: Thu, 25 May 2023 15:44:43 -0400 Subject: [PATCH] Prevent manual peering of control plane nodes to hop node (#13966) --- awx/api/serializers.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 2ef95f0c1a..25018d7cb0 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -5489,6 +5489,13 @@ class InstanceSerializer(BaseSerializer): if peers_from_control_nodes and node_type not in (Instance.Types.EXECUTION, Instance.Types.HOP): raise serializers.ValidationError("peers_from_control_nodes can only be enabled for execution or hop nodes.") + + if node_type in (Instance.Types.CONTROL): + if self.instance and 'peers' in attrs and set(self.instance.peers.all()) != set(attrs['peers']): + raise serializers.ValidationError( + "Setting peers manually for control nodes is not allowed. Enable peers_from_control_nodes on the hop and execution nodes instead." + ) + return super().validate(attrs) def validate_node_type(self, value):