External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-19 04:00:06 -03:30
Code Issues Packages Projects Releases Wiki Activity

allow creation at /api/v2/credential_input_sources

Browse Source
This commit is contained in:
Ryan Petrello
2019-02-27 14:51:48 -05:00
committed by Jake McDermott
parent e727909a61
commit b911f8bf77
4 changed files with 45 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/api/views/__init__.py
View File

@@ -1453,7 +1453,7 @@ class CredentialInputSourceDetail(RetrieveUpdateDestroyAPIView):
serializer_class = serializers.CredentialInputSourceSerializer serializer_class = serializers.CredentialInputSourceSerializer
class CredentialInputSourceList(ListAPIView): class CredentialInputSourceList(ListCreateAPIView):
view_name = _("Credential Input Sources") view_name = _("Credential Input Sources")

1
awx/api/views/root.py
View File

@@ -101,6 +101,7 @@ class ApiVersionRootView(APIView):
data['credentials'] = reverse('api:credential_list', request=request) data['credentials'] = reverse('api:credential_list', request=request)
if get_request_version(request) > 1: if get_request_version(request) > 1:
data['credential_types'] = reverse('api:credential_type_list', request=request) data['credential_types'] = reverse('api:credential_type_list', request=request)
data['credential_input_sources'] = reverse('api:credential_input_source_list', request=request)
data['applications'] = reverse('api:o_auth2_application_list', request=request) data['applications'] = reverse('api:o_auth2_application_list', request=request)
data['tokens'] = reverse('api:o_auth2_token_list', request=request) data['tokens'] = reverse('api:o_auth2_token_list', request=request)
data['inventory'] = reverse('api:inventory_list', request=request) data['inventory'] = reverse('api:inventory_list', request=request)

9
awx/main/models/credential/__init__.py
View File

@@ -1343,8 +1343,13 @@ class CredentialInputSource(PrimordialModel):
return self.source_credential return self.source_credential
def clean_input_field_name(self): def clean_input_field_name(self):
if self.input_field_name not in self.target_credential.credential_type.defined_fields: defined_fields = self.target_credential.credential_type.defined_fields
raise ValidationError(_('Input field must be defined on target credential.')) if self.input_field_name not in defined_fields:
raise ValidationError(_(
'Input field must be defined on target credential (options are {}).'.format(
', '.join(sorted(defined_fields))
)
))
return self.input_field_name return self.input_field_name
def save(self, *args, **kwargs): def save(self, *args, **kwargs):

39
awx/main/tests/functional/api/test_credential_input_sources.py
View File

@@ -77,16 +77,18 @@ def test_associate_credential_input_source_with_invalid_metadata(get, post, admi
@pytest.mark.django_db @pytest.mark.django_db
def test_cannot_create_from_list(get, post, admin, vault_credential, external_credential): def test_create_from_list(get, post, admin, vault_credential, external_credential):
params = { params = {
'source_credential': external_credential.pk, 'source_credential': external_credential.pk,
'target_credential': vault_credential.pk, 'target_credential': vault_credential.pk,
'input_field_name': 'vault_password', 'input_field_name': 'vault_password',
'metadata': {'key': 'some_example_key'},
} }
assert post(reverse( assert post(reverse(
'api:credential_input_source_list', 'api:credential_input_source_list',
kwargs={'version': 'v2'} kwargs={'version': 'v2'}
), params, admin).status_code == 405 ), params, admin).status_code == 201
assert CredentialInputSource.objects.count() == 1
@pytest.mark.django_db @pytest.mark.django_db
@@ -207,6 +209,37 @@ def test_input_source_detail_rbac(get, post, patch, delete, admin, alice,
assert CredentialInputSource.objects.count() == 0 assert CredentialInputSource.objects.count() == 0
@pytest.mark.django_db
def test_input_source_create_rbac(get, post, patch, delete, alice,
vault_credential, external_credential,
other_external_credential):
sublist_url = reverse(
'api:credential_input_source_list',
kwargs={'version': 'v2'}
)
params = {
'target_credential': vault_credential.pk,
'source_credential': external_credential.pk,
'input_field_name': 'vault_password',
'metadata': {'key': 'some_key'},
}
# alice can't create the inv source because she has access to neither credential
response = post(sublist_url, params, alice)
assert response.status_code == 403
# alice still can't because she can't use the source credential
vault_credential.admin_role.members.add(alice)
response = post(sublist_url, params, alice)
assert response.status_code == 403
# alice can create an input source if she has permissions on both credentials
external_credential.use_role.members.add(alice)
response = post(sublist_url, params, alice)
assert response.status_code == 201
assert CredentialInputSource.objects.count() == 1
@pytest.mark.django_db @pytest.mark.django_db
def test_input_source_rbac_swap_target_credential(get, post, put, patch, admin, alice, def test_input_source_rbac_swap_target_credential(get, post, put, patch, admin, alice,
machine_credential, vault_credential, machine_credential, vault_credential,
@@ -278,7 +311,7 @@ def test_create_credential_input_source_with_undefined_input_returns_400(post, a
} }
response = post(sublist_url, params, admin) response = post(sublist_url, params, admin)
assert response.status_code == 400 assert response.status_code == 400
assert response.data['input_field_name'] == ['Input field must be defined on target credential.'] assert response.data['input_field_name'] == ['Input field must be defined on target credential (options are vault_id, vault_password).']
@pytest.mark.django_db @pytest.mark.django_db