mirror of
https://github.com/ansible/awx.git
synced 2026-07-08 14:58:03 -02:30
Introduce a new CredentialTemplate model
Credentials now have a required CredentialType, which defines inputs (i.e., username, password) and injectors (i.e., assign the username to SOME_ENV_VARIABLE at job runtime) This commit only implements the model changes necessary to support the new inputs model, and includes code for the credential serializer that allows backwards-compatible support for /api/v1/credentials/; tasks.py still needs to be updated to actually respect CredentialType injectors. This change *will* break the UI for credentials (because it needs to be updated to use the new v2 endpoint). see: #5877 see: #5876 see: #5805
This commit is contained in:
@@ -824,6 +824,36 @@ class InventoryUpdateAccess(BaseAccess):
|
||||
return self.user in obj.inventory_source.inventory.admin_role
|
||||
|
||||
|
||||
class CredentialTypeAccess(BaseAccess):
|
||||
'''
|
||||
I can see credentials types when:
|
||||
- I'm authenticated
|
||||
I can create when:
|
||||
- I'm a superuser:
|
||||
I can change when:
|
||||
- I'm a superuser and the type is not "managed by Tower"
|
||||
I can change/delete when:
|
||||
- I'm a superuser and the type is not "managed by Tower"
|
||||
'''
|
||||
|
||||
model = CredentialType
|
||||
|
||||
def can_read(self, obj):
|
||||
return True
|
||||
|
||||
def can_use(self, obj):
|
||||
return True
|
||||
|
||||
def can_add(self, data):
|
||||
return self.user.is_superuser
|
||||
|
||||
def can_change(self, obj, data):
|
||||
return self.user.is_superuser and not obj.managed_by_tower
|
||||
|
||||
def can_delete(self, obj):
|
||||
return self.user.is_superuser and not obj.managed_by_tower
|
||||
|
||||
|
||||
class CredentialAccess(BaseAccess):
|
||||
'''
|
||||
I can see credentials when:
|
||||
@@ -2282,6 +2312,7 @@ register_access(Group, GroupAccess)
|
||||
register_access(InventorySource, InventorySourceAccess)
|
||||
register_access(InventoryUpdate, InventoryUpdateAccess)
|
||||
register_access(Credential, CredentialAccess)
|
||||
register_access(CredentialType, CredentialTypeAccess)
|
||||
register_access(Team, TeamAccess)
|
||||
register_access(Project, ProjectAccess)
|
||||
register_access(ProjectUpdate, ProjectUpdateAccess)
|
||||
|
||||
Reference in New Issue
Block a user