Updated blacklist/rules for environment variables that can be set by source_vars for a custom inventory script. Fixes https://trello.com/c/CWbeHJ0L

2026-05-11 19:37:38 -02:30 · 2014-12-03 00:45:46 -05:00
parent 21385d1315
commit ba652b5dd3
3 changed files with 5 additions and 3 deletions
--- a/awx/main/tests/inventory.py
+++ b/awx/main/tests/inventory.py
@@ -1756,7 +1756,9 @@ class InventoryUpdatesTest(BaseTransactionTest):
        custom_inv_update = reverse('api:inventory_source_update_view',
                                    args=(custom_group.inventory_source.pk,))
        inv_src_opts = {'source': 'custom',
-                        'source_script': script_data["id"]}
+                        'source_script': script_data["id"],
+                        'source_vars': json.dumps({'HOME': 'no-place-like', 'USER': 'notme', '_': 'nope', 'INVENTORY_SOURCE_ID': -1})
+                        }
        with self.current_user(self.super_django_user):
            response = self.put(custom_inv_src, inv_src_opts, expect=200)
        self.check_inventory_source(custom_group.inventory_source)