Updated blacklist/rules for environment variables that can be set by source_vars for a custom inventory script. Fixes https://trello.com/c/CWbeHJ0L

awx/main/tasks.py

@@ -1062,7 +1062,7 @@ class RunInventoryUpdate(BaseTask):
             pass
         elif inventory_update.source == 'custom':
             for env_k in inventory_update.source_vars_dict:
-                if str(env_k) not in os.environ and str(env_k) not in settings.INV_ENV_VARIABLE_BLACKLIST:
+                if str(env_k) not in env and str(env_k) not in settings.INV_ENV_VARIABLE_BLACKLIST:
                     env[str(env_k)] = unicode(inventory_update.source_vars_dict[env_k])
         return env
 

awx/main/tests/inventory.py

@@ -1756,7 +1756,9 @@ class InventoryUpdatesTest(BaseTransactionTest):
         custom_inv_update = reverse('api:inventory_source_update_view',
                                     args=(custom_group.inventory_source.pk,))
         inv_src_opts = {'source': 'custom',
-                        'source_script': script_data["id"]}
+                        'source_script': script_data["id"],
+                        'source_vars': json.dumps({'HOME': 'no-place-like', 'USER': 'notme', '_': 'nope', 'INVENTORY_SOURCE_ID': -1})
+                        }
         with self.current_user(self.super_django_user):
             response = self.put(custom_inv_src, inv_src_opts, expect=200)
         self.check_inventory_source(custom_group.inventory_source)

awx/settings/defaults.py

@@ -351,7 +351,7 @@ RAX_GROUP_FILTER = r'^(?!instance-.+).+$'
 RAX_HOST_FILTER = r'^.+$'
 RAX_EXCLUDE_EMPTY_GROUPS = True
 
-INV_ENV_VARIABLE_BLACKLIST = ("HOME", "_")
+INV_ENV_VARIABLE_BLACKLIST = ("HOME", "USER", "_")
 
 # ----------------
 # -- Amazon EC2 --