External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-21 13:10:11 -03:30
Code Issues Packages Projects Releases Wiki Activity

Prevent modifying peers on managed node

Browse Source 
Add validation to prevent any managed node
from modifying "peers" through the API

Peering from these nodes should be handled
by setting peers_from_control_nodes only.

Managed nodes are control nodes and
ingress hop nodes.

Signed-off-by: Seth Foster <fosterbseth@gmail.com>
This commit is contained in:
Seth Foster
2024-01-23 15:50:16 -05:00
committed by Seth Foster
parent b093c89a84
commit c333d0e82f
2 changed files with 6 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
awx/api/serializers.py
View File

@@ -5680,13 +5680,11 @@ class InstanceSerializer(BaseSerializer):
if not self.instance and not settings.IS_K8S:
raise serializers.ValidationError(_("Can only create instances on Kubernetes or OpenShift."))
node_type = get_field_from_model_or_attrs("node_type")
managed = get_field_from_model_or_attrs("managed")
if node_type in [Instance.Types.CONTROL, Instance.Types.HYBRID]:
if managed:
if check_peers_changed():
raise serializers.ValidationError(
_("Setting peers manually for control nodes is not allowed. Enable peers_from_control_nodes on the hop and execution nodes instead.")
)
raise serializers.ValidationError(_("Setting peers manually for managed nodes is not allowed."))
if not settings.IS_K8S:
if check_peers_changed():