External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-17 22:37:41 -02:30
Code Issues Packages Projects Releases Wiki Activity

Fixup API and old tests for credential access

Browse Source
This commit is contained in:
Wayne Witzel III
2016-03-24 11:50:27 -04:00
parent 20aa8c02d1
commit c4c2d08042
2 changed files with 44 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
awx/api/views.py
View File

@@ -811,11 +811,11 @@ class TeamActivityStreamList(SubListAPIView):
def get_queryset(self): def get_queryset(self):
parent = self.get_parent_object() parent = self.get_parent_object()
self.check_parent_access(parent) self.check_parent_access(parent)
qs = self.request.user.get_queryset(self.model) qs = self.request.user.get_queryset(self.model)
return qs.filter(Q(team=parent) | return qs.filter(Q(team=parent) |
Q(project__in=parent.projects.all()) | Q(project__in=Project.accessible_objects(parent, {'read':True})) |
Q(credential__in=parent.credentials.all()) | Q(credential__in=Credential.accessible_objects(parent, {'read':True})))
Q(permission__in=parent.permissions.all()))
class TeamAccessList(ResourceAccessList): class TeamAccessList(ResourceAccessList):

56
awx/main/tests/job_base.py
View File

@@ -264,17 +264,21 @@ class BaseJobTestMixin(BaseTestMixin):
from awx.main.tests.data.ssh import (TEST_SSH_KEY_DATA, from awx.main.tests.data.ssh import (TEST_SSH_KEY_DATA,
TEST_SSH_KEY_DATA_LOCKED, TEST_SSH_KEY_DATA_LOCKED,
TEST_SSH_KEY_DATA_UNLOCK) TEST_SSH_KEY_DATA_UNLOCK)
self.cred_sue = self.user_sue.credentials.create( self.cred_sue = Credential.objects.create(
username='sue', username='sue',
password=TEST_SSH_KEY_DATA, password=TEST_SSH_KEY_DATA,
created_by=self.user_sue, created_by=self.user_sue,
) )
self.cred_sue_ask = self.user_sue.credentials.create( self.cred_sue.owner_role.members.add(self.user_sue)
self.cred_sue_ask = Credential.objects.create(
username='sue', username='sue',
password='ASK', password='ASK',
created_by=self.user_sue, created_by=self.user_sue,
) )
self.cred_sue_ask_many = self.user_sue.credentials.create( self.cred_sue_ask.owner_role.members.add(self.user_sue)
self.cred_sue_ask_many = Credential.objects.create(
username='sue', username='sue',
password='ASK', password='ASK',
become_method='sudo', become_method='sudo',
@@ -284,23 +288,31 @@ class BaseJobTestMixin(BaseTestMixin):
ssh_key_unlock='ASK', ssh_key_unlock='ASK',
created_by=self.user_sue, created_by=self.user_sue,
) )
self.cred_bob = self.user_bob.credentials.create( self.cred_sue_ask_many.owner_role.members.add(self.user_sue)
self.cred_bob = Credential.objects.create(
username='bob', username='bob',
password='ASK', password='ASK',
created_by=self.user_sue, created_by=self.user_sue,
) )
self.cred_chuck = self.user_chuck.credentials.create( self.cred_bob.usage_role.members.add(self.user_bob)
self.cred_chuck = Credential.objects.create(
username='chuck', username='chuck',
ssh_key_data=TEST_SSH_KEY_DATA, ssh_key_data=TEST_SSH_KEY_DATA,
created_by=self.user_sue, created_by=self.user_sue,
) )
self.cred_doug = self.user_doug.credentials.create( self.cred_chuck.usage_role.members.add(self.user_chuck)
self.cred_doug = Credential.objects.create(
username='doug', username='doug',
password='doug doesn\'t mind his password being saved. this ' password='doug doesn\'t mind his password being saved. this '
'is why we dont\'t let doug actually run jobs.', 'is why we dont\'t let doug actually run jobs.',
created_by=self.user_sue, created_by=self.user_sue,
) )
self.cred_eve = self.user_eve.credentials.create( self.cred_doug.usage_role.members.add(self.user_doug)
self.cred_eve = Credential.objects.create(
username='eve', username='eve',
password='ASK', password='ASK',
become_method='sudo', become_method='sudo',
@@ -308,40 +320,52 @@ class BaseJobTestMixin(BaseTestMixin):
become_password='ASK', become_password='ASK',
created_by=self.user_sue, created_by=self.user_sue,
) )
self.cred_frank = self.user_frank.credentials.create( self.cred_eve.usage_role.members.add(self.user_eve)
self.cred_frank = Credential.objects.create(
username='frank', username='frank',
password='fr@nk the t@nk', password='fr@nk the t@nk',
created_by=self.user_sue, created_by=self.user_sue,
) )
self.cred_greg = self.user_greg.credentials.create( self.cred_frank.usage_role.members.add(self.user_frank)
self.cred_greg = Credential.objects.create(
username='greg', username='greg',
ssh_key_data=TEST_SSH_KEY_DATA_LOCKED, ssh_key_data=TEST_SSH_KEY_DATA_LOCKED,
ssh_key_unlock='ASK', ssh_key_unlock='ASK',
created_by=self.user_sue, created_by=self.user_sue,
) )
self.cred_holly = self.user_holly.credentials.create( self.cred_greg.usage_role.members.add(self.user_greg)
self.cred_holly = Credential.objects.create(
username='holly', username='holly',
password='holly rocks', password='holly rocks',
created_by=self.user_sue, created_by=self.user_sue,
) )
self.cred_iris = self.user_iris.credentials.create( self.cred_holly.usage_role.memebers.add(self.user_holly)
self.cred_iris = Credential.objects.create(
username='iris', username='iris',
password='ASK', password='ASK',
created_by=self.user_sue, created_by=self.user_sue,
) )
self.cred_iris.usage_role.members.add(self.user_iris)
# Each operations team also has shared credentials they can use. # Each operations team also has shared credentials they can use.
self.cred_ops_east = self.team_ops_east.credentials.create( self.cred_ops_east = Credential.objects.create(
username='east', username='east',
ssh_key_data=TEST_SSH_KEY_DATA_LOCKED, ssh_key_data=TEST_SSH_KEY_DATA_LOCKED,
ssh_key_unlock=TEST_SSH_KEY_DATA_UNLOCK, ssh_key_unlock=TEST_SSH_KEY_DATA_UNLOCK,
created_by = self.user_sue, created_by = self.user_sue,
) )
self.cred_ops_west = self.team_ops_west.credentials.create( self.team_ops_east.member_role.children.add(self.cred_ops_east.usage_role)
self.cred_ops_west = Credential.objects.create(
username='west', username='west',
password='Heading270', password='Heading270',
created_by = self.user_sue, created_by = self.user_sue,
) )
self.team_ops_west.member_role.children.add(self.cred_ops_west.usage_role)
# FIXME: This code can be removed (probably) # FIXME: This code can be removed (probably)
@@ -355,17 +379,19 @@ class BaseJobTestMixin(BaseTestMixin):
# created_by = self.user_sue, # created_by = self.user_sue,
#) #)
self.cred_ops_north = self.team_ops_north.credentials.create( self.cred_ops_north = Credential.objects.create(
username='north', username='north',
password='Heading0', password='Heading0',
created_by = self.user_sue, created_by = self.user_sue,
) )
self.team_ops_north.member_role.children.add(self.cred_ops_north.usage_role)
self.cred_ops_test = self.team_ops_testers.credentials.create( self.cred_ops_test = Credential.objects.create(
username='testers', username='testers',
password='HeadingNone', password='HeadingNone',
created_by = self.user_sue, created_by = self.user_sue,
) )
self.team_ops_testers.member_role.children(self.cred_ops_test.usage_role)
self.ops_east_permission = Permission.objects.create( self.ops_east_permission = Permission.objects.create(
inventory = self.inv_ops_east, inventory = self.inv_ops_east,