From d4afa41acba9bcf1e0e52acf788ee3cd494d0ae2 Mon Sep 17 00:00:00 2001 From: Ryan Petrello Date: Mon, 12 Jun 2017 12:26:58 -0400 Subject: [PATCH] key prompting of all credentials off of `ask_credential_on_launch` see: #6371 --- awx/api/serializers.py | 17 ++++------------ awx/main/access.py | 3 +-- .../0040_v320_add_credentialtype_model.py | 5 ----- awx/main/models/jobs.py | 6 +----- .../functional/api/test_job_runtime_params.py | 4 ++-- .../tests/functional/api/test_job_template.py | 20 ++++++++++--------- docs/custom_credential_types.md | 7 +++---- 7 files changed, 22 insertions(+), 40 deletions(-) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 119de4b44d..858cb508cc 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -2378,16 +2378,9 @@ class JobTemplateSerializer(JobTemplateMixin, UnifiedJobTemplateSerializer, JobO model = JobTemplate fields = ('*', 'host_config_key', 'ask_variables_on_launch', 'ask_limit_on_launch', 'ask_tags_on_launch', 'ask_skip_tags_on_launch', 'ask_job_type_on_launch', 'ask_verbosity_on_launch', 'ask_inventory_on_launch', - 'ask_credential_on_launch', 'ask_extra_credentials_on_launch', 'survey_enabled', 'become_enabled', + 'ask_credential_on_launch', 'survey_enabled', 'become_enabled', 'allow_simultaneous') - # TODO: remove in 3.3 - def get_fields(self): - ret = super(JobTemplateSerializer, self).get_fields() - if self.version == 1: - ret.pop('ask_extra_credentials_on_launch') - return ret - def get_related(self, obj): res = super(JobTemplateSerializer, self).get_related(obj) res.update(dict( @@ -3063,13 +3056,12 @@ class JobLaunchSerializer(BaseSerializer): 'credential', 'extra_credentials', 'ask_variables_on_launch', 'ask_tags_on_launch', 'ask_skip_tags_on_launch', 'ask_job_type_on_launch', 'ask_limit_on_launch', 'ask_verbosity_on_launch', 'ask_inventory_on_launch', 'ask_credential_on_launch', - 'ask_extra_credentials_on_launch', 'survey_enabled', 'variables_needed_to_start', - 'credential_needed_to_start', 'inventory_needed_to_start', - 'job_template_data', 'defaults', 'verbosity') + 'survey_enabled', 'variables_needed_to_start', 'credential_needed_to_start', + 'inventory_needed_to_start', 'job_template_data', 'defaults', 'verbosity') read_only_fields = ( 'ask_variables_on_launch', 'ask_limit_on_launch', 'ask_tags_on_launch', 'ask_skip_tags_on_launch', 'ask_job_type_on_launch', 'ask_verbosity_on_launch', - 'ask_inventory_on_launch', 'ask_credential_on_launch', 'ask_extra_credentials_on_launch') + 'ask_inventory_on_launch', 'ask_credential_on_launch',) extra_kwargs = { 'credential': {'write_only': True,}, 'extra_credentials': {'write_only': True, 'default': [], 'allow_empty': True}, @@ -3086,7 +3078,6 @@ class JobLaunchSerializer(BaseSerializer): ret = super(JobLaunchSerializer, self).get_fields() if self.version == 1: ret.pop('extra_credentials') - ret.pop('ask_extra_credentials_on_launch') return ret def get_credential_needed_to_start(self, obj): diff --git a/awx/main/access.py b/awx/main/access.py index 9de72fb1fc..64902d8520 100644 --- a/awx/main/access.py +++ b/awx/main/access.py @@ -1251,8 +1251,7 @@ class JobTemplateAccess(BaseAccess): 'name', 'description', 'forks', 'limit', 'verbosity', 'extra_vars', 'job_tags', 'force_handlers', 'skip_tags', 'ask_variables_on_launch', 'ask_tags_on_launch', 'ask_job_type_on_launch', 'ask_skip_tags_on_launch', - 'ask_inventory_on_launch', 'ask_credential_on_launch', - 'ask_extra_credentials_on_launch', 'survey_enabled', + 'ask_inventory_on_launch', 'ask_credential_on_launch', 'survey_enabled', # These fields are ignored, but it is convenient for QA to allow clients to post them 'last_job_run', 'created', 'modified', diff --git a/awx/main/migrations/0040_v320_add_credentialtype_model.py b/awx/main/migrations/0040_v320_add_credentialtype_model.py index 9dfef86862..226c160fbf 100644 --- a/awx/main/migrations/0040_v320_add_credentialtype_model.py +++ b/awx/main/migrations/0040_v320_add_credentialtype_model.py @@ -70,11 +70,6 @@ class Migration(migrations.Migration): name='extra_credentials', field=models.ManyToManyField(related_name='_jobtemplate_extra_credentials_+', to='main.Credential'), ), - migrations.AddField( - model_name='jobtemplate', - name='ask_extra_credentials_on_launch', - field=models.BooleanField(default=False), - ), migrations.AlterUniqueTogether( name='credential', unique_together=set([('organization', 'name', 'credential_type')]), diff --git a/awx/main/models/jobs.py b/awx/main/models/jobs.py index 32e5bffe48..78d0d44192 100644 --- a/awx/main/models/jobs.py +++ b/awx/main/models/jobs.py @@ -260,10 +260,6 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, SurveyJobTemplateMixin, Resour blank=True, default=False, ) - ask_extra_credentials_on_launch = models.BooleanField( - blank=True, - default=False, - ) admin_role = ImplicitRoleField( parent_role=['project.organization.admin_role', 'inventory.organization.admin_role'] ) @@ -365,7 +361,7 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, SurveyJobTemplateMixin, Resour verbosity=self.ask_verbosity_on_launch, inventory=self.ask_inventory_on_launch, credential=self.ask_credential_on_launch, - extra_credentials=self.ask_extra_credentials_on_launch + extra_credentials=self.ask_credential_on_launch, ) def _accept_or_ignore_job_kwargs(self, **kwargs): diff --git a/awx/main/tests/functional/api/test_job_runtime_params.py b/awx/main/tests/functional/api/test_job_runtime_params.py index 5ffdf9fc34..2941d977fd 100644 --- a/awx/main/tests/functional/api/test_job_runtime_params.py +++ b/awx/main/tests/functional/api/test_job_runtime_params.py @@ -298,7 +298,7 @@ def test_job_launch_JT_with_validation(machine_credential, deploy_jobtemplate): ([999], 'object does not exist'), ]) def test_job_launch_JT_with_invalid_extra_credentials(machine_credential, deploy_jobtemplate, pks, error_msg): - deploy_jobtemplate.ask_extra_credentials_on_launch = True + deploy_jobtemplate.ask_credential_on_launch = True deploy_jobtemplate.save() kv = dict(extra_credentials=pks, credential=machine_credential.id) @@ -337,7 +337,7 @@ def test_job_launch_JT_enforces_unique_extra_credential_kinds(machine_credential @pytest.mark.django_db def test_job_launch_JT_with_extra_credentials(machine_credential, credential, net_credential, deploy_jobtemplate): - deploy_jobtemplate.ask_extra_credentials_on_launch = True + deploy_jobtemplate.ask_credential_on_launch = True deploy_jobtemplate.save() kv = dict(extra_credentials=[credential.pk, net_credential.pk], credential=machine_credential.id) diff --git a/awx/main/tests/functional/api/test_job_template.py b/awx/main/tests/functional/api/test_job_template.py index 69ad7908cb..f18354625a 100644 --- a/awx/main/tests/functional/api/test_job_template.py +++ b/awx/main/tests/functional/api/test_job_template.py @@ -479,7 +479,7 @@ def test_launch_with_extra_credentials(get, post, organization_factory, objs = organization_factory("org", superusers=['admin']) jt = job_template_factory("jt", organization=objs.organization, inventory='test_inv', project='test_proj').job_template - jt.ask_extra_credentials_on_launch = True + jt.ask_credential_on_launch = True jt.save() resp = post( @@ -500,13 +500,14 @@ def test_launch_with_extra_credentials(get, post, organization_factory, @pytest.mark.django_db -def test_launch_with_extra_credentials_no_allowed(get, post, organization_factory, - job_template_factory, machine_credential, - credential, net_credential): +def test_launch_with_extra_credentials_not_allowed(get, post, organization_factory, + job_template_factory, machine_credential, + credential, net_credential): objs = organization_factory("org", superusers=['admin']) jt = job_template_factory("jt", organization=objs.organization, inventory='test_inv', project='test_proj').job_template - jt.ask_extra_credentials_on_launch = False + jt.credential = machine_credential + jt.ask_credential_on_launch = False jt.save() resp = post( @@ -515,8 +516,9 @@ def test_launch_with_extra_credentials_no_allowed(get, post, organization_factor credential=machine_credential.pk, extra_credentials=[credential.pk, net_credential.pk] ), - objs.superusers.admin, expect=201 + objs.superusers.admin ) + assert 'credential' in resp.data['ignored_fields'].keys() assert 'extra_credentials' in resp.data['ignored_fields'].keys() job_pk = resp.data.get('id') @@ -531,7 +533,7 @@ def test_launch_with_extra_credentials_from_jt(get, post, organization_factory, objs = organization_factory("org", superusers=['admin']) jt = job_template_factory("jt", organization=objs.organization, inventory='test_inv', project='test_proj').job_template - jt.ask_extra_credentials_on_launch = True + jt.ask_credential_on_launch = True jt.extra_credentials.add(credential) jt.extra_credentials.add(net_credential) jt.save() @@ -559,7 +561,7 @@ def test_launch_with_empty_extra_credentials(get, post, organization_factory, objs = organization_factory("org", superusers=['admin']) jt = job_template_factory("jt", organization=objs.organization, inventory='test_inv', project='test_proj').job_template - jt.ask_extra_credentials_on_launch = True + jt.ask_credential_on_launch = True jt.extra_credentials.add(credential) jt.extra_credentials.add(net_credential) jt.save() @@ -590,7 +592,7 @@ def test_v1_launch_with_extra_credentials(get, post, organization_factory, objs = organization_factory("org", superusers=['admin']) jt = job_template_factory("jt", organization=objs.organization, inventory='test_inv', project='test_proj').job_template - jt.ask_extra_credentials_on_launch = True + jt.ask_credential_on_launch = True jt.save() resp = post( diff --git a/docs/custom_credential_types.md b/docs/custom_credential_types.md index ef311d473a..6442ad5474 100644 --- a/docs/custom_credential_types.md +++ b/docs/custom_credential_types.md @@ -36,10 +36,9 @@ Important Changes Engine credential. You cannot, however, create a ``Job Template`` that uses two OpenStack credentials. -* In the same manner as "promptable SSH credentials", ``Job Templates`` can now - be flagged with ``ask_extra_credentials_on_launch = true``. When this flag - is enabled, ``extra_credentials`` for a ``Job Template`` can be specified in - the launch payload. +* In the same manner as "promptable SSH credentials", when + ``ask_credential_on_launch = true``, ``JobTemplate.extra_credentials`` can be + specified in the launch payload. * Custom inventory sources can now utilize a ``Credential``; you can store third-party credentials encrypted within Tower and use their