External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-28 16:28:43 -03:30
Code Issues Packages Projects Releases Wiki Activity

allow no-op case for vault_credential

Browse Source
This commit is contained in:
AlanCoding
2017-12-01 10:28:16 -05:00
parent fde5a8850d
commit dfc154ed95
2 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
awx/api/serializers.py
View File

@@ -2446,7 +2446,8 @@ class JobOptionsSerializer(LabelsListMixin, BaseSerializer):
cred = v1_credentials[attr] = Credential.objects.get(pk=pk) cred = v1_credentials[attr] = Credential.objects.get(pk=pk)
if cred.credential_type.kind != kind: if cred.credential_type.kind != kind:
raise serializers.ValidationError({attr: error}) raise serializers.ValidationError({attr: error})
if view and view.request and view.request.user not in cred.use_role: if ((not self.instance or cred.pk != getattr(self.instance, attr)) and
view and view.request and view.request.user not in cred.use_role):
raise PermissionDenied() raise PermissionDenied()
if 'project' in self.fields and 'playbook' in self.fields: if 'project' in self.fields and 'playbook' in self.fields:

22
awx/main/tests/functional/test_rbac_job_templates.py
View File

@@ -136,7 +136,7 @@ class TestJobTemplateCredentials:
job_template, credential, 'credentials', {}) job_template, credential, 'credentials', {})
def test_job_template_vault_cred_check(self, mocker, job_template, vault_credential, rando, project): def test_job_template_vault_cred_check(self, mocker, job_template, vault_credential, rando, project):
# TODO: remove in 3.3 # TODO: remove in 3.4
job_template.admin_role.members.add(rando) job_template.admin_role.members.add(rando)
# not allowed to use the vault cred # not allowed to use the vault cred
# this is checked in the serializer validate method, not access.py # this is checked in the serializer validate method, not access.py
@@ -151,9 +151,27 @@ class TestJobTemplateCredentials:
'ask_inventory_on_launch': True, 'ask_inventory_on_launch': True,
}) })
def test_job_template_vault_cred_check_noop(self, mocker, job_template, vault_credential, rando, project):
# TODO: remove in 3.4
job_template.credentials.add(vault_credential)
job_template.admin_role.members.add(rando)
# not allowed to use the vault cred
# this is checked in the serializer validate method, not access.py
view = mocker.MagicMock()
view.request = mocker.MagicMock()
view.request.user = rando
serializer = JobTemplateSerializer(job_template, context={'view': view})
# should not raise error:
serializer.validate({
'vault_credential': vault_credential.pk,
'project': project, # necessary because job_template fixture fails validation
'playbook': 'helloworld.yml',
'ask_inventory_on_launch': True,
})
def test_new_jt_with_vault(self, mocker, vault_credential, project, rando): def test_new_jt_with_vault(self, mocker, vault_credential, project, rando):
project.admin_role.members.add(rando) project.admin_role.members.add(rando)
# TODO: remove in 3.3 # TODO: remove in 3.4
# this is checked in the serializer validate method, not access.py # this is checked in the serializer validate method, not access.py
view = mocker.MagicMock() view = mocker.MagicMock()
view.request = mocker.MagicMock() view.request = mocker.MagicMock()