From e243c8319ddfa5016a79d359175094894382f7b1 Mon Sep 17 00:00:00 2001
From: Wayne Witzel III <wayne@riotousliving.com>
Date: Fri, 10 Jun 2016 13:33:23 -0400
Subject: [PATCH] fix tests with refreshes

---
 awx/api/urls.py                               |  1 -
 awx/main/migrations/_rbac.py                  | 40 ++++---------------
 .../tests/functional/test_rbac_credential.py  |  8 ++++
 3 files changed, 16 insertions(+), 33 deletions(-)

diff --git a/awx/api/urls.py b/awx/api/urls.py
index 28f7f8744a..e22bc61e63 100644
--- a/awx/api/urls.py
+++ b/awx/api/urls.py
@@ -168,7 +168,6 @@ credential_urls = patterns('awx.api.views',
     url(r'^(?P<pk>[0-9]+)/object_roles/$',              'credential_object_roles_list'),
     url(r'^(?P<pk>[0-9]+)/owner/users/$',               'credential_owner_users_list'),
     url(r'^(?P<pk>[0-9]+)/owner/teams/$',               'credential_owner_teams_list'),
-    url(r'^(?P<pk>[0-9]+)/organization/$',               'credential_owner_teams_list'),
     # See also credentials resources on users/teams.
 )
 
diff --git a/awx/main/migrations/_rbac.py b/awx/main/migrations/_rbac.py
index 34f57ed773..0b3c3ccc37 100644
--- a/awx/main/migrations/_rbac.py
+++ b/awx/main/migrations/_rbac.py
@@ -126,7 +126,7 @@ def _update_credential_parents(org, cred):
     cred.organization = org
     cred.save()
 
-def _discover_credentials(apps, instances, cred, orgfunc):
+def _discover_credentials(instances, cred, orgfunc):
     '''_discover_credentials will find shared credentials across
     organizations. If a shared credential is found, it will duplicate
     the credential, ensure the proper role permissions are added to the new
@@ -139,8 +139,6 @@ def _discover_credentials(apps, instances, cred, orgfunc):
     orgfunc is a function that when called with an instance from instances
     will produce an Organization object.
     '''
-    Credential = apps.get_model('main', "Credential")
-
     orgs = defaultdict(list)
     for inst in instances:
         try:
@@ -163,38 +161,16 @@ def _discover_credentials(apps, instances, cred, orgfunc):
                 _update_credential_parents(org, cred)
             else:
                 # Create a new credential
-                new_cred = Credential.objects.create(
-                    kind = cred.kind,
-                    cloud = cred.cloud,
-                    host = cred.host,
-                    username = cred.username,
-                    password = cred.password,
-                    security_token = cred.security_token,
-                    project = cred.project,
-                    domain = cred.domain,
-                    ssh_key_data = cred.ssh_key_data,
-                    ssh_key_unlock = cred.ssh_key_unlock,
-                    become_method = cred.become_method,
-                    become_username = cred.become_username,
-                    become_password = cred.become_password,
-                    vault_password = cred.vault_password,
-                    authorize = cred.authorize,
-                    authorize_password = cred.authorize_password,
-                    client = cred.client,
-                    secret = cred.secret,
-                    subscription = cred.subscription,
-                    tenant = cred.tenant,
-                    created = cred.created,
-                    modified = cred.modified,
-                    created_by_id = cred.created_by_id,
-                    modified_by_id = cred.modified_by_id,
-                )
+                cred.pk = None
+                cred.save()
+
+                cred.owner_role, cred.use_role, cred.organization = None, None, None
 
                 for i in orgs[org]:
-                    i.credential = new_cred
+                    i.credential = cred
                     i.save()
 
-                _update_credential_parents(org, new_cred)
+                _update_credential_parents(org, cred)
 
 @log_migration
 def migrate_credential(apps, schema_editor):
@@ -210,7 +186,7 @@ def migrate_credential(apps, schema_editor):
             if len(results) == 1:
                 _update_credential_parents(results[0].inventory.organization, cred)
             else:
-                _discover_credentials(apps, results, cred, attrfunc('inventory.organization'))
+                _discover_credentials(results, cred, attrfunc('inventory.organization'))
             logger.info(smart_text(u"added Credential(name={}, kind={}, host={}) at organization level".format(cred.name, cred.kind, cred.host)))
 
         projs = Project.objects.filter(credential=cred).all()
diff --git a/awx/main/tests/functional/test_rbac_credential.py b/awx/main/tests/functional/test_rbac_credential.py
index 75bcffecb6..a42c5b489d 100644
--- a/awx/main/tests/functional/test_rbac_credential.py
+++ b/awx/main/tests/functional/test_rbac_credential.py
@@ -118,6 +118,9 @@ def test_cred_job_template(user, team, deploy_jobtemplate):
 
     access = CredentialAccess(a)
     rbac.migrate_credential(apps, None)
+
+    cred.refresh_from_db()
+
     assert access.can_change(cred, {'organization': org.pk})
 
     org.admin_role.members.remove(a)
@@ -135,6 +138,8 @@ def test_cred_multi_job_template_single_org_xfail(user, deploy_jobtemplate):
 
     access = CredentialAccess(a)
     rbac.migrate_credential(apps, None)
+    cred.refresh_from_db()
+
     assert not access.can_change(cred, {'organization': org.pk})
 
 @pytest.mark.django_db
@@ -149,6 +154,8 @@ def test_cred_multi_job_template_single_org(user, team, deploy_jobtemplate):
 
     access = CredentialAccess(a)
     rbac.migrate_credential(apps, None)
+    cred.refresh_from_db()
+
     assert access.can_change(cred, {'organization': org.pk})
 
     org.admin_role.members.remove(a)
@@ -180,6 +187,7 @@ def test_single_cred_multi_job_template_multi_org(user, organizations, credentia
 
     for jt in jts:
         jt.refresh_from_db()
+    credential.refresh_from_db()
 
     assert jts[0].credential != jts[1].credential
     assert access.can_change(jts[0].credential, {'organization': org.pk})