def test_clean_credential_insights(): proj = Project(name="myproj", credential=None, scm_type='insights') with pytest.raises(ValidationError) as e: proj.clean_credential() assert json.dumps(str(e.value)) == json.dumps( str([u'Insights Credential is required for an Insights Project.']))
def _mk_project_update(created=None): kwargs = {} if created: kwargs['created'] = created project = Project() project.save() return ProjectUpdate(project=project, **kwargs)
def handle(self, *args, **kwargs): changed = False # Create a default organization as the first superuser found. try: superuser = User.objects.filter(is_superuser=True).order_by('pk')[0] except IndexError: superuser = None with impersonate(superuser): with disable_computed_fields(): if not Organization.objects.exists(): o = Organization.objects.create(name='Default') p = Project( name='Demo Project', scm_type='git', scm_url='https://github.com/ansible/ansible-tower-samples', scm_update_on_launch=True, scm_update_cache_timeout=0, organization=o, ) p.save(skip_update=True) ssh_type = CredentialType.objects.filter(namespace='ssh').first() c = Credential.objects.create( credential_type=ssh_type, name='Demo Credential', inputs={'username': superuser.username}, created_by=superuser ) c.admin_role.members.add(superuser) public_galaxy_credential = Credential( name='Ansible Galaxy', managed_by_tower=True, credential_type=CredentialType.objects.get(kind='galaxy'), inputs={'url': 'https://galaxy.ansible.com/'}, ) public_galaxy_credential.save() o.galaxy_credentials.add(public_galaxy_credential) i = Inventory.objects.create(name='Demo Inventory', organization=o, created_by=superuser) Host.objects.create( name='localhost', inventory=i, variables="ansible_connection: local\nansible_python_interpreter: '{{ ansible_playbook_python }}'", created_by=superuser, ) jt = JobTemplate.objects.create(name='Demo Job Template', playbook='hello_world.yml', project=p, inventory=i) jt.credentials.add(c) print('Default organization added.') print('Demo Credential, Inventory, and Job Template added.') changed = True if changed: print('(changed: True)') else: print('(changed: False)')
def mk_project(name, organization=None, description=None, persisted=True): description = description or '{}-description'.format(name) project = Project(name=name, description=description, playbook_files=['helloworld.yml', 'alt-helloworld.yml']) if organization is not None: project.organization = organization if persisted: project.save() return project
def test_team_accessible_objects(team, user, project): u = user('team_member', False) team.member_role.children.add(project.use_role) assert len(Project.accessible_objects(team, 'read_role')) == 1 assert not Project.accessible_objects(u, 'read_role') team.member_role.members.add(u) assert len(Project.accessible_objects(u, 'read_role')) == 1
def test_project_delete(delete, organization, admin_user): proj = Project(name='foo', organization=organization) proj.save() delete( reverse( 'api:project_detail', kwargs={ 'pk': proj.id, }, ), admin_user, )
def job(container_group): return Job(pk=1, id=1, project=Project(), instance_group=container_group, inventory=Inventory(), job_template=JobTemplate(id=1, name='foo'))
def job_template_with_ids(job_template_factory): # Create non-persisted objects with IDs to send to job_template_factory ssh_type = CredentialType(kind='ssh') credential = Credential(id=1, pk=1, name='testcred', credential_type=ssh_type) net_type = CredentialType(kind='net') net_cred = Credential(id=2, pk=2, name='testnetcred', credential_type=net_type) cloud_type = CredentialType(kind='aws') cloud_cred = Credential(id=3, pk=3, name='testcloudcred', credential_type=cloud_type) inv = Inventory(id=11, pk=11, name='testinv') proj = Project(id=14, pk=14, name='testproj') jt_objects = job_template_factory('testJT', project=proj, inventory=inv, credential=credential, cloud_credential=cloud_cred, network_credential=net_cred, persisted=False) return jt_objects.job_template
def get_serializer_context(self, *args, **kwargs): full_context = super(OrganizationDetail, self).get_serializer_context(*args, **kwargs) if not hasattr(self, 'kwargs') or 'pk' not in self.kwargs: return full_context org_id = int(self.kwargs['pk']) org_counts = {} access_kwargs = { 'accessor': self.request.user, 'role_field': 'read_role' } direct_counts = Organization.objects.filter(id=org_id).annotate( users=Count('member_role__members', distinct=True), admins=Count('admin_role__members', distinct=True)).values('users', 'admins') if not direct_counts: return full_context org_counts = direct_counts[0] org_counts['inventories'] = Inventory.accessible_objects( **access_kwargs).filter(organization__id=org_id).count() org_counts['teams'] = Team.accessible_objects(**access_kwargs).filter( organization__id=org_id).count() org_counts['projects'] = Project.accessible_objects( **access_kwargs).filter(organization__id=org_id).count() org_counts['job_templates'] = JobTemplate.accessible_objects( **access_kwargs).filter(organization__id=org_id).count() full_context['related_field_counts'] = {} full_context['related_field_counts'][org_id] = org_counts return full_context
def handle(self, *args, **kwargs): # Sanity check: Is there already an organization in the system? if Organization.objects.count(): print('An organization is already in the system, exiting.') print('(changed: False)') return # Create a default organization as the first superuser found. try: superuser = User.objects.filter( is_superuser=True).order_by('pk')[0] except IndexError: superuser = None with impersonate(superuser): with disable_computed_fields(): o = Organization.objects.create(name='Default') p = Project( name='Demo Project', scm_type='git', scm_url='https://github.com/ansible/ansible-tower-samples', scm_branch='master', scm_update_on_launch=True, scm_update_cache_timeout=0, organization=o) p.save(skip_update=True) ssh_type = CredentialType.from_v1_kind('ssh') c = Credential.objects.create( credential_type=ssh_type, name='Demo Credential', inputs={'username': superuser.username}, created_by=superuser) c.admin_role.members.add(superuser) i = Inventory.objects.create(name='Demo Inventory', organization=o, created_by=superuser) Host.objects.create(name='localhost', inventory=i, variables="ansible_connection: local", created_by=superuser) jt = JobTemplate.objects.create(name='Demo Job Template', playbook='hello_world.yml', project=p, inventory=i) jt.credentials.add(c) print('Default organization added.') print('Demo Credential, Inventory, and Job Template added.') print('(changed: True)')
def jt(self, survey_spec_factory): return JobTemplate( name='fake-jt', survey_enabled=True, survey_spec=survey_spec_factory(variables='var1', default_type='password'), project=Project('fake-proj'), project_id=42, inventory=Inventory('fake-inv'), inventory_id=42 )
def test_org_admin_team_access(organization, team, user, project): u = user('team_admin', False) organization.admin_role.members.add(u) team.organization = organization team.save() team.member_role.children.add(project.use_role) assert len(Project.accessible_objects(u, 'use_role')) == 1
def get(self, request, format=None): '''Return various sitewide configuration settings''' if request.user.is_superuser or request.user.is_system_auditor: license_data = get_license(show_key=True) else: license_data = get_license(show_key=False) if not license_data.get('valid_key', False): license_data = {} if license_data and 'features' in license_data and 'activity_streams' in license_data[ 'features']: # FIXME: Make the final setting value dependent on the feature? license_data['features'][ 'activity_streams'] &= settings.ACTIVITY_STREAM_ENABLED pendo_state = settings.PENDO_TRACKING_STATE if settings.PENDO_TRACKING_STATE in ( 'off', 'anonymous', 'detailed') else 'off' data = dict( time_zone=settings.TIME_ZONE, license_info=license_data, version=get_awx_version(), ansible_version=get_ansible_version(), eula=render_to_string("eula.md") if license_data.get('license_type', 'UNLICENSED') != 'open' else '', analytics_status=pendo_state, analytics_collectors=all_collectors(), become_methods=PRIVILEGE_ESCALATION_METHODS, ) # If LDAP is enabled, user_ldap_fields will return a list of field # names that are managed by LDAP and should be read-only for users with # a non-empty ldap_dn attribute. if getattr(settings, 'AUTH_LDAP_SERVER_URI', None): user_ldap_fields = ['username', 'password'] user_ldap_fields.extend( getattr(settings, 'AUTH_LDAP_USER_ATTR_MAP', {}).keys()) user_ldap_fields.extend( getattr(settings, 'AUTH_LDAP_USER_FLAGS_BY_GROUP', {}).keys()) data['user_ldap_fields'] = user_ldap_fields if request.user.is_superuser \ or request.user.is_system_auditor \ or Organization.accessible_objects(request.user, 'admin_role').exists() \ or Organization.accessible_objects(request.user, 'auditor_role').exists() \ or Organization.accessible_objects(request.user, 'project_admin_role').exists(): data.update( dict(project_base_dir=settings.PROJECTS_ROOT, project_local_paths=Project.get_local_path_choices(), custom_virtualenvs=get_custom_venv_choices())) elif JobTemplate.accessible_objects(request.user, 'admin_role').exists(): data['custom_virtualenvs'] = get_custom_venv_choices() return Response(data)
def test_jt_extra_vars_counting(self, provided_vars, valid): jt = JobTemplate(name='foo', extra_vars={'tmpl_var': 'bar'}, project=Project(), project_id=42, playbook='helloworld.yml', inventory=Inventory(), inventory_id=42) prompted_fields, ignored_fields, errors = jt._accept_or_ignore_job_kwargs( extra_vars=provided_vars) self.process_vars_and_assert(jt, provided_vars, valid)
def test_project_update_metavars(self): data = Job(name='fake-job', pk=40, id=40, launch_type='manual', project=Project(name='jobs-sync', scm_revision='12345444'), job_template=JobTemplate(name='jobs-jt', id=92, pk=92)).awx_meta_vars() assert data['awx_project_revision'] == '12345444' assert 'tower_job_template_id' in data assert data['tower_job_template_id'] == 92 assert data['tower_job_template_name'] == 'jobs-jt'
def test_multiple(scm_type): expected = { 'manual': 0, 'git': 0, 'svn': 0, 'hg': 0, 'insights': 0 } for i in range(random.randint(0, 10)): Project(scm_type=scm_type).save() expected[scm_type or 'manual'] += 1 assert collectors.projects_by_scm_type(None) == expected
def test_project_update_metavars(self): data = Job( name='fake-job', pk=40, id=40, launch_type='manual', project=Project(name='jobs-sync', scm_revision='12345444'), job_template=JobTemplate(name='jobs-jt', id=92, pk=92), ).awx_meta_vars() for name in JOB_VARIABLE_PREFIXES: assert data['{}_project_revision'.format(name)] == '12345444' assert '{}_job_template_id'.format(name) in data assert data['{}_job_template_id'.format(name)] == 92 assert data['{}_job_template_name'.format(name)] == 'jobs-jt'
cred = Credential.objects.all()[:1].get() assert cred.inputs['username'] == 'joe' assert 'password' not in cred.inputs @pytest.mark.django_db @pytest.mark.parametrize( 'relation, related_obj', [ ['ad_hoc_commands', AdHocCommand()], ['unifiedjobs', Job()], ['unifiedjobtemplates', JobTemplate()], ['unifiedjobtemplates', InventorySource(source='ec2')], ['projects', Project()], ['workflowjobnodes', WorkflowJobNode()], ], ) def test_credential_type_mutability(patch, organization, admin, credentialtype_ssh, credentialtype_aws, relation, related_obj): cred = Credential(credential_type=credentialtype_ssh, name='Best credential ever', organization=organization, inputs={ 'username': u'jim', 'password': u'pass' }) cred.save()
def test_team_admin_member_access(team, user, project): u = user('team_admin', False) team.member_role.children.add(project.use_role) team.admin_role.members.add(u) assert len(Project.accessible_objects(u, 'use_role')) == 1
def project(organization): p = Project(name='unit-test-proj', organization=organization) apply_fake_roles(p) return p
def project_unit(): return Project(name='example-proj')
def handle(self, *args, **kwargs): changed = False # Create a default organization as the first superuser found. try: superuser = User.objects.filter( is_superuser=True).order_by('pk')[0] except IndexError: superuser = None with impersonate(superuser): with disable_computed_fields(): if not Organization.objects.exists(): o, _ = Organization.objects.get_or_create(name='Default') # Avoid calling directly the get_or_create() to bypass project update p = Project.objects.filter(name='Demo Project', scm_type='git').first() if not p: p = Project( name='Demo Project', scm_type='git', scm_url= 'https://github.com/ansible/ansible-tower-samples', scm_update_cache_timeout=0, status='successful', scm_revision= '347e44fea036c94d5f60e544de006453ee5c71ad', playbook_files=['hello_world.yml'], ) p.organization = o p.save(skip_update=True) ssh_type = CredentialType.objects.filter( namespace='ssh').first() c, _ = Credential.objects.get_or_create( credential_type=ssh_type, name='Demo Credential', inputs={'username': superuser.username}, created_by=superuser) c.admin_role.members.add(superuser) public_galaxy_credential, _ = Credential.objects.get_or_create( name='Ansible Galaxy', managed=True, credential_type=CredentialType.objects.get( kind='galaxy'), inputs={'url': 'https://galaxy.ansible.com/'}, ) o.galaxy_credentials.add(public_galaxy_credential) i, _ = Inventory.objects.get_or_create( name='Demo Inventory', organization=o, created_by=superuser) Host.objects.get_or_create( name='localhost', inventory=i, variables= "ansible_connection: local\nansible_python_interpreter: '{{ ansible_playbook_python }}'", created_by=superuser, ) jt = JobTemplate.objects.filter( name='Demo Job Template').first() if jt: jt.project = p jt.inventory = i jt.playbook = 'hello_world.yml' jt.save() else: jt, _ = JobTemplate.objects.get_or_create( name='Demo Job Template', playbook='hello_world.yml', project=p, inventory=i) jt.credentials.add(c) print('Default organization added.') print( 'Demo Credential, Inventory, and Job Template added.') changed = True if changed: print('(changed: True)') else: print('(changed: False)')
def test_project_unique_together_with_org(organization): proj1 = Project(name='foo', organization=organization) proj1.save() proj2 = Project(name='foo', organization=organization) with pytest.raises(ValidationError): proj2.validate_unique() proj2 = Project(name='foo', organization=None) proj2.validate_unique()
def _mk_project_update(): project = Project() project.save() return ProjectUpdate(project=project)