1
0
mirror of https://github.com/ansible/awx.git synced 2024-11-01 08:21:15 +03:00

Merge pull request #5095 from jakemcdermott/fix-3882-cred-test-perms

Allow some non-superusers to test credential plugins

Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
This commit is contained in:
softwarefactory-project-zuul[bot] 2019-12-03 19:56:44 +00:00 committed by GitHub
commit 0362c88e48
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 37 additions and 8 deletions

View File

@ -1385,6 +1385,7 @@ class CredentialExternalTest(SubDetailAPIView):
model = models.Credential model = models.Credential
serializer_class = serializers.EmptySerializer serializer_class = serializers.EmptySerializer
obj_permission_type = 'use'
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
obj = self.get_object() obj = self.get_object()

View File

@ -1439,3 +1439,15 @@ def test_create_credential_with_invalid_url_xfail(post, organization, admin, url
assert response.status_code == status assert response.status_code == status
if status != 201: if status != 201:
assert response.data['inputs']['server_url'] == [msg] assert response.data['inputs']['server_url'] == [msg]
@pytest.mark.django_db
def test_external_credential_rbac_test_endpoint(post, alice, external_credential):
url = reverse('api:credential_external_test', kwargs={'pk': external_credential.pk})
data = {'metadata': {'key': 'some_key'}}
external_credential.read_role.members.add(alice)
assert post(url, data, alice).status_code == 403
external_credential.use_role.members.add(alice)
assert post(url, data, alice).status_code == 202

View File

@ -481,3 +481,12 @@ def test_create_with_undefined_template_variable_xfail(post, admin):
}, admin) }, admin)
assert response.status_code == 400 assert response.status_code == 400
assert "'api_tolkien' is undefined" in json.dumps(response.data) assert "'api_tolkien' is undefined" in json.dumps(response.data)
@pytest.mark.django_db
def test_credential_type_rbac_external_test(post, alice, admin, credentialtype_external):
# only admins may use the credential type test endpoint
url = reverse('api:credential_type_external_test', kwargs={'pk': credentialtype_external.pk})
data = {'inputs': {}, 'metadata': {}}
assert post(url, data, admin).status_code == 202
assert post(url, data, alice).status_code == 403

View File

@ -280,6 +280,13 @@ def credentialtype_external():
}], }],
'required': ['url', 'token', 'key'], 'required': ['url', 'token', 'key'],
} }
class MockPlugin(object):
def backend(self, **kwargs):
return 'secret'
with mock.patch('awx.main.models.credential.CredentialType.plugin', new_callable=PropertyMock) as mock_plugin:
mock_plugin.return_value = MockPlugin()
external_type = CredentialType( external_type = CredentialType(
kind='external', kind='external',
managed_by_tower=True, managed_by_tower=True,
@ -287,7 +294,7 @@ def credentialtype_external():
inputs=external_type_inputs inputs=external_type_inputs
) )
external_type.save() external_type.save()
return external_type yield external_type
@pytest.fixture @pytest.fixture