1
0
mirror of https://github.com/ansible/awx.git synced 2024-11-01 16:51:11 +03:00

Prevent launching ad hoc commands when license has expired.

This commit is contained in:
Chris Church 2015-05-21 14:13:13 -04:00
parent c46c58fe7a
commit 1b1d43dc59
5 changed files with 47 additions and 2 deletions

View File

@ -108,7 +108,7 @@ class ModelAccessPermission(permissions.BasePermission):
raise PermissionDenied('your account is inactive') raise PermissionDenied('your account is inactive')
# Always allow superusers (as long as they are active). # Always allow superusers (as long as they are active).
if request.user.is_superuser: if getattr(view, 'always_allow_superuser', True) and request.user.is_superuser:
return True return True
# Check if view supports the request method before checking permission # Check if view supports the request method before checking permission

View File

@ -2309,6 +2309,7 @@ class AdHocCommandList(ListCreateAPIView):
model = AdHocCommand model = AdHocCommand
serializer_class = AdHocCommandListSerializer serializer_class = AdHocCommandListSerializer
new_in_220 = True new_in_220 = True
always_allow_superuser = False
@csrf_exempt @csrf_exempt
@transaction.non_atomic_requests @transaction.non_atomic_requests

View File

@ -2,6 +2,7 @@
# All Rights Reserved. # All Rights Reserved.
# Python # Python
import os
import sys import sys
import logging import logging
@ -147,7 +148,7 @@ class BaseAccess(object):
def check_license(self, add_host=False): def check_license(self, add_host=False):
reader = TaskSerializer() reader = TaskSerializer()
validation_info = reader.from_file() validation_info = reader.from_file()
if 'test' in sys.argv or 'jenkins' in sys.argv: if ('test' in sys.argv or 'jenkins' in sys.argv) and not os.environ.get('SKIP_LICENSE_FIXUP_FOR_TEST', ''):
validation_info['free_instances'] = 99999999 validation_info['free_instances'] = 99999999
validation_info['time_remaining'] = 99999999 validation_info['time_remaining'] = 99999999
validation_info['grace_period_remaining'] = 99999999 validation_info['grace_period_remaining'] = 99999999

View File

@ -6,6 +6,7 @@ import glob
import os import os
import subprocess import subprocess
import tempfile import tempfile
import time
import mock import mock
# Django # Django
@ -569,6 +570,13 @@ class AdHocCommandApiTest(BaseAdHocCommandTest):
response = self.run_test_ad_hoc_command(become_enabled=True) response = self.run_test_ad_hoc_command(become_enabled=True)
self.assertEqual(response['become_enabled'], True) self.assertEqual(response['become_enabled'], True)
# Try to run with expired license.
self.create_expired_license_file()
with self.current_user('admin'):
self.run_test_ad_hoc_command(expect=403)
with self.current_user('normal'):
self.run_test_ad_hoc_command(expect=403)
@mock.patch('awx.main.tasks.BaseTask.run_pexpect', side_effect=run_pexpect_mock) @mock.patch('awx.main.tasks.BaseTask.run_pexpect', side_effect=run_pexpect_mock)
def test_ad_hoc_command_detail(self, ignore): def test_ad_hoc_command_detail(self, ignore):
with self.current_user('admin'): with self.current_user('admin'):
@ -748,6 +756,13 @@ class AdHocCommandApiTest(BaseAdHocCommandTest):
self.assertEqual(response['passwords_needed_to_start'], []) self.assertEqual(response['passwords_needed_to_start'], [])
response = self.post(url, {}, expect=400) response = self.post(url, {}, expect=400)
# Try to relaunch with expired license.
with self.current_user('admin'):
response = self.run_test_ad_hoc_command(inventory=self.inventory2.pk)
self.create_expired_license_file()
with self.current_user('admin'):
self.post(response['related']['relaunch'], {}, expect=403)
def test_ad_hoc_command_events_list(self): def test_ad_hoc_command_events_list(self):
# TODO: Create test events instead of relying on playbooks execution # TODO: Create test events instead of relying on playbooks execution
@ -1049,6 +1064,13 @@ class AdHocCommandApiTest(BaseAdHocCommandTest):
response = self.get(inventory_url, expect=200) response = self.get(inventory_url, expect=200)
self.assertTrue(response['can_run_ad_hoc_commands']) self.assertTrue(response['can_run_ad_hoc_commands'])
# Try to run with expired license.
self.create_expired_license_file()
with self.current_user('admin'):
self.run_test_ad_hoc_command(url=url, expect=403)
with self.current_user('normal'):
self.run_test_ad_hoc_command(url=url, expect=403)
def test_host_ad_hoc_commands_list(self): def test_host_ad_hoc_commands_list(self):
# TODO: Figure out why this test needs pexpect # TODO: Figure out why this test needs pexpect
@ -1100,6 +1122,13 @@ class AdHocCommandApiTest(BaseAdHocCommandTest):
self.patch(url, {}, expect=401) self.patch(url, {}, expect=401)
self.delete(url, expect=401) self.delete(url, expect=401)
# Try to run with expired license.
self.create_expired_license_file()
with self.current_user('admin'):
self.run_test_ad_hoc_command(url=url, expect=403)
with self.current_user('normal'):
self.run_test_ad_hoc_command(url=url, expect=403)
def test_group_ad_hoc_commands_list(self): def test_group_ad_hoc_commands_list(self):
# TODO: Figure out why this test needs pexpect # TODO: Figure out why this test needs pexpect
@ -1156,6 +1185,13 @@ class AdHocCommandApiTest(BaseAdHocCommandTest):
self.patch(url, {}, expect=401) self.patch(url, {}, expect=401)
self.delete(url, expect=401) self.delete(url, expect=401)
# Try to run with expired license.
self.create_expired_license_file()
with self.current_user('admin'):
self.run_test_ad_hoc_command(url=url, expect=403)
with self.current_user('normal'):
self.run_test_ad_hoc_command(url=url, expect=403)
def test_host_ad_hoc_command_events_list(self): def test_host_ad_hoc_command_events_list(self):
# TODO: Mock run_pexpect. Create test events instead of relying on playbooks execution # TODO: Mock run_pexpect. Create test events instead of relying on playbooks execution

View File

@ -186,6 +186,13 @@ class BaseTestMixin(QueueTestMixin, MockCommonlySlowTestMixin):
self._temp_paths.append(license_path) self._temp_paths.append(license_path)
os.environ['AWX_LICENSE_FILE'] = license_path os.environ['AWX_LICENSE_FILE'] = license_path
def create_expired_license_file(self, instance_count=1000, grace_period=False):
license_date = time.time() - 1
if not grace_period:
license_date -= 2592000
self.create_test_license_file(instance_count, license_date)
os.environ['SKIP_LICENSE_FIXUP_FOR_TEST'] = '1'
def assertElapsedLessThan(self, seconds): def assertElapsedLessThan(self, seconds):
elapsed = time.time() - self._start_time elapsed = time.time() - self._start_time
self.assertTrue(elapsed < seconds, 'elapsed time of %0.3fs is greater than %0.3fs' % (elapsed, seconds)) self.assertTrue(elapsed < seconds, 'elapsed time of %0.3fs is greater than %0.3fs' % (elapsed, seconds))