mirror of
https://github.com/ansible/awx.git
synced 2024-10-31 06:51:10 +03:00
validate against unencrypted values at spawn point
This commit is contained in:
parent
74bf058d62
commit
1e1839915d
@ -3137,7 +3137,8 @@ class LaunchConfigurationBaseSerializer(BaseSerializer):
|
||||
raise serializers.ValidationError(errors)
|
||||
|
||||
# Model `.save` needs the container dict, not the psuedo fields
|
||||
attrs['char_prompts'] = mock_obj.char_prompts
|
||||
if mock_obj.char_prompts:
|
||||
attrs['char_prompts'] = mock_obj.char_prompts
|
||||
|
||||
# Insert survey_passwords to track redacted variables
|
||||
if 'extra_data' in attrs:
|
||||
|
@ -355,7 +355,8 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, SurveyJobTemplateMixin, Resour
|
||||
rejected_data = {}
|
||||
accepted_vars, rejected_vars, errors_dict = self.accept_or_ignore_variables(
|
||||
kwargs.get('extra_vars', {}),
|
||||
_exclude_errors=exclude_errors)
|
||||
_exclude_errors=exclude_errors,
|
||||
extra_passwords=kwargs.get('survey_passwords', {}))
|
||||
if accepted_vars:
|
||||
prompted_data['extra_vars'] = accepted_vars
|
||||
if rejected_vars:
|
||||
|
@ -253,7 +253,7 @@ class SurveyJobTemplateMixin(models.Model):
|
||||
choice_list))
|
||||
return errors
|
||||
|
||||
def _accept_or_ignore_variables(self, data, errors=None, _exclude_errors=()):
|
||||
def _accept_or_ignore_variables(self, data, errors=None, _exclude_errors=(), extra_passwords=None):
|
||||
survey_is_enabled = (self.survey_enabled and self.survey_spec)
|
||||
extra_vars = data.copy()
|
||||
if errors is None:
|
||||
@ -265,8 +265,13 @@ class SurveyJobTemplateMixin(models.Model):
|
||||
# Check for data violation of survey rules
|
||||
survey_errors = []
|
||||
for survey_element in self.survey_spec.get("spec", []):
|
||||
element_errors = self._survey_element_validation(survey_element, data)
|
||||
key = survey_element.get('variable', None)
|
||||
if extra_passwords and key in extra_passwords and data.get(key, None):
|
||||
element_errors = self._survey_element_validation(survey_element, {
|
||||
key: decrypt_value(get_encryption_key('value', pk=None), data[key])
|
||||
})
|
||||
else:
|
||||
element_errors = self._survey_element_validation(survey_element, data)
|
||||
|
||||
if element_errors:
|
||||
survey_errors += element_errors
|
||||
|
@ -441,7 +441,7 @@ class UnifiedJobTemplate(PolymorphicModel, CommonModelNameNotUnique, Notificatio
|
||||
errors[field_name] = [_("Field is not allowed on launch.")]
|
||||
return ({}, kwargs, errors)
|
||||
|
||||
def accept_or_ignore_variables(self, data, errors=None, _exclude_errors=()):
|
||||
def accept_or_ignore_variables(self, data, errors=None, _exclude_errors=(), extra_passwords=None):
|
||||
'''
|
||||
If subclasses accept any `variables` or `extra_vars`, they should
|
||||
define _accept_or_ignore_variables to place those variables in the accepted dict,
|
||||
@ -459,7 +459,11 @@ class UnifiedJobTemplate(PolymorphicModel, CommonModelNameNotUnique, Notificatio
|
||||
# SurveyJobTemplateMixin cannot override any methods because of
|
||||
# resolution order, forced by how metaclass processes fields,
|
||||
# thus the need for hasattr check
|
||||
return self._accept_or_ignore_variables(data, errors, _exclude_errors=_exclude_errors)
|
||||
if extra_passwords:
|
||||
return self._accept_or_ignore_variables(
|
||||
data, errors, _exclude_errors=_exclude_errors, extra_passwords=extra_passwords)
|
||||
else:
|
||||
return self._accept_or_ignore_variables(data, errors, _exclude_errors=_exclude_errors)
|
||||
elif data:
|
||||
errors['extra_vars'] = [
|
||||
_('Variables {list_of_keys} provided, but this template cannot accept variables.'.format(
|
||||
|
Loading…
Reference in New Issue
Block a user