make settings.AWX_ISOLATED_KEY_GENERATION readonly

see: https://github.com/ansible/ansible-tower/issues/7380
2024-11-01 16:51:11 +03:00 · 2017-11-16 13:20:52 -05:00 · 2017-11-16 13:20:52 -05:00 · 4187d02b8a
commit 4187d02b8a
parent 457359322f
2 changed files with 20 additions and 2 deletions
--- a/awx/conf/serializers.py
+++ b/awx/conf/serializers.py
@ -87,8 +87,10 @@ class SettingSingletonSerializer(serializers.Serializer):
            if self.instance and not hasattr(self.instance, key):
                continue
            extra_kwargs = {}
-            # Make LICENSE read-only here; update via /api/v1/config/ only.
-            if key == 'LICENSE':
+            # Make LICENSE and AWX_ISOLATED_KEY_GENERATION read-only here;
+            # LICENSE is only updated via /api/v1/config/
+            # AWX_ISOLATED_KEY_GENERATION is only set/unset via the setup playbook
+            if key in ('LICENSE', 'AWX_ISOLATED_KEY_GENERATION'):
                extra_kwargs['read_only'] = True
            field = settings_registry.get_setting_field(key, mixin_class=SettingFieldMixin, for_user=bool(category_slug == 'user'), **extra_kwargs)
            fields[key] = field
--- a/awx/main/tests/functional/api/test_settings.py
+++ b/awx/main/tests/functional/api/test_settings.py
@ -301,3 +301,19 @@ def test_isolated_keys_readonly(get, patch, delete, admin, key, expected):

    delete(url, user=admin)
    assert getattr(settings, key) == 'secret'
+
+
+@pytest.mark.django_db
+def test_isolated_key_flag_readonly(get, patch, delete, admin):
+    settings.AWX_ISOLATED_KEY_GENERATION = True
+    url = reverse('api:setting_singleton_detail', kwargs={'category_slug': 'jobs'})
+    resp = get(url, user=admin)
+    assert resp.data['AWX_ISOLATED_KEY_GENERATION'] is True
+
+    patch(url, user=admin, data={
+        'AWX_ISOLATED_KEY_GENERATION': False
+    })
+    assert settings.AWX_ISOLATED_KEY_GENERATION is True
+
+    delete(url, user=admin)
+    assert settings.AWX_ISOLATED_KEY_GENERATION is True