From 5bca1283b26c3fba491cddcf56bdf42abfd166e4 Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Fri, 15 Apr 2016 11:00:33 -0400 Subject: [PATCH 1/3] executor_role -> execute_role --- awx/api/views.py | 2 +- awx/main/migrations/0008_v300_rbac_changes.py | 8 ++++---- awx/main/migrations/_rbac.py | 8 ++++---- awx/main/models/inventory.py | 6 +++--- awx/main/models/jobs.py | 2 +- awx/main/signals.py | 4 ++-- .../south_migrations/0002_v12b2_changes.py | 2 +- .../south_migrations/0004_v12b2_changes.py | 2 +- .../south_migrations/0005_v12b2_changes.py | 2 +- .../south_migrations/0006_v12b2_changes.py | 2 +- .../south_migrations/0007_v12b2_changes.py | 2 +- awx/main/south_migrations/0008_v12changes.py | 2 +- awx/main/south_migrations/0009_v13_changes.py | 2 +- awx/main/south_migrations/0010_v13_changes.py | 2 +- awx/main/south_migrations/0012_v13_changes.py | 2 +- awx/main/south_migrations/0013_v13_changes.py | 2 +- awx/main/south_migrations/0014_v13_changes.py | 2 +- awx/main/south_migrations/0015_v14_changes.py | 2 +- awx/main/south_migrations/0016_v14_changes.py | 2 +- awx/main/south_migrations/0017_v14_changes.py | 2 +- awx/main/south_migrations/0019_v14_changes.py | 2 +- awx/main/south_migrations/0020_v14_changes.py | 2 +- awx/main/south_migrations/0021_v14_changes.py | 2 +- awx/main/south_migrations/0023_v14_changes.py | 2 +- awx/main/south_migrations/0024_v14_changes.py | 2 +- awx/main/south_migrations/0026_v14_changes.py | 2 +- ...nt_created__chg_field_jobevent_modified.py | 2 +- .../south_migrations/0034_v148_changes.py | 2 +- .../south_migrations/0035_v148_changes.py | 2 +- .../south_migrations/0037_v148_changes.py | 2 +- .../south_migrations/0038_v148_changes.py | 2 +- .../south_migrations/0039_v148_changes.py | 2 +- .../south_migrations/0043_v1411_changes.py | 2 +- .../south_migrations/0046_v200_changes.py | 2 +- .../south_migrations/0051_v200_changes.py | 2 +- .../south_migrations/0053_v210_changes.py | 2 +- .../south_migrations/0054_v210_changes.py | 2 +- .../south_migrations/0061_v210_changes.py | 2 +- .../south_migrations/0064_v220_changes.py | 2 +- .../south_migrations/0072_v240_changes.py | 2 +- .../south_migrations/0073_v240_changes.py | 2 +- awx/main/tests/functional/test_rbac_api.py | 12 +++++------ .../tests/functional/test_rbac_inventory.py | 20 +++++++++---------- .../tests/functional/test_rbac_job_start.py | 2 +- awx/main/tests/old/ad_hoc.py | 8 ++++---- 45 files changed, 71 insertions(+), 71 deletions(-) diff --git a/awx/api/views.py b/awx/api/views.py index cf6849df71..348e81d19f 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -1354,7 +1354,7 @@ class InventoryList(ListCreateAPIView): def get_queryset(self): qs = Inventory.accessible_objects(self.request.user, {'read': True}) - qs = qs.select_related('admin_role', 'auditor_role', 'updater_role', 'executor_role') + qs = qs.select_related('admin_role', 'auditor_role', 'updater_role', 'execute_role') return qs class InventoryDetail(RetrieveUpdateDestroyAPIView): diff --git a/awx/main/migrations/0008_v300_rbac_changes.py b/awx/main/migrations/0008_v300_rbac_changes.py index ba9299ca19..f6d0afc34a 100644 --- a/awx/main/migrations/0008_v300_rbac_changes.py +++ b/awx/main/migrations/0008_v300_rbac_changes.py @@ -139,8 +139,8 @@ class Migration(migrations.Migration): ), migrations.AddField( model_name='group', - name='executor_role', - field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'', parent_role=[b'inventory.executor_role', b'parents.executor_role'], to='main.Role', role_name=b'Inventory Group Executor', null=b'True', permissions={b'read': True, b'execute': True}), + name='execute_role', + field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'', parent_role=[b'inventory.execute_role', b'parents.executor_role'], to='main.Role', role_name=b'Inventory Group Executor', null=b'True', permissions={b'read': True, b'execute': True}), ), migrations.AddField( model_name='group', @@ -159,7 +159,7 @@ class Migration(migrations.Migration): ), migrations.AddField( model_name='inventory', - name='executor_role', + name='execute_role', field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'May execute jobs against this inventory', parent_role=None, to='main.Role', role_name=b'Inventory Executor', null=b'True', permissions={b'read': True, b'execute': True}), ), migrations.AddField( @@ -184,7 +184,7 @@ class Migration(migrations.Migration): ), migrations.AddField( model_name='jobtemplate', - name='executor_role', + name='execute_role', field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'May run the job template', parent_role=None, to='main.Role', role_name=b'Job Template Runner', null=b'True', permissions={b'read': True, b'execute': True}), ), migrations.AddField( diff --git a/awx/main/migrations/_rbac.py b/awx/main/migrations/_rbac.py index 32c399df81..46f9151e38 100644 --- a/awx/main/migrations/_rbac.py +++ b/awx/main/migrations/_rbac.py @@ -232,7 +232,7 @@ def migrate_inventory(apps, schema_editor): raise Exception(smart_text(u'Unhandled permission type for inventory: {}'.format( perm.permission_type))) if perm.run_ad_hoc_commands: - execrole = inventory.executor_role + execrole = inventory.execute_role if perm.team: if role: @@ -392,12 +392,12 @@ def migrate_job_templates(apps, schema_editor): for team in Team.objects.iterator(): if permission.filter(team=team).exists(): - team.member_role.children.add(jt.executor_role) + team.member_role.children.add(jt.execute_role) logger.info(smart_text(u'adding Team({}) access to JobTemplate({})'.format(team.name, jt.name))) for user in User.objects.iterator(): if permission.filter(user=user).exists(): - jt.executor_role.members.add(user) + jt.execute_role.members.add(user) logger.info(smart_text(u'adding User({}) access to JobTemplate({})'.format(user.username, jt.name))) if jt.accessible_by(user, {'execute': True}): @@ -407,5 +407,5 @@ def migrate_job_templates(apps, schema_editor): continue if old_access.check_user_access(user, jt.__class__, 'start', jt, False): - jt.executor_role.members.add(user) + jt.execute_role.members.add(user) logger.info(smart_text(u'adding User({}) access to JobTemplate({})'.format(user.username, jt.name))) diff --git a/awx/main/models/inventory.py b/awx/main/models/inventory.py index 90515c2895..8348575564 100644 --- a/awx/main/models/inventory.py +++ b/awx/main/models/inventory.py @@ -114,7 +114,7 @@ class Inventory(CommonModel, ResourceMixin): role_name='Inventory User', role_description='May use this inventory, but not read sensitive portions or modify it', ) - executor_role = ImplicitRoleField( + execute_role = ImplicitRoleField( role_name='Inventory Executor', role_description='May execute jobs against this inventory', ) @@ -529,9 +529,9 @@ class Group(CommonModelNameNotUnique, ResourceMixin): role_name='Inventory Group Updater', parent_role=['inventory.updater_role', 'parents.updater_role'], ) - executor_role = ImplicitRoleField( + execute_role = ImplicitRoleField( role_name='Inventory Group Executor', - parent_role=['inventory.executor_role', 'parents.executor_role'], + parent_role=['inventory.execute_role', 'parents.executor_role'], ) def __unicode__(self): diff --git a/awx/main/models/jobs.py b/awx/main/models/jobs.py index d9747f71cf..0cc3cc73af 100644 --- a/awx/main/models/jobs.py +++ b/awx/main/models/jobs.py @@ -213,7 +213,7 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, ResourceMixin): role_description='Read-only access to all settings', parent_role='project.auditor_role', ) - executor_role = ImplicitRoleField( + execute_role = ImplicitRoleField( role_name='Job Template Runner', role_description='May run the job template', ) diff --git a/awx/main/signals.py b/awx/main/signals.py index cc475b655a..70f59a8c97 100644 --- a/awx/main/signals.py +++ b/awx/main/signals.py @@ -185,7 +185,7 @@ def grant_host_access_to_group_roles(instance, action, model, reverse, pk_set, * ) RolePermission.objects.create( resource=host, - role=group.executor_role, + role=group.execute_role, auto_generated=True, read=1, execute=1 @@ -208,7 +208,7 @@ def grant_host_access_to_group_roles(instance, action, model, reverse, pk_set, * content_type = host_content_type, object_id = host.id, auto_generated = True, - role__in = [group.admin_role, group.updater_role, group.auditor_role, group.executor_role] + role__in = [group.admin_role, group.updater_role, group.auditor_role, group.execute_role] ).delete() if reverse: diff --git a/awx/main/south_migrations/0002_v12b2_changes.py b/awx/main/south_migrations/0002_v12b2_changes.py index 06fd7bd219..da4992b514 100644 --- a/awx/main/south_migrations/0002_v12b2_changes.py +++ b/awx/main/south_migrations/0002_v12b2_changes.py @@ -661,4 +661,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0004_v12b2_changes.py b/awx/main/south_migrations/0004_v12b2_changes.py index f8984566dc..796f3a3314 100644 --- a/awx/main/south_migrations/0004_v12b2_changes.py +++ b/awx/main/south_migrations/0004_v12b2_changes.py @@ -340,4 +340,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0005_v12b2_changes.py b/awx/main/south_migrations/0005_v12b2_changes.py index 7b136aa916..6a451eec97 100644 --- a/awx/main/south_migrations/0005_v12b2_changes.py +++ b/awx/main/south_migrations/0005_v12b2_changes.py @@ -270,4 +270,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0006_v12b2_changes.py b/awx/main/south_migrations/0006_v12b2_changes.py index 8193359d54..9440d54b72 100644 --- a/awx/main/south_migrations/0006_v12b2_changes.py +++ b/awx/main/south_migrations/0006_v12b2_changes.py @@ -255,4 +255,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0007_v12b2_changes.py b/awx/main/south_migrations/0007_v12b2_changes.py index 1a08e77746..2894db993a 100644 --- a/awx/main/south_migrations/0007_v12b2_changes.py +++ b/awx/main/south_migrations/0007_v12b2_changes.py @@ -268,4 +268,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0008_v12changes.py b/awx/main/south_migrations/0008_v12changes.py index c8be2a290e..ea98d42f3e 100644 --- a/awx/main/south_migrations/0008_v12changes.py +++ b/awx/main/south_migrations/0008_v12changes.py @@ -257,4 +257,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0009_v13_changes.py b/awx/main/south_migrations/0009_v13_changes.py index 9fdf67f616..51db04032b 100644 --- a/awx/main/south_migrations/0009_v13_changes.py +++ b/awx/main/south_migrations/0009_v13_changes.py @@ -405,4 +405,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0010_v13_changes.py b/awx/main/south_migrations/0010_v13_changes.py index f57569f820..239852d336 100644 --- a/awx/main/south_migrations/0010_v13_changes.py +++ b/awx/main/south_migrations/0010_v13_changes.py @@ -518,4 +518,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0012_v13_changes.py b/awx/main/south_migrations/0012_v13_changes.py index eb3bf704a4..1826d17d8e 100644 --- a/awx/main/south_migrations/0012_v13_changes.py +++ b/awx/main/south_migrations/0012_v13_changes.py @@ -327,4 +327,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0013_v13_changes.py b/awx/main/south_migrations/0013_v13_changes.py index 723416eba6..0fe5bddf26 100644 --- a/awx/main/south_migrations/0013_v13_changes.py +++ b/awx/main/south_migrations/0013_v13_changes.py @@ -331,4 +331,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0014_v13_changes.py b/awx/main/south_migrations/0014_v13_changes.py index f706a6938d..4416539998 100644 --- a/awx/main/south_migrations/0014_v13_changes.py +++ b/awx/main/south_migrations/0014_v13_changes.py @@ -336,4 +336,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0015_v14_changes.py b/awx/main/south_migrations/0015_v14_changes.py index 042a79a3a9..bcb8dd06ea 100644 --- a/awx/main/south_migrations/0015_v14_changes.py +++ b/awx/main/south_migrations/0015_v14_changes.py @@ -335,4 +335,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0016_v14_changes.py b/awx/main/south_migrations/0016_v14_changes.py index b480df3a30..eae2f42094 100644 --- a/awx/main/south_migrations/0016_v14_changes.py +++ b/awx/main/south_migrations/0016_v14_changes.py @@ -427,4 +427,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0017_v14_changes.py b/awx/main/south_migrations/0017_v14_changes.py index 3593f369fa..af1c4821e4 100644 --- a/awx/main/south_migrations/0017_v14_changes.py +++ b/awx/main/south_migrations/0017_v14_changes.py @@ -388,4 +388,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0019_v14_changes.py b/awx/main/south_migrations/0019_v14_changes.py index a541e998d0..20932fbf8f 100644 --- a/awx/main/south_migrations/0019_v14_changes.py +++ b/awx/main/south_migrations/0019_v14_changes.py @@ -497,4 +497,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0020_v14_changes.py b/awx/main/south_migrations/0020_v14_changes.py index d561dc8d1a..829870b256 100644 --- a/awx/main/south_migrations/0020_v14_changes.py +++ b/awx/main/south_migrations/0020_v14_changes.py @@ -451,4 +451,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0021_v14_changes.py b/awx/main/south_migrations/0021_v14_changes.py index e8678f652a..1d2b4c02e4 100644 --- a/awx/main/south_migrations/0021_v14_changes.py +++ b/awx/main/south_migrations/0021_v14_changes.py @@ -501,4 +501,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0023_v14_changes.py b/awx/main/south_migrations/0023_v14_changes.py index 0173c0f9c6..cf0425adff 100644 --- a/awx/main/south_migrations/0023_v14_changes.py +++ b/awx/main/south_migrations/0023_v14_changes.py @@ -464,4 +464,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0024_v14_changes.py b/awx/main/south_migrations/0024_v14_changes.py index 25d5a58fb1..596dbb5f52 100644 --- a/awx/main/south_migrations/0024_v14_changes.py +++ b/awx/main/south_migrations/0024_v14_changes.py @@ -395,4 +395,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0026_v14_changes.py b/awx/main/south_migrations/0026_v14_changes.py index 54fdad9e30..cbf6351ec0 100644 --- a/awx/main/south_migrations/0026_v14_changes.py +++ b/awx/main/south_migrations/0026_v14_changes.py @@ -417,4 +417,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0033_auto__chg_field_jobevent_created__chg_field_jobevent_modified.py b/awx/main/south_migrations/0033_auto__chg_field_jobevent_created__chg_field_jobevent_modified.py index ba67bd835f..a963531fd0 100644 --- a/awx/main/south_migrations/0033_auto__chg_field_jobevent_created__chg_field_jobevent_modified.py +++ b/awx/main/south_migrations/0033_auto__chg_field_jobevent_created__chg_field_jobevent_modified.py @@ -427,4 +427,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0034_v148_changes.py b/awx/main/south_migrations/0034_v148_changes.py index be0d8f88ed..8a6e982c4d 100644 --- a/awx/main/south_migrations/0034_v148_changes.py +++ b/awx/main/south_migrations/0034_v148_changes.py @@ -442,4 +442,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0035_v148_changes.py b/awx/main/south_migrations/0035_v148_changes.py index 354b7b166f..0b0fd4bb04 100644 --- a/awx/main/south_migrations/0035_v148_changes.py +++ b/awx/main/south_migrations/0035_v148_changes.py @@ -1408,4 +1408,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0037_v148_changes.py b/awx/main/south_migrations/0037_v148_changes.py index 587f471430..36fff3cb02 100644 --- a/awx/main/south_migrations/0037_v148_changes.py +++ b/awx/main/south_migrations/0037_v148_changes.py @@ -792,4 +792,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0038_v148_changes.py b/awx/main/south_migrations/0038_v148_changes.py index 4c1d877d7e..d172989417 100644 --- a/awx/main/south_migrations/0038_v148_changes.py +++ b/awx/main/south_migrations/0038_v148_changes.py @@ -497,4 +497,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0039_v148_changes.py b/awx/main/south_migrations/0039_v148_changes.py index 2fdaf3800a..977f69df69 100644 --- a/awx/main/south_migrations/0039_v148_changes.py +++ b/awx/main/south_migrations/0039_v148_changes.py @@ -449,4 +449,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0043_v1411_changes.py b/awx/main/south_migrations/0043_v1411_changes.py index 8abe29675a..1233cb28b2 100644 --- a/awx/main/south_migrations/0043_v1411_changes.py +++ b/awx/main/south_migrations/0043_v1411_changes.py @@ -436,4 +436,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0046_v200_changes.py b/awx/main/south_migrations/0046_v200_changes.py index 17b38fed54..71272ae571 100644 --- a/awx/main/south_migrations/0046_v200_changes.py +++ b/awx/main/south_migrations/0046_v200_changes.py @@ -437,4 +437,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0051_v200_changes.py b/awx/main/south_migrations/0051_v200_changes.py index 268e075769..5d948183fe 100644 --- a/awx/main/south_migrations/0051_v200_changes.py +++ b/awx/main/south_migrations/0051_v200_changes.py @@ -440,4 +440,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0053_v210_changes.py b/awx/main/south_migrations/0053_v210_changes.py index 43b6c52de9..6bcdc9e609 100644 --- a/awx/main/south_migrations/0053_v210_changes.py +++ b/awx/main/south_migrations/0053_v210_changes.py @@ -450,4 +450,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0054_v210_changes.py b/awx/main/south_migrations/0054_v210_changes.py index 762515e3c5..84a63c8222 100644 --- a/awx/main/south_migrations/0054_v210_changes.py +++ b/awx/main/south_migrations/0054_v210_changes.py @@ -493,4 +493,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0061_v210_changes.py b/awx/main/south_migrations/0061_v210_changes.py index 26573c9e05..2553a29906 100644 --- a/awx/main/south_migrations/0061_v210_changes.py +++ b/awx/main/south_migrations/0061_v210_changes.py @@ -510,4 +510,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0064_v220_changes.py b/awx/main/south_migrations/0064_v220_changes.py index a58c74ac6b..a94f867266 100644 --- a/awx/main/south_migrations/0064_v220_changes.py +++ b/awx/main/south_migrations/0064_v220_changes.py @@ -572,4 +572,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0072_v240_changes.py b/awx/main/south_migrations/0072_v240_changes.py index d6d30695d5..721b453087 100644 --- a/awx/main/south_migrations/0072_v240_changes.py +++ b/awx/main/south_migrations/0072_v240_changes.py @@ -519,4 +519,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/south_migrations/0073_v240_changes.py b/awx/main/south_migrations/0073_v240_changes.py index 3c844bc09b..743aaee279 100644 --- a/awx/main/south_migrations/0073_v240_changes.py +++ b/awx/main/south_migrations/0073_v240_changes.py @@ -520,4 +520,4 @@ class Migration(SchemaMigration): } } - complete_apps = ['main'] \ No newline at end of file + complete_apps = ['main'] diff --git a/awx/main/tests/functional/test_rbac_api.py b/awx/main/tests/functional/test_rbac_api.py index 6200a46289..b2dd1af74d 100644 --- a/awx/main/tests/functional/test_rbac_api.py +++ b/awx/main/tests/functional/test_rbac_api.py @@ -275,7 +275,7 @@ def test_org_admin_add_user_to_job_template(post, organization, check_jobtemplat assert check_jobtemplate.accessible_by(org_admin, {'write': True}) is True assert check_jobtemplate.accessible_by(joe, {'execute': True}) is False - res =post(reverse('api:role_users_list', args=(check_jobtemplate.executor_role.id,)), {'id': joe.id}, org_admin) + res =post(reverse('api:role_users_list', args=(check_jobtemplate.execute_role.id,)), {'id': joe.id}, org_admin) print(res.data) assert check_jobtemplate.accessible_by(joe, {'execute': True}) is True @@ -287,12 +287,12 @@ def test_org_admin_remove_user_to_job_template(post, organization, check_jobtemp org_admin = user('org-admin') joe = user('joe') organization.admin_role.members.add(org_admin) - check_jobtemplate.executor_role.members.add(joe) + check_jobtemplate.execute_role.members.add(joe) assert check_jobtemplate.accessible_by(org_admin, {'write': True}) is True assert check_jobtemplate.accessible_by(joe, {'execute': True}) is True - post(reverse('api:role_users_list', args=(check_jobtemplate.executor_role.id,)), {'disassociate': True, 'id': joe.id}, org_admin) + post(reverse('api:role_users_list', args=(check_jobtemplate.execute_role.id,)), {'disassociate': True, 'id': joe.id}, org_admin) assert check_jobtemplate.accessible_by(joe, {'execute': True}) is False @@ -305,7 +305,7 @@ def test_user_fail_to_add_user_to_job_template(post, organization, check_jobtemp assert check_jobtemplate.accessible_by(rando, {'write': True}) is False assert check_jobtemplate.accessible_by(joe, {'execute': True}) is False - res = post(reverse('api:role_users_list', args=(check_jobtemplate.executor_role.id,)), {'id': joe.id}, rando) + res = post(reverse('api:role_users_list', args=(check_jobtemplate.execute_role.id,)), {'id': joe.id}, rando) print(res.data) assert res.status_code == 403 @@ -317,12 +317,12 @@ def test_user_fail_to_remove_user_to_job_template(post, organization, check_jobt 'Tests that a user without permissions to assign/revoke membership to a particular role cannot do so' rando = user('rando') joe = user('joe') - check_jobtemplate.executor_role.members.add(joe) + check_jobtemplate.execute_role.members.add(joe) assert check_jobtemplate.accessible_by(rando, {'write': True}) is False assert check_jobtemplate.accessible_by(joe, {'execute': True}) is True - res = post(reverse('api:role_users_list', args=(check_jobtemplate.executor_role.id,)), {'disassociate': True, 'id': joe.id}, rando) + res = post(reverse('api:role_users_list', args=(check_jobtemplate.execute_role.id,)), {'disassociate': True, 'id': joe.id}, rando) assert res.status_code == 403 assert check_jobtemplate.accessible_by(joe, {'execute': True}) is True diff --git a/awx/main/tests/functional/test_rbac_inventory.py b/awx/main/tests/functional/test_rbac_inventory.py index b2196eb626..33d7bf8580 100644 --- a/awx/main/tests/functional/test_rbac_inventory.py +++ b/awx/main/tests/functional/test_rbac_inventory.py @@ -32,7 +32,7 @@ def test_inventory_admin_user(inventory, permissions, user): rbac.migrate_inventory(apps, None) assert inventory.accessible_by(u, permissions['admin']) - assert inventory.executor_role.members.filter(id=u.id).exists() is False + assert inventory.execute_role.members.filter(id=u.id).exists() is False assert inventory.updater_role.members.filter(id=u.id).exists() is False @pytest.mark.django_db @@ -48,7 +48,7 @@ def test_inventory_auditor_user(inventory, permissions, user): assert inventory.accessible_by(u, permissions['admin']) is False assert inventory.accessible_by(u, permissions['auditor']) is True - assert inventory.executor_role.members.filter(id=u.id).exists() is False + assert inventory.execute_role.members.filter(id=u.id).exists() is False assert inventory.updater_role.members.filter(id=u.id).exists() is False @pytest.mark.django_db @@ -63,7 +63,7 @@ def test_inventory_updater_user(inventory, permissions, user): rbac.migrate_inventory(apps, None) assert inventory.accessible_by(u, permissions['admin']) is False - assert inventory.executor_role.members.filter(id=u.id).exists() is False + assert inventory.execute_role.members.filter(id=u.id).exists() is False assert inventory.updater_role.members.filter(id=u.id).exists() @pytest.mark.django_db @@ -79,7 +79,7 @@ def test_inventory_executor_user(inventory, permissions, user): assert inventory.accessible_by(u, permissions['admin']) is False assert inventory.accessible_by(u, permissions['auditor']) is True - assert inventory.executor_role.members.filter(id=u.id).exists() + assert inventory.execute_role.members.filter(id=u.id).exists() assert inventory.updater_role.members.filter(id=u.id).exists() is False @@ -99,7 +99,7 @@ def test_inventory_admin_team(inventory, permissions, user, team): assert team.member_role.members.count() == 1 assert inventory.admin_role.members.filter(id=u.id).exists() is False assert inventory.auditor_role.members.filter(id=u.id).exists() is False - assert inventory.executor_role.members.filter(id=u.id).exists() is False + assert inventory.execute_role.members.filter(id=u.id).exists() is False assert inventory.updater_role.members.filter(id=u.id).exists() is False assert inventory.accessible_by(u, permissions['auditor']) assert inventory.accessible_by(u, permissions['admin']) @@ -121,7 +121,7 @@ def test_inventory_auditor(inventory, permissions, user, team): assert team.member_role.members.count() == 1 assert inventory.admin_role.members.filter(id=u.id).exists() is False assert inventory.auditor_role.members.filter(id=u.id).exists() is False - assert inventory.executor_role.members.filter(id=u.id).exists() is False + assert inventory.execute_role.members.filter(id=u.id).exists() is False assert inventory.updater_role.members.filter(id=u.id).exists() is False assert inventory.accessible_by(u, permissions['auditor']) assert inventory.accessible_by(u, permissions['admin']) is False @@ -142,10 +142,10 @@ def test_inventory_updater(inventory, permissions, user, team): assert team.member_role.members.count() == 1 assert inventory.admin_role.members.filter(id=u.id).exists() is False assert inventory.auditor_role.members.filter(id=u.id).exists() is False - assert inventory.executor_role.members.filter(id=u.id).exists() is False + assert inventory.execute_role.members.filter(id=u.id).exists() is False assert inventory.updater_role.members.filter(id=u.id).exists() is False assert team.member_role.is_ancestor_of(inventory.updater_role) - assert team.member_role.is_ancestor_of(inventory.executor_role) is False + assert team.member_role.is_ancestor_of(inventory.execute_role) is False @pytest.mark.django_db @@ -164,10 +164,10 @@ def test_inventory_executor(inventory, permissions, user, team): assert team.member_role.members.count() == 1 assert inventory.admin_role.members.filter(id=u.id).exists() is False assert inventory.auditor_role.members.filter(id=u.id).exists() is False - assert inventory.executor_role.members.filter(id=u.id).exists() is False + assert inventory.execute_role.members.filter(id=u.id).exists() is False assert inventory.updater_role.members.filter(id=u.id).exists() is False assert team.member_role.is_ancestor_of(inventory.updater_role) is False - assert team.member_role.is_ancestor_of(inventory.executor_role) + assert team.member_role.is_ancestor_of(inventory.execute_role) @pytest.mark.django_db def test_group_parent_admin(group, permissions, user): diff --git a/awx/main/tests/functional/test_rbac_job_start.py b/awx/main/tests/functional/test_rbac_job_start.py index 67e661431d..0bbdc3242e 100644 --- a/awx/main/tests/functional/test_rbac_job_start.py +++ b/awx/main/tests/functional/test_rbac_job_start.py @@ -24,7 +24,7 @@ def test_admin_executing_permissions(deploy_jobtemplate, inventory, machine_cred def test_job_template_start_access(deploy_jobtemplate, user): common_user = user('test-user', False) - deploy_jobtemplate.executor_role.members.add(common_user) + deploy_jobtemplate.execute_role.members.add(common_user) assert common_user.can_access(JobTemplate, 'start', deploy_jobtemplate) diff --git a/awx/main/tests/old/ad_hoc.py b/awx/main/tests/old/ad_hoc.py index 3b3f24391e..d01093c0b4 100644 --- a/awx/main/tests/old/ad_hoc.py +++ b/awx/main/tests/old/ad_hoc.py @@ -471,7 +471,7 @@ class AdHocCommandApiTest(BaseAdHocCommandTest): # Add executor role permissions to other. Fails # when other user can't read credential. with self.current_user('admin'): - response = self.post(user_roles_list_url, {"id": self.inventory.executor_role.id}, expect=204) + response = self.post(user_roles_list_url, {"id": self.inventory.execute_role.id}, expect=204) with self.current_user('other'): self.run_test_ad_hoc_command(expect=403) @@ -504,7 +504,7 @@ class AdHocCommandApiTest(BaseAdHocCommandTest): # Give the nobody user the run_ad_hoc_commands flag, and can now see # the one ad hoc command previously run. with self.current_user('admin'): - response = self.post(nobody_roles_list_url, {"id": self.inventory.executor_role.id}, expect=204) + response = self.post(nobody_roles_list_url, {"id": self.inventory.execute_role.id}, expect=204) qs = AdHocCommand.objects.filter(credential_id=nobody_cred.pk) self.assertEqual(qs.count(), 1) self.check_get_list(url, 'nobody', qs) @@ -1006,7 +1006,7 @@ class AdHocCommandApiTest(BaseAdHocCommandTest): # can_run_ad_hoc_commands = True when we shouldn't. nobody_roles_list_url = reverse('api:user_roles_list', args=(self.nobody_django_user.pk,)) with self.current_user('admin'): - response = self.post(nobody_roles_list_url, {"id": self.inventory.executor_role.id}, expect=204) + response = self.post(nobody_roles_list_url, {"id": self.inventory.execute_role.id}, expect=204) # Create a credential for the other user and explicitly give other # user admin permission on the inventory (still not allowed to run ad @@ -1025,7 +1025,7 @@ class AdHocCommandApiTest(BaseAdHocCommandTest): # Update permission to allow other user to run ad hoc commands. Can # only see his own ad hoc commands (because of credential permission). with self.current_user('admin'): - response = self.post(user_roles_list_url, {"id": self.inventory.executor_role.id}, expect=204) + response = self.post(user_roles_list_url, {"id": self.inventory.execute_role.id}, expect=204) with self.current_user('other'): response = self.get(url, expect=200) self.assertEqual(response['count'], 0) From 7098ef8da5120b3bcd7874d1e42c571c0587a07d Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Fri, 15 Apr 2016 11:01:08 -0400 Subject: [PATCH 2/3] usage_role -> use_role --- awx/main/migrations/0008_v300_rbac_changes.py | 4 ++-- awx/main/migrations/_rbac.py | 6 ++--- awx/main/models/credential.py | 2 +- awx/main/models/inventory.py | 2 +- .../tests/functional/test_rbac_credential.py | 6 ++--- .../tests/functional/test_rbac_job_start.py | 4 ++-- awx/main/tests/job_base.py | 22 +++++++++---------- 7 files changed, 23 insertions(+), 23 deletions(-) diff --git a/awx/main/migrations/0008_v300_rbac_changes.py b/awx/main/migrations/0008_v300_rbac_changes.py index f6d0afc34a..b35b860997 100644 --- a/awx/main/migrations/0008_v300_rbac_changes.py +++ b/awx/main/migrations/0008_v300_rbac_changes.py @@ -109,7 +109,7 @@ class Migration(migrations.Migration): ), migrations.AddField( model_name='credential', - name='usage_role', + name='use_role', field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'May use this credential, but not read sensitive portions or modify it', parent_role=None, to='main.Role', role_name=b'Credential User', null=b'True', permissions={b'use': True}), ), migrations.AddField( @@ -169,7 +169,7 @@ class Migration(migrations.Migration): ), migrations.AddField( model_name='inventory', - name='usage_role', + name='use_role', field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'May use this inventory, but not read sensitive portions or modify it', parent_role=None, to='main.Role', role_name=b'Inventory User', null=b'True', permissions={b'use': True}), ), migrations.AddField( diff --git a/awx/main/migrations/_rbac.py b/awx/main/migrations/_rbac.py index 46f9151e38..9dd22baba4 100644 --- a/awx/main/migrations/_rbac.py +++ b/awx/main/migrations/_rbac.py @@ -113,7 +113,7 @@ def attrfunc(attr_path): def _update_credential_parents(org, cred): org.admin_role.children.add(cred.owner_role) - org.member_role.children.add(cred.usage_role) + org.member_role.children.add(cred.use_role) cred.deprecated_user, cred.deprecated_team = None, None cred.save() @@ -147,7 +147,7 @@ def _discover_credentials(instances, cred, orgfunc): # Unlink the old information from the new credential cred.deprecated_user, cred.deprecated_team = None, None - cred.owner_role, cred.usage_role = None, None + cred.owner_role, cred.use_role = None, None cred.save() for i in orgs[org]: @@ -189,7 +189,7 @@ def migrate_credential(apps, schema_editor): if cred.deprecated_team is not None: cred.deprecated_team.admin_role.children.add(cred.owner_role) - cred.deprecated_team.member_role.children.add(cred.usage_role) + cred.deprecated_team.member_role.children.add(cred.use_role) cred.deprecated_user, cred.deprecated_team = None, None cred.save() logger.info(smart_text(u"added Credential(name={}, kind={}, host={}) at user level".format(cred.name, cred.kind, cred.host))) diff --git a/awx/main/models/credential.py b/awx/main/models/credential.py index 1b20476c58..3d09cf462e 100644 --- a/awx/main/models/credential.py +++ b/awx/main/models/credential.py @@ -182,7 +182,7 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin): 'singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR, ], ) - usage_role = ImplicitRoleField( + use_role = ImplicitRoleField( role_name='Credential User', role_description='May use this credential, but not read sensitive portions or modify it', ) diff --git a/awx/main/models/inventory.py b/awx/main/models/inventory.py index 8348575564..846b735e1b 100644 --- a/awx/main/models/inventory.py +++ b/awx/main/models/inventory.py @@ -110,7 +110,7 @@ class Inventory(CommonModel, ResourceMixin): role_name='Inventory Updater', role_description='May update the inventory', ) - usage_role = ImplicitRoleField( + use_role = ImplicitRoleField( role_name='Inventory User', role_description='May use this inventory, but not read sensitive portions or modify it', ) diff --git a/awx/main/tests/functional/test_rbac_credential.py b/awx/main/tests/functional/test_rbac_credential.py index 39a4767ad6..61653a0fae 100644 --- a/awx/main/tests/functional/test_rbac_credential.py +++ b/awx/main/tests/functional/test_rbac_credential.py @@ -19,9 +19,9 @@ def test_credential_migration_user(credential, user, permissions): assert credential.accessible_by(u, permissions['admin']) @pytest.mark.django_db -def test_credential_usage_role(credential, user, permissions): +def test_credential_use_role(credential, user, permissions): u = user('user', False) - credential.usage_role.members.add(u) + credential.use_role.members.add(u) assert credential.accessible_by(u, permissions['usage']) @pytest.mark.django_db @@ -34,7 +34,7 @@ def test_credential_migration_team_member(credential, team, user, permissions): # No permissions pre-migration (this happens automatically so we patch this) team.admin_role.children.remove(credential.owner_role) - team.member_role.children.remove(credential.usage_role) + team.member_role.children.remove(credential.use_role) assert not credential.accessible_by(u, permissions['admin']) rbac.migrate_credential(apps, None) diff --git a/awx/main/tests/functional/test_rbac_job_start.py b/awx/main/tests/functional/test_rbac_job_start.py index 0bbdc3242e..18060126e1 100644 --- a/awx/main/tests/functional/test_rbac_job_start.py +++ b/awx/main/tests/functional/test_rbac_job_start.py @@ -33,7 +33,7 @@ def test_job_template_start_access(deploy_jobtemplate, user): def test_credential_use_access(machine_credential, user): common_user = user('test-user', False) - machine_credential.usage_role.members.add(common_user) + machine_credential.use_role.members.add(common_user) assert common_user.can_access(Credential, 'use', machine_credential) @@ -42,6 +42,6 @@ def test_credential_use_access(machine_credential, user): def test_inventory_use_access(inventory, user): common_user = user('test-user', False) - inventory.usage_role.members.add(common_user) + inventory.use_role.members.add(common_user) assert common_user.can_access(Inventory, 'use', inventory) diff --git a/awx/main/tests/job_base.py b/awx/main/tests/job_base.py index 9cea21e2cd..f3a579f8c5 100644 --- a/awx/main/tests/job_base.py +++ b/awx/main/tests/job_base.py @@ -295,14 +295,14 @@ class BaseJobTestMixin(BaseTestMixin): password='ASK', created_by=self.user_sue, ) - self.cred_bob.usage_role.members.add(self.user_bob) + self.cred_bob.use_role.members.add(self.user_bob) self.cred_chuck = Credential.objects.create( username='chuck', ssh_key_data=TEST_SSH_KEY_DATA, created_by=self.user_sue, ) - self.cred_chuck.usage_role.members.add(self.user_chuck) + self.cred_chuck.use_role.members.add(self.user_chuck) self.cred_doug = Credential.objects.create( username='doug', @@ -310,7 +310,7 @@ class BaseJobTestMixin(BaseTestMixin): 'is why we dont\'t let doug actually run jobs.', created_by=self.user_sue, ) - self.cred_doug.usage_role.members.add(self.user_doug) + self.cred_doug.use_role.members.add(self.user_doug) self.cred_eve = Credential.objects.create( username='eve', @@ -320,14 +320,14 @@ class BaseJobTestMixin(BaseTestMixin): become_password='ASK', created_by=self.user_sue, ) - self.cred_eve.usage_role.members.add(self.user_eve) + self.cred_eve.use_role.members.add(self.user_eve) self.cred_frank = Credential.objects.create( username='frank', password='fr@nk the t@nk', created_by=self.user_sue, ) - self.cred_frank.usage_role.members.add(self.user_frank) + self.cred_frank.use_role.members.add(self.user_frank) self.cred_greg = Credential.objects.create( username='greg', @@ -335,21 +335,21 @@ class BaseJobTestMixin(BaseTestMixin): ssh_key_unlock='ASK', created_by=self.user_sue, ) - self.cred_greg.usage_role.members.add(self.user_greg) + self.cred_greg.use_role.members.add(self.user_greg) self.cred_holly = Credential.objects.create( username='holly', password='holly rocks', created_by=self.user_sue, ) - self.cred_holly.usage_role.members.add(self.user_holly) + self.cred_holly.use_role.members.add(self.user_holly) self.cred_iris = Credential.objects.create( username='iris', password='ASK', created_by=self.user_sue, ) - self.cred_iris.usage_role.members.add(self.user_iris) + self.cred_iris.use_role.members.add(self.user_iris) # Each operations team also has shared credentials they can use. self.cred_ops_east = Credential.objects.create( @@ -358,14 +358,14 @@ class BaseJobTestMixin(BaseTestMixin): ssh_key_unlock=TEST_SSH_KEY_DATA_UNLOCK, created_by = self.user_sue, ) - self.team_ops_east.member_role.children.add(self.cred_ops_east.usage_role) + self.team_ops_east.member_role.children.add(self.cred_ops_east.use_role) self.cred_ops_west = Credential.objects.create( username='west', password='Heading270', created_by = self.user_sue, ) - self.team_ops_west.member_role.children.add(self.cred_ops_west.usage_role) + self.team_ops_west.member_role.children.add(self.cred_ops_west.use_role) # FIXME: This code can be removed (probably) @@ -391,7 +391,7 @@ class BaseJobTestMixin(BaseTestMixin): password='HeadingNone', created_by = self.user_sue, ) - self.team_ops_testers.member_role.children.add(self.cred_ops_test.usage_role) + self.team_ops_testers.member_role.children.add(self.cred_ops_test.use_role) self.ops_east_permission = Permission.objects.create( inventory = self.inv_ops_east, From d50825474287c8b3d6687916a130c15ad35195bb Mon Sep 17 00:00:00 2001 From: Wayne Witzel III Date: Fri, 15 Apr 2016 11:01:35 -0400 Subject: [PATCH 3/3] updater_role -> update_role --- awx/api/views.py | 2 +- awx/main/migrations/0008_v300_rbac_changes.py | 6 +++--- awx/main/migrations/_rbac.py | 2 +- awx/main/models/inventory.py | 6 +++--- awx/main/signals.py | 4 ++-- .../tests/functional/test_rbac_inventory.py | 20 +++++++++---------- awx/main/tests/old/ad_hoc.py | 4 ++-- 7 files changed, 22 insertions(+), 22 deletions(-) diff --git a/awx/api/views.py b/awx/api/views.py index 348e81d19f..9831ecac03 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -1354,7 +1354,7 @@ class InventoryList(ListCreateAPIView): def get_queryset(self): qs = Inventory.accessible_objects(self.request.user, {'read': True}) - qs = qs.select_related('admin_role', 'auditor_role', 'updater_role', 'execute_role') + qs = qs.select_related('admin_role', 'auditor_role', 'update_role', 'execute_role') return qs class InventoryDetail(RetrieveUpdateDestroyAPIView): diff --git a/awx/main/migrations/0008_v300_rbac_changes.py b/awx/main/migrations/0008_v300_rbac_changes.py index b35b860997..c912665970 100644 --- a/awx/main/migrations/0008_v300_rbac_changes.py +++ b/awx/main/migrations/0008_v300_rbac_changes.py @@ -144,8 +144,8 @@ class Migration(migrations.Migration): ), migrations.AddField( model_name='group', - name='updater_role', - field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'', parent_role=[b'inventory.updater_role', b'parents.updater_role'], to='main.Role', role_name=b'Inventory Group Updater', null=b'True', permissions={b'read': True, b'write': True, b'create': True, b'use': True}), + name='update_role', + field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'', parent_role=[b'inventory.update_role', b'parents.updater_role'], to='main.Role', role_name=b'Inventory Group Updater', null=b'True', permissions={b'read': True, b'write': True, b'create': True, b'use': True}), ), migrations.AddField( model_name='inventory', @@ -164,7 +164,7 @@ class Migration(migrations.Migration): ), migrations.AddField( model_name='inventory', - name='updater_role', + name='update_role', field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'May update the inventory', parent_role=None, to='main.Role', role_name=b'Inventory Updater', null=b'True', permissions={b'read': True, b'update': True}), ), migrations.AddField( diff --git a/awx/main/migrations/_rbac.py b/awx/main/migrations/_rbac.py index 9dd22baba4..04009a7453 100644 --- a/awx/main/migrations/_rbac.py +++ b/awx/main/migrations/_rbac.py @@ -214,7 +214,7 @@ def migrate_inventory(apps, schema_editor): elif perm.permission_type == 'read': return inventory.auditor_role elif perm.permission_type == 'write': - return inventory.updater_role + return inventory.update_role elif perm.permission_type == 'check' or perm.permission_type == 'run': # These permission types are handled differntly in RBAC now, nothing to migrate. return False diff --git a/awx/main/models/inventory.py b/awx/main/models/inventory.py index 846b735e1b..cad8395ca8 100644 --- a/awx/main/models/inventory.py +++ b/awx/main/models/inventory.py @@ -106,7 +106,7 @@ class Inventory(CommonModel, ResourceMixin): role_description='May view but not modify this inventory', parent_role='organization.auditor_role', ) - updater_role = ImplicitRoleField( + update_role = ImplicitRoleField( role_name='Inventory Updater', role_description='May update the inventory', ) @@ -525,9 +525,9 @@ class Group(CommonModelNameNotUnique, ResourceMixin): role_name='Inventory Group Auditor', parent_role=['inventory.auditor_role', 'parents.auditor_role'], ) - updater_role = ImplicitRoleField( + update_role = ImplicitRoleField( role_name='Inventory Group Updater', - parent_role=['inventory.updater_role', 'parents.updater_role'], + parent_role=['inventory.update_role', 'parents.updater_role'], ) execute_role = ImplicitRoleField( role_name='Inventory Group Executor', diff --git a/awx/main/signals.py b/awx/main/signals.py index 70f59a8c97..f2e4abef90 100644 --- a/awx/main/signals.py +++ b/awx/main/signals.py @@ -176,7 +176,7 @@ def grant_host_access_to_group_roles(instance, action, model, reverse, pk_set, * ) RolePermission.objects.create( resource=host, - role=group.updater_role, + role=group.update_role, auto_generated=True, read=1, write=1, @@ -208,7 +208,7 @@ def grant_host_access_to_group_roles(instance, action, model, reverse, pk_set, * content_type = host_content_type, object_id = host.id, auto_generated = True, - role__in = [group.admin_role, group.updater_role, group.auditor_role, group.execute_role] + role__in = [group.admin_role, group.update_role, group.auditor_role, group.execute_role] ).delete() if reverse: diff --git a/awx/main/tests/functional/test_rbac_inventory.py b/awx/main/tests/functional/test_rbac_inventory.py index 33d7bf8580..4434e199a0 100644 --- a/awx/main/tests/functional/test_rbac_inventory.py +++ b/awx/main/tests/functional/test_rbac_inventory.py @@ -33,7 +33,7 @@ def test_inventory_admin_user(inventory, permissions, user): assert inventory.accessible_by(u, permissions['admin']) assert inventory.execute_role.members.filter(id=u.id).exists() is False - assert inventory.updater_role.members.filter(id=u.id).exists() is False + assert inventory.update_role.members.filter(id=u.id).exists() is False @pytest.mark.django_db def test_inventory_auditor_user(inventory, permissions, user): @@ -49,7 +49,7 @@ def test_inventory_auditor_user(inventory, permissions, user): assert inventory.accessible_by(u, permissions['admin']) is False assert inventory.accessible_by(u, permissions['auditor']) is True assert inventory.execute_role.members.filter(id=u.id).exists() is False - assert inventory.updater_role.members.filter(id=u.id).exists() is False + assert inventory.update_role.members.filter(id=u.id).exists() is False @pytest.mark.django_db def test_inventory_updater_user(inventory, permissions, user): @@ -64,7 +64,7 @@ def test_inventory_updater_user(inventory, permissions, user): assert inventory.accessible_by(u, permissions['admin']) is False assert inventory.execute_role.members.filter(id=u.id).exists() is False - assert inventory.updater_role.members.filter(id=u.id).exists() + assert inventory.update_role.members.filter(id=u.id).exists() @pytest.mark.django_db def test_inventory_executor_user(inventory, permissions, user): @@ -80,7 +80,7 @@ def test_inventory_executor_user(inventory, permissions, user): assert inventory.accessible_by(u, permissions['admin']) is False assert inventory.accessible_by(u, permissions['auditor']) is True assert inventory.execute_role.members.filter(id=u.id).exists() - assert inventory.updater_role.members.filter(id=u.id).exists() is False + assert inventory.update_role.members.filter(id=u.id).exists() is False @@ -100,7 +100,7 @@ def test_inventory_admin_team(inventory, permissions, user, team): assert inventory.admin_role.members.filter(id=u.id).exists() is False assert inventory.auditor_role.members.filter(id=u.id).exists() is False assert inventory.execute_role.members.filter(id=u.id).exists() is False - assert inventory.updater_role.members.filter(id=u.id).exists() is False + assert inventory.update_role.members.filter(id=u.id).exists() is False assert inventory.accessible_by(u, permissions['auditor']) assert inventory.accessible_by(u, permissions['admin']) @@ -122,7 +122,7 @@ def test_inventory_auditor(inventory, permissions, user, team): assert inventory.admin_role.members.filter(id=u.id).exists() is False assert inventory.auditor_role.members.filter(id=u.id).exists() is False assert inventory.execute_role.members.filter(id=u.id).exists() is False - assert inventory.updater_role.members.filter(id=u.id).exists() is False + assert inventory.update_role.members.filter(id=u.id).exists() is False assert inventory.accessible_by(u, permissions['auditor']) assert inventory.accessible_by(u, permissions['admin']) is False @@ -143,8 +143,8 @@ def test_inventory_updater(inventory, permissions, user, team): assert inventory.admin_role.members.filter(id=u.id).exists() is False assert inventory.auditor_role.members.filter(id=u.id).exists() is False assert inventory.execute_role.members.filter(id=u.id).exists() is False - assert inventory.updater_role.members.filter(id=u.id).exists() is False - assert team.member_role.is_ancestor_of(inventory.updater_role) + assert inventory.update_role.members.filter(id=u.id).exists() is False + assert team.member_role.is_ancestor_of(inventory.update_role) assert team.member_role.is_ancestor_of(inventory.execute_role) is False @@ -165,8 +165,8 @@ def test_inventory_executor(inventory, permissions, user, team): assert inventory.admin_role.members.filter(id=u.id).exists() is False assert inventory.auditor_role.members.filter(id=u.id).exists() is False assert inventory.execute_role.members.filter(id=u.id).exists() is False - assert inventory.updater_role.members.filter(id=u.id).exists() is False - assert team.member_role.is_ancestor_of(inventory.updater_role) is False + assert inventory.update_role.members.filter(id=u.id).exists() is False + assert team.member_role.is_ancestor_of(inventory.update_role) is False assert team.member_role.is_ancestor_of(inventory.execute_role) @pytest.mark.django_db diff --git a/awx/main/tests/old/ad_hoc.py b/awx/main/tests/old/ad_hoc.py index d01093c0b4..f69d58072d 100644 --- a/awx/main/tests/old/ad_hoc.py +++ b/awx/main/tests/old/ad_hoc.py @@ -463,7 +463,7 @@ class AdHocCommandApiTest(BaseAdHocCommandTest): # not allowed to run ad hoc commands). user_roles_list_url = reverse('api:user_roles_list', args=(self.other_django_user.pk,)) with self.current_user('admin'): - response = self.post(user_roles_list_url, {"id": self.inventory.updater_role.id}, expect=204) + response = self.post(user_roles_list_url, {"id": self.inventory.update_role.id}, expect=204) with self.current_user('other'): self.run_test_ad_hoc_command(expect=403) self.check_get_list(url, 'other', qs) @@ -1014,7 +1014,7 @@ class AdHocCommandApiTest(BaseAdHocCommandTest): other_cred = self.create_test_credential(user=self.other_django_user) user_roles_list_url = reverse('api:user_roles_list', args=(self.other_django_user.pk,)) with self.current_user('admin'): - response = self.post(user_roles_list_url, {"id": self.inventory.updater_role.id}, expect=204) + response = self.post(user_roles_list_url, {"id": self.inventory.update_role.id}, expect=204) with self.current_user('other'): response = self.get(url, expect=200) self.assertEqual(response['count'], 0)