mirror of
https://github.com/ansible/awx.git
synced 2024-10-31 15:21:13 +03:00
Disallow adding or removing instance from iso-IG
This commit is contained in:
parent
90fba9381d
commit
6d305c60d5
@ -4694,6 +4694,8 @@ class InstanceGroupSerializer(BaseSerializer):
|
||||
raise serializers.ValidationError(_('{} is not a valid hostname of an existing instance.').format(instance_name))
|
||||
if Instance.objects.get(hostname=instance_name).is_isolated():
|
||||
raise serializers.ValidationError(_('Isolated instances may not be added or removed from instances groups via the API.'))
|
||||
if self.instance and self.instance.controller_id is not None:
|
||||
raise serializers.ValidationError(_('Isolated instance group membership may not be managed via the API.'))
|
||||
return value
|
||||
|
||||
def validate_name(self, value):
|
||||
|
@ -192,6 +192,10 @@ class InstanceGroupMembershipMixin(object):
|
||||
def is_valid_relation(self, parent, sub, created=False):
|
||||
if sub.is_isolated():
|
||||
return {'error': _('Isolated instances may not be added or removed from instances groups via the API.')}
|
||||
if self.parent_model is InstanceGroup:
|
||||
ig_obj = self.get_parent_object()
|
||||
if ig_obj.controller_id is not None:
|
||||
return {'error': _('Isolated instance group membership may not be managed via the API.')}
|
||||
return None
|
||||
|
||||
def unattach_validate(self, request):
|
||||
|
@ -21,6 +21,11 @@ def instance():
|
||||
return instance
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def non_iso_instance():
|
||||
return Instance.objects.create(hostname='iamnotanisolatedinstance')
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def instance_group(job_factory):
|
||||
ig = InstanceGroup(name="east")
|
||||
@ -138,7 +143,7 @@ def test_prevent_isolated_instance_added_to_non_isolated_instance_group_via_poli
|
||||
url = reverse("api:instance_group_detail", kwargs={'pk': instance_group.pk})
|
||||
|
||||
assert True is instance.is_isolated()
|
||||
resp = patch(url, {'policy_instance_list': [instance.hostname]}, admin)
|
||||
resp = patch(url, {'policy_instance_list': [instance.hostname]}, user=admin, expect=400)
|
||||
assert [u"Isolated instances may not be added or removed from instances groups via the API."] == resp.data['policy_instance_list']
|
||||
assert instance_group.policy_instance_list == []
|
||||
|
||||
@ -150,3 +155,24 @@ def test_prevent_isolated_instance_removal_from_isolated_instance_group(post, ad
|
||||
assert True is instance.is_isolated()
|
||||
resp = post(url, {'disassociate': True, 'id': instance.id}, admin, expect=400)
|
||||
assert u"Isolated instances may not be added or removed from instances groups via the API." == resp.data['error']
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_prevent_non_isolated_instance_added_to_isolated_instance_group(
|
||||
post, admin, non_iso_instance, isolated_instance_group):
|
||||
url = reverse("api:instance_group_instance_list", kwargs={'pk': isolated_instance_group.pk})
|
||||
|
||||
assert False is non_iso_instance.is_isolated()
|
||||
resp = post(url, {'associate': True, 'id': non_iso_instance.id}, admin, expect=400)
|
||||
assert u"Isolated instance group membership may not be managed via the API." == resp.data['error']
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_prevent_non_isolated_instance_added_to_isolated_instance_group_via_policy_list(
|
||||
patch, admin, non_iso_instance, isolated_instance_group):
|
||||
url = reverse("api:instance_group_detail", kwargs={'pk': isolated_instance_group.pk})
|
||||
|
||||
assert False is non_iso_instance.is_isolated()
|
||||
resp = patch(url, {'policy_instance_list': [non_iso_instance.hostname]}, user=admin, expect=400)
|
||||
assert [u"Isolated instance group membership may not be managed via the API."] == resp.data['policy_instance_list']
|
||||
assert isolated_instance_group.policy_instance_list == []
|
||||
|
Loading…
Reference in New Issue
Block a user