mirror of
https://github.com/ansible/awx.git
synced 2024-10-31 15:21:13 +03:00
usage_role -> use_role
This commit is contained in:
parent
5bca1283b2
commit
7098ef8da5
@ -109,7 +109,7 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
migrations.AddField(
|
||||
model_name='credential',
|
||||
name='usage_role',
|
||||
name='use_role',
|
||||
field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'May use this credential, but not read sensitive portions or modify it', parent_role=None, to='main.Role', role_name=b'Credential User', null=b'True', permissions={b'use': True}),
|
||||
),
|
||||
migrations.AddField(
|
||||
@ -169,7 +169,7 @@ class Migration(migrations.Migration):
|
||||
),
|
||||
migrations.AddField(
|
||||
model_name='inventory',
|
||||
name='usage_role',
|
||||
name='use_role',
|
||||
field=awx.main.fields.ImplicitRoleField(related_name='+', role_description=b'May use this inventory, but not read sensitive portions or modify it', parent_role=None, to='main.Role', role_name=b'Inventory User', null=b'True', permissions={b'use': True}),
|
||||
),
|
||||
migrations.AddField(
|
||||
|
@ -113,7 +113,7 @@ def attrfunc(attr_path):
|
||||
|
||||
def _update_credential_parents(org, cred):
|
||||
org.admin_role.children.add(cred.owner_role)
|
||||
org.member_role.children.add(cred.usage_role)
|
||||
org.member_role.children.add(cred.use_role)
|
||||
cred.deprecated_user, cred.deprecated_team = None, None
|
||||
cred.save()
|
||||
|
||||
@ -147,7 +147,7 @@ def _discover_credentials(instances, cred, orgfunc):
|
||||
|
||||
# Unlink the old information from the new credential
|
||||
cred.deprecated_user, cred.deprecated_team = None, None
|
||||
cred.owner_role, cred.usage_role = None, None
|
||||
cred.owner_role, cred.use_role = None, None
|
||||
cred.save()
|
||||
|
||||
for i in orgs[org]:
|
||||
@ -189,7 +189,7 @@ def migrate_credential(apps, schema_editor):
|
||||
|
||||
if cred.deprecated_team is not None:
|
||||
cred.deprecated_team.admin_role.children.add(cred.owner_role)
|
||||
cred.deprecated_team.member_role.children.add(cred.usage_role)
|
||||
cred.deprecated_team.member_role.children.add(cred.use_role)
|
||||
cred.deprecated_user, cred.deprecated_team = None, None
|
||||
cred.save()
|
||||
logger.info(smart_text(u"added Credential(name={}, kind={}, host={}) at user level".format(cred.name, cred.kind, cred.host)))
|
||||
|
@ -182,7 +182,7 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin):
|
||||
'singleton:' + ROLE_SINGLETON_SYSTEM_AUDITOR,
|
||||
],
|
||||
)
|
||||
usage_role = ImplicitRoleField(
|
||||
use_role = ImplicitRoleField(
|
||||
role_name='Credential User',
|
||||
role_description='May use this credential, but not read sensitive portions or modify it',
|
||||
)
|
||||
|
@ -110,7 +110,7 @@ class Inventory(CommonModel, ResourceMixin):
|
||||
role_name='Inventory Updater',
|
||||
role_description='May update the inventory',
|
||||
)
|
||||
usage_role = ImplicitRoleField(
|
||||
use_role = ImplicitRoleField(
|
||||
role_name='Inventory User',
|
||||
role_description='May use this inventory, but not read sensitive portions or modify it',
|
||||
)
|
||||
|
@ -19,9 +19,9 @@ def test_credential_migration_user(credential, user, permissions):
|
||||
assert credential.accessible_by(u, permissions['admin'])
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_credential_usage_role(credential, user, permissions):
|
||||
def test_credential_use_role(credential, user, permissions):
|
||||
u = user('user', False)
|
||||
credential.usage_role.members.add(u)
|
||||
credential.use_role.members.add(u)
|
||||
assert credential.accessible_by(u, permissions['usage'])
|
||||
|
||||
@pytest.mark.django_db
|
||||
@ -34,7 +34,7 @@ def test_credential_migration_team_member(credential, team, user, permissions):
|
||||
|
||||
# No permissions pre-migration (this happens automatically so we patch this)
|
||||
team.admin_role.children.remove(credential.owner_role)
|
||||
team.member_role.children.remove(credential.usage_role)
|
||||
team.member_role.children.remove(credential.use_role)
|
||||
assert not credential.accessible_by(u, permissions['admin'])
|
||||
|
||||
rbac.migrate_credential(apps, None)
|
||||
|
@ -33,7 +33,7 @@ def test_job_template_start_access(deploy_jobtemplate, user):
|
||||
def test_credential_use_access(machine_credential, user):
|
||||
|
||||
common_user = user('test-user', False)
|
||||
machine_credential.usage_role.members.add(common_user)
|
||||
machine_credential.use_role.members.add(common_user)
|
||||
|
||||
assert common_user.can_access(Credential, 'use', machine_credential)
|
||||
|
||||
@ -42,6 +42,6 @@ def test_credential_use_access(machine_credential, user):
|
||||
def test_inventory_use_access(inventory, user):
|
||||
|
||||
common_user = user('test-user', False)
|
||||
inventory.usage_role.members.add(common_user)
|
||||
inventory.use_role.members.add(common_user)
|
||||
|
||||
assert common_user.can_access(Inventory, 'use', inventory)
|
||||
|
@ -295,14 +295,14 @@ class BaseJobTestMixin(BaseTestMixin):
|
||||
password='ASK',
|
||||
created_by=self.user_sue,
|
||||
)
|
||||
self.cred_bob.usage_role.members.add(self.user_bob)
|
||||
self.cred_bob.use_role.members.add(self.user_bob)
|
||||
|
||||
self.cred_chuck = Credential.objects.create(
|
||||
username='chuck',
|
||||
ssh_key_data=TEST_SSH_KEY_DATA,
|
||||
created_by=self.user_sue,
|
||||
)
|
||||
self.cred_chuck.usage_role.members.add(self.user_chuck)
|
||||
self.cred_chuck.use_role.members.add(self.user_chuck)
|
||||
|
||||
self.cred_doug = Credential.objects.create(
|
||||
username='doug',
|
||||
@ -310,7 +310,7 @@ class BaseJobTestMixin(BaseTestMixin):
|
||||
'is why we dont\'t let doug actually run jobs.',
|
||||
created_by=self.user_sue,
|
||||
)
|
||||
self.cred_doug.usage_role.members.add(self.user_doug)
|
||||
self.cred_doug.use_role.members.add(self.user_doug)
|
||||
|
||||
self.cred_eve = Credential.objects.create(
|
||||
username='eve',
|
||||
@ -320,14 +320,14 @@ class BaseJobTestMixin(BaseTestMixin):
|
||||
become_password='ASK',
|
||||
created_by=self.user_sue,
|
||||
)
|
||||
self.cred_eve.usage_role.members.add(self.user_eve)
|
||||
self.cred_eve.use_role.members.add(self.user_eve)
|
||||
|
||||
self.cred_frank = Credential.objects.create(
|
||||
username='frank',
|
||||
password='fr@nk the t@nk',
|
||||
created_by=self.user_sue,
|
||||
)
|
||||
self.cred_frank.usage_role.members.add(self.user_frank)
|
||||
self.cred_frank.use_role.members.add(self.user_frank)
|
||||
|
||||
self.cred_greg = Credential.objects.create(
|
||||
username='greg',
|
||||
@ -335,21 +335,21 @@ class BaseJobTestMixin(BaseTestMixin):
|
||||
ssh_key_unlock='ASK',
|
||||
created_by=self.user_sue,
|
||||
)
|
||||
self.cred_greg.usage_role.members.add(self.user_greg)
|
||||
self.cred_greg.use_role.members.add(self.user_greg)
|
||||
|
||||
self.cred_holly = Credential.objects.create(
|
||||
username='holly',
|
||||
password='holly rocks',
|
||||
created_by=self.user_sue,
|
||||
)
|
||||
self.cred_holly.usage_role.members.add(self.user_holly)
|
||||
self.cred_holly.use_role.members.add(self.user_holly)
|
||||
|
||||
self.cred_iris = Credential.objects.create(
|
||||
username='iris',
|
||||
password='ASK',
|
||||
created_by=self.user_sue,
|
||||
)
|
||||
self.cred_iris.usage_role.members.add(self.user_iris)
|
||||
self.cred_iris.use_role.members.add(self.user_iris)
|
||||
|
||||
# Each operations team also has shared credentials they can use.
|
||||
self.cred_ops_east = Credential.objects.create(
|
||||
@ -358,14 +358,14 @@ class BaseJobTestMixin(BaseTestMixin):
|
||||
ssh_key_unlock=TEST_SSH_KEY_DATA_UNLOCK,
|
||||
created_by = self.user_sue,
|
||||
)
|
||||
self.team_ops_east.member_role.children.add(self.cred_ops_east.usage_role)
|
||||
self.team_ops_east.member_role.children.add(self.cred_ops_east.use_role)
|
||||
|
||||
self.cred_ops_west = Credential.objects.create(
|
||||
username='west',
|
||||
password='Heading270',
|
||||
created_by = self.user_sue,
|
||||
)
|
||||
self.team_ops_west.member_role.children.add(self.cred_ops_west.usage_role)
|
||||
self.team_ops_west.member_role.children.add(self.cred_ops_west.use_role)
|
||||
|
||||
|
||||
# FIXME: This code can be removed (probably)
|
||||
@ -391,7 +391,7 @@ class BaseJobTestMixin(BaseTestMixin):
|
||||
password='HeadingNone',
|
||||
created_by = self.user_sue,
|
||||
)
|
||||
self.team_ops_testers.member_role.children.add(self.cred_ops_test.usage_role)
|
||||
self.team_ops_testers.member_role.children.add(self.cred_ops_test.use_role)
|
||||
|
||||
self.ops_east_permission = Permission.objects.create(
|
||||
inventory = self.inv_ops_east,
|
||||
|
Loading…
Reference in New Issue
Block a user