Add new credential become methods, inject instead of set in database

2026-04-16 21:11:49 -05:00 · 2018-04-20 11:51:49 -04:00
parent 44470200a2
commit 8fa98d0d54
5 changed files with 40 additions and 3 deletions
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@@ -45,6 +45,7 @@ from awx.main.utils.filters import SmartFilter
 from awx.main.utils.encryption import encrypt_value, decrypt_value, get_encryption_key
 from awx.main.validators import validate_ssh_private_key
 from awx.main.models.rbac import batch_role_ancestor_rebuilding, Role
+from awx.main.constants import PRIVILEGE_ESCALATION_METHODS
 from awx.main import utils


@@ -649,7 +650,7 @@ class CredentialTypeInputField(JSONSchemaField):
                    'items': {
                        'type': 'object',
                        'properties': {
-                            'type': {'enum': ['string', 'boolean']},
+                            'type': {'enum': ['string', 'boolean', 'become_method']},
                            'format': {'enum': ['ssh_private_key']},
                            'choices': {
                                'type': 'array',
@@ -710,6 +711,17 @@ class CredentialTypeInputField(JSONSchemaField):
                # If no type is specified, default to string
                field['type'] = 'string'

+            if field['type'] == 'become_method':
+                if not model_instance.managed_by_tower:
+                    raise django_exceptions.ValidationError(
+                        _('{0} is a reserved type name'.format(field['type'])),
+                        code='invalid',
+                        params={'value': value},
+                    )
+                else:
+                    field['type'] = 'string'
+                    field['choices'] = PRIVILEGE_ESCALATION_METHODS
+
            for key in ('choices', 'multiline', 'format', 'secret',):
                if key in field and field['type'] != 'string':
                    raise django_exceptions.ValidationError(