diff options
| author | Jeff Bradberry <jeff.bradberry@gmail.com> | 2024-05-07 20:36:53 +0200 |
|---|---|---|
| committer | Jeff Bradberry <jeff.bradberry@gmail.com> | 2024-06-10 22:36:22 +0200 |
| commit | 054cbe69d774e6f9029b523d4503773532557edf (patch) | |
| tree | 054576c4ccd9705afcbd93b5ef3b8d8c9bc5b897 /tools | |
| parent | Attempt to more thoroughly check the parents of each Role (diff) | |
| download | awx-054cbe69d774e6f9029b523d4503773532557edf.tar.xz awx-054cbe69d774e6f9029b523d4503773532557edf.zip | |
Exclude the team grant false positives
The results in my test now look correct.
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/scripts/ig-hotfix/role_check.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/tools/scripts/ig-hotfix/role_check.py b/tools/scripts/ig-hotfix/role_check.py index 91cdaf8b96..32d38d2651 100644 --- a/tools/scripts/ig-hotfix/role_check.py +++ b/tools/scripts/ig-hotfix/role_check.py @@ -8,6 +8,8 @@ from awx.main.fields import ImplicitRoleField from awx.main.models.rbac import Role +team_ct = ContentType.objects.get(app_label='main', model='team') + crosslinked = defaultdict(lambda: defaultdict(dict)) orphaned_roles = [] @@ -70,8 +72,9 @@ for r in Role.objects.exclude(role_field__startswith='system_').order_by('id'): sys.stderr.write(f"Role id={r.id} is missing parents: {minus}\n") plus = parents - parent_roles if plus: - plus = [f"{x.content_type} {x.object_id} {x.role_field}" for x in Role.objects.filter(id__in=plus)] - sys.stderr.write(f"Role id={r.id} has excess parents: {plus}\n") + plus = [f"{x.content_type} {x.object_id} {x.role_field}" for x in Role.objects.filter(id__in=plus).exclude(content_type=team_ct, role_field='member_role')] + if plus: + sys.stderr.write(f"Role id={r.id} has excess parents: {plus}\n") rev = getattr(r.content_object, r.role_field, None) if rev is None or r.id != rev.id: |