Ignore role content types not known to system in sync

Author: AlanCoding

ansible_base/resource_registry/shared_types.py

@@ -1,4 +1,5 @@
 from rest_framework import serializers
+from rest_framework.exceptions import ValidationError
 
 from ansible_base.rbac.models import DABContentType, DABPermission
 from ansible_base.resource_registry.utils.resource_type_serializers import AnsibleResourceForeignKeyField, SharedResourceTypeSerializer
@@ -104,3 +105,18 @@ class RoleDefinitionType(SharedResourceTypeSerializer):
         default=None,
     )
     permissions = LenientPermissionSlugListField()
+
+    def is_valid(self, raise_exception=False):
+        if not raise_exception:
+            return super().is_valid(raise_exception=False)
+
+        try:
+            return super().is_valid(raise_exception=True)
+        except ValidationError as e:
+            if hasattr(e, 'detail') and 'content_type' in e.detail:
+                fd_detail = e.detail['content_type'][0]
+                if fd_detail.code == "does_not_exist":
+                    from ansible_base.resource_registry.tasks.sync import SkipResource
+
+                    raise SkipResource(*e.args)
+            raise

ansible_base/resource_registry/tasks/sync.py

@@ -36,6 +36,11 @@ class ResourceDeletionError(Error):
 class ResourceSyncHTTPError(HTTPError):
     """Custom catchall error"""
 
+class SkipResource(ValidationError):
+    """To raise by serializers if the item should be skipped"""
+    default_detail = "The specified content_type slug was not found."
+    default_code = "content_type_does_not_exist"
+
 
 class SyncStatus(str, Enum):
     CREATED = "created"
@@ -226,6 +231,8 @@ def _attempt_create_resource(
             ansible_id=manifest_item.ansible_id,
             service_id=resource_service_id,
         )
+    except SkipResource:
+        return SyncResult(SyncStatus.NOOP, manifest_item)
     except IntegrityError:
         # This typically means that there was a duplicate key error. To mitigate this
         # we will attempt to hanlde the conflicting resource and perform the operation

test_app/tests/resource_registry/test_resource_sync.py

@@ -7,9 +7,11 @@
 
 from ansible_base.lib.testing.util import StaticResourceAPIClient
 from ansible_base.lib.utils.response import get_relative_url
-from ansible_base.resource_registry.models import Resource
+from ansible_base.resource_registry.models import Resource, ResourceType
 from ansible_base.resource_registry.models.service_identifier import service_id
-from ansible_base.resource_registry.tasks.sync import ResourceSyncHTTPError, SyncExecutor
+from ansible_base.resource_registry.tasks.sync import ResourceSyncHTTPError, SyncExecutor, _attempt_create_resource, ManifestItem
+from ansible_base.rbac import permission_registry
+from ansible_base.rbac.models import RoleDefinition
 
 
 @pytest.fixture(scope="function")
@@ -178,6 +180,36 @@ def test_resource_sync_update_conflict(static_api_client, stdout, resource_to_up
     assert Resource.objects.get(ansible_id=new_id).name == "was_renamed"
 
 
+@pytest.mark.django_db
+def test_resource_sync_create_local_role_definition(static_api_client, stdout, resource_to_update):
+    item_data = {"name": "Organization Inventory Role", "content_type": "shared.organization", "managed": True, "permissions": []}
+    manifest_item = ManifestItem(str(uuid4()), str(uuid4()), item_data)
+    result = _attempt_create_resource(
+        manifest_item=manifest_item,
+        resource_data=item_data,
+        resource_type=ResourceType.objects.get(name='shared.roledefinition'),
+        resource_service_id=str(uuid4()),
+        api_client=static_api_client  # unused
+    )
+    assert result.status == 'created'
+
+
+@pytest.mark.django_db
+def test_resource_sync_create_non_local_role_definition(static_api_client, stdout, resource_to_update):
+    item_data = {"name": "Remote Role", "content_type": "shared.foo_type", "managed": True, "permissions": []}
+    manifest_item = ManifestItem(str(uuid4()), str(uuid4()), item_data)
+    result = _attempt_create_resource(
+        manifest_item=manifest_item,
+        resource_data=item_data,
+        resource_type=ResourceType.objects.get(name='shared.roledefinition'),
+        resource_service_id=str(uuid4()),
+        api_client=static_api_client  # unused
+    )
+    assert result.status == 'noop'
+
+    assert not RoleDefinition.objects.filter(name="Remote Role").exists()
+
+
 @pytest.mark.django_db
 def test_resource_sync_create_conflict(static_api_client, stdout, resource_to_update):
     # Update the ansible ID on the local resources so that it causes a conflict to happen.