fix(AAP-29089): change organization field to be required in RBAC managed resources

src/aap_eda/api/serializers/activation.py

@@ -440,8 +440,8 @@ class Meta:
         ]
 
     organization_id = serializers.IntegerField(
-        required=False,
-        allow_null=True,
+        required=True,
+        allow_null=False,
         validators=[validators.check_if_organization_exists],
     )
     rulebook_id = serializers.IntegerField(

src/aap_eda/api/serializers/decision_environment.py

@@ -41,8 +41,8 @@ class DecisionEnvironmentCreateSerializer(serializers.ModelSerializer):
     """Serializer for creating the DecisionEnvironment."""
 
     organization_id = serializers.IntegerField(
-        required=False,
-        allow_null=True,
+        required=True,
+        allow_null=False,
         validators=[validators.check_if_organization_exists],
     )
     eda_credential_id = serializers.IntegerField(

src/aap_eda/api/serializers/eda_credential.py

@@ -107,8 +107,8 @@ class EdaCredentialCreateSerializer(serializers.ModelSerializer):
         validators=[validators.check_if_credential_type_exists],
     )
     organization_id = serializers.IntegerField(
-        required=False,
-        allow_null=True,
+        required=True,
+        allow_null=False,
         validators=[validators.check_if_organization_exists],
     )
     inputs = serializers.JSONField()

src/aap_eda/api/serializers/project.py

@@ -71,8 +71,8 @@ class Meta:
 
 class ProjectCreateRequestSerializer(serializers.ModelSerializer):
     organization_id = serializers.IntegerField(
-        required=False,
-        allow_null=True,
+        required=True,
+        allow_null=False,
         validators=[validators.check_if_organization_exists],
     )
     eda_credential_id = serializers.IntegerField(
@@ -107,7 +107,7 @@ class Meta:
 
 class ProjectUpdateRequestSerializer(serializers.ModelSerializer):
     organization_id = serializers.IntegerField(
-        required=False,
+        required=True,
         allow_null=False,
         validators=[validators.check_if_organization_exists],
     )

src/aap_eda/api/serializers/team.py

@@ -44,6 +44,7 @@ class TeamCreateSerializer(
 ):
     organization_id = serializers.IntegerField(
         required=True,
+        allow_null=False,
         validators=[validators.check_if_organization_exists],
     )
 

src/aap_eda/api/serializers/webhook.py

@@ -21,7 +21,7 @@
 
 
 class WebhookInSerializer(serializers.ModelSerializer):
-    organization_id = serializers.IntegerField(required=False, allow_null=True)
+    organization_id = serializers.IntegerField(required=True, allow_null=False)
     owner = serializers.HiddenField(default=serializers.CurrentUserDefault())
     eda_credential_id = serializers.IntegerField(
         required=True,

src/aap_eda/core/migrations/0046_alter_activation_organization_and_more.py

@@ -0,0 +1,87 @@
+# Generated by Django 4.2.7 on 2024-08-14 18:15
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+import aap_eda.core.models.utils
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0045_activation_skip_audit_events"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="activation",
+            name="organization",
+            field=models.ForeignKey(
+                default=aap_eda.core.models.utils.get_default_organization_id,
+                on_delete=django.db.models.deletion.CASCADE,
+                to="core.organization",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="auditrule",
+            name="organization",
+            field=models.ForeignKey(
+                default=aap_eda.core.models.utils.get_default_organization_id,
+                on_delete=django.db.models.deletion.CASCADE,
+                to="core.organization",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="decisionenvironment",
+            name="organization",
+            field=models.ForeignKey(
+                default=aap_eda.core.models.utils.get_default_organization_id,
+                on_delete=django.db.models.deletion.CASCADE,
+                to="core.organization",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="edacredential",
+            name="organization",
+            field=models.ForeignKey(
+                default=aap_eda.core.models.utils.get_default_organization_id,
+                on_delete=django.db.models.deletion.CASCADE,
+                to="core.organization",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="project",
+            name="organization",
+            field=models.ForeignKey(
+                default=aap_eda.core.models.utils.get_default_organization_id,
+                on_delete=django.db.models.deletion.CASCADE,
+                to="core.organization",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="rulebook",
+            name="organization",
+            field=models.ForeignKey(
+                default=aap_eda.core.models.utils.get_default_organization_id,
+                on_delete=django.db.models.deletion.CASCADE,
+                to="core.organization",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="rulebookprocess",
+            name="organization",
+            field=models.ForeignKey(
+                default=aap_eda.core.models.utils.get_default_organization_id,
+                on_delete=django.db.models.deletion.CASCADE,
+                to="core.organization",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="webhook",
+            name="organization",
+            field=models.ForeignKey(
+                default=aap_eda.core.models.utils.get_default_organization_id,
+                on_delete=django.db.models.deletion.CASCADE,
+                to="core.organization",
+            ),
+        ),
+    ]

src/aap_eda/core/models/base.py

@@ -26,8 +26,9 @@ class Meta:
     organization = models.ForeignKey(
         "Organization",
         on_delete=models.CASCADE,
+        blank=False,
+        null=False,
         default=get_default_organization_id,
-        null=True,
     )
 
 

tests/integration/api/test_activation.py

@@ -46,7 +46,7 @@ def test_create_activation(
     response = admin_client.post(
         f"{api_url_v1}/activations/", data=activation_payload
     )
-    assert response.status_code == status.HTTP_201_CREATED
+    assert response.status_code == status.HTTP_201_CREATED, response.data
     data = response.data
     activation = models.Activation.objects.filter(id=data["id"]).first()
     assert_activation_base_data(

tests/integration/api/test_activation_with_credential.py

@@ -94,6 +94,7 @@ def kafka_credential_type() -> models.CredentialType:
 @pytest.mark.django_db
 def test_validate_for_aap_credential(
     default_activation: models.Activation,
+    default_organization: models.Organization,
     inputs,
     result,
     preseed_credential_types,
@@ -106,6 +107,7 @@ def test_validate_for_aap_credential(
         inputs=inputs,
         managed=False,
         credential_type_id=aap_credential_type.id,
+        organization=default_organization,
     )
     default_activation.eda_credentials.add(credential)
 
@@ -120,6 +122,7 @@ def test_is_activation_valid_with_token_and_run_job_template(
     default_project: models.Project,
     default_user_awx_token: models.AwxToken,
     default_user: models.User,
+    default_organization: models.Organization,
     preseed_credential_types,
 ):
     activation = models.Activation.objects.create(
@@ -130,6 +133,7 @@ def test_is_activation_valid_with_token_and_run_job_template(
         project_id=default_project.id,
         awx_token_id=default_user_awx_token.id,
         user_id=default_user.id,
+        organization=default_organization,
     )
 
     valid, _ = is_activation_valid(activation)
@@ -139,6 +143,7 @@ def test_is_activation_valid_with_token_and_run_job_template(
 @pytest.mark.django_db
 def test_is_activation_valid_with_aap_credential_and_run_job_template(
     default_activation: models.Activation,
+    default_organization: models.Organization,
     preseed_credential_types,
 ):
     aap_credential_type = models.CredentialType.objects.get(
@@ -149,6 +154,7 @@ def test_is_activation_valid_with_aap_credential_and_run_job_template(
         inputs={"username": "adam", "password": "secret"},
         managed=False,
         credential_type_id=aap_credential_type.id,
+        organization=default_organization,
     )
 
     default_activation.eda_credentials.add(credential)
@@ -163,6 +169,7 @@ def test_is_activation_valid_with_run_job_template_and_no_token_no_credential(
     default_rulebook_with_run_job_template: models.Rulebook,
     default_project: models.Project,
     default_user: models.User,
+    default_organization: models.Organization,
     preseed_credential_types,
 ):
     activation = models.Activation.objects.create(
@@ -172,6 +179,7 @@ def test_is_activation_valid_with_run_job_template_and_no_token_no_credential(
         decision_environment_id=default_decision_environment.id,
         project_id=default_project.id,
         user_id=default_user.id,
+        organization=default_organization,
     )
 
     valid, message = is_activation_valid(activation)
@@ -247,6 +255,7 @@ def test_create_activation_with_eda_credentials(
     preseed_credential_types,
     credential_type,
     status_code,
+    default_organization: models.Organization,
 ):
     credential_type = models.CredentialType.objects.get(name=credential_type)
 
@@ -257,13 +266,15 @@ def test_create_activation_with_eda_credentials(
         inputs=inputs_to_store(
             {"username": "dummy-user", "password": "dummy-password"}
         ),
+        organization=default_organization,
     )
     kafka_eda_credential = models.EdaCredential.objects.create(
         name="kafka-eda-credential",
         inputs=inputs_to_store(
             {"sasl_username": "adam", "sasl_password": "secret"},
         ),
         credential_type=kafka_credential_type,
+        organization=default_organization,
     )
     test_activation = {
         "name": "test_activation",
@@ -272,6 +283,7 @@ def test_create_activation_with_eda_credentials(
         ],
         "rulebook_id": activation_payload["rulebook_id"],
         "eda_credentials": [credential.id, kafka_eda_credential.id],
+        "organization_id": default_organization.id,
     }
 
     response = admin_client.post(
@@ -315,19 +327,22 @@ def test_create_activation_with_key_conflict(
     default_decision_environment: models.DecisionEnvironment,
     default_rulebook: models.Rulebook,
     kafka_credential_type: models.CredentialType,
+    default_organization: models.Organization,
     preseed_credential_types,
 ):
     test_activation = {
         "name": "test_activation",
         "decision_environment_id": default_decision_environment.id,
         "rulebook_id": default_rulebook.id,
         "extra_var": OVERLAP_EXTRA_VAR,
+        "organization_id": default_organization.id,
     }
 
     test_eda_credential = models.EdaCredential.objects.create(
         name="eda-credential",
         inputs={"sasl_username": "adam", "sasl_password": "secret"},
         credential_type_id=kafka_credential_type.id,
+        organization=default_organization,
     )
     test_activation["eda_credentials"] = [test_eda_credential.id]
 
@@ -347,6 +362,7 @@ def test_create_activation_with_conflict_credentials(
     admin_client: APIClient,
     activation_payload: Dict[str, Any],
     user_credential_type: models.CredentialType,
+    default_organization: models.Organization,
     preseed_credential_types,
 ):
     test_activation = {
@@ -355,6 +371,7 @@ def test_create_activation_with_conflict_credentials(
             "decision_environment_id"
         ],
         "rulebook_id": activation_payload["rulebook_id"],
+        "organization_id": default_organization.id,
     }
 
     eda_credentials = models.EdaCredential.objects.bulk_create(
@@ -392,19 +409,22 @@ def test_create_activation_without_extra_vars_single_credential(
     default_decision_environment: models.DecisionEnvironment,
     default_rulebook: models.Rulebook,
     user_credential_type: models.CredentialType,
+    default_organization: models.Organization,
     preseed_credential_types,
 ):
     test_activation = {
         "name": "test_activation",
         "decision_environment_id": default_decision_environment.id,
         "rulebook_id": default_rulebook.id,
         "extra_var": None,
+        "organization_id": default_organization.id,
     }
 
     eda_credential = models.EdaCredential.objects.create(
         name="credential-1",
         inputs={"sasl_username": "adam", "sasl_password": "secret"},
         credential_type_id=user_credential_type.id,
+        organization=default_organization,
     )
 
     eda_credential_ids = [eda_credential.id]
@@ -427,12 +447,14 @@ def test_create_activation_without_extra_vars_duplicate_credentials(
     default_decision_environment: models.DecisionEnvironment,
     default_rulebook: models.Rulebook,
     user_credential_type: models.CredentialType,
+    default_organization: models.Organization,
     preseed_credential_types,
 ):
     test_activation = {
         "name": "test_activation",
         "decision_environment_id": default_decision_environment.id,
         "rulebook_id": default_rulebook.id,
+        "organization_id": default_organization.id,
     }
 
     eda_credentials = models.EdaCredential.objects.bulk_create(
@@ -441,11 +463,13 @@ def test_create_activation_without_extra_vars_duplicate_credentials(
                 name="credential-1",
                 inputs={"sasl_username": "adam", "sasl_password": "secret"},
                 credential_type_id=user_credential_type.id,
+                organization=default_organization,
             ),
             models.EdaCredential(
                 name="credential-2",
                 inputs={"sasl_username": "bearny", "sasl_password": "demo"},
                 credential_type_id=user_credential_type.id,
+                organization=default_organization,
             ),
         ]
     )