Removed extraneous warning when using garbage credentials for ssh_key_data

added in logic to check if there was an existing error before checking form field entry for ssh_key_unlock, also added a test to ensure that garbage data entered would not trigger the error message for both the incorrect ssh_key_data and the incorrect ssh_key_unlock, rather just the incorrect ssh_key_data
2026-01-13 02:50:02 -03:30 · 2019-08-21 16:41:30 -04:00 · 2019-08-21 16:41:30 -04:00 · 017274e2aa
commit 017274e2aa
parent 1d05c21af4
2 changed files with 41 additions and 3 deletions
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@ -688,16 +688,18 @@ class CredentialInputField(JSONSchemaField):
                model_instance.inputs['ssh_key_data'] = model_instance.__class__.objects.get(
                    pk=model_instance.pk
                ).inputs.get('ssh_key_data')
-
+            
            if model_instance.has_encrypted_ssh_key_data and not value.get('ssh_key_unlock'):
                errors['ssh_key_unlock'] = [_('must be set when SSH key is encrypted.')]
+            
            if all([
                model_instance.inputs.get('ssh_key_data'),
                value.get('ssh_key_unlock'),
-                not model_instance.has_encrypted_ssh_key_data
+                not model_instance.has_encrypted_ssh_key_data,
+                'ssh_key_data' not in errors
            ]):
                errors['ssh_key_unlock'] = [_('should not be set when SSH key is not encrypted.')]
-
+        
        if errors:
            raise serializers.ValidationError({
                'inputs': errors
--- a/awx/main/tests/functional/api/test_credential.py
+++ b/awx/main/tests/functional/api/test_credential.py
@ -1360,6 +1360,42 @@ def test_ssh_unlock_with_prior_value(put, organization, admin, credentialtype_ss
    assert decrypt_field(cred, 'ssh_key_unlock') == 'new-unlock'


+@pytest.mark.django_db
+@pytest.mark.parametrize('version, params', [
+    ['v2', {
+        'name': 'Best credential ever',
+        'credential_type': 1,
+        'inputs': {
+            'username': 'oscar',
+            'ssh_key_data': 'invalid-key',
+            'ssh_key_unlock': 'unchecked-unlock',
+        }
+    }]
+])
+def test_ssh_bad_key_unlock_not_checked(put, organization, admin, credentialtype_ssh, version, params):
+    cred = Credential(
+        credential_type=credentialtype_ssh,
+        name='Best credential ever',
+        organization=organization,
+        inputs={
+            'username': u'oscar',
+            'ssh_key_data': 'invalid-key',
+            'ssh_key_unlock': 'unchecked-unlock',
+        }
+    )
+    cred.save()
+
+    params['organization'] = organization.id
+    response = put(
+        reverse('api:credential_detail', kwargs={'version': version, 'pk': cred.pk}),
+        params,
+        admin
+    )
+    assert response.status_code == 400
+    assert response.data['inputs']['ssh_key_data'] == ['Invalid certificate or key: invalid-key...']
+    assert 'ssh_key_unlock' not in response.data['inputs']
+
+
 #
 # test secret encryption/decryption
 #