Merge pull request #4551 from rebeccahhh/devel

Remove extra warning when using garbage credentials Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
2026-01-12 02:19:58 -03:30 · 2019-08-22 14:18:30 +00:00 · 2019-08-22 14:18:30 +00:00 · 045578ce22
commit 045578ce22
parent 4a45a7e9c3 fb71b2699f
2 changed files with 39 additions and 1 deletions
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@ -691,10 +691,12 @@ class CredentialInputField(JSONSchemaField):

            if model_instance.has_encrypted_ssh_key_data and not value.get('ssh_key_unlock'):
                errors['ssh_key_unlock'] = [_('must be set when SSH key is encrypted.')]
+            
            if all([
                model_instance.inputs.get('ssh_key_data'),
                value.get('ssh_key_unlock'),
-                not model_instance.has_encrypted_ssh_key_data
+                not model_instance.has_encrypted_ssh_key_data,
+                'ssh_key_data' not in errors
            ]):
                errors['ssh_key_unlock'] = [_('should not be set when SSH key is not encrypted.')]

--- a/awx/main/tests/functional/api/test_credential.py
+++ b/awx/main/tests/functional/api/test_credential.py
@ -1360,6 +1360,42 @@ def test_ssh_unlock_with_prior_value(put, organization, admin, credentialtype_ss
    assert decrypt_field(cred, 'ssh_key_unlock') == 'new-unlock'


+@pytest.mark.django_db
+@pytest.mark.parametrize('version, params', [
+    ['v2', {
+        'name': 'Best credential ever',
+        'credential_type': 1,
+        'inputs': {
+            'username': 'oscar',
+            'ssh_key_data': 'invalid-key',
+            'ssh_key_unlock': 'unchecked-unlock',
+        }
+    }]
+])
+def test_ssh_bad_key_unlock_not_checked(put, organization, admin, credentialtype_ssh, version, params):
+    cred = Credential(
+        credential_type=credentialtype_ssh,
+        name='Best credential ever',
+        organization=organization,
+        inputs={
+            'username': u'oscar',
+            'ssh_key_data': 'invalid-key',
+            'ssh_key_unlock': 'unchecked-unlock',
+        }
+    )
+    cred.save()
+
+    params['organization'] = organization.id
+    response = put(
+        reverse('api:credential_detail', kwargs={'version': version, 'pk': cred.pk}),
+        params,
+        admin
+    )
+    assert response.status_code == 400
+    assert response.data['inputs']['ssh_key_data'] == ['Invalid certificate or key: invalid-key...']
+    assert 'ssh_key_unlock' not in response.data['inputs']
+
+
 #
 # test secret encryption/decryption
 #