From 017274e2aa76437428eb79b7a99e688cbc1baf04 Mon Sep 17 00:00:00 2001
From: Rebeccah Hunter <rebeccahhh@localhost.localdomain>
Date: Wed, 21 Aug 2019 16:41:30 -0400
Subject: [PATCH 1/3] Removed extraneous warning when using garbage credentials
 for ssh_key_data

added in logic to check if there was an existing error before checking form field entry for ssh_key_unlock, also added a test to ensure that garbage data entered would not trigger the error message for both the incorrect ssh_key_data and the incorrect ssh_key_unlock, rather just the incorrect ssh_key_data
---
 awx/main/fields.py                            |  8 +++--
 .../tests/functional/api/test_credential.py   | 36 +++++++++++++++++++
 2 files changed, 41 insertions(+), 3 deletions(-)

diff --git a/awx/main/fields.py b/awx/main/fields.py
index 110492b173..2fbe631448 100644
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@@ -688,16 +688,18 @@ class CredentialInputField(JSONSchemaField):
                 model_instance.inputs['ssh_key_data'] = model_instance.__class__.objects.get(
                     pk=model_instance.pk
                 ).inputs.get('ssh_key_data')
-
+            
             if model_instance.has_encrypted_ssh_key_data and not value.get('ssh_key_unlock'):
                 errors['ssh_key_unlock'] = [_('must be set when SSH key is encrypted.')]
+            
             if all([
                 model_instance.inputs.get('ssh_key_data'),
                 value.get('ssh_key_unlock'),
-                not model_instance.has_encrypted_ssh_key_data
+                not model_instance.has_encrypted_ssh_key_data,
+                'ssh_key_data' not in errors
             ]):
                 errors['ssh_key_unlock'] = [_('should not be set when SSH key is not encrypted.')]
-
+        
         if errors:
             raise serializers.ValidationError({
                 'inputs': errors
diff --git a/awx/main/tests/functional/api/test_credential.py b/awx/main/tests/functional/api/test_credential.py
index 31d2c444f0..3f5eed4e30 100644
--- a/awx/main/tests/functional/api/test_credential.py
+++ b/awx/main/tests/functional/api/test_credential.py
@@ -1360,6 +1360,42 @@ def test_ssh_unlock_with_prior_value(put, organization, admin, credentialtype_ss
     assert decrypt_field(cred, 'ssh_key_unlock') == 'new-unlock'
 
 
+@pytest.mark.django_db
+@pytest.mark.parametrize('version, params', [
+    ['v2', {
+        'name': 'Best credential ever',
+        'credential_type': 1,
+        'inputs': {
+            'username': 'oscar',
+            'ssh_key_data': 'invalid-key',
+            'ssh_key_unlock': 'unchecked-unlock',
+        }
+    }]
+])
+def test_ssh_bad_key_unlock_not_checked(put, organization, admin, credentialtype_ssh, version, params):
+    cred = Credential(
+        credential_type=credentialtype_ssh,
+        name='Best credential ever',
+        organization=organization,
+        inputs={
+            'username': u'oscar',
+            'ssh_key_data': 'invalid-key',
+            'ssh_key_unlock': 'unchecked-unlock',
+        }
+    )
+    cred.save()
+
+    params['organization'] = organization.id
+    response = put(
+        reverse('api:credential_detail', kwargs={'version': version, 'pk': cred.pk}),
+        params,
+        admin
+    )
+    assert response.status_code == 400
+    assert response.data['inputs']['ssh_key_data'] == ['Invalid certificate or key: invalid-key...']
+    assert 'ssh_key_unlock' not in response.data['inputs']
+
+
 #
 # test secret encryption/decryption
 #

From af6e035c3bf8eda9e0db41cf4288a1f5ac20e873 Mon Sep 17 00:00:00 2001
From: Rebeccah Hunter <rebeccahhh@localhost.localdomain>
Date: Thu, 22 Aug 2019 09:39:59 -0400
Subject: [PATCH 2/3] removed tabbing

---
 awx/main/fields.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/main/fields.py b/awx/main/fields.py
index 2fbe631448..ac761ca90e 100644
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@@ -688,7 +688,7 @@ class CredentialInputField(JSONSchemaField):
                 model_instance.inputs['ssh_key_data'] = model_instance.__class__.objects.get(
                     pk=model_instance.pk
                 ).inputs.get('ssh_key_data')
-            
+
             if model_instance.has_encrypted_ssh_key_data and not value.get('ssh_key_unlock'):
                 errors['ssh_key_unlock'] = [_('must be set when SSH key is encrypted.')]
             

From fb71b2699f3900f9168b3f6f652cea7f8a459619 Mon Sep 17 00:00:00 2001
From: Rebeccah Hunter <rebeccahhh@localhost.localdomain>
Date: Thu, 22 Aug 2019 09:41:32 -0400
Subject: [PATCH 3/3] removed tabbing

---
 awx/main/fields.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/awx/main/fields.py b/awx/main/fields.py
index ac761ca90e..d0286f553a 100644
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@@ -699,7 +699,7 @@ class CredentialInputField(JSONSchemaField):
                 'ssh_key_data' not in errors
             ]):
                 errors['ssh_key_unlock'] = [_('should not be set when SSH key is not encrypted.')]
-        
+
         if errors:
             raise serializers.ValidationError({
                 'inputs': errors