From 438d41c986161971c4eea3c42c1665f4adf20984 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Fri, 18 Aug 2017 14:10:19 -0400
Subject: [PATCH] make `vault_password` required for Vault credentials

see: https://github.com/ansible/ansible-tower/issues/7468
---
 awx/main/models/credential.py                 |  1 +
 .../tests/functional/api/test_credential.py   | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/awx/main/models/credential.py b/awx/main/models/credential.py
index 720e3c2fa3..b7d76581dc 100644
--- a/awx/main/models/credential.py
+++ b/awx/main/models/credential.py
@@ -690,6 +690,7 @@ def vault(cls):
                 'secret': True,
                 'ask_at_runtime': True
             }],
+            'required': ['vault_password'],
         }
     )
 
diff --git a/awx/main/tests/functional/api/test_credential.py b/awx/main/tests/functional/api/test_credential.py
index ac9c1be960..201732a7b9 100644
--- a/awx/main/tests/functional/api/test_credential.py
+++ b/awx/main/tests/functional/api/test_credential.py
@@ -922,6 +922,25 @@ def test_vault_create_ok(post, organization, admin, version, params):
     assert decrypt_field(cred, 'vault_password') == 'some_password'
 
 
+@pytest.mark.django_db
+def test_vault_password_required(post, organization, admin):
+    vault = CredentialType.defaults['vault']()
+    vault.save()
+    response = post(
+        reverse('api:credential_list', kwargs={'version': 'v2'}),
+        {
+            'credential_type': vault.pk,
+            'organization': organization.id,
+            'name': 'Best credential ever',
+            'inputs': {}
+        },
+        admin
+    )
+    assert response.status_code == 400
+    assert response.data['inputs'] == {'vault_password': ['required for Vault']}
+    assert Credential.objects.count() == 0
+
+
 #
 # Net Credentials
 #