diff --git a/awx/main/tests/functional/models/test_activity_stream.py b/awx/main/tests/functional/models/test_activity_stream.py index 4ea6a83ab0..0529b5377b 100644 --- a/awx/main/tests/functional/models/test_activity_stream.py +++ b/awx/main/tests/functional/models/test_activity_stream.py @@ -296,3 +296,15 @@ def test_cluster_node_long_node_name(inventory, project): # node name is very long, we just want to make sure it does not error entry = ActivityStream.objects.filter(job=job).first() assert entry.action_node.startswith('ffffff') + + +@pytest.mark.django_db +def test_credential_defaults_idempotency(): + CredentialType.setup_tower_managed_defaults() + old_inputs = CredentialType.objects.get(name='Ansible Tower', kind='cloud').inputs + prior_count = ActivityStream.objects.count() + # this is commonly re-ran in migrations, and no changes should be shown + # because inputs and injectors are not actually tracked in the database + CredentialType.setup_tower_managed_defaults() + assert CredentialType.objects.get(name='Ansible Tower', kind='cloud').inputs == old_inputs + assert ActivityStream.objects.count() == prior_count diff --git a/awx/main/utils/common.py b/awx/main/utils/common.py index 7d196c9842..cc3272794f 100644 --- a/awx/main/utils/common.py +++ b/awx/main/utils/common.py @@ -379,7 +379,12 @@ def get_allowed_fields(obj, serializer_mapping): 'oauth2accesstoken': ['last_used'], 'oauth2application': ['client_secret'] } - field_blacklist = ACTIVITY_STREAM_FIELD_EXCLUSIONS.get(obj._meta.model_name, []) + model_name = obj._meta.model_name + field_blacklist = ACTIVITY_STREAM_FIELD_EXCLUSIONS.get(model_name, []) + # see definition of from_db for CredentialType + # injection logic of any managed types are incompatible with activity stream + if model_name == 'credentialtype' and obj.managed_by_tower and obj.namespace: + field_blacklist.extend(['inputs', 'injectors']) if field_blacklist: allowed_fields = [f for f in allowed_fields if f not in field_blacklist] return allowed_fields