refactor and fix ssh_private_key and ssh_key_unlock validation

`clean_ssh_key_data` and `clean_ssh_key_unlock` no longer work because they're not actual fields on `model.Credential` anymore. This change refactors/moves their validation to a place that works (and makes more sense).
2026-02-25 15:06:02 -03:30 · 2017-05-12 09:21:10 -04:00
parent c04ac86df8
commit 0ac4f71e5b
4 changed files with 102 additions and 47 deletions
--- a/awx/main/tests/functional/test_credential.py
+++ b/awx/main/tests/functional/test_credential.py
@@ -7,6 +7,9 @@ from django.core.exceptions import ValidationError
 from awx.main.utils.common import decrypt_field
 from awx.main.models import Credential, CredentialType

+EXAMPLE_PRIVATE_KEY = '-----BEGIN PRIVATE KEY-----\nxyz==\n-----END PRIVATE KEY-----'
+EXAMPLE_ENCRYPTED_PRIVATE_KEY = '-----BEGIN PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nxyz==\n-----END PRIVATE KEY-----'
+

@pytest.mark.django_db
 def test_default_cred_types():
@@ -60,7 +63,7 @@ def test_cloud_kind_uniqueness():
    ({'fields': [{'id': 'username', 'label': 'Username'}, {'id': 'username', 'label': 'Username 2'}]}, False),  # noqa
    ({'fields': [{'id': '$invalid$', 'label': 'Invalid'}]}, False),  # noqa
    ({'fields': [{'id': 'password', 'label': 'Password', 'type': 'number'}]}, True),
-    ({'fields': [{'id': 'ssh_key', 'label': 'SSH Key', 'type': 'ssh_private_key'}]}, True),  # noqa
+    ({'fields': [{'id': 'ssh_key', 'label': 'SSH Key', 'type': 'string', 'format': 'ssh_private_key'}]}, True),  # noqa
    ({'fields': [{'id': 'other', 'label': 'Other', 'type': 'boolean'}]}, False),
    ({'fields': [{'id': 'certificate', 'label': 'Cert', 'multiline': True}]}, True),
    ({'fields': [{'id': 'certificate', 'label': 'Cert', 'multiline': 'bad'}]}, False),  # noqa
@@ -181,6 +184,37 @@ def test_credential_creation_validation_failure(organization_factory):
        cred.full_clean()


+@pytest.mark.django_db
+@pytest.mark.parametrize('ssh_key_data, ssh_key_unlock, valid', [
+    [EXAMPLE_PRIVATE_KEY, None, True],  # unencrypted key, no unlock pass
+    [EXAMPLE_PRIVATE_KEY, 'super-secret', False],  # unencrypted key, unlock pass
+    [EXAMPLE_ENCRYPTED_PRIVATE_KEY, 'super-secret', True],  # encrypted key, unlock pass
+    [EXAMPLE_ENCRYPTED_PRIVATE_KEY, None, False],  # encrypted key, no unlock pass
+    [None, None, True],  # no key, no unlock pass
+    [None, 'super-secret', False],  # no key, unlock pass
+    ['INVALID-KEY-DATA', None, False],  # invalid key data
+    [EXAMPLE_PRIVATE_KEY.replace('=', '\u003d'), None, True],  # automatically fix JSON-encoded GCE keys
+])
+def test_ssh_key_data_validation(credentialtype_ssh, organization, ssh_key_data, ssh_key_unlock, valid):
+    inputs = {}
+    if ssh_key_data:
+        inputs['ssh_key_data'] = ssh_key_data
+    if ssh_key_unlock:
+        inputs['ssh_key_unlock'] = ssh_key_unlock
+    cred = Credential(
+        credential_type=credentialtype_ssh,
+        name="Best credential ever",
+        inputs=inputs,
+        organization=organization
+    )
+    cred.save()
+    if valid:
+        cred.full_clean()
+    else:
+        with pytest.raises(ValidationError):
+            cred.full_clean()
+
+
@pytest.mark.django_db
 def test_credential_encryption(organization_factory, credentialtype_ssh):
    org = organization_factory('test').organization