treat vault_credential same as credential for JT launch

2026-03-02 09:18:48 -03:30 · 2017-08-01 19:42:00 -04:00
parent 09303d4d55
commit 0b617d7538
3 changed files with 33 additions and 13 deletions
--- a/awx/main/tests/functional/test_rbac_job_templates.py
+++ b/awx/main/tests/functional/test_rbac_job_templates.py
@@ -96,6 +96,25 @@ def test_job_template_access_org_admin(jt_linked, rando):
    assert access.can_delete(jt_linked)


+@pytest.mark.django_db
+def test_job_template_extra_credentials_prompts_access(
+        rando, post, inventory, project, machine_credential, vault_credential):
+    jt = JobTemplate.objects.create(
+        name = 'test-jt',
+        project = project,
+        playbook = 'helloworld.yml',
+        inventory = inventory,
+        credential = machine_credential,
+        ask_credential_on_launch = True
+    )
+    jt.execute_role.members.add(rando)
+    r = post(
+        reverse('api:job_template_launch', kwargs={'version': 'v2', 'pk': jt.id}),
+        {'vault_credential': vault_credential.pk}, rando
+    )
+    assert r.status_code == 403
+
+
@pytest.mark.django_db
 class TestJobTemplateCredentials: