From 165405ad3f0091325ecdfb62b0c5d58cae10bf01 Mon Sep 17 00:00:00 2001
From: Jake McDermott <yo@jakemcdermott.me>
Date: Wed, 27 Mar 2019 19:47:02 -0400
Subject: [PATCH] include externally sourced input fields for injection

---
 awx/main/models/credential/__init__.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/awx/main/models/credential/__init__.py b/awx/main/models/credential/__init__.py
index 2d9f9892d5..1beec8cc58 100644
--- a/awx/main/models/credential/__init__.py
+++ b/awx/main/models/credential/__init__.py
@@ -698,15 +698,15 @@ class CredentialType(CommonModelNameNotUnique):
         # build a normal namespace with secret values decrypted (for
         # ansible-playbook) and a safe namespace with secret values hidden (for
         # DB storage)
-        for field_name, value in credential.inputs.items():
+        injectable_fields = list(credential.inputs.keys()) + credential.dynamic_input_fields
+        for field_name in list(set(injectable_fields)):
+            value = credential.get_input(field_name)
 
             if type(value) is bool:
-                # boolean values can't be secret/encrypted
+                # boolean values can't be secret/encrypted/external
                 safe_namespace[field_name] = namespace[field_name] = value
                 continue
 
-            value = credential.get_input(field_name)
-
             if field_name in self.secret_fields:
                 safe_namespace[field_name] = '**********'
             elif len(value):