Validate single and multi-file injection

2026-03-13 15:09:32 -02:30 · 2017-11-21 13:11:14 -05:00
parent 7aa1ae69b3
commit 18178c83b3
2 changed files with 21 additions and 2 deletions
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@@ -748,8 +748,24 @@ class CredentialTypeInjectorField(JSONSchemaField):

        class TowerNamespace:
            filename = None
-
        valid_namespace['tower'] = TowerNamespace()
+
+        # ensure either single file or multi-file syntax is used (but not both)
+        template_names = set(key for type_, injector in value.items()
+                             for key, tmpl in injector.items()
+                             if key.startswith('template'))
+        if 'template' in template_names and len(template_names) > 1:
+            raise django_exceptions.ValidationError(
+                _('Must use multi-file syntax when injecting multiple files'),
+                code='invalid',
+                params={'value': value},
+            )
+        if 'template' not in template_names:
+            valid_namespace['tower'].filename = TowerNamespace()
+            for template_name in template_names:
+                template_name = template_name[9:]
+                setattr(valid_namespace['tower'].filename, template_name, 'EXAMPLE')
+
        for type_, injector in value.items():
            for key, tmpl in injector.items():
                try:
--- a/docs/custom_credential_types.md
+++ b/docs/custom_credential_types.md
@@ -194,7 +194,8 @@ certificate/key data:
        }
    }

-
+Note that the single and multi-file syntax cannot be mixed within the same
+``Credential Type``.

 Job and Job Template Credential Assignment
 ------------------------------------------
@@ -326,6 +327,8 @@ When verifying acceptance we should ensure the following statements are true:
 * Custom `Credential Types` should support injecting both single and
  multiple files. (Furthermore, the new syntax for injecting multiple files
  should work properly even if only a single file is injected).
+* Users should not be able to use the syntax for injecting single and
+  multiple files in the same custom credential.
 * The default `Credential Types` included with Tower in 3.2 should be
  non-editable/readonly and cannot be deleted by any user.
 * Stored `Credential` values for _all_ types should be consistent before and