From a38d6552e8868a8a37467d12ede99081447af1b1 Mon Sep 17 00:00:00 2001 From: AlanCoding Date: Tue, 17 Jul 2018 08:41:40 -0400 Subject: [PATCH] strict type enforcement of deprecated launch fields --- awx/api/views.py | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/awx/api/views.py b/awx/api/views.py index 8536d47b81..c99821e5b8 100644 --- a/awx/api/views.py +++ b/awx/api/views.py @@ -3036,10 +3036,10 @@ class JobTemplateLaunch(RetrieveAPIView): existing_credentials = obj.credentials.all() template_credentials = list(existing_credentials) # save copy of existing new_credentials = [] - for key, conditional in ( - ('credential', lambda cred: cred.credential_type.kind != 'ssh'), - ('vault_credential', lambda cred: cred.credential_type.kind != 'vault'), - ('extra_credentials', lambda cred: cred.credential_type.kind not in ('cloud', 'net')) + for key, conditional, _type, type_repr in ( + ('credential', lambda cred: cred.credential_type.kind != 'ssh', int, 'pk value'), + ('vault_credential', lambda cred: cred.credential_type.kind != 'vault', int, 'pk value'), + ('extra_credentials', lambda cred: cred.credential_type.kind not in ('cloud', 'net'), Iterable, 'a list') ): if key in modern_data: # if a specific deprecated key is specified, remove all @@ -3048,6 +3048,13 @@ class JobTemplateLaunch(RetrieveAPIView): existing_credentials = filter(conditional, existing_credentials) prompted_value = modern_data.pop(key) + # validate type, since these are not covered by a serializer + if not isinstance(prompted_value, _type): + msg = _( + "Incorrect type. Expected {}, received {}." + ).format(type_repr, prompted_value.__class__.__name__) + raise ParseError({key: [msg], 'credentials': [msg]}) + # add the deprecated credential specified in the request if not isinstance(prompted_value, Iterable) or isinstance(prompted_value, basestring): prompted_value = [prompted_value]