diff --git a/awx/main/tasks.py b/awx/main/tasks.py index 0321cf910f..061a6964e7 100644 --- a/awx/main/tasks.py +++ b/awx/main/tasks.py @@ -1467,7 +1467,8 @@ class RunJob(BaseTask): if k == 'vault_password': args.append('--ask-vault-pass') else: - vault_id = k.split('.')[1] + # split only on the first dot in case the vault ID itself contains a dot + vault_id = k.split('.', 1)[1] args.append('--vault-id') args.append('{}@prompt'.format(vault_id)) @@ -1533,7 +1534,8 @@ class RunJob(BaseTask): d[r'Vault password:\s*?$'] = 'vault_password' for k, v in passwords.items(): if k.startswith('vault_password.'): - vault_id = k.split('.')[1] + # split only on the first dot in case the vault ID itself contains a dot + vault_id = k.split('.', 1)[1] d[r'Vault password \({}\):\s*?$'.format(vault_id)] = k return d diff --git a/awx/main/tests/unit/test_tasks.py b/awx/main/tests/unit/test_tasks.py index 143e461daf..2bc609a24d 100644 --- a/awx/main/tests/unit/test_tasks.py +++ b/awx/main/tests/unit/test_tasks.py @@ -872,7 +872,7 @@ class TestJobCredentials(TestJobExecution): def test_multi_vault_password(self, private_data_dir, job): task = tasks.RunJob() vault = CredentialType.defaults['vault']() - for i, label in enumerate(['dev', 'prod']): + for i, label in enumerate(['dev', 'prod', 'dotted.name']): credential = Credential( pk=i, credential_type=vault, @@ -892,10 +892,12 @@ class TestJobCredentials(TestJobExecution): ) assert vault_passwords['Vault password \(prod\):\\s*?$'] == 'pass@prod' # noqa assert vault_passwords['Vault password \(dev\):\\s*?$'] == 'pass@dev' # noqa + assert vault_passwords['Vault password \(dotted.name\):\\s*?$'] == 'pass@dotted.name' # noqa assert vault_passwords['Vault password:\\s*?$'] == '' # noqa assert '--ask-vault-pass' not in ' '.join(args) assert '--vault-id dev@prompt' in ' '.join(args) assert '--vault-id prod@prompt' in ' '.join(args) + assert '--vault-id dotted.name@prompt' in ' '.join(args) def test_multi_vault_id_conflict(self, job): task = tasks.RunJob()