Add new option update_secrets to allow lazy or strict updating

awx_collection/test/awx/test_completeness.py

@@ -30,7 +30,7 @@ no_endpoint_for_module = [
 
 # Global module parameters we can ignore
 ignore_parameters = [
-    'state', 'new_name',
+    'state', 'new_name', 'update_secrets'
 ]
 
 # Some modules take additional parameters that do not appear in the API

awx_collection/test/awx/test_credential.py

@@ -154,7 +154,8 @@ def test_make_use_of_custom_credential_type(run_module, organization, admin_user
 
 
 @pytest.mark.django_db
-def test_secret_field_write_twice(run_module, organization, admin_user, cred_type):
+@pytest.mark.parametrize('update_secrets', [True, False])
+def test_secret_field_write_twice(run_module, organization, admin_user, cred_type, update_secrets):
     val1 = '7rEZK38DJl58A7RxA6EC7lLvUHbBQ1'
     result = run_module('tower_credential', dict(
         name='Galaxy Token for Steve',
@@ -172,9 +173,14 @@ def test_secret_field_write_twice(run_module, organization, admin_user, cred_typ
         name='Galaxy Token for Steve',
         organization=organization.name,
         credential_type=cred_type.name,
-        inputs={'token': val2}
+        inputs={'token': val2},
+        update_secrets=update_secrets
     ), admin_user)
     assert not result.get('failed', False), result.get('msg', result)
 
     Credential.objects.get(id=result['id']).inputs['token'] == val2
-    assert result.get('changed'), result
+    print(result)
+    if update_secrets:
+        assert result.get('changed'), result
+    else:
+        assert result.get('changed') is False, result

awx_collection/test/awx/test_user.py

@@ -52,7 +52,7 @@ def test_update_password_on_create(run_module, admin_user, mock_auth_stuff):
         result = run_module('tower_user', dict(
             username='Bob',
             password='pass4word',
-            update_password='on_create'
+            update_secrets=False
         ), admin_user)
         assert not result.get('failed', False), result.get('msg', result)