Wrote corresponding tests.

Updated verbiage to be more in line with existing messages.
2026-01-13 19:10:07 -03:30 · 2022-05-12 15:49:09 -04:00 · 2022-05-12 15:49:09 -04:00 · 40279bc6c0
commit 40279bc6c0
parent f6fb46d99e
2 changed files with 44 additions and 1 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@ -2667,7 +2667,7 @@ class CredentialSerializer(BaseSerializer):
    def validate_inputs(self, inputs):
        if self.instance and self.instance.credential_type.kind == "vault":
            if 'vault_id' in inputs and inputs['vault_id'] != self.instance.inputs['vault_id']:
-                raise ValidationError(_('We do not permit Vault IDs to be changed after they have been created.'))
+                raise ValidationError(_('Vault IDs cannot be changed once they have been created.'))

        return inputs

--- a/awx/main/tests/functional/api/test_credential.py
+++ b/awx/main/tests/functional/api/test_credential.py
@ -532,6 +532,49 @@ def test_vault_password_required(post, organization, admin):
    assert 'required fields (vault_password)' in j.job_explanation


+@pytest.mark.django_db
+def test_vault_id_immutable(post, patch, organization, admin):
+    vault = CredentialType.defaults['vault']()
+    vault.save()
+    response = post(
+        reverse('api:credential_list'),
+        {
+            'credential_type': vault.pk,
+            'organization': organization.id,
+            'name': 'Best credential ever',
+            'inputs': {'vault_id': 'password', 'vault_password': 'password'},
+        },
+        admin,
+    )
+    assert response.status_code == 201
+    assert Credential.objects.count() == 1
+    response = patch(
+        reverse('api:credential_detail', kwargs={'pk': response.data['id']}), {'inputs': {'vault_id': 'password2', 'vault_password': 'password'}}, admin
+    )
+    assert response.status_code == 400
+    assert response.data['inputs'][0] == 'Vault IDs cannot be changed once they have been created.'
+
+
+@pytest.mark.django_db
+def test_patch_without_vault_id_valid(post, patch, organization, admin):
+    vault = CredentialType.defaults['vault']()
+    vault.save()
+    response = post(
+        reverse('api:credential_list'),
+        {
+            'credential_type': vault.pk,
+            'organization': organization.id,
+            'name': 'Best credential ever',
+            'inputs': {'vault_id': 'password', 'vault_password': 'password'},
+        },
+        admin,
+    )
+    assert response.status_code == 201
+    assert Credential.objects.count() == 1
+    response = patch(reverse('api:credential_detail', kwargs={'pk': response.data['id']}), {'name': 'worst_credential_ever'}, admin)
+    assert response.status_code == 200
+
+
 #
 # Net Credentials
 #