Merge pull request #3528 from jakemcdermott/fix-3507

require url scheme for external credential type url inputs

awx/main/credential_plugins/aim.py

@@ -15,6 +15,7 @@ aim_inputs = {
         'id': 'url',
         'label': _('CyberArk AIM URL'),
         'type': 'string',
+        'format': 'url',
     }, {
         'id': 'app_id',
         'label': _('Application ID'),

awx/main/credential_plugins/azure_kv.py

@@ -10,6 +10,7 @@ azure_keyvault_inputs = {
         'id': 'url',
         'label': _('Vault URL (DNS Name)'),
         'type': 'string',
+        'format': 'url',
     }, {
         'id': 'client',
         'label': _('Client ID'),

awx/main/credential_plugins/conjur.py

@@ -16,6 +16,7 @@ conjur_inputs = {
         'id': 'url',
         'label': _('Conjur URL'),
         'type': 'string',
+        'format': 'url',
     }, {
         'id': 'api_key',
         'label': _('API Key'),

awx/main/credential_plugins/hashivault.py

@@ -14,6 +14,7 @@ base_inputs = {
         'id': 'url',
         'label': _('Server URL'),
         'type': 'string',
+        'format': 'url',
         'help_text': _('The URL to the HashiCorp Vault'),
     }, {
         'id': 'token',

awx/main/fields.py

@@ -490,6 +490,19 @@ def format_ssh_private_key(value):
     return True
 
 
+@JSONSchemaField.format_checker.checks('url')
+def format_url(value):
+    try:
+        scheme = urllib.parse.urlparse(value).scheme
+    except Exception as e:
+        raise jsonschema.exceptions.FormatError(str(e))
+    if scheme == '':
+        raise jsonschema.exceptions.FormatError(
+            'Invalid URL: Missing url scheme (http, https, etc.)'
+        )
+    return True
+
+
 class DynamicCredentialInputField(JSONSchemaField):
     """
     Used to validate JSON for
@@ -722,7 +735,7 @@ class CredentialTypeInputField(JSONSchemaField):
                         'type': 'object',
                         'properties': {
                             'type': {'enum': ['string', 'boolean']},
-                            'format': {'enum': ['ssh_private_key']},
+                            'format': {'enum': ['ssh_private_key', 'url']},
                             'choices': {
                                 'type': 'array',
                                 'minItems': 1,

awx/main/tests/functional/api/test_credential.py

@@ -1942,3 +1942,40 @@ def test_create_credential_missing_user_team_org_xfail(post, admin, credentialty
         admin
     )
     assert response.status_code == 400
+
+
+@pytest.mark.django_db
+def test_create_credential_with_invalid_url_xfail(post, organization, admin):
+    credential_type = CredentialType(
+        kind='test',
+        name='MyTestCredentialType',
+        inputs = {
+            'fields': [{
+                'id': 'server_url',
+                'label': 'Server Url',
+                'type': 'string',
+                'format': 'url'
+            }]
+        }
+    )
+    credential_type.save()
+
+    params = {
+        'name': 'Second Best Credential Ever',
+        'organization': organization.pk,
+        'credential_type': credential_type.pk,
+        'inputs': {'server_url': 'foo.com'}
+    }
+    endpoint = reverse('api:credential_list', kwargs={'version': 'v2'})
+    response = post(endpoint, params, admin)
+    assert response.status_code == 400
+    assert response.data['inputs']['server_url'] == ['Invalid URL: Missing url scheme (http, https, etc.)']
+
+    params['inputs']['server_url'] = 'https://[dead:beef'
+    response = post(endpoint, params, admin)
+    assert response.status_code == 400
+    assert response.data['inputs']['server_url'] == ['Invalid IPv6 URL']
+
+    params['inputs']['server_url'] = 'http://foo.com'
+    response = post(endpoint, params, admin)
+    assert response.status_code == 201