From 9f11c008d21134d94b857a1e8887450f83c29729 Mon Sep 17 00:00:00 2001 From: Ryan Petrello Date: Fri, 21 Jul 2017 16:46:51 -0400 Subject: [PATCH] don't allow boolean credential type fields that specify `secret` secret doesn't really make sense for boolean values; they can't store sensitive content because they're just true|false see: https://github.com/ansible/ansible-tower/issues/6776 --- awx/main/fields.py | 2 +- awx/main/tests/functional/test_credential.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/awx/main/fields.py b/awx/main/fields.py index f7953f5830..7e2c3edfaf 100644 --- a/awx/main/fields.py +++ b/awx/main/fields.py @@ -624,7 +624,7 @@ class CredentialTypeInputField(JSONSchemaField): # If no type is specified, default to string field['type'] = 'string' - for key in ('choices', 'multiline', 'format'): + for key in ('choices', 'multiline', 'format', 'secret',): if key in field and field['type'] != 'string': raise django_exceptions.ValidationError( _('%s not allowed for %s type (%s)' % (key, field['type'], field['id'])), diff --git a/awx/main/tests/functional/test_credential.py b/awx/main/tests/functional/test_credential.py index 25b4504687..cdb54c2265 100644 --- a/awx/main/tests/functional/test_credential.py +++ b/awx/main/tests/functional/test_credential.py @@ -72,6 +72,7 @@ def test_cloud_kind_uniqueness(): ({'fields': [{'id': 'ssh_key', 'label': 'SSH Key', 'type': 'string', 'format': 'ssh_private_key'}]}, True), # noqa ({'fields': [{'id': 'flag', 'label': 'Some Flag', 'type': 'boolean'}]}, True), ({'fields': [{'id': 'flag', 'label': 'Some Flag', 'type': 'boolean', 'choices': ['a', 'b']}]}, False), + ({'fields': [{'id': 'flag', 'label': 'Some Flag', 'type': 'boolean', 'secret': True}]}, False), ({'fields': [{'id': 'certificate', 'label': 'Cert', 'multiline': True}]}, True), ({'fields': [{'id': 'certificate', 'label': 'Cert', 'multiline': True, 'type': 'boolean'}]}, False), # noqa ({'fields': [{'id': 'certificate', 'label': 'Cert', 'multiline': 'bad'}]}, False), # noqa