improve sanitation of empty credential values to match API v1 behavior

This is mostly backwards compatability to avoid surprises: in 3.1.x if you submit a field value with `null` or an empty string to a CharField, it's treated as an empty string (and SSH key validation is skipped). For boolean field values (`net.authorize`), `null` and empty string are coerced to `False`. see: #7216 see: #7218
2026-03-04 10:11:05 -03:30 · 2017-07-21 11:21:40 -04:00
parent 825dfc9df9
commit a640d6afec
3 changed files with 72 additions and 3 deletions
--- a/awx/main/tests/functional/api/test_credential.py
+++ b/awx/main/tests/functional/api/test_credential.py
@@ -1,3 +1,5 @@
+import itertools
+
 import mock # noqa
 import pytest

@@ -707,6 +709,59 @@ def test_inputs_cannot_contain_extra_fields(get, post, organization, admin, cred
    assert "'invalid_field' was unexpected" in response.data['inputs'][0]


+@pytest.mark.django_db
+@pytest.mark.parametrize('field_name, field_value', itertools.product(
+    ['username', 'password', 'ssh_key_data', 'ssh_key_unlock', 'become_method', 'become_username', 'become_password'],  # noqa
+    ['', None]
+))
+def test_nullish_field_data(get, post, organization, admin, field_name, field_value):
+    ssh = CredentialType.defaults['ssh']()
+    ssh.save()
+    params = {
+        'name': 'Best credential ever',
+        'credential_type': ssh.pk,
+        'organization': organization.id,
+        'inputs': {
+            field_name: field_value
+        }
+    }
+    response = post(
+        reverse('api:credential_list', kwargs={'version': 'v2'}),
+        params,
+        admin
+    )
+    assert response.status_code == 201
+
+    assert Credential.objects.count() == 1
+    cred = Credential.objects.all()[:1].get()
+    assert getattr(cred, field_name) == ''
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize('field_value', ['', None, False])
+def test_falsey_field_data(get, post, organization, admin, field_value):
+    net = CredentialType.defaults['net']()
+    net.save()
+    params = {
+        'name': 'Best credential ever',
+        'credential_type': net.pk,
+        'organization': organization.id,
+        'inputs': {
+            'authorize': field_value
+        }
+    }
+    response = post(
+        reverse('api:credential_list', kwargs={'version': 'v2'}),
+        params,
+        admin
+    )
+    assert response.status_code == 201
+
+    assert Credential.objects.count() == 1
+    cred = Credential.objects.all()[:1].get()
+    assert cred.authorize is False
+
+
 #
 # SCM Credentials
 #