Add functions to support recursive validation for extra_vars

awx/main/fields.py

@@ -856,11 +856,7 @@ class CredentialTypeInjectorField(JSONSchemaField):
                 template_name = template_name.split('.')[1]
                 setattr(valid_namespace['tower'].filename, template_name, 'EXAMPLE_FILENAME')
 
-        for type_, injector in value.items():
+        def validate_template_string(tmpl):
-            if type_ == 'env':
-                for key in injector.keys():
-                    self.validate_env_var_allowed(key)
-            for key, tmpl in injector.items():
             try:
                 sandbox.ImmutableSandboxedEnvironment(undefined=StrictUndefined).from_string(tmpl).render(valid_namespace)
             except UndefinedError as e:
@@ -878,6 +874,24 @@ class CredentialTypeInjectorField(JSONSchemaField):
                     params={'value': value},
                 )
 
+        def validate_extra_vars(node):
+            if isinstance(node, dict):
+                return {validate_extra_vars(k): validate_extra_vars(v) for k, v in node.items()}
+            elif isinstance(node, list):
+                return [validate_extra_vars(x) for x in node]
+            else:
+                validate_template_string(node)
+
+        for type_, injector in value.items():
+            if type_ == 'env':
+                for key in injector.keys():
+                    self.validate_env_var_allowed(key)
+            if type_ == 'extra_vars':
+                validate_extra_vars(injector)
+            else:
+                for key, tmpl in injector.items():
+                    validate_template_string(tmpl)
+
 
 class AskForField(models.BooleanField):
     """