From 31829038bdd13c2c975141263cfd1960c9c59f45 Mon Sep 17 00:00:00 2001 From: Ryan Petrello Date: Mon, 10 Jul 2017 16:34:25 -0400 Subject: [PATCH] prevent creation of custom credential types that != 'cloud || network` see: #6959 --- awx/api/serializers.py | 5 +++++ .../functional/api/test_credential_type.py | 22 +++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index a28597ec6c..06755f06d2 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -1904,6 +1904,11 @@ class CredentialTypeSerializer(BaseSerializer): ) ret = super(CredentialTypeSerializer, self).validate(attrs) + if 'kind' in attrs and attrs['kind'] not in ('cloud', 'network'): + raise serializers.ValidationError({ + "kind": _("Must be 'cloud' or 'network', not %s") % attrs['kind'] + }) + fields = attrs.get('inputs', {}).get('fields', []) for field in fields: if field.get('ask_at_runtime', False): diff --git a/awx/main/tests/functional/api/test_credential_type.py b/awx/main/tests/functional/api/test_credential_type.py index eea1d42e8a..452362c505 100644 --- a/awx/main/tests/functional/api/test_credential_type.py +++ b/awx/main/tests/functional/api/test_credential_type.py @@ -143,6 +143,28 @@ def test_create_managed_by_tower_readonly(get, post, admin): assert response.data['results'][0]['managed_by_tower'] is False +@pytest.mark.django_db +@pytest.mark.parametrize('kind', ['ssh', 'vault', 'scm', 'insights']) +def test_create_invalid_kind(kind, get, post, admin): + response = post(reverse('api:credential_type_list'), { + 'kind': kind, + 'name': 'My Custom Type', + 'inputs': { + 'fields': [{ + 'id': 'api_token', + 'label': 'API Token', + 'type': 'string', + 'secret': True + }] + }, + 'injectors': {} + }, admin) + assert response.status_code == 400 + + response = get(reverse('api:credential_type_list'), admin) + assert response.data['count'] == 0 + + @pytest.mark.django_db def test_create_with_valid_inputs(get, post, admin): response = post(reverse('api:credential_type_list'), {