add some additional validation to JT.credentials

see: https://github.com/ansible/tower/issues/2612
2026-05-05 00:25:29 -02:30 · 2018-07-30 13:36:37 -04:00
parent 6e3686bfc9
commit b99f211c7e
4 changed files with 51 additions and 2 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -4285,6 +4285,10 @@ class JobLaunchSerializer(BaseSerializer):
                errors.setdefault('credentials', []).append(_(
                    'Cannot assign multiple {} credentials.'
                ).format(cred.unique_hash(display=True)))
+            if cred.credential_type.kind not in ('ssh', 'vault', 'cloud', 'net'):
+                errors.setdefault('credentials', []).append(_(
+                    'Cannot assign a Credential of kind `{}`'
+                ).format(cred.credential_type.kind))
            distinct_cred_kinds.append(cred.unique_hash())

        # Prohibit removing credentials from the JT list (unsupported for now)
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -3346,6 +3346,9 @@ class JobTemplateCredentialsList(SubListCreateAttachDetachAPIView):
        if sub.unique_hash() in [cred.unique_hash() for cred in parent.credentials.all()]:
            return {"error": _("Cannot assign multiple {credential_type} credentials.".format(
                credential_type=sub.unique_hash(display=True)))}
+        kind = sub.credential_type.kind
+        if kind not in ('ssh', 'vault', 'cloud', 'net'):
+            return {'error': _('Cannot assign a Credential of kind `{}`.').format(kind)}

        return super(JobTemplateCredentialsList, self).is_valid_relation(parent, sub, created)