add some additional validation to JT.credentials

see: https://github.com/ansible/tower/issues/2612
2026-02-16 18:50:04 -03:30 · 2018-07-30 13:36:37 -04:00
parent 6e3686bfc9
commit b99f211c7e
4 changed files with 51 additions and 2 deletions
--- a/awx/main/tests/functional/api/test_deprecated_credential_assignment.py
+++ b/awx/main/tests/functional/api/test_deprecated_credential_assignment.py
@@ -2,7 +2,7 @@ import json
 import mock
 import pytest

-from awx.main.models import Credential, Job
+from awx.main.models import Credential, CredentialType, Job
 from awx.api.versioning import reverse


@@ -151,6 +151,27 @@ def test_prevent_multiple_machine_creds(get, post, job_template, admin, machine_
    assert 'Cannot assign multiple Machine credentials.' in resp.content


+@pytest.mark.django_db
+@pytest.mark.parametrize('kind', ['scm', 'insights'])
+def test_invalid_credential_type_at_launch(get, post, job_template, admin, kind):
+    cred_type = CredentialType.defaults[kind]()
+    cred_type.save()
+    cred = Credential(
+        name='Some Cred',
+        credential_type=cred_type,
+        inputs={
+            'username': 'bob',
+            'password': 'secret',
+        }
+    )
+    cred.save()
+    url = reverse('api:job_template_launch', kwargs={'pk': job_template.pk})
+
+    resp = post(url, {'credentials': [cred.pk]}, admin, expect=400)
+    assert 'Cannot assign a Credential of kind `{}`'.format(kind) in resp.data.get('credentials', [])
+    assert Job.objects.count() == 0
+
+
@pytest.mark.django_db
 def test_prevent_multiple_machine_creds_at_launch(get, post, job_template, admin, machine_credential):
    other_cred = Credential(credential_type=machine_credential.credential_type, name="Second",
--- a/awx/main/tests/functional/api/test_job_template.py
+++ b/awx/main/tests/functional/api/test_job_template.py
@@ -6,7 +6,7 @@ import pytest
 # AWX
 from awx.api.serializers import JobTemplateSerializer
 from awx.api.versioning import reverse
-from awx.main.models.jobs import Job, JobTemplate
+from awx.main.models import Job, JobTemplate, CredentialType
 from awx.main.migrations import _save_password_keys as save_password_keys

 # Django
@@ -182,6 +182,27 @@ def test_extra_credential_creation(get, post, organization_factory, job_template
    assert response.data.get('count') == 1


+@pytest.mark.django_db
+@pytest.mark.parametrize('kind', ['scm', 'insights'])
+def test_invalid_credential_kind_xfail(get, post, organization_factory, job_template_factory, kind):
+    objs = organization_factory("org", superusers=['admin'])
+    jt = job_template_factory("jt", organization=objs.organization,
+                              inventory='test_inv', project='test_proj').job_template
+
+    url = reverse('api:job_template_credentials_list', kwargs={'version': 'v2', 'pk': jt.pk})
+    cred_type = CredentialType.defaults[kind]()
+    cred_type.save()
+    response = post(url, {
+        'name': 'My Cred',
+        'credential_type': cred_type.pk,
+        'inputs': {
+            'username': 'bob',
+            'password': 'secret',
+        }
+    }, objs.superusers.admin, expect=400)
+    assert 'Cannot assign a Credential of kind `{}`.'.format(kind) in response.data.values()
+
+
@pytest.mark.django_db
 def test_extra_credential_unique_type_xfail(get, post, organization_factory, job_template_factory, credentialtype_aws):
    objs = organization_factory("org", superusers=['admin'])