Merge pull request #6968 from ryanpetrello/fix-6959

fix a few issues in credential type kind validation

awx/api/metadata.py

@@ -17,7 +17,7 @@ from rest_framework.relations import RelatedField, ManyRelatedField
 from rest_framework.request import clone_request
 
 # Ansible Tower
-from awx.main.models import InventorySource, NotificationTemplate
+from awx.main.models import InventorySource, NotificationTemplate, CredentialType
 
 
 class Metadata(metadata.SimpleMetadata):
@@ -149,6 +149,16 @@ class Metadata(metadata.SimpleMetadata):
                 if field == 'type' and hasattr(serializer, 'get_type_choices'):
                     meta['choices'] = serializer.get_type_choices()
 
+                # API-created/modified CredentialType kinds are limited to
+                # `cloud` and `network`
+                if method != 'GET' and \
+                        hasattr(serializer, 'Meta') and \
+                        getattr(serializer.Meta, 'model', None) is CredentialType:
+                    actions[method]['kind']['choices'] = filter(
+                        lambda choice: choice[0] in ('cloud', 'net'),
+                        actions[method]['kind']['choices']
+                    )
+
                 # For GET method, remove meta attributes that aren't relevant
                 # when reading a field and remove write-only fields.
                 if method == 'GET':

awx/api/serializers.py

@@ -1904,9 +1904,9 @@ class CredentialTypeSerializer(BaseSerializer):
                 )
         ret = super(CredentialTypeSerializer, self).validate(attrs)
 
-        if 'kind' in attrs and attrs['kind'] not in ('cloud', 'network'):
+        if 'kind' in attrs and attrs['kind'] not in ('cloud', 'net'):
             raise serializers.ValidationError({
-                "kind": _("Must be 'cloud' or 'network', not %s") % attrs['kind']
+                "kind": _("Must be 'cloud' or 'net', not %s") % attrs['kind']
             })
 
         fields = attrs.get('inputs', {}).get('fields', [])

awx/main/tests/functional/api/test_credential_type.py

@@ -143,6 +143,28 @@ def test_create_managed_by_tower_readonly(get, post, admin):
     assert response.data['results'][0]['managed_by_tower'] is False
 
 
+@pytest.mark.django_db
+@pytest.mark.parametrize('kind', ['cloud', 'net'])
+def test_create_valid_kind(kind, get, post, admin):
+    response = post(reverse('api:credential_type_list'), {
+        'kind': kind,
+        'name': 'My Custom Type',
+        'inputs': {
+            'fields': [{
+                'id': 'api_token',
+                'label': 'API Token',
+                'type': 'string',
+                'secret': True
+            }]
+        },
+        'injectors': {}
+    }, admin)
+    assert response.status_code == 201
+
+    response = get(reverse('api:credential_type_list'), admin)
+    assert response.data['count'] == 1
+
+
 @pytest.mark.django_db
 @pytest.mark.parametrize('kind', ['ssh', 'vault', 'scm', 'insights'])
 def test_create_invalid_kind(kind, get, post, admin):