From c71e8d38b791f18e19d39bee688203bf524cfa97 Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Wed, 26 Jul 2017 15:01:31 -0400
Subject: [PATCH] improve private passphrase error when it's provided
 unnecessarily

see: https://github.com/ansible/ansible-tower/issues/7293
---
 awx/main/fields.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/awx/main/fields.py b/awx/main/fields.py
index 7e2c3edfaf..2ba41b7841 100644
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@@ -542,8 +542,11 @@ class CredentialInputField(JSONSchemaField):
 
             if model_instance.has_encrypted_ssh_key_data and not value.get('ssh_key_unlock'):
                 errors['ssh_key_unlock'] = [_('must be set when SSH key is encrypted.')]
-            if not model_instance.has_encrypted_ssh_key_data and value.get('ssh_key_unlock'):
-                errors['ssh_key_unlock'] = [_('should not be set when SSH key is not encrypted.')]
+            if value.get('ssh_key_unlock'):
+                if not model_instance.ssh_key_data:
+                    errors['ssh_key_unlock'] = [_('should not be set when SSH key is empty.')]
+                elif not model_instance.has_encrypted_ssh_key_data:
+                    errors['ssh_key_unlock'] = [_('should not be set when SSH key is not encrypted.')]
 
         if errors:
             raise serializers.ValidationError({