mirror of
https://github.com/ansible/awx.git
synced 2026-05-17 06:17:36 -02:30
Merge pull request #593 from ryanpetrello/fix-7796
fix another encrypted survey password bug
This commit is contained in:
Ryan Petrello
GitHub
@@ -400,19 +400,24 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, SurveyJobTemplateMixin, Resour
|
|||||||
else:
|
else:
|
||||||
if field == 'extra_vars' and self.survey_enabled and self.survey_spec:
|
if field == 'extra_vars' and self.survey_enabled and self.survey_spec:
|
||||||
# Accept vars defined in the survey and no others
|
# Accept vars defined in the survey and no others
|
||||||
survey_vars = [question['variable'] for question in self.survey_spec.get('spec', [])]
|
survey_vars = [
|
||||||
|
question['variable'] for question in self.survey_spec.get('spec', [])
|
||||||
|
]
|
||||||
extra_vars = parse_yaml_or_json(kwargs[field])
|
extra_vars = parse_yaml_or_json(kwargs[field])
|
||||||
for key in extra_vars:
|
for key in extra_vars:
|
||||||
if key in survey_vars:
|
if key in survey_vars:
|
||||||
if key in survey_password_variables:
|
prompted_fields[field][key] = extra_vars[key]
|
||||||
prompted_fields[field][key] = encrypt_value(extra_vars[key])
|
|
||||||
else:
|
|
||||||
prompted_fields[field][key] = extra_vars[key]
|
|
||||||
else:
|
else:
|
||||||
ignored_fields[field][key] = extra_vars[key]
|
ignored_fields[field][key] = extra_vars[key]
|
||||||
else:
|
else:
|
||||||
ignored_fields[field] = kwargs[field]
|
ignored_fields[field] = kwargs[field]
|
||||||
|
|
||||||
|
for key in prompted_fields.get('extra_vars', {}):
|
||||||
|
if key in survey_password_variables:
|
||||||
|
prompted_fields['extra_vars'][key] = encrypt_value(
|
||||||
|
prompted_fields['extra_vars'][key]
|
||||||
|
)
|
||||||
|
|
||||||
return prompted_fields, ignored_fields
|
return prompted_fields, ignored_fields
|
||||||
|
|
||||||
def _extra_job_type_errors(self, data):
|
def _extra_job_type_errors(self, data):
|
||||||
|
|||||||
@@ -136,7 +136,7 @@ class SurveyJobTemplateMixin(models.Model):
|
|||||||
else:
|
else:
|
||||||
runtime_extra_vars = {}
|
runtime_extra_vars = {}
|
||||||
|
|
||||||
# Overwrite with job template extra vars with survey default vars
|
# Overwrite job template extra vars with survey default vars
|
||||||
if self.survey_enabled and 'spec' in self.survey_spec:
|
if self.survey_enabled and 'spec' in self.survey_spec:
|
||||||
for survey_element in self.survey_spec.get("spec", []):
|
for survey_element in self.survey_spec.get("spec", []):
|
||||||
default = survey_element.get('default')
|
default = survey_element.get('default')
|
||||||
@@ -145,7 +145,7 @@ class SurveyJobTemplateMixin(models.Model):
|
|||||||
if survey_element.get('type') == 'password':
|
if survey_element.get('type') == 'password':
|
||||||
if variable_key in runtime_extra_vars and default:
|
if variable_key in runtime_extra_vars and default:
|
||||||
kw_value = runtime_extra_vars[variable_key]
|
kw_value = runtime_extra_vars[variable_key]
|
||||||
if kw_value.startswith('$encrypted$') and kw_value != default:
|
if kw_value == '$encrypted$' and kw_value != default:
|
||||||
runtime_extra_vars[variable_key] = default
|
runtime_extra_vars[variable_key] = default
|
||||||
|
|
||||||
if default is not None:
|
if default is not None:
|
||||||
|
|||||||
@@ -93,13 +93,14 @@ def test_survey_spec_sucessful_creation(survey_spec_factory, job_template, post,
|
|||||||
|
|
||||||
@mock.patch('awx.api.views.feature_enabled', lambda feature: True)
|
@mock.patch('awx.api.views.feature_enabled', lambda feature: True)
|
||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
|
@pytest.mark.parametrize('with_default', [True, False])
|
||||||
@pytest.mark.parametrize('value, status', [
|
@pytest.mark.parametrize('value, status', [
|
||||||
('SUPERSECRET', 201),
|
('SUPERSECRET', 201),
|
||||||
(['some', 'invalid', 'list'], 400),
|
(['some', 'invalid', 'list'], 400),
|
||||||
({'some-invalid': 'dict'}, 400),
|
({'some-invalid': 'dict'}, 400),
|
||||||
(False, 400)
|
(False, 400)
|
||||||
])
|
])
|
||||||
def test_survey_spec_passwords_are_encrypted_on_launch(job_template_factory, post, admin_user, value, status):
|
def test_survey_spec_passwords_are_encrypted_on_launch(job_template_factory, post, admin_user, with_default, value, status):
|
||||||
objects = job_template_factory('jt', organization='org1', project='prj',
|
objects = job_template_factory('jt', organization='org1', project='prj',
|
||||||
inventory='inv', credential='cred')
|
inventory='inv', credential='cred')
|
||||||
job_template = objects.job_template
|
job_template = objects.job_template
|
||||||
@@ -116,6 +117,8 @@ def test_survey_spec_passwords_are_encrypted_on_launch(job_template_factory, pos
|
|||||||
}],
|
}],
|
||||||
'name': 'my survey'
|
'name': 'my survey'
|
||||||
}
|
}
|
||||||
|
if with_default:
|
||||||
|
input_data['spec'][0]['default'] = 'some-default'
|
||||||
post(url=reverse('api:job_template_survey_spec', kwargs={'pk': job_template.id}),
|
post(url=reverse('api:job_template_survey_spec', kwargs={'pk': job_template.id}),
|
||||||
data=input_data, user=admin_user, expect=200)
|
data=input_data, user=admin_user, expect=200)
|
||||||
resp = post(reverse('api:job_template_launch', kwargs={'pk': job_template.pk}),
|
resp = post(reverse('api:job_template_launch', kwargs={'pk': job_template.pk}),
|
||||||
|
|||||||
Reference in New Issue
Block a user