key prompting of all credentials off of ask_credential_on_launch

see: #6371

awx/api/serializers.py

@@ -2378,16 +2378,9 @@ class JobTemplateSerializer(JobTemplateMixin, UnifiedJobTemplateSerializer, JobO
         model = JobTemplate
         fields = ('*', 'host_config_key', 'ask_variables_on_launch', 'ask_limit_on_launch', 'ask_tags_on_launch',
                   'ask_skip_tags_on_launch', 'ask_job_type_on_launch', 'ask_verbosity_on_launch', 'ask_inventory_on_launch',
-                  'ask_credential_on_launch', 'ask_extra_credentials_on_launch', 'survey_enabled', 'become_enabled',
+                  'ask_credential_on_launch', 'survey_enabled', 'become_enabled',
                   'allow_simultaneous')
 
-    # TODO: remove in 3.3
-    def get_fields(self):
-        ret = super(JobTemplateSerializer, self).get_fields()
-        if self.version == 1:
-            ret.pop('ask_extra_credentials_on_launch')
-        return ret
-
     def get_related(self, obj):
         res = super(JobTemplateSerializer, self).get_related(obj)
         res.update(dict(
@@ -3063,13 +3056,12 @@ class JobLaunchSerializer(BaseSerializer):
                   'credential', 'extra_credentials', 'ask_variables_on_launch', 'ask_tags_on_launch',
                   'ask_skip_tags_on_launch', 'ask_job_type_on_launch', 'ask_limit_on_launch',
                   'ask_verbosity_on_launch', 'ask_inventory_on_launch', 'ask_credential_on_launch',
-                  'ask_extra_credentials_on_launch', 'survey_enabled', 'variables_needed_to_start',
-                  'credential_needed_to_start', 'inventory_needed_to_start',
-                  'job_template_data', 'defaults', 'verbosity')
+                  'survey_enabled', 'variables_needed_to_start', 'credential_needed_to_start',
+                  'inventory_needed_to_start', 'job_template_data', 'defaults', 'verbosity')
         read_only_fields = (
             'ask_variables_on_launch', 'ask_limit_on_launch', 'ask_tags_on_launch',
             'ask_skip_tags_on_launch', 'ask_job_type_on_launch', 'ask_verbosity_on_launch',
-            'ask_inventory_on_launch', 'ask_credential_on_launch', 'ask_extra_credentials_on_launch')
+            'ask_inventory_on_launch', 'ask_credential_on_launch',)
         extra_kwargs = {
             'credential': {'write_only': True,},
             'extra_credentials': {'write_only': True, 'default': [], 'allow_empty': True},
@@ -3086,7 +3078,6 @@ class JobLaunchSerializer(BaseSerializer):
         ret = super(JobLaunchSerializer, self).get_fields()
         if self.version == 1:
             ret.pop('extra_credentials')
-            ret.pop('ask_extra_credentials_on_launch')
         return ret
 
     def get_credential_needed_to_start(self, obj):

awx/main/access.py

@@ -1251,8 +1251,7 @@ class JobTemplateAccess(BaseAccess):
             'name', 'description', 'forks', 'limit', 'verbosity', 'extra_vars',
             'job_tags', 'force_handlers', 'skip_tags', 'ask_variables_on_launch',
             'ask_tags_on_launch', 'ask_job_type_on_launch', 'ask_skip_tags_on_launch',
-            'ask_inventory_on_launch', 'ask_credential_on_launch',
-            'ask_extra_credentials_on_launch', 'survey_enabled',
+            'ask_inventory_on_launch', 'ask_credential_on_launch', 'survey_enabled',
 
             # These fields are ignored, but it is convenient for QA to allow clients to post them
             'last_job_run', 'created', 'modified',

awx/main/migrations/0040_v320_add_credentialtype_model.py

@@ -70,11 +70,6 @@ class Migration(migrations.Migration):
             name='extra_credentials',
             field=models.ManyToManyField(related_name='_jobtemplate_extra_credentials_+', to='main.Credential'),
         ),
-        migrations.AddField(
-            model_name='jobtemplate',
-            name='ask_extra_credentials_on_launch',
-            field=models.BooleanField(default=False),
-        ),
         migrations.AlterUniqueTogether(
             name='credential',
             unique_together=set([('organization', 'name', 'credential_type')]),

awx/main/models/jobs.py

@@ -260,10 +260,6 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, SurveyJobTemplateMixin, Resour
         blank=True,
         default=False,
     )
-    ask_extra_credentials_on_launch = models.BooleanField(
-        blank=True,
-        default=False,
-    )
     admin_role = ImplicitRoleField(
         parent_role=['project.organization.admin_role', 'inventory.organization.admin_role']
     )
@@ -365,7 +361,7 @@ class JobTemplate(UnifiedJobTemplate, JobOptions, SurveyJobTemplateMixin, Resour
             verbosity=self.ask_verbosity_on_launch,
             inventory=self.ask_inventory_on_launch,
             credential=self.ask_credential_on_launch,
-            extra_credentials=self.ask_extra_credentials_on_launch
+            extra_credentials=self.ask_credential_on_launch,
         )
 
     def _accept_or_ignore_job_kwargs(self, **kwargs):

awx/main/tests/functional/api/test_job_runtime_params.py

@@ -298,7 +298,7 @@ def test_job_launch_JT_with_validation(machine_credential, deploy_jobtemplate):
     ([999], 'object does not exist'),
 ])
 def test_job_launch_JT_with_invalid_extra_credentials(machine_credential, deploy_jobtemplate, pks, error_msg):
-    deploy_jobtemplate.ask_extra_credentials_on_launch = True
+    deploy_jobtemplate.ask_credential_on_launch = True
     deploy_jobtemplate.save()
 
     kv = dict(extra_credentials=pks, credential=machine_credential.id)
@@ -337,7 +337,7 @@ def test_job_launch_JT_enforces_unique_extra_credential_kinds(machine_credential
 
 @pytest.mark.django_db
 def test_job_launch_JT_with_extra_credentials(machine_credential, credential, net_credential, deploy_jobtemplate):
-    deploy_jobtemplate.ask_extra_credentials_on_launch = True
+    deploy_jobtemplate.ask_credential_on_launch = True
     deploy_jobtemplate.save()
 
     kv = dict(extra_credentials=[credential.pk, net_credential.pk], credential=machine_credential.id)

awx/main/tests/functional/api/test_job_template.py

@@ -479,7 +479,7 @@ def test_launch_with_extra_credentials(get, post, organization_factory,
     objs = organization_factory("org", superusers=['admin'])
     jt = job_template_factory("jt", organization=objs.organization,
                               inventory='test_inv', project='test_proj').job_template
-    jt.ask_extra_credentials_on_launch = True
+    jt.ask_credential_on_launch = True
     jt.save()
 
     resp = post(
@@ -500,13 +500,14 @@ def test_launch_with_extra_credentials(get, post, organization_factory,
 
 
 @pytest.mark.django_db
-def test_launch_with_extra_credentials_no_allowed(get, post, organization_factory,
-                                                  job_template_factory, machine_credential,
-                                                  credential, net_credential):
+def test_launch_with_extra_credentials_not_allowed(get, post, organization_factory,
+                                                   job_template_factory, machine_credential,
+                                                   credential, net_credential):
     objs = organization_factory("org", superusers=['admin'])
     jt = job_template_factory("jt", organization=objs.organization,
                               inventory='test_inv', project='test_proj').job_template
-    jt.ask_extra_credentials_on_launch = False
+    jt.credential = machine_credential
+    jt.ask_credential_on_launch = False
     jt.save()
 
     resp = post(
@@ -515,8 +516,9 @@ def test_launch_with_extra_credentials_no_allowed(get, post, organization_factor
             credential=machine_credential.pk,
             extra_credentials=[credential.pk, net_credential.pk]
         ),
-        objs.superusers.admin, expect=201
+        objs.superusers.admin
     )
+    assert 'credential' in resp.data['ignored_fields'].keys()
     assert 'extra_credentials' in resp.data['ignored_fields'].keys()
     job_pk = resp.data.get('id')
 
@@ -531,7 +533,7 @@ def test_launch_with_extra_credentials_from_jt(get, post, organization_factory,
     objs = organization_factory("org", superusers=['admin'])
     jt = job_template_factory("jt", organization=objs.organization,
                               inventory='test_inv', project='test_proj').job_template
-    jt.ask_extra_credentials_on_launch = True
+    jt.ask_credential_on_launch = True
     jt.extra_credentials.add(credential)
     jt.extra_credentials.add(net_credential)
     jt.save()
@@ -559,7 +561,7 @@ def test_launch_with_empty_extra_credentials(get, post, organization_factory,
     objs = organization_factory("org", superusers=['admin'])
     jt = job_template_factory("jt", organization=objs.organization,
                               inventory='test_inv', project='test_proj').job_template
-    jt.ask_extra_credentials_on_launch = True
+    jt.ask_credential_on_launch = True
     jt.extra_credentials.add(credential)
     jt.extra_credentials.add(net_credential)
     jt.save()
@@ -590,7 +592,7 @@ def test_v1_launch_with_extra_credentials(get, post, organization_factory,
     objs = organization_factory("org", superusers=['admin'])
     jt = job_template_factory("jt", organization=objs.organization,
                               inventory='test_inv', project='test_proj').job_template
-    jt.ask_extra_credentials_on_launch = True
+    jt.ask_credential_on_launch = True
     jt.save()
 
     resp = post(

docs/custom_credential_types.md

@@ -36,10 +36,9 @@ Important Changes
   Engine credential.  You cannot, however, create a ``Job Template`` that uses
   two OpenStack credentials.
 
-* In the same manner as "promptable SSH credentials", ``Job Templates`` can now
-  be flagged with ``ask_extra_credentials_on_launch = true``.  When this flag
-  is enabled, ``extra_credentials`` for a ``Job Template`` can be specified in
-  the launch payload.
+* In the same manner as "promptable SSH credentials", when
+  ``ask_credential_on_launch = true``, ``JobTemplate.extra_credentials`` can be
+  specified in the launch payload.
 
 * Custom inventory sources can now utilize a ``Credential``; you
   can store third-party credentials encrypted within Tower and use their