def test_create_with_default_bool(get, post, admin, default, status_code): response = post( reverse('api:credential_type_list'), { 'kind': 'cloud', 'name': 'MyCloud', 'inputs': { 'fields': [{ 'id': 'api_token', 'label': 'API Token', 'type': 'boolean', 'default': default, }], 'required': ['api_token'], }, 'injectors': {} }, admin) assert response.status_code == status_code if status_code == 201: cred = Credential( credential_type=CredentialType.objects.get(pk=response.data['id']), name='My Custom Cred') assert cred.get_input('api_token') == default elif status_code == 400: assert "{} is not a boolean".format(default) in json.dumps( response.data)
def test_credential_access_superuser(): u = User(username='******', is_superuser=True) access = CredentialAccess(u) credential = Credential() assert access.can_add(None) assert access.can_change(credential, None) assert access.can_delete(credential)
def test_update_credential_type_unvalidated_inputs(post, patch, admin): simple_inputs = {'fields': [{'id': 'api_token', 'label': 'fooo'}]} response = post(url=reverse('api:credential_type_list'), data={'name': 'foo', 'kind': 'cloud', 'inputs': simple_inputs}, user=admin, expect=201) # validation adds the type field to the input _type = CredentialType.objects.get(pk=response.data['id']) Credential(credential_type=_type, name='My Custom Cred').save() # should not raise an error because we should only compare # post-validation values to other post-validation values url = reverse('api:credential_type_detail', kwargs={'pk': _type.id}) patch(url, {'inputs': simple_inputs}, admin, expect=200)
def test_job_launch_with_multiple_launch_time_passwords( credential, machine_credential, vault_credential, deploy_jobtemplate, post, admin): # see: https://github.com/ansible/awx/issues/8202 deploy_jobtemplate.ask_credential_on_launch = True deploy_jobtemplate.credentials.remove(credential) deploy_jobtemplate.credentials.add(machine_credential) deploy_jobtemplate.credentials.add(vault_credential) deploy_jobtemplate.save() second_machine_credential = Credential( name='SSH #2', credential_type=machine_credential.credential_type, inputs={'password': '******'}) second_machine_credential.save() vault_credential.inputs['vault_password'] = '******' vault_credential.save() payload = { 'credentials': [vault_credential.id, second_machine_credential.id], 'credential_passwords': { 'ssh_password': '******', 'vault_password': '******' }, } with mock.patch.object(Job, 'signal_start') as signal_start: post( reverse('api:job_template_launch', kwargs={'pk': deploy_jobtemplate.pk}), payload, admin, expect=201, ) signal_start.assert_called_with(**{ 'ssh_password': '******', 'vault_password': '******', })
def test_update_credential_type_in_use_xfail(patch, delete, admin): _type = CredentialType(kind='cloud', inputs={'fields': []}) _type.save() Credential(credential_type=_type, name='My Custom Cred').save() url = reverse('api:credential_type_detail', kwargs={'pk': _type.pk}) response = patch(url, {'name': 'Some Other Name'}, admin) assert response.status_code == 200 url = reverse('api:credential_type_detail', kwargs={'pk': _type.pk}) response = patch(url, {'inputs': {}}, admin) assert response.status_code == 403 assert delete(url, admin).status_code == 403
def test_update_credential_type_in_use_xfail(patch, delete, admin): _type = CredentialType(kind='cloud', inputs={'fields': []}) _type.save() Credential(credential_type=_type, name='My Custom Cred').save() url = reverse('api:credential_type_detail', kwargs={'pk': _type.pk}) patch(url, {'name': 'Some Other Name'}, admin, expect=200) url = reverse('api:credential_type_detail', kwargs={'pk': _type.pk}) response = patch(url, {'inputs': {}}, admin, expect=403) assert response.data['detail'] == 'Modifications to inputs are not allowed for credential types that are in use' response = delete(url, admin, expect=403) assert response.data['detail'] == 'Credential types that are in use cannot be deleted'
def test_job_launch_fails_with_missing_multivault_password( machine_credential, vault_credential, deploy_jobtemplate, launch_kwargs, get, post, rando): vault_cred_first = Credential( name='Vault #1', credential_type=vault_credential.credential_type, inputs={ 'vault_password': '******', 'vault_id': 'abc' }) vault_cred_first.save() vault_cred_second = Credential( name='Vault #2', credential_type=vault_credential.credential_type, inputs={ 'vault_password': '******', 'vault_id': 'xyz' }) vault_cred_second.save() deploy_jobtemplate.credentials.add(vault_cred_first) deploy_jobtemplate.credentials.add(vault_cred_second) deploy_jobtemplate.execute_role.members.add(rando) deploy_jobtemplate.save() url = reverse('api:job_template_launch', kwargs={'pk': deploy_jobtemplate.pk}) resp = get(url, rando, expect=200) assert resp.data['passwords_needed_to_start'] == [ 'vault_password.abc', 'vault_password.xyz' ] assert sum([ cred['passwords_needed'] for cred in resp.data['defaults']['credentials'] if cred['credential_type'] == vault_credential.credential_type_id ], []) == ['vault_password.abc', 'vault_password.xyz'] resp = post(url, rando, expect=400) assert resp.data['passwords_needed_to_start'] == [ 'vault_password.abc', 'vault_password.xyz' ] with mock.patch.object(Job, 'signal_start') as signal_start: post(url, launch_kwargs, rando, expect=201) signal_start.assert_called_with(**{ 'vault_password.abc': 'vault-me-1', 'vault_password.xyz': 'vault-me-2' })