def test_create_with_default_bool(get, post, admin, default, status_code):
response = post(
reverse('api:credential_type_list'), {
'kind': 'cloud',
'name': 'MyCloud',
'inputs': {
'fields': [{
'id': 'api_token',
'label': 'API Token',
'type': 'boolean',
'default': default,
}],
'required': ['api_token'],
},
'injectors': {}
}, admin)
assert response.status_code == status_code
if status_code == 201:
cred = Credential(
credential_type=CredentialType.objects.get(pk=response.data['id']),
name='My Custom Cred')
assert cred.get_input('api_token') == default
elif status_code == 400:
assert "{} is not a boolean".format(default) in json.dumps(
response.data)
def test_credential_access_superuser():
u = User(username='******', is_superuser=True)
access = CredentialAccess(u)
credential = Credential()
assert access.can_add(None)
assert access.can_change(credential, None)
assert access.can_delete(credential)
def test_update_credential_type_unvalidated_inputs(post, patch, admin):
simple_inputs = {'fields': [{'id': 'api_token', 'label': 'fooo'}]}
response = post(url=reverse('api:credential_type_list'), data={'name': 'foo', 'kind': 'cloud', 'inputs': simple_inputs}, user=admin, expect=201)
# validation adds the type field to the input
_type = CredentialType.objects.get(pk=response.data['id'])
Credential(credential_type=_type, name='My Custom Cred').save()
# should not raise an error because we should only compare
# post-validation values to other post-validation values
url = reverse('api:credential_type_detail', kwargs={'pk': _type.id})
patch(url, {'inputs': simple_inputs}, admin, expect=200)
def test_job_launch_with_multiple_launch_time_passwords(
credential, machine_credential, vault_credential, deploy_jobtemplate,
post, admin):
# see: https://github.com/ansible/awx/issues/8202
deploy_jobtemplate.ask_credential_on_launch = True
deploy_jobtemplate.credentials.remove(credential)
deploy_jobtemplate.credentials.add(machine_credential)
deploy_jobtemplate.credentials.add(vault_credential)
deploy_jobtemplate.save()
second_machine_credential = Credential(
name='SSH #2',
credential_type=machine_credential.credential_type,
inputs={'password': '******'})
second_machine_credential.save()
vault_credential.inputs['vault_password'] = '******'
vault_credential.save()
payload = {
'credentials': [vault_credential.id, second_machine_credential.id],
'credential_passwords': {
'ssh_password': '******',
'vault_password': '******'
},
}
with mock.patch.object(Job, 'signal_start') as signal_start:
post(
reverse('api:job_template_launch',
kwargs={'pk': deploy_jobtemplate.pk}),
payload,
admin,
expect=201,
)
signal_start.assert_called_with(**{
'ssh_password': '******',
'vault_password': '******',
})
def test_update_credential_type_in_use_xfail(patch, delete, admin):
_type = CredentialType(kind='cloud', inputs={'fields': []})
_type.save()
Credential(credential_type=_type, name='My Custom Cred').save()
url = reverse('api:credential_type_detail', kwargs={'pk': _type.pk})
response = patch(url, {'name': 'Some Other Name'}, admin)
assert response.status_code == 200
url = reverse('api:credential_type_detail', kwargs={'pk': _type.pk})
response = patch(url, {'inputs': {}}, admin)
assert response.status_code == 403
assert delete(url, admin).status_code == 403
def test_update_credential_type_in_use_xfail(patch, delete, admin):
_type = CredentialType(kind='cloud', inputs={'fields': []})
_type.save()
Credential(credential_type=_type, name='My Custom Cred').save()
url = reverse('api:credential_type_detail', kwargs={'pk': _type.pk})
patch(url, {'name': 'Some Other Name'}, admin, expect=200)
url = reverse('api:credential_type_detail', kwargs={'pk': _type.pk})
response = patch(url, {'inputs': {}}, admin, expect=403)
assert response.data['detail'] == 'Modifications to inputs are not allowed for credential types that are in use'
response = delete(url, admin, expect=403)
assert response.data['detail'] == 'Credential types that are in use cannot be deleted'
def test_job_launch_fails_with_missing_multivault_password(
machine_credential, vault_credential, deploy_jobtemplate,
launch_kwargs, get, post, rando):
vault_cred_first = Credential(
name='Vault #1',
credential_type=vault_credential.credential_type,
inputs={
'vault_password': '******',
'vault_id': 'abc'
})
vault_cred_first.save()
vault_cred_second = Credential(
name='Vault #2',
credential_type=vault_credential.credential_type,
inputs={
'vault_password': '******',
'vault_id': 'xyz'
})
vault_cred_second.save()
deploy_jobtemplate.credentials.add(vault_cred_first)
deploy_jobtemplate.credentials.add(vault_cred_second)
deploy_jobtemplate.execute_role.members.add(rando)
deploy_jobtemplate.save()
url = reverse('api:job_template_launch',
kwargs={'pk': deploy_jobtemplate.pk})
resp = get(url, rando, expect=200)
assert resp.data['passwords_needed_to_start'] == [
'vault_password.abc', 'vault_password.xyz'
]
assert sum([
cred['passwords_needed']
for cred in resp.data['defaults']['credentials']
if cred['credential_type'] == vault_credential.credential_type_id
], []) == ['vault_password.abc', 'vault_password.xyz']
resp = post(url, rando, expect=400)
assert resp.data['passwords_needed_to_start'] == [
'vault_password.abc', 'vault_password.xyz'
]
with mock.patch.object(Job, 'signal_start') as signal_start:
post(url, launch_kwargs, rando, expect=201)
signal_start.assert_called_with(**{
'vault_password.abc': 'vault-me-1',
'vault_password.xyz': 'vault-me-2'
})
