def test_create_credential_with_invalid_url_xfail(post, organization, admin,
url, status, msg):
credential_type = CredentialType(kind='test',
name='MyTestCredentialType',
inputs={
'fields': [{
'id': 'server_url',
'label': 'Server Url',
'type': 'string',
'format': 'url'
}]
})
credential_type.save()
params = {
'name': 'Second Best Credential Ever',
'organization': organization.pk,
'credential_type': credential_type.pk,
'inputs': {
'server_url': url
}
}
endpoint = reverse('api:credential_list')
response = post(endpoint, params, admin)
assert response.status_code == status
if status != 201:
assert response.data['inputs']['server_url'] == [msg]
def test_custom_credential_type_create(get, post, organization, admin):
credential_type = CredentialType(kind='cloud',
name='MyCloud',
inputs={
'fields': [{
'id': 'api_token',
'label': 'API Token',
'type': 'string',
'secret': True
}]
})
credential_type.save()
params = {
'name': 'Best credential ever',
'organization': organization.pk,
'credential_type': credential_type.pk,
'inputs': {
'api_token': 'secret'
}
}
response = post(reverse('api:credential_list'), params, admin)
assert response.status_code == 201
response = get(reverse('api:credential_list'), admin)
assert response.status_code == 200
assert response.data['count'] == 1
cred = response.data['results'][0]
assert cred['inputs']['api_token'] == '$encrypted$'
cred = Credential.objects.all()[:1].get()
assert cred.inputs['api_token'].startswith('$encrypted$UTF8$AES')
assert decrypt_field(cred, 'api_token') == 'secret'
def test_credential_creation_validation_failure(organization_factory, inputs):
org = organization_factory('test').organization
type_ = CredentialType(kind='cloud',
name='SomeCloud',
managed_by_tower=True,
inputs={
'fields': [{
'id': 'username',
'label': 'Username for SomeCloud',
'type': 'string'
}, {
'id': 'flag',
'label': 'Some Boolean Flag',
'type': 'boolean'
}]
})
type_.save()
with pytest.raises(Exception) as e:
cred = Credential(credential_type=type_,
name="Bob's Credential",
inputs=inputs,
organization=org)
cred.save()
cred.full_clean()
assert e.type in (ValidationError, serializers.ValidationError)
def _populate_deprecated_cred_types(cred, kind):
if kind not in cred:
return None
if cred[kind] is None:
new_obj = CredentialType(**DEPRECATED_CRED_KIND[kind])
new_obj.save()
cred[kind] = new_obj
return cred[kind]
def test_credential_get_input(organization_factory):
organization = organization_factory('test').organization
type_ = CredentialType(
kind='vault',
name='somevault',
managed_by_tower=True,
inputs={
'fields': [
{
'id': 'vault_password',
'type': 'string',
'secret': True,
},
{
'id': 'vault_id',
'type': 'string',
'secret': False
},
{
'id': 'secret',
'type': 'string',
'secret': True,
},
]
},
)
type_.save()
cred = Credential(organization=organization,
credential_type=type_,
name="Bob's Credential",
inputs={'vault_password': '******'})
cred.save()
cred.full_clean()
assert isinstance(cred, Credential)
# verify expected exception is raised when attempting to access an unset
# input without providing a default
with pytest.raises(AttributeError):
cred.get_input('vault_id')
# verify that the provided default is used for unset inputs
assert cred.get_input('vault_id', default='foo') == 'foo'
# verify expected exception is raised when attempting to access an undefined
# input without providing a default
with pytest.raises(AttributeError):
cred.get_input('field_not_on_credential_type')
# verify that the provided default is used for undefined inputs
assert cred.get_input('field_not_on_credential_type',
default='bar') == 'bar'
# verify expected exception is raised when attempting to access an unset secret
# input without providing a default
with pytest.raises(AttributeError):
cred.get_input('secret')
# verify that the provided default is used for undefined inputs
assert cred.get_input('secret', default='fiz') == 'fiz'
# verify return values for encrypted secret fields are decrypted
assert cred.inputs['vault_password'].startswith('$encrypted$')
assert cred.get_input('vault_password') == 'testing321'
def test_credential_creation(organization_factory):
org = organization_factory('test').organization
type_ = CredentialType(
kind='cloud', name='SomeCloud', managed_by_tower=True, inputs={'fields': [{'id': 'username', 'label': 'Username for SomeCloud', 'type': 'string'}]}
)
type_.save()
cred = Credential(credential_type=type_, name="Bob's Credential", inputs={'username': '******'}, organization=org)
cred.save()
cred.full_clean()
assert isinstance(cred, Credential)
assert cred.name == "Bob's Credential"
assert cred.inputs['username'] == 'bob'