def test_job_launch_fails_with_missing_multivault_password(
machine_credential, vault_credential, deploy_jobtemplate,
launch_kwargs, get, post, rando):
vault_cred_first = Credential(
name='Vault #1',
credential_type=vault_credential.credential_type,
inputs={
'vault_password': '******',
'vault_id': 'abc'
})
vault_cred_first.save()
vault_cred_second = Credential(
name='Vault #2',
credential_type=vault_credential.credential_type,
inputs={
'vault_password': '******',
'vault_id': 'xyz'
})
vault_cred_second.save()
deploy_jobtemplate.credentials.add(vault_cred_first)
deploy_jobtemplate.credentials.add(vault_cred_second)
deploy_jobtemplate.execute_role.members.add(rando)
deploy_jobtemplate.save()
url = reverse('api:job_template_launch',
kwargs={'pk': deploy_jobtemplate.pk})
resp = get(url, rando, expect=200)
assert resp.data['passwords_needed_to_start'] == [
'vault_password.abc', 'vault_password.xyz'
]
assert sum([
cred['passwords_needed']
for cred in resp.data['defaults']['credentials']
if cred['credential_type'] == vault_credential.credential_type_id
], []) == ['vault_password.abc', 'vault_password.xyz']
resp = post(url, rando, expect=400)
assert resp.data['passwords_needed_to_start'] == [
'vault_password.abc', 'vault_password.xyz'
]
with mock.patch.object(Job, 'signal_start') as signal_start:
post(url, launch_kwargs, rando, expect=201)
signal_start.assert_called_with(**{
'vault_password.abc': 'vault-me-1',
'vault_password.xyz': 'vault-me-2'
})
def test_job_launch_with_multiple_launch_time_passwords(
credential, machine_credential, vault_credential, deploy_jobtemplate,
post, admin):
# see: https://github.com/ansible/awx/issues/8202
deploy_jobtemplate.ask_credential_on_launch = True
deploy_jobtemplate.credentials.remove(credential)
deploy_jobtemplate.credentials.add(machine_credential)
deploy_jobtemplate.credentials.add(vault_credential)
deploy_jobtemplate.save()
second_machine_credential = Credential(
name='SSH #2',
credential_type=machine_credential.credential_type,
inputs={'password': '******'})
second_machine_credential.save()
vault_credential.inputs['vault_password'] = '******'
vault_credential.save()
payload = {
'credentials': [vault_credential.id, second_machine_credential.id],
'credential_passwords': {
'ssh_password': '******',
'vault_password': '******'
},
}
with mock.patch.object(Job, 'signal_start') as signal_start:
post(
reverse('api:job_template_launch',
kwargs={'pk': deploy_jobtemplate.pk}),
payload,
admin,
expect=201,
)
signal_start.assert_called_with(**{
'ssh_password': '******',
'vault_password': '******',
})
