def test_job_launch_fails_with_missing_multivault_password( machine_credential, vault_credential, deploy_jobtemplate, launch_kwargs, get, post, rando): vault_cred_first = Credential( name='Vault #1', credential_type=vault_credential.credential_type, inputs={ 'vault_password': '******', 'vault_id': 'abc' }) vault_cred_first.save() vault_cred_second = Credential( name='Vault #2', credential_type=vault_credential.credential_type, inputs={ 'vault_password': '******', 'vault_id': 'xyz' }) vault_cred_second.save() deploy_jobtemplate.credentials.add(vault_cred_first) deploy_jobtemplate.credentials.add(vault_cred_second) deploy_jobtemplate.execute_role.members.add(rando) deploy_jobtemplate.save() url = reverse('api:job_template_launch', kwargs={'pk': deploy_jobtemplate.pk}) resp = get(url, rando, expect=200) assert resp.data['passwords_needed_to_start'] == [ 'vault_password.abc', 'vault_password.xyz' ] assert sum([ cred['passwords_needed'] for cred in resp.data['defaults']['credentials'] if cred['credential_type'] == vault_credential.credential_type_id ], []) == ['vault_password.abc', 'vault_password.xyz'] resp = post(url, rando, expect=400) assert resp.data['passwords_needed_to_start'] == [ 'vault_password.abc', 'vault_password.xyz' ] with mock.patch.object(Job, 'signal_start') as signal_start: post(url, launch_kwargs, rando, expect=201) signal_start.assert_called_with(**{ 'vault_password.abc': 'vault-me-1', 'vault_password.xyz': 'vault-me-2' })
def test_job_launch_with_multiple_launch_time_passwords( credential, machine_credential, vault_credential, deploy_jobtemplate, post, admin): # see: https://github.com/ansible/awx/issues/8202 deploy_jobtemplate.ask_credential_on_launch = True deploy_jobtemplate.credentials.remove(credential) deploy_jobtemplate.credentials.add(machine_credential) deploy_jobtemplate.credentials.add(vault_credential) deploy_jobtemplate.save() second_machine_credential = Credential( name='SSH #2', credential_type=machine_credential.credential_type, inputs={'password': '******'}) second_machine_credential.save() vault_credential.inputs['vault_password'] = '******' vault_credential.save() payload = { 'credentials': [vault_credential.id, second_machine_credential.id], 'credential_passwords': { 'ssh_password': '******', 'vault_password': '******' }, } with mock.patch.object(Job, 'signal_start') as signal_start: post( reverse('api:job_template_launch', kwargs={'pk': deploy_jobtemplate.pk}), payload, admin, expect=201, ) signal_start.assert_called_with(**{ 'ssh_password': '******', 'vault_password': '******', })