validation clause for WFJT node to follow cred prompt rule

2024-11-01 08:21:15 +03:00 · 2018-02-09 15:24:52 -05:00 · 2018-02-09 15:24:52 -05:00 · 02ac139d5c
commit 02ac139d5c
parent 605a2c7e01
2 changed files with 14 additions and 5 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@ -3254,6 +3254,9 @@ class WorkflowJobTemplateNodeSerializer(LaunchConfigurationBaseSerializer):
            cred = deprecated_fields['credential']
            attrs['credential'] = cred
            if cred is not None:
+                if not ujt_obj.ask_credential_on_launch:
+                    raise serializers.ValidationError({"credential": _(
+                        "Related template is not configured to accept credentials on launch.")})
                cred = Credential.objects.get(pk=cred)
                view = self.context.get('view', None)
                if (not view) or (not view.request) or (view.request.user not in cred.use_role):
--- a/awx/main/tests/functional/api/test_workflow_node.py
+++ b/awx/main/tests/functional/api/test_workflow_node.py
@ -108,14 +108,20 @@ class TestOldCredentialField:
    TODO: remove tests when JT vault_credential / credential / other stuff
    is removed
    '''
+    @pytest.fixture
+    def job_template_ask(self, job_template):
+        job_template.ask_credential_on_launch = True
+        job_template.save()
+        return job_template
+
    def test_credential_accepted_create(self, workflow_job_template, post, admin_user,
-                                        job_template, machine_credential):
+                                        job_template_ask, machine_credential):
        r = post(
            reverse(
                'api:workflow_job_template_workflow_nodes_list',
                kwargs = {'pk': workflow_job_template.pk}
            ),
-            data = {'credential': machine_credential.pk, 'unified_job_template': job_template.pk},
+            data = {'credential': machine_credential.pk, 'unified_job_template': job_template_ask.pk},
            user = admin_user,
            expect = 201
        )
@ -128,17 +134,17 @@ class TestOldCredentialField:
        ['read_role', 403]
    ])
    def test_credential_rbac(self, role, code, workflow_job_template, post, rando,
-                             job_template, machine_credential):
+                             job_template_ask, machine_credential):
        role_obj = getattr(machine_credential, role)
        role_obj.members.add(rando)
-        job_template.execute_role.members.add(rando)
+        job_template_ask.execute_role.members.add(rando)
        workflow_job_template.admin_role.members.add(rando)
        post(
            reverse(
                'api:workflow_job_template_workflow_nodes_list',
                kwargs = {'pk': workflow_job_template.pk}
            ),
-            data = {'credential': machine_credential.pk, 'unified_job_template': job_template.pk},
+            data = {'credential': machine_credential.pk, 'unified_job_template': job_template_ask.pk},
            user = rando,
            expect = code
        )