tests for saving survey passwords to job

2024-10-31 23:51:09 +03:00 · 2016-08-08 13:06:07 -04:00 · 2016-08-08 13:06:07 -04:00 · 6559118f40
commit 6559118f40
parent 9f3d9fa78a
7 changed files with 50 additions and 16 deletions
--- a/awx/main/migrations/_save_password_keys.py
+++ b/awx/main/migrations/_save_password_keys.py
@ -1,8 +1,10 @@
 def survey_password_variables(survey_spec):
    vars = []
    # Get variables that are type password
+    if 'spec' not in survey_spec:
+        return vars
    for survey_element in survey_spec['spec']:
-        if survey_element['type'] == 'password':
+        if 'type' in survey_element and survey_element['type'] == 'password':
            vars.append(survey_element['variable'])
    return vars

--- a/awx/main/tests/conftest.py
+++ b/awx/main/tests/conftest.py
@ -26,16 +26,16 @@ def survey_spec_factory():
    return create_survey_spec

@pytest.fixture
-def job_with_secret_key_factory(job_template_factory):
+def job_template_with_survey_passwords_factory(job_template_factory):
    def rf(persisted):
        "Returns job with linked JT survey with password survey questions"
        objects = job_template_factory('jt', organization='org1', survey=[
            {'variable': 'submitter_email', 'type': 'text', 'default': 'foobar@redhat.com'},
            {'variable': 'secret_key', 'default': '6kQngg3h8lgiSTvIEb21', 'type': 'password'},
-            {'variable': 'SSN', 'type': 'password'}], jobs=[1], persisted=persisted)
-        return objects.jobs[1]
+            {'variable': 'SSN', 'type': 'password'}], persisted=persisted)
+        return objects.job_template
    return rf

@pytest.fixture
-def job_with_secret_key_unit(job_with_secret_key_factory):
-    return job_with_secret_key_factory(persisted=False)
+def job_template_with_survey_passwords_unit(job_template_with_survey_passwords_factory):
+    return job_template_with_survey_passwords_factory(persisted=False)
--- a/awx/main/tests/functional/api/test_job_template.py
+++ b/awx/main/tests/functional/api/test_job_template.py
@ -3,12 +3,14 @@ import mock

 # AWX
 from awx.api.serializers import JobTemplateSerializer, JobLaunchSerializer
-from awx.main.models.jobs import JobTemplate
+from awx.main.models.jobs import JobTemplate, Job
 from awx.main.models.projects import ProjectOptions
+from awx.main.migrations import _save_password_keys as save_password_keys

 # Django
 from django.test.client import RequestFactory
 from django.core.urlresolvers import reverse
+from django.apps import apps

@property
 def project_playbooks(self):
@ -348,3 +350,20 @@ def test_disallow_template_delete_on_running_job(job_template_factory, delete, a
    objects.job_template.create_unified_job()
    delete_response = delete(reverse('api:job_template_detail', args=[objects.job_template.pk]), user=admin_user)
    assert delete_response.status_code == 409
+
+@pytest.mark.django_db
+def test_save_survey_passwords_to_job(job_template_with_survey_passwords):
+    """Test that when a new job is created, the survey_passwords field is
+    given all of the passwords that exist in the JT survey"""
+    job = job_template_with_survey_passwords.create_unified_job()
+    assert job.survey_passwords == {'SSN': '$encrypted$', 'secret_key': '$encrypted$'}
+
+@pytest.mark.django_db
+def test_save_survey_passwords_on_migration(job_template_with_survey_passwords):
+    """Test that when upgrading to 3.0.2, the jobs connected to a JT that has
+    a survey with passwords in it, the survey passwords get saved to the
+    job survey_passwords field."""
+    Job.objects.create(job_template=job_template_with_survey_passwords)
+    save_password_keys.migrate_survey_passwords(apps, None)
+    job = job_template_with_survey_passwords.jobs.all()[0]
+    assert job.survey_passwords == {'SSN': '$encrypted$', 'secret_key': '$encrypted$'}
--- a/awx/main/tests/functional/api/test_survey_spec.py
+++ b/awx/main/tests/functional/api/test_survey_spec.py
@ -193,7 +193,8 @@ def test_launch_with_non_empty_survey_spec_no_license(job_template_factory, post

@pytest.mark.django_db
@pytest.mark.survey
-def test_redact_survey_passwords_in_activity_stream(job_with_secret_key):
+def test_redact_survey_passwords_in_activity_stream(job_template_with_survey_passwords):
+    job_template_with_survey_passwords.create_unified_job()
    AS_record = ActivityStream.objects.filter(object1='job').all()[0]
    changes_dict = json.loads(AS_record.changes)
    extra_vars = json.loads(changes_dict['extra_vars'])
--- a/awx/main/tests/functional/conftest.py
+++ b/awx/main/tests/functional/conftest.py
@ -206,8 +206,8 @@ def notification(notification_template):
                                       subject='email subject')

@pytest.fixture
-def job_with_secret_key(job_with_secret_key_factory):
-    return job_with_secret_key_factory(persisted=True)
+def job_template_with_survey_passwords(job_template_with_survey_passwords_factory):
+    return job_template_with_survey_passwords_factory(persisted=True)

@pytest.fixture
 def admin(user):
--- a/awx/main/tests/unit/models/test_job_template_unit.py
+++ b/awx/main/tests/unit/models/test_job_template_unit.py
@ -35,6 +35,7 @@ def test_inventory_credential_contradictions(job_template_factory):
    assert 'credential' in validation_errors

@pytest.mark.survey
-def test_survey_password_list(job_with_secret_key_unit):
-    """Verify that survey_password_variables method gives a list of survey passwords"""
-    assert job_with_secret_key_unit.job_template.survey_password_variables() == ['secret_key', 'SSN']
+def test_job_template_survey_password_redaction(job_template_with_survey_passwords_unit):
+    """Tests the JobTemplate model's funciton to redact passwords from
+    extra_vars - used when creating a new job"""
+    assert job_template_with_survey_passwords_unit.survey_password_variables() == ['secret_key', 'SSN']
--- a/awx/main/tests/unit/models/test_job_unit.py
+++ b/awx/main/tests/unit/models/test_job_unit.py
@ -2,6 +2,7 @@ import pytest
 import json

 from awx.main.tasks import RunJob
+from awx.main.models import Job


@pytest.fixture
@ -14,9 +15,19 @@ def job(mocker):
        'launch_type': 'manual'})

@pytest.mark.survey
-def test_job_redacted_extra_vars(job_with_secret_key_unit):
-    """Verify that this method redacts vars marked as passwords in a survey"""
-    assert json.loads(job_with_secret_key_unit.display_extra_vars()) == {
+def test_job_survey_password_redaction():
+    """Tests the Job model's funciton to redact passwords from
+    extra_vars - used when displaying job information"""
+    job = Job(
+        name="test-job-with-passwords",
+        extra_vars=json.dumps({
+            'submitter_email': 'foobar@redhat.com',
+            'secret_key': '6kQngg3h8lgiSTvIEb21',
+            'SSN': '123-45-6789'}),
+        survey_passwords={
+            'secret_key': '$encrypted$',
+            'SSN': '$encrypted$'})
+    assert json.loads(job.display_extra_vars()) == {
        'submitter_email': 'foobar@redhat.com',
        'secret_key': '$encrypted$',
        'SSN': '$encrypted$'}