don't allow boolean credential type fields that specify secret

secret doesn't really make sense for boolean values; they can't store sensitive content because they're just true|false see: https://github.com/ansible/ansible-tower/issues/6776
2024-11-01 08:21:15 +03:00 · 2017-07-21 16:46:51 -04:00 · 2017-07-21 16:46:51 -04:00 · 9f11c008d2
commit 9f11c008d2
parent 6d201c44d9
2 changed files with 2 additions and 1 deletions
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@ -624,7 +624,7 @@ class CredentialTypeInputField(JSONSchemaField):
                # If no type is specified, default to string
                field['type'] = 'string'

-            for key in ('choices', 'multiline', 'format'):
+            for key in ('choices', 'multiline', 'format', 'secret',):
                if key in field and field['type'] != 'string':
                    raise django_exceptions.ValidationError(
                        _('%s not allowed for %s type (%s)' % (key, field['type'], field['id'])),
--- a/awx/main/tests/functional/test_credential.py
+++ b/awx/main/tests/functional/test_credential.py
@ -72,6 +72,7 @@ def test_cloud_kind_uniqueness():
    ({'fields': [{'id': 'ssh_key', 'label': 'SSH Key', 'type': 'string', 'format': 'ssh_private_key'}]}, True),  # noqa
    ({'fields': [{'id': 'flag', 'label': 'Some Flag', 'type': 'boolean'}]}, True),
    ({'fields': [{'id': 'flag', 'label': 'Some Flag', 'type': 'boolean', 'choices': ['a', 'b']}]}, False),
+    ({'fields': [{'id': 'flag', 'label': 'Some Flag', 'type': 'boolean', 'secret': True}]}, False),
    ({'fields': [{'id': 'certificate', 'label': 'Cert', 'multiline': True}]}, True),
    ({'fields': [{'id': 'certificate', 'label': 'Cert', 'multiline': True, 'type': 'boolean'}]}, False),  # noqa
    ({'fields': [{'id': 'certificate', 'label': 'Cert', 'multiline': 'bad'}]}, False),  # noqa