shaba/awx
1
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2024-11-01 16:51:11 +03:00
Code Releases Activity

Merge pull request #574 from ryanpetrello/fix-7764

Browse Source 
properly perform validation on encrypted survey defaults
This commit is contained in:
Ryan Petrello 2017-11-10 12:07:54 -05:00 committed by GitHub
commit bc705ad8ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
awx/main/models/mixins.py
View File

@ -163,6 +163,19 @@ class SurveyJobTemplateMixin(models.Model):
def _survey_element_validation(self, survey_element, data):
errors = []
# make a copy of the data to break references (so that we don't
# inadvertently expose unencrypted default passwords as we validate)
data = data.copy()
if all([
survey_element['type'] == "password",
data.get(survey_element['variable']) == '$encrypted$'
]):
# replace encrypted password defaults so we don't validate on
# $encrypted$
data[survey_element['variable']] = decrypt_value(
get_encryption_key('value', pk=None),
survey_element['default']
)
if survey_element['variable'] not in data and survey_element['required']:
errors.append("'%s' value missing" % survey_element['variable'])
elif survey_element['type'] in ["textarea", "text", "password"]:

16
awx/main/tests/unit/models/test_survey_models.py
View File

@ -8,6 +8,7 @@ from awx.main.models import (
JobTemplate,
WorkflowJobTemplate
)
from awx.main.utils.encryption import encrypt_value
@pytest.fixture
@ -143,6 +144,21 @@ def test_optional_survey_question_defaults(
assert 'c' not in defaulted_extra_vars['extra_vars']
@pytest.mark.survey
def test_encrypted_default_validation(survey_spec_factory):
element = {
"required": True,
"default": encrypt_value("test1234", pk=None),
"variable": "x",
"min": 0,
"max": 8,
"type": "password",
}
spec = survey_spec_factory([element])
jt = JobTemplate(name="test-jt", survey_spec=spec, survey_enabled=True)
assert not len(jt.survey_variable_validation({'x': '$encrypted$'}))
@pytest.mark.survey
class TestWorkflowSurveys:
def test_update_kwargs_survey_defaults(self, survey_spec_factory):