Enforce single owner field when serializing creds

The CredentialSerializerCreate expect a single owner field according to its help text but was not validating that. This makes it validate for a single owner field when creating a Credential.
2026-05-05 05:11:48 -05:00 · 2020-06-18 15:27:35 -04:00
parent e4eef82a39
commit 37218e1695
2 changed files with 38 additions and 0 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -2644,9 +2644,17 @@ class CredentialSerializerCreate(CredentialSerializer):
                    owner_fields.add(field)
                else:
                    attrs.pop(field)
+
        if not owner_fields:
            raise serializers.ValidationError({"detail": _("Missing 'user', 'team', or 'organization'.")})

+        if len(owner_fields) > 1:
+            received = ", ".join(sorted(owner_fields))
+            raise serializers.ValidationError({"detail": _(
+                "Only one of 'user', 'team', or 'organization' should be provided, "
+                "received {} fields.".format(received)
+            )})
+
        if attrs.get('team'):
            attrs['organization'] = attrs['team'].organization