Validate the webhook credential

- we should allow a null credential, so that the admin can choose to configure not posting back status changes of the triggered job - the credential must be of the new 'token' kind - if we do configure a credential, its type must match the selected SCM service
2026-04-18 22:11:49 -05:00 · 2019-09-04 14:13:25 -04:00
parent 5848f0360a
commit bb1397a3d4
2 changed files with 71 additions and 1 deletions
--- a/awx/main/tests/functional/api/test_webhooks.py
+++ b/awx/main/tests/functional/api/test_webhooks.py
@@ -2,6 +2,7 @@ import pytest

 from awx.api.versioning import reverse
 from awx.main.models.mixins import WebhookMixin
+from awx.main.models.credential import Credential, CredentialType


@pytest.mark.django_db
@@ -146,3 +147,56 @@ def test_unset_webhook_service(organization_factory, job_template_factory, patch
    jt.refresh_from_db()

    assert (jt.webhook_service, jt.webhook_key) == ('', '')
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize(
+    "service", [s for s, _ in WebhookMixin.SERVICES]
+)
+def test_set_webhook_credential(organization_factory, job_template_factory, patch, service):
+    objs = organization_factory("org", superusers=['admin'])
+    jt = job_template_factory("jt", organization=objs.organization, webhook_service=service,
+                              inventory='test_inv', project='test_proj').job_template
+    admin = objs.superusers.admin
+    assert jt.webhook_service == service
+    assert jt.webhook_key != ''
+
+    cred_type = CredentialType.defaults['{}_token'.format(service)]()
+    cred_type.save()
+    cred = Credential.objects.create(credential_type=cred_type, name='test-cred',
+                                     inputs={'token': 'secret'})
+
+    url = reverse('api:job_template_detail', kwargs={'pk': jt.pk})
+    patch(url, {'webhook_credential': cred.pk}, user=admin, expect=200)
+    jt.refresh_from_db()
+
+    assert jt.webhook_service == service
+    assert jt.webhook_key != ''
+    assert jt.webhook_credential == cred
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize(
+    "service,token", [(s, WebhookMixin.SERVICES[i - 1][0]) for i, (s, _) in enumerate(WebhookMixin.SERVICES)]
+)
+def test_set_wrong_service_webhook_credential(organization_factory, job_template_factory, patch, service, token):
+    objs = organization_factory("org", superusers=['admin'])
+    jt = job_template_factory("jt", organization=objs.organization, webhook_service=service,
+                              inventory='test_inv', project='test_proj').job_template
+    admin = objs.superusers.admin
+    assert jt.webhook_service == service
+    assert jt.webhook_key != ''
+
+    cred_type = CredentialType.defaults['{}_token'.format(token)]()
+    cred_type.save()
+    cred = Credential.objects.create(credential_type=cred_type, name='test-cred',
+                                     inputs={'token': 'secret'})
+
+    url = reverse('api:job_template_detail', kwargs={'pk': jt.pk})
+    response = patch(url, {'webhook_credential': cred.pk}, user=admin, expect=400)
+    jt.refresh_from_db()
+
+    assert jt.webhook_service == service
+    assert jt.webhook_key != ''
+    assert jt.webhook_credential is None
+    assert response.data == {'webhook_credential': ["Must match the selected webhook service."]}