store the public key for HashiVault signing in the plugin metadata

2026-03-09 21:49:27 -02:30 · 2019-03-01 00:27:03 -05:00
parent 2824616ba6
commit 0768c6ac1d
6 changed files with 24 additions and 35 deletions
--- a/awx/main/credential_plugins/azure_kv.py
+++ b/awx/main/credential_plugins/azure_kv.py
@@ -39,7 +39,7 @@ azure_keyvault_inputs = {
 }


-def azure_keyvault_backend(raw, **kwargs):
+def azure_keyvault_backend(**kwargs):
    url = kwargs['url']

    def auth_callback(server, resource, scope):
--- a/awx/main/credential_plugins/conjur.py
+++ b/awx/main/credential_plugins/conjur.py
@@ -47,7 +47,7 @@ conjur_inputs = {
 }


-def conjur_backend(raw, **kwargs):
+def conjur_backend(**kwargs):
    url = kwargs['url']
    api_key = kwargs['api_key']
    account = quote_plus(kwargs['account'])
--- a/awx/main/credential_plugins/hashivault.py
+++ b/awx/main/credential_plugins/hashivault.py
@@ -53,7 +53,12 @@ hashi_kv_inputs['metadata'].extend([{
 hashi_kv_inputs['required'].extend(['api_version', 'secret_key'])

 hashi_ssh_inputs = copy.deepcopy(base_inputs)
-hashi_ssh_inputs['metadata'].extend([{
+hashi_ssh_inputs['metadata'] = [{
+    'id': 'public_key',
+    'label': _('Unsigned Public Key'),
+    'type': 'string',
+    'multiline': True,
+}] + hashi_ssh_inputs['metadata'] + [{
    'id': 'role',
    'label': _('Role Name'),
    'type': 'string',
@@ -63,11 +68,11 @@ hashi_ssh_inputs['metadata'].extend([{
    'label': _('Valid Principals'),
    'type': 'string',
    'help_text': _('Valid principals (either usernames or hostnames) that the certificate should be signed for.'),
-}])
-hashi_ssh_inputs['required'].extend(['role'])
+}]
+hashi_ssh_inputs['required'].extend(['public_key', 'role'])


-def kv_backend(raw, **kwargs):
+def kv_backend(**kwargs):
    token = kwargs['token']
    url = urljoin(kwargs['url'], 'v1')
    secret_path = kwargs['secret_path']
@@ -109,7 +114,7 @@ def kv_backend(raw, **kwargs):
    return json['data']


-def ssh_backend(raw, **kwargs):
+def ssh_backend(**kwargs):
    token = kwargs['token']
    url = urljoin(kwargs['url'], 'v1')
    secret_path = kwargs['secret_path']
@@ -118,7 +123,7 @@ def ssh_backend(raw, **kwargs):
    sess = requests.Session()
    sess.headers['Authorization'] = 'Bearer {}'.format(token)
    json = {
-        'public_key': raw
+        'public_key': kwargs['public_key']
    }
    if kwargs.get('valid_principals'):
        json['valid_principals'] = kwargs['valid_principals']
--- a/awx/main/models/credential/init.py
+++ b/awx/main/models/credential/init.py
@@ -1362,13 +1362,7 @@ class CredentialInputSource(PrimordialModel):
                backend_kwargs[field_name] = value

        backend_kwargs.update(self.metadata)
-        raw = self.target_credential.inputs.get(self.input_field_name)
-        if self.input_field_name in self.target_credential.credential_type.secret_fields:
-            raw = decrypt_field(self.target_credential, self.input_field_name)
-        return backend(
-            raw,
-            **backend_kwargs
-        )
+        return backend(**backend_kwargs)

    def get_absolute_url(self, request=None):
        view_name = 'api:credential_input_source_detail'