Add the ability to specify K8S/OCP credentials on a Job Template

see: https://github.com/ansible/awx/issues/5735
2026-03-21 02:47:35 -02:30 · 2020-07-15 16:57:42 -04:00
parent cd6df9299f
commit 0b221a42c0
8 changed files with 44 additions and 19 deletions
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -4100,7 +4100,8 @@ class JobLaunchSerializer(BaseSerializer):
                errors.setdefault('credentials', []).append(_(
                    'Cannot assign multiple {} credentials.'
                ).format(cred.unique_hash(display=True)))
-            if cred.credential_type.kind not in ('ssh', 'vault', 'cloud', 'net'):
+            if cred.credential_type.kind not in ('ssh', 'vault', 'cloud',
+                                                 'net', 'kubernetes'):
                errors.setdefault('credentials', []).append(_(
                    'Cannot assign a Credential of kind `{}`'
                ).format(cred.credential_type.kind))
--- a/awx/api/views/init.py
+++ b/awx/api/views/init.py
@@ -2657,7 +2657,7 @@ class JobTemplateCredentialsList(SubListCreateAttachDetachAPIView):
            return {"error": _("Cannot assign multiple {credential_type} credentials.").format(
                credential_type=sub.unique_hash(display=True))}
        kind = sub.credential_type.kind
-        if kind not in ('ssh', 'vault', 'cloud', 'net'):
+        if kind not in ('ssh', 'vault', 'cloud', 'net', 'kubernetes'):
            return {'error': _('Cannot assign a Credential of kind `{}`.').format(kind)}

        return super(JobTemplateCredentialsList, self).is_valid_relation(parent, sub, created)
--- a/awx/main/models/credential/init.py
+++ b/awx/main/models/credential/init.py
@@ -1169,7 +1169,18 @@ ManagedCredentialType(
            'multiline': True,
        }],
        'required': ['host', 'bearer_token'],
-    }
+    },
+    injectors={
+        'file': {
+            'template': '{{ ssl_ca_cert }}'
+        },
+        'env': {
+            'K8S_AUTH_HOST': '{{ host }}',
+            'K8S_AUTH_API_KEY': '{{ bearer_token }}',
+            'K8S_AUTH_VERIFY_SSL': '{{ verify_ssl }}',
+            'K8S_AUTH_SSL_CA_CERT': '{{ tower.filename }}',
+        },
+    },
 )


--- a/awx/ui/client/lib/components/tag/_index.less
+++ b/awx/ui/client/lib/components/tag/_index.less
@@ -67,6 +67,10 @@
    &--external:before {
        content: '\f14c'
    }
+
+    &--kubernetes_bearer_token:before {
+        content: '\f0c2';
+    }
 }

 .TagComponent-button {
--- a/awx/ui/client/src/templates/job_templates/multi-credential/multi-credential-modal.directive.js
+++ b/awx/ui/client/src/templates/job_templates/multi-credential/multi-credential-modal.directive.js
@@ -111,7 +111,7 @@ function multiCredentialModalController(GetBasePath, qs, MultiCredentialService)

        scope.credentialTypes.forEach((credentialType => {
            if(credentialType.kind
-                .match(/^(machine|cloud|net|ssh|vault)$/)) {
+                .match(/^(machine|cloud|net|ssh|vault|kubernetes)$/)) {
                    scope.displayedCredentialTypes.push(credentialType);
            }
        }));