Add support for multi-file injection in custom creds

2026-01-21 06:28:01 -03:30 · 2017-11-14 17:26:58 -05:00 · 2017-11-14 17:26:58 -05:00 · 286a70f2ca
commit 286a70f2ca
parent 87365e5969
3 changed files with 14 additions and 10 deletions
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@ -695,11 +695,10 @@ class CredentialTypeInjectorField(JSONSchemaField):
            'properties': {
                'file': {
                    'type': 'object',
-                    'properties': {
-                        'template': {'type': 'string'},
+                    'patternProperties': {
+                        '^template\.[a-zA-Z_]+$': {'type': 'string'},
                    },
                    'additionalProperties': False,
-                    'required': ['template'],
                },
                'env': {
                    'type': 'object',
--- a/awx/main/models/credential/init.py
+++ b/awx/main/models/credential/init.py
@ -594,9 +594,11 @@ class CredentialType(CommonModelNameNotUnique):
            return

        class TowerNamespace:
-            filename = None
+            pass

        tower_namespace = TowerNamespace()
+        filename_namespace = TowerNamespace()
+        tower_namespace.filename = filename_namespace

        # maintain a normal namespace for building the ansible-playbook arguments (env and args)
        namespace = {'tower': tower_namespace}
@ -622,17 +624,18 @@ class CredentialType(CommonModelNameNotUnique):
            if len(value):
                namespace[field_name] = value

-        file_tmpl = self.injectors.get('file', {}).get('template')
-        if file_tmpl is not None:
-            # If a file template is provided, render the file and update the
-            # special `tower` template namespace so the filename can be
-            # referenced in other injectors
+        file_tmpls = self.injectors.get('file', {})
+        # If any file templates are provided, render the files and update the
+        # special `tower` template namespace so the filename can be
+        # referenced in other injectors
+        for file_label, file_tmpl in file_tmpls.items():
            data = Template(file_tmpl).render(**namespace)
            _, path = tempfile.mkstemp(dir=private_data_dir)
            with open(path, 'w') as f:
                f.write(data)
            os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
-            namespace['tower'].filename = path
+            file_label = file_label.split('.')[1]
+            setattr(namespace['tower'].filename, file_label, path)

        for env_var, tmpl in self.injectors.get('env', {}).items():
            if env_var.startswith('ANSIBLE_') or env_var in self.ENV_BLACKLIST:
--- a/awx/main/tests/functional/test_credential.py
+++ b/awx/main/tests/functional/test_credential.py
@ -109,6 +109,8 @@ def test_cred_type_input_schema_validity(input_, valid):
    ({'file': 123}, False),
    ({'file': {}}, False),
    ({'file': {'template': '{{username}}'}}, True),
+    ({'file': {'template.username': '{{username}}'}}, True),
+    ({'file': {'template.username': '{{username}}', 'template.password': '{{pass}}'}}, True),
    ({'file': {'foo': 'bar'}}, False),
    ({'env': 123}, False),
    ({'env': {}}, True),