From 37ff9913d3c2dcb35d9a170cf2631b9baeac37d9 Mon Sep 17 00:00:00 2001 From: John Westcott IV <32551173+john-westcott-iv@users.noreply.github.com> Date: Tue, 12 Jul 2022 08:51:02 -0400 Subject: [PATCH] Adding GOOGLE_APPLICATION_CREDENTIALS env var (#12389) * Adding GOOGLE_APPLICATION_CREDENTIALS env var * Updating tests --- awx/main/models/credential/injectors.py | 1 + awx/main/tests/data/inventory/plugins/gce/env.json | 3 ++- awx/main/tests/unit/test_tasks.py | 11 +++++++---- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/awx/main/models/credential/injectors.py b/awx/main/models/credential/injectors.py index faafaad59b..afbb30811b 100644 --- a/awx/main/models/credential/injectors.py +++ b/awx/main/models/credential/injectors.py @@ -35,6 +35,7 @@ def gce(cred, env, private_data_dir): container_path = to_container_path(path, private_data_dir) env['GCE_CREDENTIALS_FILE_PATH'] = container_path env['GCP_SERVICE_ACCOUNT_FILE'] = container_path + env['GOOGLE_APPLICATION_CREDENTIALS'] = container_path # Handle env variables for new module types. # This includes gcp_compute inventory plugin and diff --git a/awx/main/tests/data/inventory/plugins/gce/env.json b/awx/main/tests/data/inventory/plugins/gce/env.json index 0b41b7e4e3..4c87c078eb 100644 --- a/awx/main/tests/data/inventory/plugins/gce/env.json +++ b/awx/main/tests/data/inventory/plugins/gce/env.json @@ -2,8 +2,9 @@ "ANSIBLE_JINJA2_NATIVE": "True", "ANSIBLE_TRANSFORM_INVALID_GROUP_CHARS": "never", "GCE_CREDENTIALS_FILE_PATH": "{{ file_reference }}", + "GOOGLE_APPLICATION_CREDENTIALS": "{{ file_reference }}", "GCP_AUTH_KIND": "serviceaccount", "GCP_ENV_TYPE": "tower", "GCP_PROJECT": "fooo", "GCP_SERVICE_ACCOUNT_FILE": "{{ file_reference }}" -} \ No newline at end of file +} diff --git a/awx/main/tests/unit/test_tasks.py b/awx/main/tests/unit/test_tasks.py index 4b20adb32a..2364e7eca7 100644 --- a/awx/main/tests/unit/test_tasks.py +++ b/awx/main/tests/unit/test_tasks.py @@ -922,7 +922,8 @@ class TestJobCredentials(TestJobExecution): assert env['AWS_SECURITY_TOKEN'] == 'token' assert safe_env['AWS_SECRET_ACCESS_KEY'] == HIDDEN_PASSWORD - def test_gce_credentials(self, private_data_dir, job, mock_me): + @pytest.mark.parametrize("cred_env_var", ['GCE_CREDENTIALS_FILE_PATH', 'GOOGLE_APPLICATION_CREDENTIALS']) + def test_gce_credentials(self, cred_env_var, private_data_dir, job, mock_me): gce = CredentialType.defaults['gce']() credential = Credential(pk=1, credential_type=gce, inputs={'username': 'bob', 'project': 'some-project', 'ssh_key_data': self.EXAMPLE_PRIVATE_KEY}) credential.inputs['ssh_key_data'] = encrypt_field(credential, 'ssh_key_data') @@ -931,7 +932,7 @@ class TestJobCredentials(TestJobExecution): env = {} safe_env = {} credential.credential_type.inject_credential(credential, env, safe_env, [], private_data_dir) - runner_path = env['GCE_CREDENTIALS_FILE_PATH'] + runner_path = env[cred_env_var] local_path = to_host_path(runner_path, private_data_dir) json_data = json.load(open(local_path, 'rb')) assert json_data['type'] == 'service_account' @@ -1316,6 +1317,7 @@ class TestJobCredentials(TestJobExecution): assert env['AZURE_AD_USER'] == 'bob' assert env['AZURE_PASSWORD'] == 'secret' + # Because this is testing a mix of multiple cloud creds, we are not going to test the GOOGLE_APPLICATION_CREDENTIALS here path = to_host_path(env['GCE_CREDENTIALS_FILE_PATH'], private_data_dir) json_data = json.load(open(path, 'rb')) assert json_data['type'] == 'service_account' @@ -1645,7 +1647,8 @@ class TestInventoryUpdateCredentials(TestJobExecution): assert safe_env['AZURE_PASSWORD'] == HIDDEN_PASSWORD - def test_gce_source(self, inventory_update, private_data_dir, mocker, mock_me): + @pytest.mark.parametrize("cred_env_var", ['GCE_CREDENTIALS_FILE_PATH', 'GOOGLE_APPLICATION_CREDENTIALS']) + def test_gce_source(self, cred_env_var, inventory_update, private_data_dir, mocker, mock_me): task = jobs.RunInventoryUpdate() task.instance = inventory_update gce = CredentialType.defaults['gce']() @@ -1669,7 +1672,7 @@ class TestInventoryUpdateCredentials(TestJobExecution): credential.credential_type.inject_credential(credential, env, safe_env, [], private_data_dir) assert env['GCE_ZONE'] == expected_gce_zone - json_data = json.load(open(env['GCE_CREDENTIALS_FILE_PATH'], 'rb')) + json_data = json.load(open(env[cred_env_var], 'rb')) assert json_data['type'] == 'service_account' assert json_data['private_key'] == self.EXAMPLE_PRIVATE_KEY assert json_data['client_email'] == 'bob'