From 4beeeae9f1bef82aacb6152e84692eb55af1e235 Mon Sep 17 00:00:00 2001
From: Shane McDonald <me@shanemcd.com>
Date: Mon, 29 Mar 2021 17:33:40 -0400
Subject: [PATCH] Fix k8s credentials that use a custom ca cert

---
 awx/main/models/credential/injectors.py | 2 +-
 awx/main/tests/unit/test_tasks.py       | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/awx/main/models/credential/injectors.py b/awx/main/models/credential/injectors.py
index b5f7e37fed..246ab0d4e4 100644
--- a/awx/main/models/credential/injectors.py
+++ b/awx/main/models/credential/injectors.py
@@ -115,6 +115,6 @@ def kubernetes_bearer_token(cred, env, private_data_dir):
         with os.fdopen(handle, 'w') as f:
             os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
             f.write(cred.get_input('ssl_ca_cert'))
-        env['K8S_AUTH_SSL_CA_CERT'] = path
+        env['K8S_AUTH_SSL_CA_CERT'] = os.path.join('/runner', os.path.basename(path))
     else:
         env['K8S_AUTH_VERIFY_SSL'] = 'False'
diff --git a/awx/main/tests/unit/test_tasks.py b/awx/main/tests/unit/test_tasks.py
index 26df22c4f2..5d600548a3 100644
--- a/awx/main/tests/unit/test_tasks.py
+++ b/awx/main/tests/unit/test_tasks.py
@@ -1003,7 +1003,8 @@ class TestJobCredentials(TestJobExecution):
 
         if verify:
             assert env['K8S_AUTH_VERIFY_SSL'] == 'True'
-            cert = open(env['K8S_AUTH_SSL_CA_CERT'], 'r').read()
+            local_path = os.path.join(private_data_dir, os.path.basename(env['K8S_AUTH_SSL_CA_CERT']))
+            cert = open(local_path, 'r').read()
             assert cert == 'CERTDATA'
         else:
             assert env['K8S_AUTH_VERIFY_SSL'] == 'False'