From 623cf0b4cdbfe51e5ea27d23d43253ee0aec243b Mon Sep 17 00:00:00 2001
From: Alan Rominger <arominge@redhat.com>
Date: Thu, 22 Apr 2021 10:05:25 -0400
Subject: [PATCH] Start migrating the /runner path references

---
 awx/main/models/credential/__init__.py   |  7 +++----
 awx/main/models/credential/injectors.py  | 13 +++++++------
 awx/main/models/inventory.py             |  3 ++-
 awx/main/tasks.py                        |  2 +-
 awx/main/utils/execution_environments.py |  8 ++++++++
 5 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/awx/main/models/credential/__init__.py b/awx/main/models/credential/__init__.py
index 2515f2f49b..f33a0d4671 100644
--- a/awx/main/models/credential/__init__.py
+++ b/awx/main/models/credential/__init__.py
@@ -31,6 +31,7 @@ from awx.main.fields import (
 )
 from awx.main.utils import decrypt_field, classproperty
 from awx.main.utils.safe_yaml import safe_dump
+from awx.main.utils.execution_environments import to_container_path
 from awx.main.validators import validate_ssh_private_key
 from awx.main.models.base import CommonModelNameNotUnique, PasswordFieldsModel, PrimordialModel
 from awx.main.models.mixins import ResourceMixin
@@ -497,8 +498,7 @@ class CredentialType(CommonModelNameNotUnique):
             with open(path, 'w') as f:
                 f.write(data)
             os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
-            # FIXME: develop some better means of referencing paths inside containers
-            container_path = os.path.join('/runner', 'env', os.path.basename(path))
+            container_path = to_container_path(path, private_data_dir)
 
             # determine if filename indicates single file or many
             if file_label.find('.') == -1:
@@ -535,8 +535,7 @@ class CredentialType(CommonModelNameNotUnique):
 
             if extra_vars:
                 path = build_extra_vars_file(extra_vars, private_data_dir)
-                # FIXME: develop some better means of referencing paths inside containers
-                container_path = os.path.join('/runner', 'env', os.path.basename(path))
+                container_path = to_container_path(path, private_data_dir)
                 args.extend(['-e', '@%s' % container_path])
 
 
diff --git a/awx/main/models/credential/injectors.py b/awx/main/models/credential/injectors.py
index 259cfc724e..faafaad59b 100644
--- a/awx/main/models/credential/injectors.py
+++ b/awx/main/models/credential/injectors.py
@@ -6,6 +6,8 @@ import tempfile
 
 from django.conf import settings
 
+from awx.main.utils.execution_environments import to_container_path
+
 
 def aws(cred, env, private_data_dir):
     env['AWS_ACCESS_KEY_ID'] = cred.get_input('username', default='')
@@ -30,9 +32,9 @@ def gce(cred, env, private_data_dir):
     json.dump(json_cred, f, indent=2)
     f.close()
     os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
-    cred_path = os.path.join('/runner', 'env', os.path.basename(path))
-    env['GCE_CREDENTIALS_FILE_PATH'] = cred_path
-    env['GCP_SERVICE_ACCOUNT_FILE'] = cred_path
+    container_path = to_container_path(path, private_data_dir)
+    env['GCE_CREDENTIALS_FILE_PATH'] = container_path
+    env['GCP_SERVICE_ACCOUNT_FILE'] = container_path
 
     # Handle env variables for new module types.
     # This includes gcp_compute inventory plugin and
@@ -103,8 +105,7 @@ def openstack(cred, env, private_data_dir):
     yaml.safe_dump(openstack_data, f, default_flow_style=False, allow_unicode=True)
     f.close()
     os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
-    # TODO: constant for container base path
-    env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', 'env', os.path.basename(path))
+    env['OS_CLIENT_CONFIG_FILE'] = to_container_path(path, private_data_dir)
 
 
 def kubernetes_bearer_token(cred, env, private_data_dir):
@@ -116,6 +117,6 @@ def kubernetes_bearer_token(cred, env, private_data_dir):
         with os.fdopen(handle, 'w') as f:
             os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
             f.write(cred.get_input('ssl_ca_cert'))
-        env['K8S_AUTH_SSL_CA_CERT'] = os.path.join('/runner', 'env', os.path.basename(path))
+        env['K8S_AUTH_SSL_CA_CERT'] = to_container_path(path, private_data_dir)
     else:
         env['K8S_AUTH_VERIFY_SSL'] = 'False'
diff --git a/awx/main/models/inventory.py b/awx/main/models/inventory.py
index b59b640b51..91719a4bad 100644
--- a/awx/main/models/inventory.py
+++ b/awx/main/models/inventory.py
@@ -50,6 +50,7 @@ from awx.main.models.notifications import (
 from awx.main.models.credential.injectors import _openstack_data
 from awx.main.utils import _inventory_updates
 from awx.main.utils.safe_yaml import sanitize_jinja
+from awx.main.utils.execution_environments import to_container_path
 
 
 __all__ = ['Inventory', 'Host', 'Group', 'InventorySource', 'InventoryUpdate', 'SmartInventoryMembership']
@@ -1505,7 +1506,7 @@ class openstack(PluginFileInjector):
         env = super(openstack, self).get_plugin_env(inventory_update, private_data_dir, private_data_files)
         credential = inventory_update.get_cloud_credential()
         cred_data = private_data_files['credentials']
-        env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', 'env', os.path.basename(cred_data[credential]))
+        env['OS_CLIENT_CONFIG_FILE'] = to_container_path(cred_data[credential], private_data_dir)
         return env
 
 
diff --git a/awx/main/tasks.py b/awx/main/tasks.py
index 5c2a396c58..c9a901f26c 100644
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@@ -96,7 +96,7 @@ from awx.main.utils import (
     deepmerge,
     parse_yaml_or_json,
 )
-from awx.main.utils.execution_environments import get_default_execution_environment, get_default_pod_spec
+from awx.main.utils.execution_environments import get_default_execution_environment, get_default_pod_spec, CONTAINER_ROOT, to_container_path
 from awx.main.utils.ansible import read_ansible_config
 from awx.main.utils.external_logging import reconfigure_rsyslog
 from awx.main.utils.safe_yaml import safe_dump, sanitize_jinja
diff --git a/awx/main/utils/execution_environments.py b/awx/main/utils/execution_environments.py
index c9aca5a380..67fee9566d 100644
--- a/awx/main/utils/execution_environments.py
+++ b/awx/main/utils/execution_environments.py
@@ -36,6 +36,11 @@ CONTAINER_ROOT = '/runner'
 
 
 def to_container_path(path, private_data_dir):
+    """Given a path inside of the host machine filesystem,
+    this returns the expected path which would be observed by the job running
+    inside of the EE container.
+    This only handles the volume mount from private_data_dir to /runner
+    """
     if not os.path.isabs(private_data_dir):
         raise RuntimeError('The private_data_dir path must be absolute')
     if private_data_dir != path and Path(private_data_dir) not in Path(path).resolve().parents:
@@ -44,6 +49,9 @@ def to_container_path(path, private_data_dir):
 
 
 def to_host_path(path, private_data_dir):
+    """Given a path inside of the EE container, this gives the absolute path
+    on the host machine within the private_data_dir
+    """
     if not os.path.isabs(private_data_dir):
         raise RuntimeError('The private_data_dir path must be absolute')
     if CONTAINER_ROOT != path and Path(CONTAINER_ROOT) not in Path(path).resolve().parents: