Fix credential env folder, test_tasks.py

2026-03-11 14:39:30 -02:30 · 2021-04-21 09:46:56 -04:00
parent 11c5d577d6
commit 8f9373085a
5 changed files with 24 additions and 19 deletions
--- a/awx/main/models/credential/init.py
+++ b/awx/main/models/credential/init.py
@@ -498,7 +498,7 @@ class CredentialType(CommonModelNameNotUnique):
                f.write(data)
            os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
            # FIXME: develop some better means of referencing paths inside containers
-            container_path = os.path.join('/runner', os.path.basename(path))
+            container_path = os.path.join('/runner', 'env', os.path.basename(path))

            # determine if filename indicates single file or many
            if file_label.find('.') == -1:
@@ -536,7 +536,7 @@ class CredentialType(CommonModelNameNotUnique):
            if extra_vars:
                path = build_extra_vars_file(extra_vars, private_data_dir)
                # FIXME: develop some better means of referencing paths inside containers
-                container_path = os.path.join('/runner', os.path.basename(path))
+                container_path = os.path.join('/runner', 'env', os.path.basename(path))
                args.extend(['-e', '@%s' % container_path])


--- a/awx/main/models/credential/injectors.py
+++ b/awx/main/models/credential/injectors.py
@@ -30,8 +30,9 @@ def gce(cred, env, private_data_dir):
    json.dump(json_cred, f, indent=2)
    f.close()
    os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
-    env['GCE_CREDENTIALS_FILE_PATH'] = os.path.join('/runner', os.path.basename(path))
-    env['GCP_SERVICE_ACCOUNT_FILE'] = os.path.join('/runner', os.path.basename(path))
+    cred_path = os.path.join('/runner', 'env', os.path.basename(path))
+    env['GCE_CREDENTIALS_FILE_PATH'] = cred_path
+    env['GCP_SERVICE_ACCOUNT_FILE'] = cred_path

    # Handle env variables for new module types.
    # This includes gcp_compute inventory plugin and
@@ -103,7 +104,7 @@ def openstack(cred, env, private_data_dir):
    f.close()
    os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
    # TODO: constant for container base path
-    env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', os.path.basename(path))
+    env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', 'env', os.path.basename(path))


 def kubernetes_bearer_token(cred, env, private_data_dir):
@@ -115,6 +116,6 @@ def kubernetes_bearer_token(cred, env, private_data_dir):
        with os.fdopen(handle, 'w') as f:
            os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
            f.write(cred.get_input('ssl_ca_cert'))
-        env['K8S_AUTH_SSL_CA_CERT'] = os.path.join('/runner', os.path.basename(path))
+        env['K8S_AUTH_SSL_CA_CERT'] = os.path.join('/runner', 'env', os.path.basename(path))
    else:
        env['K8S_AUTH_VERIFY_SSL'] = 'False'
--- a/awx/main/models/inventory.py
+++ b/awx/main/models/inventory.py
@@ -1505,7 +1505,7 @@ class openstack(PluginFileInjector):
        env = super(openstack, self).get_plugin_env(inventory_update, private_data_dir, private_data_files)
        credential = inventory_update.get_cloud_credential()
        cred_data = private_data_files['credentials']
-        env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', os.path.basename(cred_data[credential]))
+        env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', 'env', os.path.basename(cred_data[credential]))
        return env


--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@@ -1532,7 +1532,7 @@ class RunJob(BaseTask):
        cred_files = private_data_files.get('credentials', {})
        for cloud_cred in job.cloud_credentials:
            if cloud_cred and cloud_cred.credential_type.namespace == 'openstack':
-                env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', os.path.basename(cred_files.get(cloud_cred, '')))
+                env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', 'env', os.path.basename(cred_files.get(cloud_cred, '')))

        for network_cred in job.network_credentials:
            env['ANSIBLE_NET_USERNAME'] = network_cred.get_input('username', default='')
--- a/awx/main/tests/unit/test_tasks.py
+++ b/awx/main/tests/unit/test_tasks.py
@@ -342,7 +342,7 @@ def parse_extra_vars(args, private_data_dir):
    extra_vars = {}
    for chunk in args:
        if chunk.startswith('@/runner/'):
-            local_path = os.path.join(private_data_dir, os.path.basename(chunk.strip('@')))
+            local_path = chunk[len('@') :].replace('/runner', private_data_dir)  # container path to host path
            with open(local_path, 'r') as f:
                extra_vars.update(yaml.load(f, Loader=SafeLoader))
    return extra_vars
@@ -892,7 +892,10 @@ class TestJobCredentials(TestJobExecution):

        if verify:
            assert env['K8S_AUTH_VERIFY_SSL'] == 'True'
-            local_path = os.path.join(private_data_dir, os.path.basename(env['K8S_AUTH_SSL_CA_CERT']))
+            # local_path = os.path.join(private_data_dir, os.path.basename(env['K8S_AUTH_SSL_CA_CERT']))
+            local_path = env['K8S_AUTH_SSL_CA_CERT'].replace('/runner', private_data_dir)  # container path to host path
+            print('env')
+            print(env['K8S_AUTH_SSL_CA_CERT'])
            cert = open(local_path, 'r').read()
            assert cert == 'CERTDATA'
        else:
@@ -942,7 +945,7 @@ class TestJobCredentials(TestJobExecution):
        safe_env = {}
        credential.credential_type.inject_credential(credential, env, safe_env, [], private_data_dir)
        runner_path = env['GCE_CREDENTIALS_FILE_PATH']
-        local_path = os.path.join(private_data_dir, os.path.basename(runner_path))
+        local_path = runner_path.replace('/runner', private_data_dir)  # container path to host path
        json_data = json.load(open(local_path, 'rb'))
        assert json_data['type'] == 'service_account'
        assert json_data['private_key'] == self.EXAMPLE_PRIVATE_KEY
@@ -1015,7 +1018,7 @@ class TestJobCredentials(TestJobExecution):
        credential.credential_type.inject_credential(credential, env, {}, [], private_data_dir)

        # convert container path to host machine path
-        config_loc = os.path.join(private_data_dir, os.path.basename(env['OS_CLIENT_CONFIG_FILE']))
+        config_loc = env['OS_CLIENT_CONFIG_FILE'].replace('/runner', private_data_dir)  # container path to host path
        shade_config = open(config_loc, 'r').read()
        assert shade_config == '\n'.join(
            [
@@ -1050,7 +1053,8 @@ class TestJobCredentials(TestJobExecution):
        credential.credential_type.inject_credential(credential, env, safe_env, [], private_data_dir)

        config = configparser.ConfigParser()
-        config.read(os.path.join(private_data_dir, os.path.basename(env['OVIRT_INI_PATH'])))
+        host_path = env['OVIRT_INI_PATH'].replace('/runner', private_data_dir)  # container path to host path
+        config.read(host_path)
        assert config.get('ovirt', 'ovirt_url') == 'some-ovirt-host.example.org'
        assert config.get('ovirt', 'ovirt_username') == 'bob'
        assert config.get('ovirt', 'ovirt_password') == 'some-pass'
@@ -1263,7 +1267,7 @@ class TestJobCredentials(TestJobExecution):
        env = {}
        credential.credential_type.inject_credential(credential, env, {}, [], private_data_dir)

-        path = os.path.join(private_data_dir, os.path.basename(env['MY_CLOUD_INI_FILE']))
+        path = env['MY_CLOUD_INI_FILE'].replace('/runner', private_data_dir)  # container path to host path
        assert open(path, 'r').read() == '[mycloud]\nABC123'

    def test_custom_environment_injectors_with_unicode_content(self, private_data_dir):
@@ -1283,7 +1287,7 @@ class TestJobCredentials(TestJobExecution):
        env = {}
        credential.credential_type.inject_credential(credential, env, {}, [], private_data_dir)

-        path = os.path.join(private_data_dir, os.path.basename(env['MY_CLOUD_INI_FILE']))
+        path = env['MY_CLOUD_INI_FILE'].replace('/runner', private_data_dir)  # container path to host path
        assert open(path, 'r').read() == value

    def test_custom_environment_injectors_with_files(self, private_data_dir):
@@ -1302,8 +1306,8 @@ class TestJobCredentials(TestJobExecution):
        env = {}
        credential.credential_type.inject_credential(credential, env, {}, [], private_data_dir)

-        cert_path = os.path.join(private_data_dir, os.path.basename(env['MY_CERT_INI_FILE']))
-        key_path = os.path.join(private_data_dir, os.path.basename(env['MY_KEY_INI_FILE']))
+        cert_path = env['MY_CERT_INI_FILE'].replace('/runner', private_data_dir)  # container path to host path
+        key_path = env['MY_KEY_INI_FILE'].replace('/runner', private_data_dir)  # container path to host path
        assert open(cert_path, 'r').read() == '[mycert]\nCERT123'
        assert open(key_path, 'r').read() == '[mykey]\nKEY123'

@@ -1326,7 +1330,7 @@ class TestJobCredentials(TestJobExecution):
        assert env['AZURE_AD_USER'] == 'bob'
        assert env['AZURE_PASSWORD'] == 'secret'

-        path = os.path.join(private_data_dir, os.path.basename(env['GCE_CREDENTIALS_FILE_PATH']))
+        path = env['GCE_CREDENTIALS_FILE_PATH'].replace('/runner', private_data_dir)  # container path to host path
        json_data = json.load(open(path, 'rb'))
        assert json_data['type'] == 'service_account'
        assert json_data['private_key'] == self.EXAMPLE_PRIVATE_KEY
@@ -1707,7 +1711,7 @@ class TestInventoryUpdateCredentials(TestJobExecution):
        private_data_files = task.build_private_data_files(inventory_update, private_data_dir)
        env = task.build_env(inventory_update, private_data_dir, private_data_files)

-        path = os.path.join(private_data_dir, os.path.basename(env['OS_CLIENT_CONFIG_FILE']))
+        path = env['OS_CLIENT_CONFIG_FILE'].replace('/runner', private_data_dir)  # container path to host path
        shade_config = open(path, 'r').read()
        assert (
            '\n'.join(