diff --git a/awx/main/models/credential/__init__.py b/awx/main/models/credential/__init__.py index 9e5e06472b..2515f2f49b 100644 --- a/awx/main/models/credential/__init__.py +++ b/awx/main/models/credential/__init__.py @@ -498,7 +498,7 @@ class CredentialType(CommonModelNameNotUnique): f.write(data) os.chmod(path, stat.S_IRUSR | stat.S_IWUSR) # FIXME: develop some better means of referencing paths inside containers - container_path = os.path.join('/runner', os.path.basename(path)) + container_path = os.path.join('/runner', 'env', os.path.basename(path)) # determine if filename indicates single file or many if file_label.find('.') == -1: @@ -536,7 +536,7 @@ class CredentialType(CommonModelNameNotUnique): if extra_vars: path = build_extra_vars_file(extra_vars, private_data_dir) # FIXME: develop some better means of referencing paths inside containers - container_path = os.path.join('/runner', os.path.basename(path)) + container_path = os.path.join('/runner', 'env', os.path.basename(path)) args.extend(['-e', '@%s' % container_path]) diff --git a/awx/main/models/credential/injectors.py b/awx/main/models/credential/injectors.py index 925df9daa4..259cfc724e 100644 --- a/awx/main/models/credential/injectors.py +++ b/awx/main/models/credential/injectors.py @@ -30,8 +30,9 @@ def gce(cred, env, private_data_dir): json.dump(json_cred, f, indent=2) f.close() os.chmod(path, stat.S_IRUSR | stat.S_IWUSR) - env['GCE_CREDENTIALS_FILE_PATH'] = os.path.join('/runner', os.path.basename(path)) - env['GCP_SERVICE_ACCOUNT_FILE'] = os.path.join('/runner', os.path.basename(path)) + cred_path = os.path.join('/runner', 'env', os.path.basename(path)) + env['GCE_CREDENTIALS_FILE_PATH'] = cred_path + env['GCP_SERVICE_ACCOUNT_FILE'] = cred_path # Handle env variables for new module types. # This includes gcp_compute inventory plugin and @@ -103,7 +104,7 @@ def openstack(cred, env, private_data_dir): f.close() os.chmod(path, stat.S_IRUSR | stat.S_IWUSR) # TODO: constant for container base path - env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', os.path.basename(path)) + env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', 'env', os.path.basename(path)) def kubernetes_bearer_token(cred, env, private_data_dir): @@ -115,6 +116,6 @@ def kubernetes_bearer_token(cred, env, private_data_dir): with os.fdopen(handle, 'w') as f: os.chmod(path, stat.S_IRUSR | stat.S_IWUSR) f.write(cred.get_input('ssl_ca_cert')) - env['K8S_AUTH_SSL_CA_CERT'] = os.path.join('/runner', os.path.basename(path)) + env['K8S_AUTH_SSL_CA_CERT'] = os.path.join('/runner', 'env', os.path.basename(path)) else: env['K8S_AUTH_VERIFY_SSL'] = 'False' diff --git a/awx/main/models/inventory.py b/awx/main/models/inventory.py index 99dc7b837b..b59b640b51 100644 --- a/awx/main/models/inventory.py +++ b/awx/main/models/inventory.py @@ -1505,7 +1505,7 @@ class openstack(PluginFileInjector): env = super(openstack, self).get_plugin_env(inventory_update, private_data_dir, private_data_files) credential = inventory_update.get_cloud_credential() cred_data = private_data_files['credentials'] - env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', os.path.basename(cred_data[credential])) + env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', 'env', os.path.basename(cred_data[credential])) return env diff --git a/awx/main/tasks.py b/awx/main/tasks.py index c27167e0dd..5c2a396c58 100644 --- a/awx/main/tasks.py +++ b/awx/main/tasks.py @@ -1532,7 +1532,7 @@ class RunJob(BaseTask): cred_files = private_data_files.get('credentials', {}) for cloud_cred in job.cloud_credentials: if cloud_cred and cloud_cred.credential_type.namespace == 'openstack': - env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', os.path.basename(cred_files.get(cloud_cred, ''))) + env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', 'env', os.path.basename(cred_files.get(cloud_cred, ''))) for network_cred in job.network_credentials: env['ANSIBLE_NET_USERNAME'] = network_cred.get_input('username', default='') diff --git a/awx/main/tests/unit/test_tasks.py b/awx/main/tests/unit/test_tasks.py index bdfeda6c24..893a3deff6 100644 --- a/awx/main/tests/unit/test_tasks.py +++ b/awx/main/tests/unit/test_tasks.py @@ -342,7 +342,7 @@ def parse_extra_vars(args, private_data_dir): extra_vars = {} for chunk in args: if chunk.startswith('@/runner/'): - local_path = os.path.join(private_data_dir, os.path.basename(chunk.strip('@'))) + local_path = chunk[len('@') :].replace('/runner', private_data_dir) # container path to host path with open(local_path, 'r') as f: extra_vars.update(yaml.load(f, Loader=SafeLoader)) return extra_vars @@ -892,7 +892,10 @@ class TestJobCredentials(TestJobExecution): if verify: assert env['K8S_AUTH_VERIFY_SSL'] == 'True' - local_path = os.path.join(private_data_dir, os.path.basename(env['K8S_AUTH_SSL_CA_CERT'])) + # local_path = os.path.join(private_data_dir, os.path.basename(env['K8S_AUTH_SSL_CA_CERT'])) + local_path = env['K8S_AUTH_SSL_CA_CERT'].replace('/runner', private_data_dir) # container path to host path + print('env') + print(env['K8S_AUTH_SSL_CA_CERT']) cert = open(local_path, 'r').read() assert cert == 'CERTDATA' else: @@ -942,7 +945,7 @@ class TestJobCredentials(TestJobExecution): safe_env = {} credential.credential_type.inject_credential(credential, env, safe_env, [], private_data_dir) runner_path = env['GCE_CREDENTIALS_FILE_PATH'] - local_path = os.path.join(private_data_dir, os.path.basename(runner_path)) + local_path = runner_path.replace('/runner', private_data_dir) # container path to host path json_data = json.load(open(local_path, 'rb')) assert json_data['type'] == 'service_account' assert json_data['private_key'] == self.EXAMPLE_PRIVATE_KEY @@ -1015,7 +1018,7 @@ class TestJobCredentials(TestJobExecution): credential.credential_type.inject_credential(credential, env, {}, [], private_data_dir) # convert container path to host machine path - config_loc = os.path.join(private_data_dir, os.path.basename(env['OS_CLIENT_CONFIG_FILE'])) + config_loc = env['OS_CLIENT_CONFIG_FILE'].replace('/runner', private_data_dir) # container path to host path shade_config = open(config_loc, 'r').read() assert shade_config == '\n'.join( [ @@ -1050,7 +1053,8 @@ class TestJobCredentials(TestJobExecution): credential.credential_type.inject_credential(credential, env, safe_env, [], private_data_dir) config = configparser.ConfigParser() - config.read(os.path.join(private_data_dir, os.path.basename(env['OVIRT_INI_PATH']))) + host_path = env['OVIRT_INI_PATH'].replace('/runner', private_data_dir) # container path to host path + config.read(host_path) assert config.get('ovirt', 'ovirt_url') == 'some-ovirt-host.example.org' assert config.get('ovirt', 'ovirt_username') == 'bob' assert config.get('ovirt', 'ovirt_password') == 'some-pass' @@ -1263,7 +1267,7 @@ class TestJobCredentials(TestJobExecution): env = {} credential.credential_type.inject_credential(credential, env, {}, [], private_data_dir) - path = os.path.join(private_data_dir, os.path.basename(env['MY_CLOUD_INI_FILE'])) + path = env['MY_CLOUD_INI_FILE'].replace('/runner', private_data_dir) # container path to host path assert open(path, 'r').read() == '[mycloud]\nABC123' def test_custom_environment_injectors_with_unicode_content(self, private_data_dir): @@ -1283,7 +1287,7 @@ class TestJobCredentials(TestJobExecution): env = {} credential.credential_type.inject_credential(credential, env, {}, [], private_data_dir) - path = os.path.join(private_data_dir, os.path.basename(env['MY_CLOUD_INI_FILE'])) + path = env['MY_CLOUD_INI_FILE'].replace('/runner', private_data_dir) # container path to host path assert open(path, 'r').read() == value def test_custom_environment_injectors_with_files(self, private_data_dir): @@ -1302,8 +1306,8 @@ class TestJobCredentials(TestJobExecution): env = {} credential.credential_type.inject_credential(credential, env, {}, [], private_data_dir) - cert_path = os.path.join(private_data_dir, os.path.basename(env['MY_CERT_INI_FILE'])) - key_path = os.path.join(private_data_dir, os.path.basename(env['MY_KEY_INI_FILE'])) + cert_path = env['MY_CERT_INI_FILE'].replace('/runner', private_data_dir) # container path to host path + key_path = env['MY_KEY_INI_FILE'].replace('/runner', private_data_dir) # container path to host path assert open(cert_path, 'r').read() == '[mycert]\nCERT123' assert open(key_path, 'r').read() == '[mykey]\nKEY123' @@ -1326,7 +1330,7 @@ class TestJobCredentials(TestJobExecution): assert env['AZURE_AD_USER'] == 'bob' assert env['AZURE_PASSWORD'] == 'secret' - path = os.path.join(private_data_dir, os.path.basename(env['GCE_CREDENTIALS_FILE_PATH'])) + path = env['GCE_CREDENTIALS_FILE_PATH'].replace('/runner', private_data_dir) # container path to host path json_data = json.load(open(path, 'rb')) assert json_data['type'] == 'service_account' assert json_data['private_key'] == self.EXAMPLE_PRIVATE_KEY @@ -1707,7 +1711,7 @@ class TestInventoryUpdateCredentials(TestJobExecution): private_data_files = task.build_private_data_files(inventory_update, private_data_dir) env = task.build_env(inventory_update, private_data_dir, private_data_files) - path = os.path.join(private_data_dir, os.path.basename(env['OS_CLIENT_CONFIG_FILE'])) + path = env['OS_CLIENT_CONFIG_FILE'].replace('/runner', private_data_dir) # container path to host path shade_config = open(path, 'r').read() assert ( '\n'.join(