Fix credential env folder, test_tasks.py

awx/main/models/credential/__init__.py

@@ -498,7 +498,7 @@ class CredentialType(CommonModelNameNotUnique):
                 f.write(data)
             os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
             # FIXME: develop some better means of referencing paths inside containers
-            container_path = os.path.join('/runner', os.path.basename(path))
+            container_path = os.path.join('/runner', 'env', os.path.basename(path))
 
             # determine if filename indicates single file or many
             if file_label.find('.') == -1:
@@ -536,7 +536,7 @@ class CredentialType(CommonModelNameNotUnique):
             if extra_vars:
                 path = build_extra_vars_file(extra_vars, private_data_dir)
                 # FIXME: develop some better means of referencing paths inside containers
-                container_path = os.path.join('/runner', os.path.basename(path))
+                container_path = os.path.join('/runner', 'env', os.path.basename(path))
                 args.extend(['-e', '@%s' % container_path])
 
 

awx/main/models/credential/injectors.py

@@ -30,8 +30,9 @@ def gce(cred, env, private_data_dir):
     json.dump(json_cred, f, indent=2)
     f.close()
     os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
-    env['GCE_CREDENTIALS_FILE_PATH'] = os.path.join('/runner', os.path.basename(path))
+    cred_path = os.path.join('/runner', 'env', os.path.basename(path))
-    env['GCP_SERVICE_ACCOUNT_FILE'] = os.path.join('/runner', os.path.basename(path))
+    env['GCE_CREDENTIALS_FILE_PATH'] = cred_path
+    env['GCP_SERVICE_ACCOUNT_FILE'] = cred_path
 
     # Handle env variables for new module types.
     # This includes gcp_compute inventory plugin and
@@ -103,7 +104,7 @@ def openstack(cred, env, private_data_dir):
     f.close()
     os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
     # TODO: constant for container base path
-    env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', os.path.basename(path))
+    env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', 'env', os.path.basename(path))
 
 
 def kubernetes_bearer_token(cred, env, private_data_dir):
@@ -115,6 +116,6 @@ def kubernetes_bearer_token(cred, env, private_data_dir):
         with os.fdopen(handle, 'w') as f:
             os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
             f.write(cred.get_input('ssl_ca_cert'))
-        env['K8S_AUTH_SSL_CA_CERT'] = os.path.join('/runner', os.path.basename(path))
+        env['K8S_AUTH_SSL_CA_CERT'] = os.path.join('/runner', 'env', os.path.basename(path))
     else:
         env['K8S_AUTH_VERIFY_SSL'] = 'False'

awx/main/models/inventory.py

@@ -1505,7 +1505,7 @@ class openstack(PluginFileInjector):
         env = super(openstack, self).get_plugin_env(inventory_update, private_data_dir, private_data_files)
         credential = inventory_update.get_cloud_credential()
         cred_data = private_data_files['credentials']
-        env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', os.path.basename(cred_data[credential]))
+        env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', 'env', os.path.basename(cred_data[credential]))
         return env
 
 

awx/main/tasks.py

@@ -1532,7 +1532,7 @@ class RunJob(BaseTask):
         cred_files = private_data_files.get('credentials', {})
         for cloud_cred in job.cloud_credentials:
             if cloud_cred and cloud_cred.credential_type.namespace == 'openstack':
-                env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', os.path.basename(cred_files.get(cloud_cred, '')))
+                env['OS_CLIENT_CONFIG_FILE'] = os.path.join('/runner', 'env', os.path.basename(cred_files.get(cloud_cred, '')))
 
         for network_cred in job.network_credentials:
             env['ANSIBLE_NET_USERNAME'] = network_cred.get_input('username', default='')

awx/main/tests/unit/test_tasks.py

@@ -342,7 +342,7 @@ def parse_extra_vars(args, private_data_dir):
     extra_vars = {}
     for chunk in args:
         if chunk.startswith('@/runner/'):
-            local_path = os.path.join(private_data_dir, os.path.basename(chunk.strip('@')))
+            local_path = chunk[len('@') :].replace('/runner', private_data_dir)  # container path to host path
             with open(local_path, 'r') as f:
                 extra_vars.update(yaml.load(f, Loader=SafeLoader))
     return extra_vars
@@ -892,7 +892,10 @@ class TestJobCredentials(TestJobExecution):
 
         if verify:
             assert env['K8S_AUTH_VERIFY_SSL'] == 'True'
-            local_path = os.path.join(private_data_dir, os.path.basename(env['K8S_AUTH_SSL_CA_CERT']))
+            # local_path = os.path.join(private_data_dir, os.path.basename(env['K8S_AUTH_SSL_CA_CERT']))
+            local_path = env['K8S_AUTH_SSL_CA_CERT'].replace('/runner', private_data_dir)  # container path to host path
+            print('env')
+            print(env['K8S_AUTH_SSL_CA_CERT'])
             cert = open(local_path, 'r').read()
             assert cert == 'CERTDATA'
         else:
@@ -942,7 +945,7 @@ class TestJobCredentials(TestJobExecution):
         safe_env = {}
         credential.credential_type.inject_credential(credential, env, safe_env, [], private_data_dir)
         runner_path = env['GCE_CREDENTIALS_FILE_PATH']
-        local_path = os.path.join(private_data_dir, os.path.basename(runner_path))
+        local_path = runner_path.replace('/runner', private_data_dir)  # container path to host path
         json_data = json.load(open(local_path, 'rb'))
         assert json_data['type'] == 'service_account'
         assert json_data['private_key'] == self.EXAMPLE_PRIVATE_KEY
@@ -1015,7 +1018,7 @@ class TestJobCredentials(TestJobExecution):
         credential.credential_type.inject_credential(credential, env, {}, [], private_data_dir)
 
         # convert container path to host machine path
-        config_loc = os.path.join(private_data_dir, os.path.basename(env['OS_CLIENT_CONFIG_FILE']))
+        config_loc = env['OS_CLIENT_CONFIG_FILE'].replace('/runner', private_data_dir)  # container path to host path
         shade_config = open(config_loc, 'r').read()
         assert shade_config == '\n'.join(
             [
@@ -1050,7 +1053,8 @@ class TestJobCredentials(TestJobExecution):
         credential.credential_type.inject_credential(credential, env, safe_env, [], private_data_dir)
 
         config = configparser.ConfigParser()
-        config.read(os.path.join(private_data_dir, os.path.basename(env['OVIRT_INI_PATH'])))
+        host_path = env['OVIRT_INI_PATH'].replace('/runner', private_data_dir)  # container path to host path
+        config.read(host_path)
         assert config.get('ovirt', 'ovirt_url') == 'some-ovirt-host.example.org'
         assert config.get('ovirt', 'ovirt_username') == 'bob'
         assert config.get('ovirt', 'ovirt_password') == 'some-pass'
@@ -1263,7 +1267,7 @@ class TestJobCredentials(TestJobExecution):
         env = {}
         credential.credential_type.inject_credential(credential, env, {}, [], private_data_dir)
 
-        path = os.path.join(private_data_dir, os.path.basename(env['MY_CLOUD_INI_FILE']))
+        path = env['MY_CLOUD_INI_FILE'].replace('/runner', private_data_dir)  # container path to host path
         assert open(path, 'r').read() == '[mycloud]\nABC123'
 
     def test_custom_environment_injectors_with_unicode_content(self, private_data_dir):
@@ -1283,7 +1287,7 @@ class TestJobCredentials(TestJobExecution):
         env = {}
         credential.credential_type.inject_credential(credential, env, {}, [], private_data_dir)
 
-        path = os.path.join(private_data_dir, os.path.basename(env['MY_CLOUD_INI_FILE']))
+        path = env['MY_CLOUD_INI_FILE'].replace('/runner', private_data_dir)  # container path to host path
         assert open(path, 'r').read() == value
 
     def test_custom_environment_injectors_with_files(self, private_data_dir):
@@ -1302,8 +1306,8 @@ class TestJobCredentials(TestJobExecution):
         env = {}
         credential.credential_type.inject_credential(credential, env, {}, [], private_data_dir)
 
-        cert_path = os.path.join(private_data_dir, os.path.basename(env['MY_CERT_INI_FILE']))
+        cert_path = env['MY_CERT_INI_FILE'].replace('/runner', private_data_dir)  # container path to host path
-        key_path = os.path.join(private_data_dir, os.path.basename(env['MY_KEY_INI_FILE']))
+        key_path = env['MY_KEY_INI_FILE'].replace('/runner', private_data_dir)  # container path to host path
         assert open(cert_path, 'r').read() == '[mycert]\nCERT123'
         assert open(key_path, 'r').read() == '[mykey]\nKEY123'
 
@@ -1326,7 +1330,7 @@ class TestJobCredentials(TestJobExecution):
         assert env['AZURE_AD_USER'] == 'bob'
         assert env['AZURE_PASSWORD'] == 'secret'
 
-        path = os.path.join(private_data_dir, os.path.basename(env['GCE_CREDENTIALS_FILE_PATH']))
+        path = env['GCE_CREDENTIALS_FILE_PATH'].replace('/runner', private_data_dir)  # container path to host path
         json_data = json.load(open(path, 'rb'))
         assert json_data['type'] == 'service_account'
         assert json_data['private_key'] == self.EXAMPLE_PRIVATE_KEY
@@ -1707,7 +1711,7 @@ class TestInventoryUpdateCredentials(TestJobExecution):
         private_data_files = task.build_private_data_files(inventory_update, private_data_dir)
         env = task.build_env(inventory_update, private_data_dir, private_data_files)
 
-        path = os.path.join(private_data_dir, os.path.basename(env['OS_CLIENT_CONFIG_FILE']))
+        path = env['OS_CLIENT_CONFIG_FILE'].replace('/runner', private_data_dir)  # container path to host path
         shade_config = open(path, 'r').read()
         assert (
             '\n'.join(