External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-22 13:36:02 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3849 from AlanCoding/password_madness

Browse Source 
Reduce passing around of passwords dictionary

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
This commit is contained in:
softwarefactory-project-zuul[bot]
2019-05-09 13:34:43 +00:00
committed by GitHub
parent 190098bbd5 7e6a73f892
commit 91968a09c8
2 changed files with 25 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
awx/main/tasks.py
View File

@@ -840,7 +840,7 @@ class BaseTask(object):
'': '', '': '',
} }
def build_extra_vars_file(self, instance, private_data_dir, passwords): def build_extra_vars_file(self, instance, private_data_dir):
''' '''
Build ansible yaml file filled with extra vars to be passed via -e@file.yml Build ansible yaml file filled with extra vars to be passed via -e@file.yml
''' '''
@@ -1079,7 +1079,7 @@ class BaseTask(object):
if status_data['status'] == 'starting': if status_data['status'] == 'starting':
job_env = dict(runner_config.env) job_env = dict(runner_config.env)
''' '''
Take the safe environment variables and overwrite Take the safe environment variables and overwrite
''' '''
for k, v in self.safe_env.items(): for k, v in self.safe_env.items():
if k in job_env: if k in job_env:
@@ -1155,7 +1155,7 @@ class BaseTask(object):
# May have to serialize the value # May have to serialize the value
private_data_files = self.build_private_data_files(self.instance, private_data_dir) private_data_files = self.build_private_data_files(self.instance, private_data_dir)
passwords = self.build_passwords(self.instance, kwargs) passwords = self.build_passwords(self.instance, kwargs)
self.build_extra_vars_file(self.instance, private_data_dir, passwords) self.build_extra_vars_file(self.instance, private_data_dir)
args = self.build_args(self.instance, private_data_dir, passwords) args = self.build_args(self.instance, private_data_dir, passwords)
cwd = self.build_cwd(self.instance, private_data_dir) cwd = self.build_cwd(self.instance, private_data_dir)
process_isolation_params = self.build_params_process_isolation(self.instance, process_isolation_params = self.build_params_process_isolation(self.instance,
@@ -1507,7 +1507,7 @@ class RunJob(BaseTask):
def build_playbook_path_relative_to_cwd(self, job, private_data_dir): def build_playbook_path_relative_to_cwd(self, job, private_data_dir):
return os.path.join(job.playbook) return os.path.join(job.playbook)
def build_extra_vars_file(self, job, private_data_dir, passwords): def build_extra_vars_file(self, job, private_data_dir):
# Define special extra_vars for AWX, combine with job.extra_vars. # Define special extra_vars for AWX, combine with job.extra_vars.
extra_vars = job.awx_meta_vars() extra_vars = job.awx_meta_vars()
@@ -1679,12 +1679,18 @@ class RunProjectUpdate(BaseTask):
env['ANSIBLE_CALLBACK_PLUGINS'] = self.get_path_to('..', 'plugins', 'callback') env['ANSIBLE_CALLBACK_PLUGINS'] = self.get_path_to('..', 'plugins', 'callback')
return env return env
def _build_scm_url_extra_vars(self, project_update, scm_username='', scm_password=''): def _build_scm_url_extra_vars(self, project_update):
''' '''
Helper method to build SCM url and extra vars with parameters needed Helper method to build SCM url and extra vars with parameters needed
for authentication. for authentication.
''' '''
extra_vars = {} extra_vars = {}
if project_update.credential:
scm_username = project_update.credential.get_input('username', default='')
scm_password = project_update.credential.get_input('password', default='')
else:
scm_username = ''
scm_password = ''
scm_type = project_update.scm_type scm_type = project_update.scm_type
scm_url = update_scm_url(scm_type, project_update.scm_url, scm_url = update_scm_url(scm_type, project_update.scm_url,
check_special_cases=False) check_special_cases=False)
@@ -1730,11 +1736,9 @@ class RunProjectUpdate(BaseTask):
args.append('-v') args.append('-v')
return args return args
def build_extra_vars_file(self, project_update, private_data_dir, passwords): def build_extra_vars_file(self, project_update, private_data_dir):
extra_vars = {} extra_vars = {}
scm_url, extra_vars_new = self._build_scm_url_extra_vars(project_update, scm_url, extra_vars_new = self._build_scm_url_extra_vars(project_update)
passwords.get('scm_username', ''),
passwords.get('scm_password', ''))
extra_vars.update(extra_vars_new) extra_vars.update(extra_vars_new)
if project_update.project.scm_revision and project_update.job_type == 'run': if project_update.project.scm_revision and project_update.job_type == 'run':
@@ -1939,26 +1943,6 @@ class RunInventoryUpdate(BaseTask):
injector = InventorySource.injectors[inventory_update.source](self.get_ansible_version(inventory_update)) injector = InventorySource.injectors[inventory_update.source](self.get_ansible_version(inventory_update))
return injector.build_private_data(inventory_update, private_data_dir) return injector.build_private_data(inventory_update, private_data_dir)
def build_passwords(self, inventory_update, runtime_passwords):
"""Build a dictionary of authentication/credential information for
an inventory source.
This dictionary is used by `build_env`, below.
"""
# Run the superclass implementation.
passwords = super(RunInventoryUpdate, self).build_passwords(inventory_update, runtime_passwords)
# Take key fields from the credential in use and add them to the
# passwords dictionary.
credential = inventory_update.get_cloud_credential()
if credential:
for subkey in ('username', 'host', 'project', 'client', 'tenant', 'subscription'):
passwords['source_%s' % subkey] = credential.get_input(subkey, default='')
for passkey in ('password', 'ssh_key_data', 'security_token', 'secret'):
k = 'source_%s' % passkey
passwords[k] = credential.get_input(passkey, default='')
return passwords
def build_env(self, inventory_update, private_data_dir, isolated, private_data_files=None): def build_env(self, inventory_update, private_data_dir, isolated, private_data_files=None):
"""Build environment dictionary for inventory import. """Build environment dictionary for inventory import.
@@ -2302,7 +2286,7 @@ class RunAdHocCommand(BaseTask):
return args return args
def build_extra_vars_file(self, ad_hoc_command, private_data_dir, passwords={}): def build_extra_vars_file(self, ad_hoc_command, private_data_dir):
extra_vars = ad_hoc_command.awx_meta_vars() extra_vars = ad_hoc_command.awx_meta_vars()
if ad_hoc_command.extra_vars_dict: if ad_hoc_command.extra_vars_dict:

22
awx/main/tests/unit/test_tasks.py
View File

@@ -258,7 +258,7 @@ class TestExtraVarSanitation(TestJobExecution):
job.created_by = User(pk=123, username='angry-spud') job.created_by = User(pk=123, username='angry-spud')
task = tasks.RunJob() task = tasks.RunJob()
task.build_extra_vars_file(job, private_data_dir, {}) task.build_extra_vars_file(job, private_data_dir)
fd = open(os.path.join(private_data_dir, 'env', 'extravars')) fd = open(os.path.join(private_data_dir, 'env', 'extravars'))
extra_vars = yaml.load(fd, Loader=SafeLoader) extra_vars = yaml.load(fd, Loader=SafeLoader)
@@ -282,7 +282,7 @@ class TestExtraVarSanitation(TestJobExecution):
job.extra_vars = json.dumps({'msg': self.UNSAFE}) job.extra_vars = json.dumps({'msg': self.UNSAFE})
task = tasks.RunJob() task = tasks.RunJob()
task.build_extra_vars_file(job, private_data_dir, {}) task.build_extra_vars_file(job, private_data_dir)
fd = open(os.path.join(private_data_dir, 'env', 'extravars')) fd = open(os.path.join(private_data_dir, 'env', 'extravars'))
extra_vars = yaml.load(fd, Loader=SafeLoader) extra_vars = yaml.load(fd, Loader=SafeLoader)
@@ -293,7 +293,7 @@ class TestExtraVarSanitation(TestJobExecution):
job.extra_vars = json.dumps({'msg': {'a': [self.UNSAFE]}}) job.extra_vars = json.dumps({'msg': {'a': [self.UNSAFE]}})
task = tasks.RunJob() task = tasks.RunJob()
task.build_extra_vars_file(job, private_data_dir, {}) task.build_extra_vars_file(job, private_data_dir)
fd = open(os.path.join(private_data_dir, 'env', 'extravars')) fd = open(os.path.join(private_data_dir, 'env', 'extravars'))
extra_vars = yaml.load(fd, Loader=SafeLoader) extra_vars = yaml.load(fd, Loader=SafeLoader)
@@ -304,7 +304,7 @@ class TestExtraVarSanitation(TestJobExecution):
job.job_template.extra_vars = job.extra_vars = json.dumps({'msg': self.UNSAFE}) job.job_template.extra_vars = job.extra_vars = json.dumps({'msg': self.UNSAFE})
task = tasks.RunJob() task = tasks.RunJob()
task.build_extra_vars_file(job, private_data_dir, {}) task.build_extra_vars_file(job, private_data_dir)
fd = open(os.path.join(private_data_dir, 'env', 'extravars')) fd = open(os.path.join(private_data_dir, 'env', 'extravars'))
extra_vars = yaml.load(fd, Loader=SafeLoader) extra_vars = yaml.load(fd, Loader=SafeLoader)
@@ -316,7 +316,7 @@ class TestExtraVarSanitation(TestJobExecution):
job.job_template.extra_vars = job.extra_vars job.job_template.extra_vars = job.extra_vars
task = tasks.RunJob() task = tasks.RunJob()
task.build_extra_vars_file(job, private_data_dir, {}) task.build_extra_vars_file(job, private_data_dir)
fd = open(os.path.join(private_data_dir, 'env', 'extravars')) fd = open(os.path.join(private_data_dir, 'env', 'extravars'))
extra_vars = yaml.load(fd, Loader=SafeLoader) extra_vars = yaml.load(fd, Loader=SafeLoader)
@@ -333,7 +333,7 @@ class TestExtraVarSanitation(TestJobExecution):
}) })
task = tasks.RunJob() task = tasks.RunJob()
task.build_extra_vars_file(job, private_data_dir, {}) task.build_extra_vars_file(job, private_data_dir)
fd = open(os.path.join(private_data_dir, 'env', 'extravars')) fd = open(os.path.join(private_data_dir, 'env', 'extravars'))
extra_vars = yaml.load(fd, Loader=SafeLoader) extra_vars = yaml.load(fd, Loader=SafeLoader)
@@ -348,7 +348,7 @@ class TestExtraVarSanitation(TestJobExecution):
job.extra_vars = json.dumps({'msg': self.UNSAFE}) job.extra_vars = json.dumps({'msg': self.UNSAFE})
task = tasks.RunJob() task = tasks.RunJob()
task.build_extra_vars_file(job, private_data_dir, {}) task.build_extra_vars_file(job, private_data_dir)
fd = open(os.path.join(private_data_dir, 'env', 'extravars')) fd = open(os.path.join(private_data_dir, 'env', 'extravars'))
extra_vars = yaml.load(fd, Loader=SafeLoader) extra_vars = yaml.load(fd, Loader=SafeLoader)
@@ -468,7 +468,7 @@ class TestGenericRun():
task = tasks.RunJob() task = tasks.RunJob()
task._write_extra_vars_file = mock.Mock() task._write_extra_vars_file = mock.Mock()
task.build_extra_vars_file(job, None, dict()) task.build_extra_vars_file(job, None)
call_args, _ = task._write_extra_vars_file.call_args_list[0] call_args, _ = task._write_extra_vars_file.call_args_list[0]
@@ -489,7 +489,7 @@ class TestGenericRun():
task = tasks.RunJob() task = tasks.RunJob()
task._write_extra_vars_file = mock.Mock() task._write_extra_vars_file = mock.Mock()
task.build_extra_vars_file(job, None, dict()) task.build_extra_vars_file(job, None)
call_args, _ = task._write_extra_vars_file.call_args_list[0] call_args, _ = task._write_extra_vars_file.call_args_list[0]
@@ -577,7 +577,7 @@ class TestAdhocRun(TestJobExecution):
task = tasks.RunAdHocCommand() task = tasks.RunAdHocCommand()
task._write_extra_vars_file = mock.Mock() task._write_extra_vars_file = mock.Mock()
task.build_extra_vars_file(adhoc_job, None, dict()) task.build_extra_vars_file(adhoc_job, None)
call_args, _ = task._write_extra_vars_file.call_args_list[0] call_args, _ = task._write_extra_vars_file.call_args_list[0]
@@ -1685,7 +1685,7 @@ class TestProjectUpdateCredentials(TestJobExecution):
assert settings.PROJECTS_ROOT in process_isolation['process_isolation_show_paths'] assert settings.PROJECTS_ROOT in process_isolation['process_isolation_show_paths']
task._write_extra_vars_file = mock.Mock() task._write_extra_vars_file = mock.Mock()
task.build_extra_vars_file(project_update, private_data_dir, {}) task.build_extra_vars_file(project_update, private_data_dir)
call_args, _ = task._write_extra_vars_file.call_args_list[0] call_args, _ = task._write_extra_vars_file.call_args_list[0]
_, extra_vars = call_args _, extra_vars = call_args