refactor k8s credential injectors to properly handle verify=f

2026-05-17 22:37:41 -02:30 · 2020-07-16 12:43:10 -04:00
parent 1a39cbc2f4
commit 959b81aec5
3 changed files with 34 additions and 22 deletions
--- a/awx/main/models/credential/init.py
+++ b/awx/main/models/credential/init.py
@@ -1169,18 +1169,7 @@ ManagedCredentialType(
            'multiline': True,
        }],
        'required': ['host', 'bearer_token'],
-    },
-    injectors={
-        'file': {
-            'template': '{{ ssl_ca_cert }}'
-        },
-        'env': {
-            'K8S_AUTH_HOST': '{{ host }}',
-            'K8S_AUTH_API_KEY': '{{ bearer_token }}',
-            'K8S_AUTH_VERIFY_SSL': '{{ verify_ssl }}',
-            'K8S_AUTH_SSL_CA_CERT': '{{ tower.filename }}',
-        },
-    },
+    }
 )


--- a/awx/main/models/credential/injectors.py
+++ b/awx/main/models/credential/injectors.py
@@ -101,3 +101,17 @@ def openstack(cred, env, private_data_dir):
    f.close()
    os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
    env['OS_CLIENT_CONFIG_FILE'] = path
+
+
+def kubernetes_bearer_token(cred, env, private_data_dir):
+    env['K8S_AUTH_HOST'] = cred.get_input('host', default='')
+    env['K8S_AUTH_API_KEY'] = cred.get_input('bearer_token', default='')
+    if cred.get_input('verify_ssl') and 'ssl_ca_cert' in cred.inputs:
+        env['K8S_AUTH_VERIFY_SSL'] = 'True'
+        handle, path = tempfile.mkstemp(dir=private_data_dir)
+        with os.fdopen(handle, 'w') as f:
+            os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
+            f.write(cred.get_input('ssl_ca_cert'))
+        env['K8S_AUTH_SSL_CA_CERT'] = path
+    else:
+        env['K8S_AUTH_VERIFY_SSL'] = 'False'