External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-04-13 22:19:27 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2158 from chrismeyersfsu/fix-net_creds

Browse Source 
Fix net creds
This commit is contained in:
Chris Meyers
2018-08-09 23:45:53 -04:00
committed by GitHub
parent cdeea54a07 c7c9620f03
commit a34d8eba06
2 changed files with 72 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
awx/main/tasks.py
View File

@@ -1119,6 +1119,19 @@ class RunJob(BaseTask):
if value not in ('', 'ASK'): if value not in ('', 'ASK'):
passwords[field] = value passwords[field] = value
'''
Only 1 value can be provided for a unique prompt string. Prefer ssh
key unlock over network key unlock.
'''
if 'ssh_key_unlock' not in passwords:
for cred in job.network_credentials:
if cred.inputs.get('ssh_key_unlock'):
passwords['ssh_key_unlock'] = kwargs.get(
'ssh_key_unlock',
decrypt_field(cred, 'ssh_key_unlock')
)
break
return passwords return passwords
def build_env(self, job, **kwargs): def build_env(self, job, **kwargs):

59
awx/main/tests/unit/test_tasks.py
View File

@@ -765,6 +765,65 @@ class TestJobCredentials(TestJobExecution):
if expected_flag: if expected_flag:
assert expected_flag in ' '.join(args) assert expected_flag in ' '.join(args)
def test_net_ssh_key_unlock(self):
net = CredentialType.defaults['net']()
credential = Credential(
pk=1,
credential_type=net,
inputs = {'ssh_key_unlock': 'secret'}
)
credential.inputs['ssh_key_unlock'] = encrypt_field(credential, 'ssh_key_unlock')
self.instance.credentials.add(credential)
self.task.run(self.pk)
assert self.run_pexpect.call_count == 1
call_args, call_kwargs = self.run_pexpect.call_args_list[0]
assert 'secret' in call_kwargs.get('expect_passwords').values()
def test_net_first_ssh_key_unlock_wins(self):
for i in range(3):
net = CredentialType.defaults['net']()
credential = Credential(
pk=i,
credential_type=net,
inputs = {'ssh_key_unlock': 'secret{}'.format(i)}
)
credential.inputs['ssh_key_unlock'] = encrypt_field(credential, 'ssh_key_unlock')
self.instance.credentials.add(credential)
self.task.run(self.pk)
assert self.run_pexpect.call_count == 1
call_args, call_kwargs = self.run_pexpect.call_args_list[0]
assert 'secret0' in call_kwargs.get('expect_passwords').values()
def test_prefer_ssh_over_net_ssh_key_unlock(self):
net = CredentialType.defaults['net']()
net_credential = Credential(
pk=1,
credential_type=net,
inputs = {'ssh_key_unlock': 'net_secret'}
)
net_credential.inputs['ssh_key_unlock'] = encrypt_field(net_credential, 'ssh_key_unlock')
ssh = CredentialType.defaults['ssh']()
ssh_credential = Credential(
pk=2,
credential_type=ssh,
inputs = {'ssh_key_unlock': 'ssh_secret'}
)
ssh_credential.inputs['ssh_key_unlock'] = encrypt_field(ssh_credential, 'ssh_key_unlock')
self.instance.credentials.add(net_credential)
self.instance.credentials.add(ssh_credential)
self.task.run(self.pk)
assert self.run_pexpect.call_count == 1
call_args, call_kwargs = self.run_pexpect.call_args_list[0]
assert 'ssh_secret' in call_kwargs.get('expect_passwords').values()
def test_vault_password(self): def test_vault_password(self):
vault = CredentialType.defaults['vault']() vault = CredentialType.defaults['vault']()
credential = Credential( credential = Credential(