Pass extra vars via file rather than via commandline, including custom creds.

The extra vars file created lives in the playbook private runtime directory, and will be reaped along with the rest of the directory. Adjust assorted unit tests as necessary.
2026-03-21 19:07:39 -02:30 · 2018-02-02 23:30:51 -05:00
parent 476dbe58c5
commit aa5bd9f5bf
5 changed files with 116 additions and 62 deletions
--- a/awx/main/models/credential/init.py
+++ b/awx/main/models/credential/init.py
@@ -654,11 +654,21 @@ class CredentialType(CommonModelNameNotUnique):
            extra_vars[var_name] = Template(tmpl).render(**namespace)
            safe_extra_vars[var_name] = Template(tmpl).render(**safe_namespace)

+        def build_extra_vars_file(vars, private_dir):
+            handle, path = tempfile.mkstemp(dir = private_dir)
+            f = os.fdopen(handle, 'w')
+            f.write(json.dumps(vars))
+            f.close()
+            os.chmod(path, stat.S_IRUSR)
+            return path
+
        if extra_vars:
-            args.extend(['-e', json.dumps(extra_vars)])
+            path = build_extra_vars_file(extra_vars, private_data_dir)
+            args.extend(['-e', '@%s' % path])

        if safe_extra_vars:
-            safe_args.extend(['-e', json.dumps(safe_extra_vars)])
+            path = build_extra_vars_file(safe_extra_vars, private_data_dir)
+            safe_args.extend(['-e', '@%s' % path])


@CredentialType.default