External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-23 05:55:59 -03:30
Code Issues Packages Projects Releases Wiki Activity

Change the way auth info is passed to Runner for EEs pulled from protected registries

Browse Source
This commit is contained in:
beeankha
2021-09-09 15:23:57 -04:00
parent 1b50db26b6
commit ac8b49b39d
1 changed files with 6 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
awx/main/tasks.py
View File

@@ -939,23 +939,17 @@ class BaseTask(object):
params = { params = {
"container_image": image, "container_image": image,
"process_isolation": True, "process_isolation": True,
"process_isolation_executable": "podman", # need to provide, runner enforces default via argparse
"container_options": ['--user=root'], "container_options": ['--user=root'],
} }
if instance.execution_environment.credential: if instance.execution_environment.credential:
cred = instance.execution_environment.credential cred = instance.execution_environment.credential
if cred.has_inputs(field_names=('host', 'username', 'password')): if cred.has_inputs(field_names=('host', 'username', 'password')):
path = os.path.split(private_data_dir)[0] host = cred.get_input('host')
with open(path + '/auth.json', 'w') as authfile: username = cred.get_input('username')
os.chmod(authfile.name, stat.S_IRUSR | stat.S_IWUSR) password = cred.get_input('password')
params['container_auth_data'] = {'host': host, 'username': username, 'password': password}
host = cred.get_input('host')
username = cred.get_input('username')
password = cred.get_input('password')
token = "{}:{}".format(username, password)
auth_data = {'auths': {host: {'auth': b64encode(token.encode('UTF-8')).decode('UTF-8')}}}
authfile.write(json.dumps(auth_data, indent=4))
params["container_options"].append(f'--authfile={authfile.name}')
else: else:
raise RuntimeError('Please recheck that your host, username, and password fields are all filled.') raise RuntimeError('Please recheck that your host, username, and password fields are all filled.')
@@ -3049,7 +3043,7 @@ class AWXReceptorJob:
if self.task and not self.task.instance.is_container_group_task: if self.task and not self.task.instance.is_container_group_task:
execution_environment_params = self.task.build_execution_environment_params(self.task.instance, runner_params['private_data_dir']) execution_environment_params = self.task.build_execution_environment_params(self.task.instance, runner_params['private_data_dir'])
self.runner_params['settings'].update(execution_environment_params) self.runner_params.update(execution_environment_params)
def run(self): def run(self):
# We establish a connection to the Receptor socket # We establish a connection to the Receptor socket