Unify openstack inventory injection logic

Remove logic specific to job runs to create a "clouds" file for openstack credential type Move that logic into the collection of managed_by_tower injector methods, so it will be used by all job types Modify inventory openstack injector logic to use this data as a base for its logic building the clouds file
2026-01-14 03:10:42 -03:30 · 2019-04-22 14:59:09 -04:00 · 2019-04-22 14:59:09 -04:00 · adfce6edf1
commit adfce6edf1
parent 140394fe1f
3 changed files with 34 additions and 39 deletions
--- a/awx/main/models/credential/injectors.py
+++ b/awx/main/models/credential/injectors.py
@ -1,4 +1,5 @@
 import json
+import yaml
 import os
 import stat
 import tempfile
@ -62,3 +63,32 @@ def vmware(cred, env, private_data_dir):
    env['VMWARE_PASSWORD'] = cred.get_input('password', default='')
    env['VMWARE_HOST'] = cred.get_input('host', default='')
    env['VMWARE_VALIDATE_CERTS'] = str(settings.VMWARE_VALIDATE_CERTS)
+
+
+def _openstack_data(cred):
+    openstack_auth = dict(auth_url=cred.get_input('host', default=''),
+                          username=cred.get_input('username', default=''),
+                          password=cred.get_input('password', default=''),
+                          project_name=cred.get_input('project', default=''))
+    if cred.has_input('domain'):
+        openstack_auth['domain_name'] = cred.get_input('domain', default='')
+    verify_state = cred.get_input('verify_ssl', default=True)
+    openstack_data = {
+        'clouds': {
+            'devstack': {
+                'auth': openstack_auth,
+                'verify': verify_state,
+            },
+        },
+    }
+    return openstack_data
+
+
+def openstack(cred, env, private_data_dir):
+    handle, path = tempfile.mkstemp(dir=private_data_dir)
+    f = os.fdopen(handle, 'w')
+    openstack_data = _openstack_data(cred)
+    yaml.safe_dump(openstack_data, f, default_flow_style=False, allow_unicode=True)
+    f.close()
+    os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
+    env['OS_CLIENT_CONFIG_FILE'] = path
--- a/awx/main/models/inventory.py
+++ b/awx/main/models/inventory.py
@ -59,6 +59,7 @@ from awx.main.models.notifications import (
    NotificationTemplate,
    JobNotificationMixin,
 )
+from awx.main.models.credential.injectors import _openstack_data
 from awx.main.utils import _inventory_updates, region_sorting, get_licenser


@ -2463,25 +2464,10 @@ class openstack(PluginFileInjector):
    def script_name(self):
        return 'openstack_inventory.py'  # exception

-    def _get_clouds_dict(self, inventory_update, credential, private_data_dir, mk_cache=True):
-        openstack_auth = dict(auth_url=credential.get_input('host', default=''),
-                              username=credential.get_input('username', default=''),
-                              password=credential.get_input('password', default=''),
-                              project_name=credential.get_input('project', default=''))
-        if credential.has_input('domain'):
-            openstack_auth['domain_name'] = credential.get_input('domain', default='')
+    def _get_clouds_dict(self, inventory_update, cred, private_data_dir, mk_cache=True):
+        openstack_data = _openstack_data(cred)

-        private_state = inventory_update.source_vars_dict.get('private', True)
-        verify_state = credential.get_input('verify_ssl', default=True)
-        openstack_data = {
-            'clouds': {
-                'devstack': {
-                    'private': private_state,
-                    'verify': verify_state,
-                    'auth': openstack_auth,
-                },
-            },
-        }
+        openstack_data['clouds']['devstack']['private'] = inventory_update.source_vars_dict.get('private', True)
        if mk_cache:
            # Retrieve cache path from inventory update vars if available,
            # otherwise create a temporary cache path only for this update.
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@ -1340,24 +1340,6 @@ class RunJob(BaseTask):
            if credential.has_input('ssh_public_key_data'):
                private_data.setdefault('certificates', {})[credential] = credential.get_input('ssh_public_key_data', default='')

-            if credential.kind == 'openstack':
-                openstack_auth = dict(auth_url=credential.get_input('host', default=''),
-                                      username=credential.get_input('username', default=''),
-                                      password=credential.get_input('password', default=''),
-                                      project_name=credential.get_input('project', default=''))
-                if credential.has_input('domain'):
-                    openstack_auth['domain_name'] = credential.get_input('domain', default='')
-                verify_state = credential.get_input('verify_ssl', default=True)
-                openstack_data = {
-                    'clouds': {
-                        'devstack': {
-                            'auth': openstack_auth,
-                            'verify': verify_state,
-                        },
-                    },
-                }
-                private_data['credentials'][credential] = yaml.safe_dump(openstack_data, default_flow_style=False, allow_unicode=True)
-
        return private_data

    def build_passwords(self, job, runtime_passwords):
@ -1450,9 +1432,6 @@ class RunJob(BaseTask):

        # Set environment variables for cloud credentials.
        cred_files = private_data_files.get('credentials', {})
-        for cloud_cred in job.cloud_credentials:
-            if cloud_cred and cloud_cred.kind == 'openstack':
-                env['OS_CLIENT_CONFIG_FILE'] = cred_files.get(cloud_cred, '')

        for network_cred in job.network_credentials:
            env['ANSIBLE_NET_USERNAME'] = network_cred.get_input('username', default='')