External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-07 19:51:08 -03:30
Code Issues Packages Projects Releases Wiki Activity

Use inventory and env private_data_dir subfolders

Browse Source 
This avoids writing files to the top level
  of the ansible-runner private_data_dir

Inventory is moved to be in the standard "inventory" folder

Credential related files are moved inside of the "env" folder

Also pre-create these folders when preparing for a job run

With this, args is the only top-level file still remaining
This commit is contained in:
Alan Rominger
2020-09-16 20:35:27 -04:00
parent 117bb07f0d
commit f59da78328
3 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/main/models/credential/__init__.py
View File

@@ -493,7 +493,7 @@ class CredentialType(CommonModelNameNotUnique):
for file_label, file_tmpl in file_tmpls.items():
data = sandbox_env.from_string(file_tmpl).render(**namespace)
_, path = tempfile.mkstemp(dir=private_data_dir)
_, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env'))
with open(path, 'w') as f:
f.write(data)
os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
@@ -526,7 +526,7 @@ class CredentialType(CommonModelNameNotUnique):
extra_vars[var_name] = sandbox_env.from_string(tmpl).render(**namespace)
def build_extra_vars_file(vars, private_dir):
handle, path = tempfile.mkstemp(dir=private_dir)
handle, path = tempfile.mkstemp(dir=os.path.join(private_dir, 'env'))
f = os.fdopen(handle, 'w')
f.write(safe_dump(vars))
f.close()

6
awx/main/models/credential/injectors.py
View File

@@ -25,7 +25,7 @@ def gce(cred, env, private_data_dir):
env['GCE_PROJECT'] = project
json_cred['token_uri'] = 'https://oauth2.googleapis.com/token'
handle, path = tempfile.mkstemp(dir=private_data_dir)
handle, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env'))
f = os.fdopen(handle, 'w')
json.dump(json_cred, f, indent=2)
f.close()
@@ -96,7 +96,7 @@ def _openstack_data(cred):
def openstack(cred, env, private_data_dir):
handle, path = tempfile.mkstemp(dir=private_data_dir)
handle, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env'))
f = os.fdopen(handle, 'w')
openstack_data = _openstack_data(cred)
yaml.safe_dump(openstack_data, f, default_flow_style=False, allow_unicode=True)
@@ -111,7 +111,7 @@ def kubernetes_bearer_token(cred, env, private_data_dir):
env['K8S_AUTH_API_KEY'] = cred.get_input('bearer_token', default='')
if cred.get_input('verify_ssl') and 'ssl_ca_cert' in cred.inputs:
env['K8S_AUTH_VERIFY_SSL'] = 'True'
handle, path = tempfile.mkstemp(dir=private_data_dir)
handle, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env'))
with os.fdopen(handle, 'w') as f:
os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
f.write(cred.get_input('ssl_ca_cert'))