From c36dbb3448a141d837822a74fb8e7d180b8d9140 Mon Sep 17 00:00:00 2001
From: AlanCoding <arominge@redhat.com>
Date: Tue, 23 Apr 2019 08:31:50 -0400
Subject: [PATCH] Simplify gce inventory plugin injector

This consumes the change made in Ansible core
https://github.com/ansible/ansible/pull/54407
which is in Ansible 2.8, allowing the plugin
injection logic to share the script logic and
to be simplified
---
 awx/main/models/credential/injectors.py          |  5 +++--
 awx/main/models/inventory.py                     | 16 ++++++++--------
 .../tests/data/inventory/plugins/gce/env.json    |  3 ++-
 ...{file_reference => GCE_CREDENTIALS_FILE_PATH} |  0
 .../inventory/plugins/gce/files/gcp_compute.yml  |  1 -
 5 files changed, 13 insertions(+), 12 deletions(-)
 rename awx/main/tests/data/inventory/plugins/gce/files/{file_reference => GCE_CREDENTIALS_FILE_PATH} (100%)

diff --git a/awx/main/models/credential/injectors.py b/awx/main/models/credential/injectors.py
index 9bf7edc4a9..85b8117b09 100644
--- a/awx/main/models/credential/injectors.py
+++ b/awx/main/models/credential/injectors.py
@@ -18,8 +18,9 @@ def gce(cred, env, private_data_dir):
     project = cred.get_input('project', default='')
     username = cred.get_input('username', default='')
 
-    env['GCE_EMAIL'] = username
-    env['GCE_PROJECT'] = project
+    if 'INVENTORY_UPDATE_ID' not in env:
+        env['GCE_EMAIL'] = username
+        env['GCE_PROJECT'] = project
     json_cred = {
         'type': 'service_account',
         'private_key': cred.get_input('ssh_key_data', default=''),
diff --git a/awx/main/models/inventory.py b/awx/main/models/inventory.py
index ab2af142b1..23e32d09b7 100644
--- a/awx/main/models/inventory.py
+++ b/awx/main/models/inventory.py
@@ -1911,13 +1911,14 @@ class PluginFileInjector(object):
         # some sources may have no credential, specifically ec2
         if credential is None:
             return injected_env
+        if self.base_injector in ('managed', 'template'):
+            injected_env['INVENTORY_UPDATE_ID'] = str(inventory_update.pk)  # so injector knows this is inventory
         if self.base_injector == 'managed':
             from awx.main.models.credential import injectors as builtin_injectors
             cred_kind = inventory_update.source.replace('ec2', 'aws')
             if cred_kind in dir(builtin_injectors):
                 getattr(builtin_injectors, cred_kind)(credential, injected_env, private_data_dir)
         elif self.base_injector == 'template':
-            injected_env['INVENTORY_UPDATE_ID'] = str(inventory_update.pk)  # so injector knows this is inventory
             safe_env = injected_env.copy()
             args = []
             credential.credential_type.inject_credential(
@@ -2326,6 +2327,12 @@ class gce(PluginFileInjector):
 
     def get_script_env(self, inventory_update, private_data_dir, private_data_files):
         env = super(gce, self).get_script_env(inventory_update, private_data_dir, private_data_files)
+        cred = inventory_update.get_cloud_credential()
+        # these environment keys are unique to the script operation, and are not
+        # concepts in the modern inventory plugin or gce Ansible module
+        # email and project are redundant with the creds file
+        env['GCE_EMAIL'] = cred.get_input('username', default='')
+        env['GCE_PROJECT'] = cred.get_input('project', default='')
         env['GCE_ZONE'] = inventory_update.source_regions if inventory_update.source_regions != 'all' else ''  # noqa
 
         # by default, the GCE inventory source caches results on disk for
@@ -2366,8 +2373,6 @@ class gce(PluginFileInjector):
         credential = inventory_update.get_cloud_credential()
 
         # auth related items
-        from awx.main.models.credential.injectors import gce as builtin_injector
-        ret['service_account_file'] = builtin_injector(credential, {}, private_data_dir)
         ret['projects'] = [credential.get_input('project', default='')]
         ret['auth_kind'] = "serviceaccount"
 
@@ -2413,11 +2418,6 @@ class gce(PluginFileInjector):
             ret['zones'] = inventory_update.source_regions.split(',')
         return ret
 
-    def get_plugin_env(self, inventory_update, private_data_dir, private_data_files):
-        # gce wants everything defined in inventory & cred files
-        # this explicitly turns off injection of environment variables
-        return {}
-
 
 class vmware(PluginFileInjector):
     # plugin_name = 'vmware_vm_inventory'  # FIXME: implement me
diff --git a/awx/main/tests/data/inventory/plugins/gce/env.json b/awx/main/tests/data/inventory/plugins/gce/env.json
index f18da63d1c..91d08e70ee 100644
--- a/awx/main/tests/data/inventory/plugins/gce/env.json
+++ b/awx/main/tests/data/inventory/plugins/gce/env.json
@@ -1,3 +1,4 @@
 {
-    "ANSIBLE_TRANSFORM_INVALID_GROUP_CHARS": "never"
+    "ANSIBLE_TRANSFORM_INVALID_GROUP_CHARS": "never",
+    "GCE_CREDENTIALS_FILE_PATH": "{{ file_reference }}"
 }
\ No newline at end of file
diff --git a/awx/main/tests/data/inventory/plugins/gce/files/file_reference b/awx/main/tests/data/inventory/plugins/gce/files/GCE_CREDENTIALS_FILE_PATH
similarity index 100%
rename from awx/main/tests/data/inventory/plugins/gce/files/file_reference
rename to awx/main/tests/data/inventory/plugins/gce/files/GCE_CREDENTIALS_FILE_PATH
diff --git a/awx/main/tests/data/inventory/plugins/gce/files/gcp_compute.yml b/awx/main/tests/data/inventory/plugins/gce/files/gcp_compute.yml
index 7192bf8647..17ee2f3b62 100644
--- a/awx/main/tests/data/inventory/plugins/gce/files/gcp_compute.yml
+++ b/awx/main/tests/data/inventory/plugins/gce/files/gcp_compute.yml
@@ -44,7 +44,6 @@ plugin: gcp_compute
 projects:
 - fooo
 retrieve_image_info: true
-service_account_file: {{ file_reference }}
 use_contrib_script_compatible_sanitization: true
 zones:
 - us-east4-a