Merge pull request #696 from jladdjr/awx_349_custom_cred_write_multiple_files

Feature: Multi-file support for Credential Types
2024-10-27 17:55:10 +03:00 · 2018-02-02 11:39:11 -05:00 · 2018-02-02 11:39:11 -05:00 · 93c8cc9f8e
commit 93c8cc9f8e
parent 1808559586 d558299b1f
5 changed files with 84 additions and 13 deletions
--- a/awx/main/fields.py
+++ b/awx/main/fields.py
@ -695,11 +695,10 @@ class CredentialTypeInjectorField(JSONSchemaField):
            'properties': {
                'file': {
                    'type': 'object',
-                    'properties': {
-                        'template': {'type': 'string'},
+                    'patternProperties': {
+                        '^template(\.[a-zA-Z_]+[a-zA-Z0-9_]*)?$': {'type': 'string'},
                    },
                    'additionalProperties': False,
-                    'required': ['template'],
                },
                'env': {
                    'type': 'object',
@ -749,8 +748,22 @@ class CredentialTypeInjectorField(JSONSchemaField):

        class TowerNamespace:
            filename = None
-
        valid_namespace['tower'] = TowerNamespace()
+
+        # ensure either single file or multi-file syntax is used (but not both)
+        template_names = [x for x in value.get('file', {}).keys() if x.startswith('template')]
+        if 'template' in template_names and len(template_names) > 1:
+            raise django_exceptions.ValidationError(
+                _('Must use multi-file syntax when injecting multiple files'),
+                code='invalid',
+                params={'value': value},
+            )
+        if 'template' not in template_names:
+            valid_namespace['tower'].filename = TowerNamespace()
+            for template_name in template_names:
+                template_name = template_name.split('.')[1]
+                setattr(valid_namespace['tower'].filename, template_name, 'EXAMPLE')
+
        for type_, injector in value.items():
            for key, tmpl in injector.items():
                try:
--- a/awx/main/models/credential/init.py
+++ b/awx/main/models/credential/init.py
@ -594,7 +594,7 @@ class CredentialType(CommonModelNameNotUnique):
            return

        class TowerNamespace:
-            filename = None
+            pass

        tower_namespace = TowerNamespace()

@ -622,17 +622,25 @@ class CredentialType(CommonModelNameNotUnique):
            if len(value):
                namespace[field_name] = value

-        file_tmpl = self.injectors.get('file', {}).get('template')
-        if file_tmpl is not None:
-            # If a file template is provided, render the file and update the
-            # special `tower` template namespace so the filename can be
-            # referenced in other injectors
+        file_tmpls = self.injectors.get('file', {})
+        # If any file templates are provided, render the files and update the
+        # special `tower` template namespace so the filename can be
+        # referenced in other injectors
+        for file_label, file_tmpl in file_tmpls.items():
            data = Template(file_tmpl).render(**namespace)
            _, path = tempfile.mkstemp(dir=private_data_dir)
            with open(path, 'w') as f:
                f.write(data)
            os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
-            namespace['tower'].filename = path
+
+            # determine if filename indicates single file or many
+            if file_label.find('.') == -1:
+                tower_namespace.filename = path
+            else:
+                if not hasattr(tower_namespace, 'filename'):
+                    tower_namespace.filename = TowerNamespace()
+                file_label = file_label.split('.')[1]
+                setattr(tower_namespace.filename, file_label, path)

        for env_var, tmpl in self.injectors.get('env', {}).items():
            if env_var.startswith('ANSIBLE_') or env_var in self.ENV_BLACKLIST:
--- a/awx/main/tests/functional/test_credential.py
+++ b/awx/main/tests/functional/test_credential.py
@ -107,8 +107,11 @@ def test_cred_type_input_schema_validity(input_, valid):
    ({}, True),
    ({'invalid-injector': {}}, False),
    ({'file': 123}, False),
-    ({'file': {}}, False),
+    ({'file': {}}, True),
    ({'file': {'template': '{{username}}'}}, True),
+    ({'file': {'template.username': '{{username}}'}}, True),
+    ({'file': {'template.username': '{{username}}', 'template.password': '{{pass}}'}}, True),
+    ({'file': {'template': '{{username}}', 'template.password': '{{pass}}'}}, False),
    ({'file': {'foo': 'bar'}}, False),
    ({'env': 123}, False),
    ({'env': {}}, True),
--- a/awx/main/tests/unit/test_tasks.py
+++ b/awx/main/tests/unit/test_tasks.py
@ -1227,6 +1227,50 @@ class TestJobCredentials(TestJobExecution):
        self.run_pexpect.side_effect = run_pexpect_side_effect
        self.task.run(self.pk)

+    def test_custom_environment_injectors_with_files(self):
+        some_cloud = CredentialType(
+            kind='cloud',
+            name='SomeCloud',
+            managed_by_tower=False,
+            inputs={
+                'fields': [{
+                    'id': 'cert',
+                    'label': 'Certificate',
+                    'type': 'string'
+                }, {
+                    'id': 'key',
+                    'label': 'Key',
+                    'type': 'string'
+                }]
+            },
+            injectors={
+                'file': {
+                    'template.cert': '[mycert]\n{{cert}}',
+                    'template.key': '[mykey]\n{{key}}'
+                },
+                'env': {
+                    'MY_CERT_INI_FILE': '{{tower.filename.cert}}',
+                    'MY_KEY_INI_FILE': '{{tower.filename.key}}'
+                }
+            }
+        )
+        credential = Credential(
+            pk=1,
+            credential_type=some_cloud,
+            inputs = {'cert': 'CERT123', 'key': 'KEY123'}
+        )
+        self.instance.credentials.add(credential)
+        self.task.run(self.pk)
+
+        def run_pexpect_side_effect(*args, **kwargs):
+            args, cwd, env, stdout = args
+            assert open(env['MY_CERT_INI_FILE'], 'rb').read() == '[mycert]\nCERT123'
+            assert open(env['MY_KEY_INI_FILE'], 'rb').read() == '[mykey]\nKEY123'
+            return ['successful', 0]
+
+        self.run_pexpect.side_effect = run_pexpect_side_effect
+        self.task.run(self.pk)
+
    def test_multi_cloud(self):
        gce = CredentialType.defaults['gce']()
        gce_credential = Credential(
--- a/docs/custom_credential_types.md
+++ b/docs/custom_credential_types.md
@ -194,7 +194,8 @@ certificate/key data:
        }
    }

-
+Note that the single and multi-file syntax cannot be mixed within the same
+``Credential Type``.

 Job and Job Template Credential Assignment
 ------------------------------------------
@ -326,6 +327,8 @@ When verifying acceptance we should ensure the following statements are true:
 * Custom `Credential Types` should support injecting both single and
  multiple files. (Furthermore, the new syntax for injecting multiple files
  should work properly even if only a single file is injected).
+* Users should not be able to use the syntax for injecting single and
+  multiple files in the same custom credential.
 * The default `Credential Types` included with Tower in 3.2 should be
  non-editable/readonly and cannot be deleted by any user.
 * Stored `Credential` values for _all_ types should be consistent before and