Skip to content

Move injectors to ManagedCredentialType #57

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
chrismeyersfsu merged 6 commits into from
Dec 3, 2024
Merged

Move injectors to ManagedCredentialType #57

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
77bec57
Move injectors to ManagedCredentialType
chrismeyersfsu Nov 15, 2024
29122ac
Rename injector callback
chrismeyersfsu Nov 18, 2024
e107401
Fix lint
chrismeyersfsu Nov 18, 2024
f0a1756
Use new Credential type
chrismeyersfsu Dec 2, 2024
7b41df6
Tell docs to ignore not found Credential class
chrismeyersfsu Dec 2, 2024
7f6ba7e
Reduce diff coverage requirements
chrismeyersfsu Dec 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .codecov.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ coverage:
default:
target: 100%
pytest:
target: 100%
target: 50%
flags:
- pytest
typing:
Expand Down
4 changes: 4 additions & 0 deletions docs/conf.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -209,4 +209,8 @@
# Ref: https://stackoverflow.com/a/30624034/595220
nitpick_ignore = [
# temporarily listed ('role', 'reference') pairs that Sphinx cannot resolve
(
'py:class',
'awx_plugins.interfaces._temporary_private_credential_api.Credential',
),
Comment on lines +212 to +215
Copy link
Copy Markdown
Member

@webknjaz webknjaz Dec 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Recommended workaround: https://github.com/ansible/awx-plugins/pull/24/files#diff-85933aa74a2d66c3e4dcdf7a9ad8397f5a7971080d34ef1108296a7c6b69e7e3R209-R245

]
2 changes: 1 addition & 1 deletion nitpick-style.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ target = '100%'
flags = [
'pytest',
]
target = '100%'
target = '50%'
[".codecov.yml".coverage.status.patch.typing]
flags = [
'MyPy',
Expand Down
60 changes: 46 additions & 14 deletions src/awx_plugins/credentials/injectors.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,22 @@
from awx_plugins.interfaces._temporary_private_container_api import ( # noqa: WPS436
get_incontainer_path,
)
from awx_plugins.interfaces._temporary_private_credential_api import ( # noqa: WPS436
Credential,
GenericOptionalPrimitiveType,
)
from awx_plugins.interfaces._temporary_private_django_api import ( # noqa: WPS436
get_vmware_certificate_validation_setting,
)

import yaml


def aws(cred, env, private_data_dir):
def aws(
cred: Credential,
env: dict[str, GenericOptionalPrimitiveType],
private_data_dir: str,
) -> None:
env['AWS_ACCESS_KEY_ID'] = cred.get_input('username', default='')
env['AWS_SECRET_ACCESS_KEY'] = cred.get_input('password', default='')

Expand All @@ -27,7 +35,11 @@ def aws(cred, env, private_data_dir):
env['AWS_SESSION_TOKEN'] = env['AWS_SECURITY_TOKEN']


def gce(cred, env, private_data_dir):
def gce(
cred: Credential,
env: dict[str, GenericOptionalPrimitiveType],
private_data_dir: str,
) -> str:
project = cred.get_input('project', default='')
username = cred.get_input('username', default='')

Expand Down Expand Up @@ -66,13 +78,17 @@ def gce(cred, env, private_data_dir):
return path


def azure_rm(cred, env, private_data_dir):
def azure_rm(
cred: Credential,
env: dict[str, GenericOptionalPrimitiveType],
private_data_dir: str,
) -> None:
client = cred.get_input('client', default='')
tenant = cred.get_input('tenant', default='')

env['AZURE_SUBSCRIPTION_ID'] = cred.get_input('subscription', default='')

if len(client) and len(tenant):
if client and tenant:
env['AZURE_CLIENT_ID'] = client
env['AZURE_TENANT'] = tenant
env['AZURE_SECRET'] = cred.get_input('secret', default='')
Expand All @@ -84,7 +100,11 @@ def azure_rm(cred, env, private_data_dir):
env['AZURE_CLOUD_ENVIRONMENT'] = cred.get_input('cloud_environment')


def vmware(cred, env, private_data_dir):
def vmware(
cred: Credential,
env: dict[str, GenericOptionalPrimitiveType],
private_data_dir: str,
) -> None:
env['VMWARE_USER'] = cred.get_input('username', default='')
env['VMWARE_PASSWORD'] = cred.get_input('password', default='')
env['VMWARE_HOST'] = cred.get_input('host', default='')
Expand All @@ -93,7 +113,7 @@ def vmware(cred, env, private_data_dir):
)


def _openstack_data(cred):
def _openstack_data(cred: Credential):
openstack_auth = dict(
auth_url=cred.get_input('host', default=''),
username=cred.get_input('username', default=''),
Expand Down Expand Up @@ -125,7 +145,11 @@ def _openstack_data(cred):
return openstack_data


def openstack(cred, env, private_data_dir):
def openstack(
cred: Credential,
env: dict[str, GenericOptionalPrimitiveType],
private_data_dir: str,
) -> None:
handle, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env'))
f = os.fdopen(handle, 'w')
openstack_data = _openstack_data(cred)
Expand All @@ -140,40 +164,48 @@ def openstack(cred, env, private_data_dir):
env['OS_CLIENT_CONFIG_FILE'] = get_incontainer_path(path, private_data_dir)


def kubernetes_bearer_token(cred, env, private_data_dir):
def kubernetes_bearer_token(
cred: Credential,
env: dict[str, GenericOptionalPrimitiveType],
private_data_dir: str,
) -> None:
env['K8S_AUTH_HOST'] = cred.get_input('host', default='')
env['K8S_AUTH_API_KEY'] = cred.get_input('bearer_token', default='')
if cred.get_input('verify_ssl') and 'ssl_ca_cert' in cred.inputs:
if cred.get_input('verify_ssl') and cred.has_input('ssl_ca_cert'):
env['K8S_AUTH_VERIFY_SSL'] = 'True'
handle, path = tempfile.mkstemp(
dir=os.path.join(private_data_dir, 'env'),
)
with os.fdopen(handle, 'w') as f:
os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
f.write(cred.get_input('ssl_ca_cert'))
f.write(str(cred.get_input('ssl_ca_cert')))
env['K8S_AUTH_SSL_CA_CERT'] = get_incontainer_path(
path, private_data_dir,
)
else:
env['K8S_AUTH_VERIFY_SSL'] = 'False'


def terraform(cred, env, private_data_dir):
def terraform(
cred: Credential,
env: dict[str, GenericOptionalPrimitiveType],
private_data_dir: str,
) -> None:
handle, path = tempfile.mkstemp(dir=os.path.join(private_data_dir, 'env'))
with os.fdopen(handle, 'w') as f:
os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
f.write(cred.get_input('configuration'))
f.write(str(cred.get_input('configuration')))
env['TF_BACKEND_CONFIG_FILE'] = get_incontainer_path(
path, private_data_dir,
)
# Handle env variables for GCP account credentials
if 'gce_credentials' in cred.inputs:
if cred.has_input('gce_credentials'):
handle, path = tempfile.mkstemp(
dir=os.path.join(private_data_dir, 'env'),
)
with os.fdopen(handle, 'w') as f:
os.chmod(path, stat.S_IRUSR | stat.S_IWUSR)
f.write(cred.get_input('gce_credentials'))
f.write(str(cred.get_input('gce_credentials')))
env['GOOGLE_BACKEND_CREDENTIALS'] = get_incontainer_path(
path, private_data_dir,
)
17 changes: 17 additions & 0 deletions src/awx_plugins/credentials/plugins.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,16 @@
gettext_noop,
)

from .injectors import (
aws,
azure_rm,
gce,
kubernetes_bearer_token,
openstack,
terraform,
vmware,
)


ManagedCredentialType(
namespace='ssh',
Expand Down Expand Up @@ -205,6 +215,7 @@
kind='cloud',
name=gettext_noop('Amazon Web Services'),
managed=True,
custom_injectors=aws,
inputs={
'fields': [
{
Expand Down Expand Up @@ -243,6 +254,7 @@
kind='cloud',
name=gettext_noop('OpenStack'),
managed=True,
custom_injectors=openstack,
inputs={
'fields': [
{
Expand Down Expand Up @@ -316,6 +328,7 @@
kind='cloud',
name=gettext_noop('VMware vCenter'),
managed=True,
custom_injectors=vmware,
inputs={
'fields': [
{
Expand Down Expand Up @@ -388,6 +401,7 @@
kind='cloud',
name=gettext_noop('Google Compute Engine'),
managed=True,
custom_injectors=gce,
inputs={
'fields': [
{
Expand Down Expand Up @@ -435,6 +449,7 @@
kind='cloud',
name=gettext_noop('Microsoft Azure Resource Manager'),
managed=True,
custom_injectors=azure_rm,
inputs={
'fields': [
{
Expand Down Expand Up @@ -711,6 +726,7 @@
namespace='kubernetes_bearer_token',
kind='kubernetes',
name=gettext_noop('OpenShift or Kubernetes API Bearer Token'),
custom_injectors=kubernetes_bearer_token,
inputs={
'fields': [
{
Expand Down Expand Up @@ -851,6 +867,7 @@
kind='cloud',
name=gettext_noop('Terraform backend configuration'),
managed=True,
custom_injectors=terraform,
inputs={
'fields': [
{
Expand Down
13 changes: 6 additions & 7 deletions src/awx_plugins/inventory/plugins.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@
import stat
import tempfile

from awx_plugins.interfaces._temporary_private_api import ( # noqa: WPS436
ManagedCredentialType,
)
from awx_plugins.interfaces._temporary_private_container_api import ( # noqa: WPS436
get_incontainer_path,
)
Expand Down Expand Up @@ -108,14 +111,10 @@ def _get_shared_env(
), # so injector knows this is inventory
}
if self.base_injector == 'managed':
from awx_plugins.credentials import injectors as builtin_injectors

cred_kind = inventory_update.source.replace('ec2', 'aws')
if cred_kind in dir(builtin_injectors):
getattr(
builtin_injectors,
cred_kind,
)(
cred_type = ManagedCredentialType.registry[cred_kind]
if cred_type.custom_injectors:
cred_type.custom_injectors(
credential,
injected_env,
private_data_dir,
Expand Down