[ansible_runner] Add NetworkCredential for Ansible::Runner lib #19007
Conversation
NickLaMuro
force-pushed
the
ansible_runner_network_credential
branch
from
ea10836
to
069b64a
Compare
| end | ||
|
|
||
| it "clobbers existing ssh key unlock keys" do | ||
| existing_data = { ssh_unlock_key => "hunter2" } |
There was a problem hiding this comment.
ummmm... shouldn't hunter2 be ******* ? Or do I only see it because it's my password, but you see *******? 😆
| # Modeled off of awx codebase: | ||
| # | ||
| # https://github.com/ansible/awx/blob/1242ee2b/awx/main/tasks.py#L1432-L1443 | ||
| # |
There was a problem hiding this comment.
Does this comment belong in the tests? (expected in the code, but not the tests)
There was a problem hiding this comment.
I have had it in both in every other credential provider.
|
LGTM... @carbonin can you also review. |
There was a problem hiding this comment.
Just some minor style stuff from me. Looks good @NickLaMuro
With network credentials, awx favor's the MachineCredetial info over the NetworkCredential data in the env/password file, so that file is loaded if it exists already, and the data is appended to it only if there isn't data already.
- Adds missing closing paren in comment - Re-aligns assignments in .params_to_attributes
When creating a env/password file in MachineCredential, only inject new values into the file if it already exists, but don't overwrite data that wouldn't otherwise be re-written. Example: if an key for unlocking an encrypted SSH key exists, don't delete that data while adding the other existing data. A helper method, `.initialize_password_data` was added to the top level `Ansible::Runner::Credential` class to share loading the existing data or creating a new hash.
NickLaMuro
force-pushed
the
ansible_runner_network_credential
branch
from
069b64a
to
bcdd800
Compare
|
Some comments on commits NickLaMuro/manageiq@9f6b031~...bcdd800 lib/ansible/runner/credential/machine_credential.rb
spec/lib/ansible/runner/credential/machine_credential_spec.rb
spec/lib/ansible/runner/credential/network_credential_spec.rb
|
|
Checked commits NickLaMuro/manageiq@9f6b031~...bcdd800 with ruby 2.4.6, rubocop 0.69.0, haml-lint 0.20.0, and yamllint 1.10.0 |
|
@carbonin Changes applied. |
As part of this change,
Ansible::Runner:MachineCredentialas updated so that it won't overwrite any existing data in that it would have not overwritten inenv/passwordif the file already exist. Data fromMachineCredentialis still favored over other sources (likeNetworkCredential), but this allows ssh unlock passphrases that would be only defined inNetworkCredentialto exist along side any other passwords fromMachineCredentials.