Home Verkennen Help
Registreren Inloggen
shixiong
/
okd
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Bladeren bron

Ensure proper variable templating for skopeo auth credentials

Currently, docker_image_availability.py plugin check is
using the raw strings for variables from task_vars.

This results in any variables that utilized within the
plugin to be un-templated.  For instance, if variable
"x" is set to "{{ y }}" and y is set to "2", one
would expect that x == 2 inside the plugin.  Currently,
the plugin will use the string "{{ y }}" for the value
of x instead of templating the variable.

This commit ensures skopeo registry auth credentials
are templated properly.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1500698
Michael Gugino 7 jaren geleden
bovenliggende
1d75eb325c
commit
23b37a72ef
3 gewijzigde bestanden met toevoegingen van 12 en 3 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 2 1
      roles/openshift_health_checker/action_plugins/openshift_health_check.py
  2. 5 2
      roles/openshift_health_checker/openshift_checks/__init__.py
  3. 5 0
      roles/openshift_health_checker/openshift_checks/docker_image_availability.py

+ 2 - 1
roles/openshift_health_checker/action_plugins/openshift_health_check.py
Bestand weergeven 

@@ -101,7 +101,8 @@ class ActionModule(ActionBase):
 
                 execute_module=self._execute_module,
 
                 tmp=tmp,
 
                 task_vars=task_vars,
 
-                want_full_results=want_full_results
 
+                want_full_results=want_full_results,
 
+                templar=self._templar
 
             )
 
         return known_checks

+ 5 - 2
roles/openshift_health_checker/openshift_checks/__init__.py
Bestand weergeven 

@@ -65,12 +65,15 @@ class OpenShiftCheck(object):
 
     If the check can gather logs, tarballs, etc., do so when True; but no need to spend
 
     the time if they're not wanted (won't be written to output directory).
 
     """
 
-
 
-    def __init__(self, execute_module=None, task_vars=None, tmp=None, want_full_results=False):
 
+    # pylint: disable=too-many-arguments
 
+    def __init__(self, execute_module=None, task_vars=None, tmp=None, want_full_results=False,
 
+                 templar=None):
 
         # store a method for executing ansible modules from the check
 
         self._execute_module = execute_module
 
         # the task variables and tmpdir passed into the health checker task
 
         self.task_vars = task_vars or {}
 
+        # We may need to template some task_vars
 
+        self._templar = templar
 
         self.tmp = tmp
 
         # a boolean for disabling the gathering of results (files, computations) that won't
 
         # actually be recorded/used

+ 5 - 0
roles/openshift_health_checker/openshift_checks/docker_image_availability.py
Bestand weergeven 

@@ -61,10 +61,15 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck):
 
         # for the oreg_url registry there may be credentials specified
 
         components = self.get_var("oreg_url", default="").split('/')
 
         self.registries["oreg"] = "" if len(components) < 3 else components[0]
 
+
 
+        # Retrieve and template registry credentials, if provided
 
         self.skopeo_command_creds = ""
 
         oreg_auth_user = self.get_var('oreg_auth_user', default='')
 
         oreg_auth_password = self.get_var('oreg_auth_password', default='')
 
         if oreg_auth_user != '' and oreg_auth_password != '':
 
+            if self._templar is not None:
 
+                oreg_auth_user = self._templar.template(oreg_auth_user)
 
+                oreg_auth_password = self._templar.template(oreg_auth_password)
 
             self.skopeo_command_creds = "--creds={}:{}".format(quote(oreg_auth_user), quote(oreg_auth_password))
 
 
         # record whether we could reach a registry or not (and remember results)