Merge pull request ansible#1 from AlanCoding/auth_cleanup_test

Expand tests for auth.json file cleanups
AlanCoding · Sep 14, 2021 · e7db31b · e7db31b
2 parents 8ec85fe + 4c66ba3
commit e7db31b
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 9 deletions.
diff --git a/ansible_runner/config/_base.py b/ansible_runner/config/_base.py
@@ -77,6 +77,7 @@ def __init__(self,
         self.container_volume_mounts = container_volume_mounts
         self.container_workdir = container_workdir
         self.container_auth_data = container_auth_data
+        self.registry_auth_path = None
         self.container_name = None  # like other properties, not accurate until prepare is called
         self.container_options = container_options
         self._volume_mount_paths = []
@@ -475,8 +476,8 @@ def wrap_args_for_containerization(self, args, execution_mode, cmdline_args):
             host = self.container_auth_data.get('host')
             username = self.container_auth_data.get('username')
             password = self.container_auth_data.get('password')
-            registry_auth_path = self._generate_container_auth_file(host, username, password)
-            new_args.extend(["--authfile={}".format(registry_auth_path)])
+            self.registry_auth_path = self._generate_container_auth_file(host, username, password)
+            new_args.extend(["--authfile={}".format(self.registry_auth_path)])
 
             # runtime commands need artifacts mounted to output data
             self._update_volume_mount_paths(new_args,

diff --git a/test/integration/containerized/test_container_management.py b/test/integration/containerized/test_container_management.py
@@ -1,7 +1,9 @@
 import os
 import shutil
-import tempfile
 import time
+import json
+from glob import glob
+from uuid import uuid4
 
 import pytest
 
@@ -73,21 +75,63 @@ def test_cancel_will_remove_container(test_data_dir, container_runtime_installed
     ), 'Found a running container, they should have all been stopped'
 
 
-def test_invalid_registry_host():
-    private_data_dir = tempfile.mkdtemp()
+def test_invalid_registry_host(tmp_path):
+    pdd_path = tmp_path / "private_data_dir"
+    pdd_path.mkdir()
+    private_data_dir = str(pdd_path)
+
+    image_name = 'quay.io/kdelee/does-not-exist'
+
     res = run(
         private_data_dir=private_data_dir,
         playbook='ping.yml',
         settings={
             'process_isolation_executable': 'podman',
             'process_isolation': True,
-            'container_image': 'quay.io/kdelee/awx-ee',
+            'container_image': image_name,
             'container_options': ['--user=root', '--pull=always'],
         },
-        container_auth_data={'host': 'https://somedomain.invalid'},
+        container_auth_data={'host': 'https://somedomain.invalid', 'username': 'foouser', 'password': '349sk34'},
         ident='awx_123'
     )
     assert res.status == 'failed'
-    assert res.rc == 125  # This return code indicates a failed podman run
+    assert res.rc > 0
+
+    result_stdout = res.stdout.read()
+    assert image_name in result_stdout
+    assert 'unauthorized' in result_stdout
+
+    assert os.path.exists(res.config.registry_auth_path)
+    with open(res.config.registry_auth_path, 'r') as f:
+        content = f.read()
+        assert res.config.container_auth_data['host'] in content
+        assert 'Zm9vdXNlcjozNDlzazM0' in content  # the b64 encoded of username and password
+
+
+def test_registry_auth_file_cleanup(tmp_path, cli):
+    pdd_path = tmp_path / "private_data_dir"
+    pdd_path.mkdir()
+    private_data_dir = str(pdd_path)
+
+    auth_registry_glob = '/tmp/ansible_runner_registry_*'
+    registry_files_before = set(glob(auth_registry_glob))
+
+    settings_data = {
+        'process_isolation_executable': 'podman',
+        'process_isolation': True,
+        'container_image': 'quay.io/kdelee/does-not-exist',
+        'container_options': ['--user=root', '--pull=always'],
+        'container_auth_data': {'host': 'https://somedomain.invalid', 'username': 'foouser', 'password': '349sk34'},
+    }
+
+    os.mkdir(os.path.join(private_data_dir, 'env'))
+    with open(os.path.join(private_data_dir, 'env', 'settings'), 'w') as f:
+        f.write(json.dumps(settings_data, indent=2))
+
+    this_ident = str(uuid4())[:5]
+
+    cli(['run', private_data_dir, '--ident', this_ident, '-p', 'ping.yml'], check=False)
 
-    shutil.rmtree(private_data_dir)
+    discovered_registry_files = set(glob(auth_registry_glob)) - registry_files_before
+    for file_name in discovered_registry_files:
+        assert this_ident not in file_name