| |
@@ -12,6 +12,10 @@
|
| |
import fnmatch
|
| |
import signal
|
| |
import json
|
| |
+ import tempfile
|
| |
+ import configparser
|
| |
+ import requests
|
| |
+ import re
|
| |
|
| |
from libtaskotron import config
|
| |
from libtaskotron import image_utils
|
| |
@@ -57,6 +61,7 @@
|
| |
'taskotron_arch',
|
| |
'taskotron_item_type',
|
| |
'taskotron_item',
|
| |
+ 'taskotron_secrets_file',
|
| |
'taskotron_supported_arches',
|
| |
'taskotron_supported_binary_arches',
|
| |
]
|
| |
@@ -181,6 +186,53 @@
|
| |
vars_[var] = val
|
| |
return vars_
|
| |
|
| |
+ def _get_vault_secrets(self, taskdir):
|
| |
+ '''Load secrets from the Vault server and store them in a file
|
| |
+
|
| |
+ :param str taskdir: path to the directory with test suite (on overlord)
|
| |
+ :return: a filename with decrypted secrets
|
| |
+ '''
|
| |
+ cfg = config.get_config()
|
| |
+ secrets = {}
|
| |
+ if cfg.vault_enabled:
|
| |
+ task_repo_url = resultsdb_directive.git_origin_url(taskdir)
|
| |
+ if task_repo_url:
|
| |
+ try:
|
| |
+ session = file_utils._get_session()
|
| |
+ r = session.get(
|
| |
+ "%s/buckets" % cfg.vault_server,
|
| |
+ auth=(cfg.vault_username, cfg.vault_password),
|
| |
+ )
|
| |
+ except requests.exceptions.RequestException as e:
|
| |
+ log.error("Connection to Vault server failed. %s", e)
|
| |
+ r = None
|
| |
+
|
| |
+ if r and r.ok:
|
| |
+ data = r.json()['data']
|
| |
+ valid_buckets = []
|
| |
+ re_enabler = re.compile(r'taskotron_enable\((.*?)\)')
|
| |
+ for b in data:
|
| |
+ desc = b['description']
|
| |
+ if not desc:
|
| |
+ continue
|
| |
+ enabled_for = ', '.join(re_enabler.findall(desc))
|
| |
+ if not task_repo_url in enabled_for:
|
| |
+ continue
|
| |
+ valid_buckets.append(b)
|
| |
+ for b in valid_buckets:
|
| |
+ secrets[b['uuid']] = b['secrets']
|
| |
+ elif r and not r.ok:
|
| |
+ log.error("Could not get data from vault. %r, %r", r.status_code, r.reason)
|
| |
+
|
| |
+ if config.get_config().profile == config.ProfileName.TESTING:
|
| |
+ return secrets
|
| |
+
|
| |
+ fd, fname = tempfile.mkstemp(prefix='taskotron_secrets')
|
| |
+ os.close(fd)
|
| |
+ with open(fname, 'w') as fd:
|
| |
+ fd.write(json.dumps(secrets, indent=2, sort_keys=True))
|
| |
+ return fname
|
| |
+
|
| |
def _create_playbook_vars(self, test_playbook):
|
| |
'''Create and return dictionary containing all variables to be used
|
| |
with our ansible playbook.
|
| |
@@ -230,6 +282,8 @@
|
| |
whether VM guest distro has to match taskotron_item
|
| |
taskotron_match_host_release
|
| |
whether VM guest release has to match taskotron_item
|
| |
+ taskotron_secrets_file
|
| |
+ path to the file with secrets appropriate for the task
|
| |
taskotron_supported_arches
|
| |
list of base architectures supported by Taskotron (e.g.
|
| |
'armhfp')
|
| |
@@ -274,6 +328,7 @@
|
| |
vars_['taskotron_arch'] = self.arg_data['arch']
|
| |
vars_['taskotron_item'] = self.arg_data['item']
|
| |
vars_['taskotron_item_type'] = self.arg_data['type']
|
| |
+ vars_['taskotron_secrets_file'] = self._get_vault_secrets(taskdir=vars_['taskdir'])
|
| |
vars_['taskotron_supported_arches'] = cfg.supported_arches
|
| |
vars_['taskotron_supported_binary_arches'] = [binarch for arch in
|
| |
cfg.supported_arches for binarch in arch_utils.Arches.binary[arch]]
|
| |
@@ -446,6 +501,7 @@
|
| |
|
| |
failed = []
|
| |
for test_playbook in test_playbooks:
|
| |
+ playbook_vars = None
|
| |
try:
|
| |
# syntax check
|
| |
self._check_playbook_syntax(os.path.join(
|
| |
@@ -479,6 +535,12 @@
|
| |
test_playbook, e)
|
| |
failed.append(test_playbook)
|
| |
finally:
|
| |
+ try:
|
| |
+ if playbook_vars and config.get_config().profile != config.ProfileName.TESTING:
|
| |
+ os.remove(playbook_vars['taskotron_secrets_file'])
|
| |
+ except OSError as e:
|
| |
+ log.warning("Could not delete the secrets file at %r. %s",
|
| |
+ playbook_vars['taskotron_secrets_file'], e)
|
| |
if self.task_vm is not None:
|
| |
if self.arg_data['no_destroy']:
|
| |
log.info('Not destroying disposable client as '
|
| |
@@ -487,7 +549,6 @@
|
| |
break
|
| |
else:
|
| |
self.task_vm.teardown()
|
| |
-
|
| |
log.info('Playbook execution finished: %s', test_playbook)
|
| |
|
| |
if failed:
|
| |
This is supposed to be user-configurable, so this also needs to be placed in
conf/taskotron.yaml.example
, with a short description.