diff --git a/awxkit/awxkit/cli/format.py b/awxkit/awxkit/cli/format.py index 0277e6869acc..9ca5450785bb 100644 --- a/awxkit/awxkit/cli/format.py +++ b/awxkit/awxkit/cli/format.py @@ -5,6 +5,22 @@ import yaml from awxkit.cli.utils import colored +from awxkit import config + + +def get_config_credentials(): + """Load username and password from config.credentials.default. + + In order to respect configurations from AWXKIT_CREDENTIAL_FILE. + """ + default_username = 'admin' + default_password = 'password' + + if not hasattr(config, 'credentials'): + return default_username, default_password + + default = config.credentials.get('default', {}) + return (default.get('username', default_username), default.get('password', default_password)) def add_authentication_arguments(parser, env): @@ -20,16 +36,20 @@ def add_authentication_arguments(parser, env): help='an OAuth2.0 token (get one by using `awx login`)', metavar='TEXT', ) + + config_username, config_password = get_config_credentials() + # options configured via cli args take higher precedence than those from the config auth.add_argument( '--conf.username', - default=env.get('CONTROLLER_USERNAME', env.get('TOWER_USERNAME', 'admin')), + default=env.get('CONTROLLER_USERNAME', env.get('TOWER_USERNAME', config_username)), metavar='TEXT', ) auth.add_argument( '--conf.password', - default=env.get('CONTROLLER_PASSWORD', env.get('TOWER_PASSWORD', 'password')), + default=env.get('CONTROLLER_PASSWORD', env.get('TOWER_PASSWORD', config_password)), metavar='TEXT', ) + auth.add_argument( '-k', '--conf.insecure', diff --git a/awxkit/test/cli/test_config.py b/awxkit/test/cli/test_config.py index 6998cb88ab07..cbbb6c555c64 100644 --- a/awxkit/test/cli/test_config.py +++ b/awxkit/test/cli/test_config.py @@ -1,3 +1,5 @@ +import os +import json import pytest from requests.exceptions import ConnectionError @@ -49,3 +51,58 @@ def test_config_precedence(): assert config.credentials.default.username == 'mary' assert config.credentials.default.password == 'secret' + + +def test_config_file_precedence(): + """Ignores AWXKIT_CREDENTIAL_FILE if cli args are set""" + os.makedirs('/tmp/awx-test/', exist_ok=True) + with open('/tmp/awx-test/config.json', 'w') as f: + json.dump({'default': {'username': 'IGNORE', 'password': 'IGNORE'}}, f) + + cli = CLI() + cli.parse_args( + ['awx', '--conf.username', 'mary', '--conf.password', 'secret'], + env={ + 'AWXKIT_CREDENTIAL_FILE': '/tmp/awx-test/config.json', + }, + ) + with pytest.raises(ConnectionError): + cli.connect() + + assert config.credentials.default.username == 'mary' + assert config.credentials.default.password == 'secret' + + +def test_config_file_precedence_2(): + """Ignores AWXKIT_CREDENTIAL_FILE if TOWER_* vars are set.""" + os.makedirs('/tmp/awx-test/', exist_ok=True) + with open('/tmp/awx-test/config.json', 'w') as f: + json.dump({'default': {'username': 'IGNORE', 'password': 'IGNORE'}}, f) + + cli = CLI() + cli.parse_args(['awx'], env={'AWXKIT_CREDENTIAL_FILE': '/tmp/awx-test/config.json', 'TOWER_USERNAME': 'mary', 'TOWER_PASSWORD': 'secret'}) + with pytest.raises(ConnectionError): + cli.connect() + + assert config.credentials.default.username == 'mary' + assert config.credentials.default.password == 'secret' + + +def test_config_file(): + """Reads username and password from AWXKIT_CREDENTIAL_FILE.""" + os.makedirs('/tmp/awx-test/', exist_ok=True) + with open('/tmp/awx-test/config.json', 'w') as f: + json.dump({'default': {'username': 'mary', 'password': 'secret'}}, f) + + cli = CLI() + cli.parse_args( + ['awx'], + env={ + 'AWXKIT_CREDENTIAL_FILE': '/tmp/awx-test/config.json', + }, + ) + with pytest.raises(ConnectionError): + cli.connect() + + assert config.credentials.default.username == 'mary' + assert config.credentials.default.password == 'secret'