mirror of
https://github.com/ZwareBear/awx.git
synced 2026-03-26 18:53:35 -05:00
310a0f88e5
this resolves an issue that causes an endless hang on with Cyberark AIM lookups when a certificate *and* key are specified the underlying issue here is that we can't rely on the underyling Python ssl implementation to *only* read from the fifo that stores the pem data *only once*; in reality, we need to just use *actual* tempfiles for stability purposes see: https://github.com/ansible/awx/issues/6986 see: https://github.com/urllib3/urllib3/issues/1880
46 lines
1.4 KiB
Python
46 lines
1.4 KiB
Python
import os
|
|
import tempfile
|
|
|
|
from collections import namedtuple
|
|
|
|
CredentialPlugin = namedtuple('CredentialPlugin', ['name', 'inputs', 'backend'])
|
|
|
|
|
|
class CertFiles():
|
|
"""
|
|
A context manager used for writing a certificate and (optional) key
|
|
to $TMPDIR, and cleaning up afterwards.
|
|
|
|
This is particularly useful as a shared resource for credential plugins
|
|
that want to pull cert/key data out of the database and persist it
|
|
temporarily to the file system so that it can loaded into the openssl
|
|
certificate chain (generally, for HTTPS requests plugins make via the
|
|
Python requests library)
|
|
|
|
with CertFiles(cert_data, key_data) as cert:
|
|
# cert is string representing a path to the cert or pemfile
|
|
# temporarily written to disk
|
|
requests.post(..., cert=cert)
|
|
"""
|
|
|
|
certfile = None
|
|
|
|
def __init__(self, cert, key=None):
|
|
self.cert = cert
|
|
self.key = key
|
|
|
|
def __enter__(self):
|
|
if not self.cert:
|
|
return None
|
|
self.certfile = tempfile.NamedTemporaryFile('wb', delete=False)
|
|
self.certfile.write(self.cert.encode())
|
|
if self.key:
|
|
self.certfile.write(b'\n')
|
|
self.certfile.write(self.key.encode())
|
|
self.certfile.flush()
|
|
return str(self.certfile.name)
|
|
|
|
def __exit__(self, *args):
|
|
if self.certfile and os.path.exists(self.certfile.name):
|
|
os.remove(self.certfile.name)
|