Add support for ssh_key_unlock

ansible · Aug 27, 2024 · 0a4796b · 0a4796b
1 parent 270c217
commit 0a4796b
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 0 deletions.
diff --git a/config/samples/credentials/tower_v1alpha1_ansiblecredential-ssh.yaml b/config/samples/credentials/tower_v1alpha1_ansiblecredential-ssh.yaml
@@ -10,4 +10,5 @@ spec:
   type: "Machine"
   ssh_username: "cat"
   ssh_secret: my-ssh-secret
+  ssh_key_unlock: my-ssh-secret
   runner_pull_policy: IfNotPresent
diff --git a/roles/credential/templates/job_definition.yml.j2 b/roles/credential/templates/job_definition.yml.j2
@@ -48,6 +48,13 @@ spec:
                   name: "{{ ssh_secret }}"
                   key: id_rsa
 {% endif %}
+{% if ssh_key_unlock is defined and ssh_key_unlock != "" %}
+            - name: SSH_KEY_UNLOCK
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ ssh_secret }}"
+                  key: password
+{% endif %}
 {% if ssh_username is defined and ssh_username != "" %}
             - name: SSH_USERNAME
               value: "{{ ssh_username }}"

diff --git a/roles/job_runner/tasks/credentials.yml b/roles/job_runner/tasks/credentials.yml
@@ -2,6 +2,7 @@
   include_tasks: credentials/create_ssh_credential.yml
   when:
     - lookup('env','SSH_SECRET') != ''
+    - lookup('env','SSH_KEY_UNLOCK') != ''
     - lookup('env','KUBERNETES_BEARER_TOKEN') == ''
     - lookup('env','USERNAME_SECRET') == ''
     - lookup('env','PASSWORD_SECRET') == ''
@@ -12,6 +13,7 @@
   when:
     - lookup('env','KUBERNETES_BEARER_TOKEN') != ''
     - lookup('env','SSH_SECRET') == ''
+    - lookup('env','SSH_KEY_UNLOCK') == ''
     - lookup('env','USERNAME_SECRET') == ''
     - lookup('env','PASSWORD_SECRET') == ''
     - lookup('env','TOKEN_SECRET') == ''
@@ -21,6 +23,7 @@
   when:
     - lookup('env','KUBERNETES_BEARER_TOKEN') == ''
     - lookup('env','SSH_SECRET') == ''
+    - lookup('env','SSH_KEY_UNLOCK') == ''
     - lookup('env','USERNAME_SECRET') != ''
     - lookup('env','PASSWORD_SECRET') != ''
     - lookup('env','TOKEN_SECRET') == ''
@@ -30,6 +33,7 @@
   when:
     - lookup('env','KUBERNETES_BEARER_TOKEN') == ''
     - lookup('env','SSH_SECRET') == ''
+    - lookup('env','SSH_KEY_UNLOCK') == ''
     - lookup('env','USERNAME_SECRET') == ''
     - lookup('env','PASSWORD_SECRET') == ''
     - lookup('env','TOKEN_SECRET') != ''
@@ -38,6 +42,7 @@
   include_tasks: credentials/create_generic_credential.yml
   when:
     - lookup('env','SSH_SECRET') == ''
+    - lookup('env','SSH_KEY_UNLOCK') == ''
     - lookup('env','KUBERNETES_BEARER_TOKEN') == ''
     - lookup('env','USERNAME_SECRET') == ''
     - lookup('env','PASSWORD_SECRET') == ''

diff --git a/roles/job_runner/tasks/credentials/create_ssh_credential.yml b/roles/job_runner/tasks/credentials/create_ssh_credential.yml
@@ -8,6 +8,7 @@
         credential_type: "{{ lookup('env','TYPE') }}"
         inputs:
           ssh_key_data: "{{ lookup('env','SSH_SECRET') }}"
+          ssh_key_unlock: "{{ lookup('env','SSH_KEY_UNLOCK') }}"
           username: "{{ lookup('env','SSH_USERNAME') }}"
         state: present
       register: credentials