From 23b37a72ef60e7d7830321ba65c5e98bf9563232 Mon Sep 17 00:00:00 2001
From: Michael Gugino <mgugino@redhat.com>
Date: Tue, 17 Oct 2017 11:50:21 -0400
Subject: Ensure proper variable templating for skopeo auth credentials

Currently, docker_image_availability.py plugin check is
using the raw strings for variables from task_vars.

This results in any variables that utilized within the
plugin to be un-templated.  For instance, if variable
"x" is set to "{{ y }}" and y is set to "2", one
would expect that x == 2 inside the plugin.  Currently,
the plugin will use the string "{{ y }}" for the value
of x instead of templating the variable.

This commit ensures skopeo registry auth credentials
are templated properly.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1500698
---
 .../openshift_checks/docker_image_availability.py                    | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'roles/openshift_health_checker/openshift_checks/docker_image_availability.py')

diff --git a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py
index 7c8ac78fe..5beb20503 100644
--- a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py
+++ b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py
@@ -61,10 +61,15 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck):
         # for the oreg_url registry there may be credentials specified
         components = self.get_var("oreg_url", default="").split('/')
         self.registries["oreg"] = "" if len(components) < 3 else components[0]
+
+        # Retrieve and template registry credentials, if provided
         self.skopeo_command_creds = ""
         oreg_auth_user = self.get_var('oreg_auth_user', default='')
         oreg_auth_password = self.get_var('oreg_auth_password', default='')
         if oreg_auth_user != '' and oreg_auth_password != '':
+            if self._templar is not None:
+                oreg_auth_user = self._templar.template(oreg_auth_user)
+                oreg_auth_password = self._templar.template(oreg_auth_password)
             self.skopeo_command_creds = "--creds={}:{}".format(quote(oreg_auth_user), quote(oreg_auth_password))
 
         # record whether we could reach a registry or not (and remember results)
-- 
cgit v1.2.3