Use --password-stdin for upload-container-image

This allows us to drop the no_log field, and expose more info to the user. Change-Id: Ib5de193ec285d2a9715d01ca3c7a39da741f03d3 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2020-11-16 20:46:01 -05:00 · 2020-11-16 20:46:01 -05:00 · 345c839db6
parent 777230be59
commit 345c839db6
1 changed files with 18 additions and 2 deletions
--- a/roles/upload-container-image/tasks/push.yaml
+++ b/roles/upload-container-image/tasks/push.yaml
@ -1,6 +1,22 @@
+- name: Create tempfile for password
+  tempfile:
+    state: file
+  register: _password_tmp
+
+- name: Populate tempfile
+  copy:
+    content: "{{ container_registry_credentials[zj_image.registry].password }}"
+    dest: "{{ _password_tmp.path }}"
+    mode: 0600
+
 - name: Log in to registry
-  command: "{{ container_command }} login -u {{ container_registry_credentials[zj_image.registry].username }} -p {{ container_registry_credentials[zj_image.registry].password }} {{ zj_image.registry }}"
-  no_log: true
+  block:
+    - name: Log in to registry
+      shell: "cat {{ _password_tmp.path }} | {{ container_command }} login -u {{ container_registry_credentials[zj_image.registry].username }} --password-stdin {{ zj_image.registry }}"
+
+  always:
+    - name: Remove password from disk
+      command: "shred {{ _password_tmp.path }}"

 - name: Publish images
  block: