PTFE-827 setup redhat credentials in startup script (#402)

runner_manager/bin/startup.sh

@@ -3,6 +3,8 @@
 NAME="${RUNNER_NAME}"
 LABELS="${RUNNER_LABELS}"
 JIT_CONFIG="${RUNNER_JIT_CONFIG}"
+REDHAT_USERNAME="${RUNNER_REDHAT_USERNAME}"
+REDHAT_PASSWORD="${RUNNER_REDHAT_PASSWORD}"
 DOWNLOAD_URL="${RUNNER_DOWNLOAD_URL}"
 FILE=${FILE:-$(basename "${DOWNLOAD_URL}")}
 
@@ -30,7 +32,7 @@ if [[ ${LINUX_OS} == "ubuntu" ]]; then
 elif [[ ${LINUX_OS} == "centos" ]] || [[ ${LINUX_OS} == "rocky" ]] || [[ ${LINUX_OS} == "almalinux" ]]; then
 	sudo yum install -y bind-utils yum-utils
 elif [[ ${LINUX_OS} == "rhel" ]]; then
-	sudo bash -c 'cat <<EOF > /etc/systemd/system/redhat_registration.service
+	echo "
 [Unit]
 Description=Redhat registration
 After=network-online.target
@@ -39,13 +41,13 @@ After=network-online.target
 Type=oneshot
 RemainAfterExit=true
 TimeoutStartSec=300
-ExecStart=/sbin/subscription-manager register --username={{ redhat_username }} --password={{ redhat_password }} --auto-attach
+ExecStart=/sbin/subscription-manager register --username=${REDHAT_USERNAME} --password=${REDHAT_PASSWORD} --auto-attach
 TimeoutStopSec=300
 ExecStop=-/sbin/subscription-manager unregister
 
 [Install]
 WantedBy=multi-user.target
-EOF'
+" | sudo tee /etc/systemd/system/redhat_registration.service
 	sudo chmod 600 /etc/systemd/system/redhat_registration.service
 	sudo systemctl daemon-reload
 	sudo systemctl enable redhat_registration.service

runner_manager/models/backend.py

@@ -17,7 +17,7 @@
     TagSpecificationTypeDef,
     TagTypeDef,
 )
-from pydantic import BaseModel
+from pydantic import BaseModel, BaseSettings, SecretStr
 
 from runner_manager.bin import startup_sh
 from runner_manager.models.runner import Runner
@@ -45,12 +45,16 @@ class RunnerEnv(BaseModel):
     RUNNER_JIT_CONFIG: Optional[str] = None
     RUNNER_ORG: Optional[str] = None
     RUNNER_GROUP: Optional[str] = None
+    RUNNER_REDHAT_USERNAME: Optional[str] = None
+    RUNNER_REDHAT_PASSWORD: Optional[str] = None
 
 
-class InstanceConfig(BaseModel):
+class InstanceConfig(BaseSettings):
     """Base class for backend instance configuration."""
 
     startup_script: str = startup_sh.as_posix()
+    redhat_username: Optional[str]
+    redhat_password: Optional[SecretStr]
 
     def runner_env(self, runner: Runner) -> RunnerEnv:
 
@@ -61,6 +65,10 @@ def runner_env(self, runner: Runner) -> RunnerEnv:
             RUNNER_ORG=runner.organization,
             RUNNER_GROUP=runner.runner_group_name,
             RUNNER_DOWNLOAD_URL=runner.download_url,
+            RUNNER_REDHAT_USERNAME=self.redhat_username,
+            RUNNER_REDHAT_PASSWORD=self.redhat_password.get_secret_value()
+            if self.redhat_password
+            else None,
         )
 
     def template_startup(self, runner: Runner) -> str:

tests/unit/backend/test_base.py

@@ -1,5 +1,8 @@
 from redis_om import Migrator
 
+from runner_manager import RunnerGroup
+from runner_manager.models.backend import InstanceConfig
+
 
 def test_backend_create_runner(backend, runner):
     runner = backend.create(runner)
@@ -33,3 +36,31 @@ def test_instance_config_template(backend, runner):
     assert runner.name in template
     assert runner.labels[0].name in template
     assert runner.encoded_jit_config in template
+
+
+def test_setup_redhat_credentials(runner, monkeypatch):
+    monkeypatch.setenv("REDHAT_USERNAME", "username")
+    monkeypatch.setenv("REDHAT_PASSWORD", "password")
+    # Test loading from an InstanceConfig object
+    instance = InstanceConfig()
+    assert instance.redhat_username == "username"
+    assert instance.redhat_password is not None
+    assert instance.redhat_password.get_secret_value() == "password"
+    # Test loading from a runnerGroup object
+    runner_group: RunnerGroup = RunnerGroup(
+        name="test",
+        backend={"name": "base", "instance_config": {}},
+        organization="octo-org",
+        labels=["label"],
+    )
+    assert runner_group.backend.instance_config
+    assert runner_group.backend.instance_config.redhat_username == "username"
+    assert runner_group.backend.instance_config.redhat_password is not None
+    assert (
+        runner_group.backend.instance_config.redhat_password.get_secret_value()
+        == "password"
+    )
+    # Ensure that the template is rendered correctly
+    template = runner_group.backend.instance_config.template_startup(runner)
+    assert 'REDHAT_USERNAME="username"' in template
+    assert 'REDHAT_PASSWORD="password"' in template

tests/unit/models/test_settings.py

@@ -20,6 +20,18 @@ def yaml_data():
         "name": "test-runner-manager",
         "redis_om_url": "redis://localhost:6379/0",
         "github_base_url": "https://github.com",
+        "runner_groups": [
+            {
+                "name": "test",
+                "backend": {
+                    "name": "base",
+                    "config": {},
+                    "instance_config": {},
+                },
+                "organization": "octo-org",
+                "labels": ["label"],
+            }
+        ],
     }
 
 
@@ -57,6 +69,21 @@ def test_yaml_config(config_file, yaml_data):
     assert settings.github_base_url == yaml_data["github_base_url"]
 
 
+def test_redhat_credentials(config_file, monkeypatch):
+    monkeypatch.setenv("REDHAT_USERNAME", "username")
+    monkeypatch.setenv("REDHAT_PASSWORD", "password")
+    settings = Settings()
+    assert (
+        settings.runner_groups[0].backend.instance_config.redhat_username == "username"
+    )
+    assert (
+        settings.runner_groups[
+            0
+        ].backend.instance_config.redhat_password.get_secret_value()
+        == "password"
+    )
+
+
 def test_env_file():
     os.environ["REDIS_OM_URL"] = "redis://localhost:6379/0"
     os.environ["GITHUB_BASE_URL"] = "https://github.com"