foreman_ansible 2.0.2 → 2.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5e5605f307b791042daffaba55f5f392dc4a8b6b
-  data.tar.gz: eeb4d1e7aa6b25ebf1ab9533534332427c8a06ff
+  metadata.gz: 275aa3a16113e61a5eaf4fdaf6dddb0db8ebd40f
+  data.tar.gz: 2926a08f5acb7551b2945bb1662bddd57151daeb
 SHA512:
-  metadata.gz: d9bcb91b7af9c9a525990109cf779a396e41134d077087326f203252dadda87f6eafdf951b66fb650e4b07a9f1ea7609e7798e55f7c4319ee33aee69592aacff
-  data.tar.gz: c271443947d2d76c328af95afc6b729684a00e5086a2cba6066a950b59127cb484adfef88fc081f511c1e3bef0f5c2def8908a8da3d2d478512a9871a7f2aa30
+  metadata.gz: cd4524fc8bb4059abe867a4beea2c62e51e07560792fccbaa5e653ff4f09750451b36a3d5ab314ec873ab55853917302331e18a9c5bc8272653d1cfea3f69eb7
+  data.tar.gz: 746ea0fc1a44d761d323ab2077b0743169e88f00f4f338e50d8efeb4882ce3b7d9f1d6a76d0a9d913d325a26f0f64935031d3b6833419360f98e7cdcb3395b4c

data/app/helpers/foreman_ansible/ansible_plugin_helper.rb

@@ -1,8 +1,12 @@
+require "#{ForemanAnsible::Engine.root}/lib/foreman_ansible/version"
+
 module ForemanAnsible
   # General helper for foreman_ansible
   module AnsiblePluginHelper
     def ansible_doc_url
-      'http://theforeman.org/plugins/foreman_ansible/1.x/index.html'
+      major_version = ::ForemanAnsible::VERSION.split('.')[0]
+      'https://theforeman.org/plugins/foreman_ansible/'\
+        "#{major_version}.x/index.html"
     end
   end
 end

data/app/models/foreman_ansible/ansible_provider.rb

@@ -4,12 +4,16 @@ if defined? ForemanRemoteExecution
     # Read the source of other RemoteExecution providers for more.
     class AnsibleProvider < RemoteExecutionProvider
       class << self
-        def humanized_name
-          'Ansible'
+        def ssh_password(host)
+          host_setting(host, :remote_execution_ssh_password)
+        end
+
+        def ssh_key_passphrase(host)
+          host_setting(host, :remote_execution_ssh_key_passphrase)
         end
 
-        def host_setting(host, setting)
-          host.params[setting.to_s] || Setting[setting]
+        def humanized_name
+          'Ansible'
         end
 
         def proxy_command_options(template_invocation, host)

data/app/models/setting/ansible.rb

@@ -10,41 +10,9 @@ class Setting
       # rubocop:disable BlockLength
       def load_defaults
         return unless super
+        Setting::BLANK_ATTRS.push('ansible_ssh_private_key_file')
         transaction do
           [
-            set(
-              'ansible_port',
-              N_('Use this port to connect to hosts '\
-                 'and run Ansible. You can override this on hosts '\
-                 'by adding a parameter "ansible_port"'),
-              22,
-              N_('Port')
-            ),
-            set(
-              'ansible_user',
-              N_('Foreman will try to connect to hosts as this user by '\
-                 'default when running Ansible playbooks. You can '\
-                 'override this on hosts by adding a parameter '\
-                 '"ansible_user"'),
-              'root',
-              N_('User')
-            ),
-            set(
-              'ansible_become',
-              N_('Foreman will use the sudo command to run roles on hosts '\
-                 'You can override this on hosts by adding a parameter '\
-                 '"ansible_become"'),
-              true,
-              N_('Become')
-            ),
-            set(
-              'ansible_ssh_pass',
-              N_('Use this password by default when running Ansible '\
-                 'playbooks. You can override this on hosts '\
-                 'by adding a parameter "ansible_ssh_pass"'),
-              'ansible',
-              N_('Password')
-            ),
             set(
               'ansible_ssh_private_key_file',
               N_('Use this to supply a path to an SSH Private Key '\
@@ -100,7 +68,6 @@ class Setting
             create(s.update(:category => 'Setting::Ansible'))
           end
         end
-        Setting::BLANK_ATTRS.push('ansible_ssh_private_key_file')
         true
       end
       # rubocop:enable AbcSize

data/app/services/foreman_ansible/inventory_creator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'securerandom'
 module ForemanAnsible
   # Service to list an inventory to be passed to the ansible-playbook binary
@@ -40,10 +42,16 @@ module ForemanAnsible
     end
 
     def connection_params(host)
-      params = ansible_settings.merge ansible_extra_options(host)
-      # Backward compatibility for Ansible 1.x
-      params['ansible_ssh_port'] = params['ansible_port']
-      params['ansible_ssh_user'] = params['ansible_user']
+      # Preference order is:
+      # 1st option: host parameters.
+      #   - If they're set to 'ansible_whatever' we use that over anything else
+      # 2nd option: REX options.
+      #   - both settings, ssh password, effective_user can be used
+      # 3rd option:
+      #   - other settings
+      params = ansible_settings.
+               merge(remote_execution_options(host)).
+               merge(ansible_extra_options(host))
       params
     end
 
@@ -61,8 +69,7 @@ module ForemanAnsible
 
     def ansible_settings
       Hash[
-        %w[port user ssh_pass connection
-           ssh_private_key_file become
+        %w[connection ssh_private_key_file
            winrm_server_cert_validation].map do |setting|
           ["ansible_#{setting}", Setting["ansible_#{setting}"]]
         end
@@ -75,10 +82,50 @@ module ForemanAnsible
       end
     end
 
+    def remote_execution_options(host)
+      params = {
+        'ansible_become' => @template_invocation.effective_user,
+        'ansible_user' => host_setting(host, 'remote_execution_ssh_user'),
+        'ansible_ssh_pass' => rex_ssh_password(host),
+        'ansible_ssh_private_key_file' => ansible_or_rex_ssh_private_key(host),
+        'ansible_port' => host_setting(host, 'remote_execution_ssh_port')
+      }
+      # Backward compatibility for Ansible 1.x
+      params['ansible_ssh_port'] = params['ansible_port']
+      params['ansible_ssh_user'] = params['ansible_user']
+      params
+    end
+
+    def template_inputs(template_invocation)
+      input_values = template_invocation.input_values
+      result = input_values.each_with_object({}) do |input, vars_hash|
+        vars_hash[input.template_input.name] = input.value
+      end
+      result
+    end
+
+    def rex_ssh_password(host)
+      @template_invocation.job_invocation.password ||
+        host_setting(host, 'remote_execution_ssh_password')
+    end
+
+    def ansible_or_rex_ssh_private_key(host)
+      ansible_private_file = host_setting(host, 'ansible_ssh_private_key_file')
+      if !ansible_private_file.empty?
+        ansible_private_file
+      else
+        ForemanRemoteExecutionCore.settings[:ssh_identity_key_file]
+      end
+    end
+
     private
 
     def render_rabl(host, template)
       Rabl.render(host, template, :format => 'hash')
     end
+
+    def host_setting(host, setting)
+      host.params[setting.to_s] || Setting[setting]
+    end
   end
 end

data/app/views/ansible_roles/index.html.erb

@@ -1,6 +1,7 @@
 <% title _("Ansible Roles") %>
 
-<% title_actions ansible_proxy_import(hash_for_import_ansible_roles_path) %>
+<% title_actions ansible_proxy_import(hash_for_import_ansible_roles_path),
+  documentation_button('#4.1ImportingRoles', :root_url => ansible_doc_url) %>
 
 <table class="<%= table_css_classes 'table-fixed' %>">
   <thead>

data/lib/foreman_ansible/version.rb

@@ -2,5 +2,5 @@
 # This way other parts of Foreman can just call ForemanAnsible::VERSION
 # and detect what version the plugin is running.
 module ForemanAnsible
-  VERSION = '2.0.2'.freeze
+  VERSION = '2.0.3'.freeze
 end

data/test/unit/services/inventory_creator_test.rb

@@ -1,11 +1,18 @@
+# frozen_string_literal: true
+
 require 'test_plugin_helper'
 
 module ForemanAnsible
   # Test how the inventory creator service transforms host params into
   # inventory variables and connection options
+  # rubocop:disable ClassLength
   class InventoryCreatorTest < ActiveSupport::TestCase
     setup do
       @host = FactoryBot.build(:host)
+      @template_invocation = OpenStruct.new(
+        :job_invocation => OpenStruct.new(:password => 'foobar'),
+        :effective_user => 'foobar'
+      )
     end
 
     test 'ansible_ parameters get turned into host variables' do
@@ -16,34 +23,135 @@ module ForemanAnsible
         'ansible_user' => 'someone'
       }
       @host.expects(:host_params).returns(extra_options).at_least_once
-      inventory = ForemanAnsible::InventoryCreator.new(@host)
+      inventory = ForemanAnsible::InventoryCreator.new(@host,
+                                                       @template_invocation)
 
       assert_empty extra_options.to_a - inventory.connection_params(@host).to_a
     end
 
     test 'settings are respected if param cannot be found' do
       extra_options = { 'ansible_user' => 'someone', 'ansible_port' => 2000 }
-      Setting.expects(:[]).with('ansible_become').returns(nil).at_least_once
+      Setting.expects(:[]).with('Enable_Smart_Variables_in_ENC').
+        returns(nil).at_least_once
       Setting.expects(:[]).with('ansible_ssh_private_key_file').
         returns(nil).at_least_once
-      Setting.expects(:[]).with('ansible_port').returns(nil).at_least_once
-      Setting.expects(:[]).with('ansible_user').returns(nil).at_least_once
-      Setting.expects(:[]).with('ansible_ssh_pass').
+      Setting.expects(:[]).with('remote_execution_ssh_port').
+        returns(2222).at_least_once
+      Setting.expects(:[]).with('remote_execution_ssh_user').
+        returns('root').at_least_once
+      Setting.expects(:[]).with('remote_execution_ssh_password').
         returns('asafepassword').at_least_once
       Setting.expects(:[]).with('ansible_winrm_server_cert_validation').
         returns(true).at_least_once
       Setting.expects(:[]).with('ansible_connection').
         returns('ssh').at_least_once
       @host.expects(:host_params).returns(extra_options).at_least_once
-      inventory = ForemanAnsible::InventoryCreator.new(@host)
+      @template_invocation.job_invocation.expects(:password).
+        returns(nil).at_least_once
+      inventory = ForemanAnsible::InventoryCreator.new(@host,
+                                                       @template_invocation)
       connection_params = inventory.connection_params(@host)
       assert_empty extra_options.to_a - inventory.connection_params(@host).to_a
+      assert_equal @template_invocation.effective_user,
+                   connection_params['ansible_become']
       assert_equal Setting['ansible_connection'],
                    connection_params['ansible_connection']
-      assert_equal Setting['ansible_ssh_pass'],
+      refute_equal Setting['remote_execution_ssh_user'],
+                   connection_params['ansible_user']
+      assert_equal extra_options['ansible_user'],
+                   connection_params['ansible_user']
+      refute_equal Setting['remote_execution_ssh_port'],
+                   connection_params['ansible_port']
+      assert_equal ForemanRemoteExecutionCore.settings[:ssh_identity_key_file],
+                   connection_params['ansible_ssh_private_key_file']
+      assert_equal extra_options['ansible_port'],
+                   connection_params['ansible_port']
+      assert_equal Setting['remote_execution_ssh_password'],
                    connection_params['ansible_ssh_pass']
       assert_equal Setting['ansible_winrm_server_cert_validation'],
                    connection_params['ansible_winrm_server_cert_validation']
     end
+
+    test 'job invocation ssh password is passed when available' do
+      inventory = ForemanAnsible::InventoryCreator.new(@host,
+                                                       @template_invocation)
+      assert_equal(@template_invocation.job_invocation.password,
+                   inventory.rex_ssh_password(@host))
+    end
+
+    test 'ssh private key is passed when available' do
+      host = FactoryBot.build(:host)
+      path_to_key = '/path/to/private/key'
+      inventory = ForemanAnsible::InventoryCreator.new(host,
+                                                       @template_invocation)
+      host.params.expects(:[]).with('ansible_ssh_private_key_file')
+          .returns(path_to_key)
+      host.params.expects(:[]).with('remote_execution_ssh_user')
+          .returns('root')
+      host.params.expects(:[]).with('remote_execution_ssh_port')
+          .returns('2222')
+      connection_params = inventory.connection_params(host)
+      assert_equal path_to_key,
+                   connection_params['ansible_ssh_private_key_file']
+    end
+
+    test 'template invocation inputs are sent as Ansible variables' do
+      job_template = FactoryBot.build(
+        :job_template,
+        :template => 'service restart {{service_name}}'
+      )
+      job_invocation = FactoryBot.create(:job_invocation)
+      job_template.template_inputs << FactoryBot.build(:template_input,
+                                                       :name => 'service_name',
+                                                       :input_type => 'user',
+                                                       :required => true)
+      template_invocation = FactoryBot.build(:template_invocation,
+                                             :template => job_template,
+                                             :job_invocation => job_invocation)
+      job_invocation.expects(:password).returns(nil).at_least_once
+      input_value = FactoryBot.create(
+        :template_invocation_input_value,
+        :template_invocation => template_invocation,
+        :template_input => job_template.template_inputs.first,
+        :value => 'foreman'
+      )
+      template_invocation.input_values << input_value
+      inventory = ForemanAnsible::InventoryCreator.new([@host],
+                                                       template_invocation)
+      assert_equal({ 'service_name' => 'foreman' },
+                   inventory.to_hash['all']['vars'])
+    end
+
+    context 'top-level parameters sent as variables' do
+      setup do
+        # Fetching the Host parameters requires this Setting, since
+        # this plugin does not provide fixtures
+        Setting.create(:name => 'top_level_ansible_vars',
+                       :description => 'sample description',
+                       :default => true)
+        @template_invocation = OpenStruct.new(
+          :job_invocation => OpenStruct.new(:password => 'foobar'),
+          :input_values => []
+        )
+      end
+
+      test 'parameters are passed as top-level "hostvars" by default' do
+        @host.expects(:host_params).returns('hello' => 'foreman').at_least_once
+        inventory = ForemanAnsible::InventoryCreator.new([@host],
+                                                         @template_invocation)
+        hostvar = inventory.to_hash['_meta']['hostvars'][@host.name]['hello']
+        assert_equal 'foreman', hostvar
+      end
+
+      test 'parameters NOT passed as top-level "hostvars" if false' do
+        Setting['top_level_ansible_vars'] = false
+        @host.expects(:host_params).returns('hello' => 'foreman').at_least_once
+        inventory = ForemanAnsible::InventoryCreator.new([@host],
+                                                         @template_invocation)
+        hostvar = inventory.to_hash['_meta']['hostvars'][@host.name]['hello']
+        refute_equal 'foreman', hostvar
+      end
+    end
   end
+  # rubocop:enable ClassLength
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: foreman_ansible
 version: !ruby/object:Gem::Version
-  version: 2.0.2
+  version: 2.0.3
 platform: ruby
 authors:
 - Daniel Lobato Garcia