foreman_ansible 3.0.9 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Rakefile +1 -1
- data/app/controllers/api/v2/ansible_inventories_controller.rb +50 -0
- data/app/models/ansible_variable.rb +1 -0
- data/app/models/foreman_ansible/ansible_provider.rb +25 -1
- data/app/models/foreman_ansible/fact_name.rb +5 -1
- data/app/models/setting/ansible.rb +81 -88
- data/app/services/foreman_ansible/fact_importer.rb +5 -8
- data/app/services/foreman_ansible/fact_parser.rb +16 -4
- data/app/services/foreman_ansible/inventory_creator.rb +1 -12
- data/app/views/foreman_ansible/job_templates/run_playbook-ansible_default.erb +17 -0
- data/config/routes.rb +1 -2
- data/db/migrate/20190328114657_remove_top_level_ansible_variables_setting.rb +1 -1
- data/db/migrate/20191010074208_remove_ansible_implementation_setting.rb +5 -0
- data/db/seeds.d/75_job_templates.rb +2 -2
- data/lib/foreman_ansible/register.rb +5 -2
- data/lib/foreman_ansible/remote_execution.rb +6 -0
- data/lib/foreman_ansible/version.rb +1 -1
- data/locale/Makefile +7 -0
- data/locale/de/LC_MESSAGES/foreman_ansible.mo +0 -0
- data/locale/de/foreman_ansible.po +1 -1
- data/locale/en/LC_MESSAGES/foreman_ansible.mo +0 -0
- data/locale/en/foreman_ansible.po +1 -1
- data/locale/es/LC_MESSAGES/foreman_ansible.mo +0 -0
- data/locale/es/foreman_ansible.po +1 -1
- data/locale/fr/LC_MESSAGES/foreman_ansible.mo +0 -0
- data/locale/fr/foreman_ansible.po +1 -1
- data/locale/it/LC_MESSAGES/foreman_ansible.mo +0 -0
- data/locale/it/foreman_ansible.po +1 -1
- data/locale/ja/LC_MESSAGES/foreman_ansible.mo +0 -0
- data/locale/ja/foreman_ansible.po +1 -1
- data/locale/ko/LC_MESSAGES/foreman_ansible.mo +0 -0
- data/locale/ko/foreman_ansible.po +1 -1
- data/locale/pt_BR/LC_MESSAGES/foreman_ansible.mo +0 -0
- data/locale/pt_BR/foreman_ansible.po +1 -1
- data/locale/ru/LC_MESSAGES/foreman_ansible.mo +0 -0
- data/locale/ru/foreman_ansible.po +1 -1
- data/locale/zh_CN/LC_MESSAGES/foreman_ansible.mo +0 -0
- data/locale/zh_CN/foreman_ansible.po +1 -1
- data/locale/zh_TW/LC_MESSAGES/foreman_ansible.mo +0 -0
- data/locale/zh_TW/foreman_ansible.po +1 -1
- data/package.json +3 -3
- data/test/unit/ansible_provider_test.rb +16 -0
- data/test/unit/ansible_variable_test.rb +10 -0
- data/test/unit/lib/foreman_ansible_core/ansible_runner_test.rb +51 -0
- data/test/unit/lib/foreman_ansible_core/playbook_runner_test.rb +34 -1
- data/test/unit/services/fact_importer_test.rb +4 -2
- data/test/unit/services/fact_parser_test.rb +57 -4
- data/test/unit/services/inventory_creator_test.rb +10 -25
- data/webpack/__mocks__/foremanReact/common/I18n.js +1 -0
- data/webpack/components/AnsibleRolesSwitcher/AnsibleRolesSwitcher.js +1 -0
- data/webpack/components/AnsibleRolesSwitcher/components/AnsiblePermissionDenied.js +1 -0
- data/webpack/components/AnsibleRolesSwitcher/components/AnsibleRole.js +1 -0
- data/webpack/components/AnsibleRolesSwitcher/components/AssignedRolesList.js +18 -23
- data/webpack/index.js +5 -4
- metadata +15 -11
- data/app/lib/actions/foreman_ansible/helpers/host_common.rb +0 -39
data/config/routes.rb
CHANGED
@@ -8,7 +8,6 @@ Rails.application.routes.draw do
|
|
8
8
|
:defaults => { :apiv => 'v2' },
|
9
9
|
:apiv => /v1|v2/,
|
10
10
|
:constraints => ApiConstraints.new(:version => 2) do
|
11
|
-
|
12
11
|
constraints(:id => %r{[^\/]+}) do
|
13
12
|
resources :hosts, :only => [] do
|
14
13
|
member do
|
@@ -75,7 +74,6 @@ Rails.application.routes.draw do
|
|
75
74
|
:defaults => { :apiv => 'v2' },
|
76
75
|
:apiv => /v1|v2/,
|
77
76
|
:constraints => ApiConstraints.new(:version => 2) do
|
78
|
-
|
79
77
|
resources :ansible_roles, :only => [:show, :index, :destroy] do
|
80
78
|
collection do
|
81
79
|
put :import
|
@@ -99,6 +97,7 @@ Rails.application.routes.draw do
|
|
99
97
|
get :hosts
|
100
98
|
post :hostgroups
|
101
99
|
get :hostgroups
|
100
|
+
post :schedule
|
102
101
|
end
|
103
102
|
end
|
104
103
|
end
|
@@ -20,8 +20,8 @@ User.as_anonymous_admin do
|
|
20
20
|
:default => true,
|
21
21
|
:locked => true,
|
22
22
|
:update => sync)
|
23
|
-
template.organizations = organizations if
|
24
|
-
template.locations = locations if
|
23
|
+
template.organizations = organizations if template.present?
|
24
|
+
template.locations = locations if template.present?
|
25
25
|
end
|
26
26
|
end
|
27
27
|
end
|
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
# rubocop:disable BlockLength
|
4
4
|
Foreman::Plugin.register :foreman_ansible do
|
5
|
-
requires_foreman '>= 1.
|
5
|
+
requires_foreman '>= 1.24'
|
6
6
|
|
7
7
|
security_block :foreman_ansible do
|
8
8
|
permission :play_roles_on_host,
|
@@ -71,6 +71,9 @@ Foreman::Plugin.register :foreman_ansible do
|
|
71
71
|
permission :edit_hostgroups,
|
72
72
|
{ :'api/v2/hostgroups' => [:assign_ansible_roles] },
|
73
73
|
:resource_type => 'Hostgroup'
|
74
|
+
permission :generate_report_templates,
|
75
|
+
{ :'api/v2/ansible_inventories' => [:schedule] },
|
76
|
+
:resource_type => 'ReportTemplate'
|
74
77
|
end
|
75
78
|
|
76
79
|
role 'Ansible Roles Manager',
|
@@ -82,7 +85,7 @@ Foreman::Plugin.register :foreman_ansible do
|
|
82
85
|
:edit_ansible_variables, :destroy_ansible_variables]
|
83
86
|
|
84
87
|
role 'Ansible Tower Inventory Reader',
|
85
|
-
[:view_hosts, :view_hostgroups, :view_facts],
|
88
|
+
[:view_hosts, :view_hostgroups, :view_facts, :generate_report_templates],
|
86
89
|
'Permissions required for the user which is used by Ansible Tower Dynamic Inventory Item'
|
87
90
|
|
88
91
|
add_all_permissions_to_default_roles
|
@@ -30,6 +30,12 @@ module ForemanAnsible
|
|
30
30
|
:provided_inputs => %w[organization_id plan_id],
|
31
31
|
:notification_builder => ForemanAnsible::InsightsNotificationBuilder
|
32
32
|
)
|
33
|
+
RemoteExecutionFeature.register(
|
34
|
+
:ansible_run_playbook,
|
35
|
+
N_('Run playbook'),
|
36
|
+
:description => N_('Run an Ansible playbook against given hosts'),
|
37
|
+
:provided_inputs => %w[playbook]
|
38
|
+
)
|
33
39
|
end
|
34
40
|
end
|
35
41
|
end
|
data/locale/Makefile
CHANGED
@@ -60,3 +60,10 @@ tx-update: tx-pull reset-po $(MOFILES)
|
|
60
60
|
git add ../locale/*/LC_MESSAGES
|
61
61
|
git commit -a --amend -m "i18n - pulling from tx"
|
62
62
|
-echo Changes commited!
|
63
|
+
|
64
|
+
mo-files: $(MOFILES)
|
65
|
+
git add $(POFILES) $(POTFILE) ../locale/*/LC_MESSAGES
|
66
|
+
git commit -m "i18n - pulling from tx"
|
67
|
+
@echo
|
68
|
+
@echo Changes commited!
|
69
|
+
@echo
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
data/package.json
CHANGED
@@ -7,11 +7,11 @@
|
|
7
7
|
"test": "test"
|
8
8
|
},
|
9
9
|
"dependencies": {
|
10
|
-
"@theforeman/vendor": "^
|
10
|
+
"@theforeman/vendor": "^1.7.0",
|
11
11
|
"react-json-tree": "^0.11.0"
|
12
12
|
},
|
13
13
|
"devDependencies": {
|
14
|
-
"@theforeman/vendor-dev": "^
|
14
|
+
"@theforeman/vendor-dev": "^1.7.0",
|
15
15
|
"babel-eslint": "^8.2.1",
|
16
16
|
"babel-plugin-transform-class-properties": "^6.24.1",
|
17
17
|
"babel-plugin-transform-object-assign": "^6.22.0",
|
@@ -38,7 +38,7 @@
|
|
38
38
|
},
|
39
39
|
"scripts": {
|
40
40
|
"test": "node node_modules/.bin/jest webpack",
|
41
|
-
"lint": "
|
41
|
+
"lint": "eslint ./webpack"
|
42
42
|
},
|
43
43
|
"repository": {
|
44
44
|
"type": "git",
|
@@ -29,6 +29,22 @@ class AnsibleProviderTest < ActiveSupport::TestCase
|
|
29
29
|
end
|
30
30
|
end
|
31
31
|
|
32
|
+
context 'when using secrets' do
|
33
|
+
let(:host) { FactoryBot.build(:host) }
|
34
|
+
|
35
|
+
it 'generates secrets properly' do
|
36
|
+
params = {
|
37
|
+
'remote_execution_ssh_password' => 'password',
|
38
|
+
'remote_execution_sudo_password' => 'letmein'
|
39
|
+
}
|
40
|
+
host.expects(:params).twice.returns(params)
|
41
|
+
secrets = ForemanAnsible::AnsibleProvider.secrets(host)
|
42
|
+
host_secrets = secrets['per-host'][host.name]
|
43
|
+
assert_equal host_secrets['ansible_ssh_pass'], 'password'
|
44
|
+
assert_equal host_secrets['ansible_sudo_pass'], 'letmein'
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
32
48
|
def command_options
|
33
49
|
ForemanAnsible::AnsibleProvider.
|
34
50
|
proxy_command_options(template_invocation, dummyhost)
|
@@ -11,4 +11,14 @@ class AnsibleRoleTest < ActiveSupport::TestCase
|
|
11
11
|
subject { AnsibleRole.new(:name => 'foo') }
|
12
12
|
should validate_uniqueness_of(:name)
|
13
13
|
end
|
14
|
+
|
15
|
+
test 'should cast default_value to hash' do
|
16
|
+
variable = FactoryBot.create(
|
17
|
+
:ansible_variable,
|
18
|
+
:key_type => 'hash',
|
19
|
+
:default_value => "{\r\n \"bat\": \"man\"\r\n}\r\n",
|
20
|
+
:override => true
|
21
|
+
)
|
22
|
+
assert variable.default_value.is_a?(Hash)
|
23
|
+
end
|
14
24
|
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'test_helper'
|
4
|
+
|
5
|
+
module ForemanAnsibleCore
|
6
|
+
module Runner
|
7
|
+
class AnsibleRunnerTest < ActiveSupport::TestCase
|
8
|
+
describe AnsibleRunner do
|
9
|
+
it 'parses files without event data' do
|
10
|
+
content = <<~JSON
|
11
|
+
{"uuid": "a29d8592-f805-4d0e-b73d-7a53cc35a92e", "stdout": " [WARNING]: Consider using the yum module rather than running 'yum'. If you", "counter": 8, "end_line": 8, "runner_ident": "e2d9ae11-026a-4f9f-9679-401e4b852ab0", "start_line": 7, "event": "verbose"}
|
12
|
+
JSON
|
13
|
+
|
14
|
+
File.expects(:read).with('fake.json').returns(content)
|
15
|
+
runner = AnsibleRunner.allocate
|
16
|
+
runner.expects(:handle_broadcast_data)
|
17
|
+
assert runner.send(:handle_event_file, 'fake.json')
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
describe '#rebuild_secrets' do
|
22
|
+
let(:inventory) do
|
23
|
+
{ 'all' => { 'hosts' => ['foreman.example.com'] },
|
24
|
+
'_meta' => { 'hostvars' => { 'foreman.example.com' => {} } } }
|
25
|
+
end
|
26
|
+
let(:input) do
|
27
|
+
host_secrets = { 'ansible_ssh_pass' => 'letmein', 'ansible_sudo_pass' => 'iamroot' }
|
28
|
+
secrets = { 'per-host' => { 'foreman.example.com' => host_secrets } }
|
29
|
+
host_input = { 'input' => { 'action_input' => { 'secrets' => secrets } } }
|
30
|
+
{ 'foreman.example.com' => host_input }
|
31
|
+
end
|
32
|
+
let(:runner) { ForemanAnsibleCore::Runner::AnsibleRunner.allocate }
|
33
|
+
|
34
|
+
test 'uses secrets from inventory' do
|
35
|
+
test_inventory = inventory.merge('ssh_password' => 'sshpass', 'sudo_password' => 'sudopass')
|
36
|
+
rebuilt = runner.send(:rebuild_secrets, test_inventory, input)
|
37
|
+
host_vars = rebuilt.dig('_meta', 'hostvars', 'foreman.example.com')
|
38
|
+
assert_equal 'sshpass', host_vars['ansible_ssh_pass']
|
39
|
+
assert_equal 'sudopass', host_vars['ansible_sudo_pass']
|
40
|
+
end
|
41
|
+
|
42
|
+
test 'host secrets are used when not overriden by inventory secrest' do
|
43
|
+
rebuilt = runner.send(:rebuild_secrets, inventory, input)
|
44
|
+
host_vars = rebuilt.dig('_meta', 'hostvars', 'foreman.example.com')
|
45
|
+
assert_equal 'letmein', host_vars['ansible_ssh_pass']
|
46
|
+
assert_equal 'iamroot', host_vars['ansible_sudo_pass']
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
@@ -10,6 +10,7 @@ class PlaybookRunnerTest < ActiveSupport::TestCase
|
|
10
10
|
ForemanAnsibleCore::Runner::Playbook.any_instance.stubs(:unknown_hosts).
|
11
11
|
returns([])
|
12
12
|
File.expects(:exist?).with(Dir.home).returns(true)
|
13
|
+
ForemanAnsibleCore::Runner::Playbook.any_instance.expects(:rebuild_secrets).returns(nil)
|
13
14
|
runner = ForemanAnsibleCore::Runner::Playbook.new(nil, nil, :suspended_action => nil)
|
14
15
|
assert '/etc/ansible', runner.instance_variable_get('@ansible_dir')
|
15
16
|
end
|
@@ -24,6 +25,7 @@ class PlaybookRunnerTest < ActiveSupport::TestCase
|
|
24
25
|
test 'creates temp one if not provided' do
|
25
26
|
Dir.expects(:mktmpdir)
|
26
27
|
File.expects(:exist?).with(Dir.home).returns(true)
|
28
|
+
ForemanAnsibleCore::Runner::Playbook.any_instance.expects(:rebuild_secrets).returns(nil)
|
27
29
|
ForemanAnsibleCore::Runner::Playbook.new(nil, nil, :suspended_action => nil)
|
28
30
|
end
|
29
31
|
|
@@ -32,6 +34,7 @@ class PlaybookRunnerTest < ActiveSupport::TestCase
|
|
32
34
|
ForemanAnsibleCore.expects(:settings).returns(settings)
|
33
35
|
File.expects(:exist?).with(settings[:ansible_dir]).returns(true)
|
34
36
|
Dir.expects(:mktmpdir).never
|
37
|
+
ForemanAnsibleCore::Runner::Playbook.any_instance.expects(:rebuild_secrets).returns(nil)
|
35
38
|
runner = ForemanAnsibleCore::Runner::Playbook.new(nil, nil, :suspended_action => nil)
|
36
39
|
assert '/foo', runner.instance_variable_get('@working_dir')
|
37
40
|
end
|
@@ -39,7 +42,7 @@ class PlaybookRunnerTest < ActiveSupport::TestCase
|
|
39
42
|
|
40
43
|
context 'TOFU policy' do # Trust On First Use
|
41
44
|
setup do
|
42
|
-
@inventory = { 'all' => { 'hosts' => ['foreman.example.com'] } }
|
45
|
+
@inventory = { 'all' => { 'hosts' => ['foreman.example.com'] } }
|
43
46
|
@output = StringIO.new
|
44
47
|
logger = Logger.new(@output)
|
45
48
|
ForemanAnsibleCore::Runner::Playbook.any_instance.stubs(:logger).
|
@@ -51,6 +54,7 @@ class PlaybookRunnerTest < ActiveSupport::TestCase
|
|
51
54
|
with('foreman.example.com').returns(['somekey'])
|
52
55
|
ForemanAnsibleCore::Runner::Playbook.any_instance.
|
53
56
|
expects(:add_to_known_hosts).never
|
57
|
+
ForemanAnsibleCore::Runner::Playbook.any_instance.expects(:rebuild_secrets).returns(@inventory)
|
54
58
|
ForemanAnsibleCore::Runner::Playbook.new(@inventory, nil, :suspended_action => nil)
|
55
59
|
end
|
56
60
|
|
@@ -59,6 +63,7 @@ class PlaybookRunnerTest < ActiveSupport::TestCase
|
|
59
63
|
with('foreman.example.com').returns([])
|
60
64
|
ForemanAnsibleCore::Runner::Playbook.any_instance.
|
61
65
|
expects(:add_to_known_hosts).with('foreman.example.com')
|
66
|
+
ForemanAnsibleCore::Runner::Playbook.any_instance.expects(:rebuild_secrets).returns(@inventory)
|
62
67
|
ForemanAnsibleCore::Runner::Playbook.new(@inventory, nil, :suspended_action => nil)
|
63
68
|
end
|
64
69
|
|
@@ -67,6 +72,7 @@ class PlaybookRunnerTest < ActiveSupport::TestCase
|
|
67
72
|
with('foreman.example.com').returns([])
|
68
73
|
Net::SSH::Transport::Session.expects(:new).with('foreman.example.com').
|
69
74
|
raises(Net::Error)
|
75
|
+
ForemanAnsibleCore::Runner::Playbook.any_instance.expects(:rebuild_secrets).returns(@inventory)
|
70
76
|
ForemanAnsibleCore::Runner::Playbook.new(@inventory, nil, :suspended_action => nil)
|
71
77
|
assert_match(
|
72
78
|
/ERROR.*Failed to save host key for foreman.example.com: Net::Error/,
|
@@ -74,4 +80,31 @@ class PlaybookRunnerTest < ActiveSupport::TestCase
|
|
74
80
|
)
|
75
81
|
end
|
76
82
|
end
|
83
|
+
|
84
|
+
context 'rebuild secrets' do
|
85
|
+
let(:inventory) do
|
86
|
+
{ 'all' => { 'hosts' => ['foreman.example.com'] },
|
87
|
+
'_meta' => { 'hostvars' => { 'foreman.example.com' => {} } } }
|
88
|
+
end
|
89
|
+
let(:secrets) do
|
90
|
+
host_secrets = { 'ansible_ssh_pass' => 'letmein', 'ansible_sudo_pass' => 'iamroot' }
|
91
|
+
{ 'per-host' => { 'foreman.example.com' => host_secrets } }
|
92
|
+
end
|
93
|
+
let(:runner) { ForemanAnsibleCore::Runner::Playbook.allocate }
|
94
|
+
|
95
|
+
test 'uses secrets from inventory' do
|
96
|
+
test_inventory = inventory.merge('ssh_password' => 'sshpass', 'sudo_password' => 'sudopass')
|
97
|
+
rebuilt = runner.send(:rebuild_secrets, test_inventory, secrets)
|
98
|
+
host_vars = rebuilt.dig('_meta', 'hostvars', 'foreman.example.com')
|
99
|
+
assert_equal 'sshpass', host_vars['ansible_ssh_pass']
|
100
|
+
assert_equal 'sudopass', host_vars['ansible_sudo_pass']
|
101
|
+
end
|
102
|
+
|
103
|
+
test 'host secrets are used when not overriden by inventory secrest' do
|
104
|
+
rebuilt = runner.send(:rebuild_secrets, inventory, secrets)
|
105
|
+
host_vars = rebuilt.dig('_meta', 'hostvars', 'foreman.example.com')
|
106
|
+
assert_equal 'letmein', host_vars['ansible_ssh_pass']
|
107
|
+
assert_equal 'iamroot', host_vars['ansible_sudo_pass']
|
108
|
+
end
|
109
|
+
end
|
77
110
|
end
|
@@ -1,5 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require 'test_plugin_helper'
|
4
|
+
|
3
5
|
module ForemanAnsible
|
4
6
|
# Test for the facts importer - only verify that given
|
5
7
|
# a set of facts it's able to import them
|
@@ -18,8 +20,8 @@ module ForemanAnsible
|
|
18
20
|
|
19
21
|
test 'missing_facts returns facts we do not have in the database' do
|
20
22
|
@fact_importer = FactImporter.new(@host, facts_json)
|
21
|
-
@fact_importer.expects(:
|
22
|
-
returns('ansible_cmdline'
|
23
|
+
@fact_importer.expects(:host_fact_names).
|
24
|
+
returns(['ansible_cmdline'])
|
23
25
|
refute @fact_importer.send(:missing_facts).include?('ansible_cmdline')
|
24
26
|
end
|
25
27
|
|