foreman_ansible 1.3.1 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3462919b9025af83ed45745747a68e372c32d513
-  data.tar.gz: ac580f584cbdbbe36805788fe2de9f7ab9b1c186
+  metadata.gz: 840a69169eb96bfdb1a4c9ff9f85bb6cd6ea3b7c
+  data.tar.gz: 1b5f26981963dcdfe6682a97794eb24f2095ff48
 SHA512:
-  metadata.gz: fd6bcb7a20188b49fb6f26ebcba09d3e70439968883511db6b919f0e25d11afc97a2ed745e30036de7f40fcee1998f567c8611e20541c9c561381a00e9111d3c
-  data.tar.gz: 5ff7b8a58b3dbe26db35ce4ebfc31d61c8e3c77b7e734f452cd43385d663e353186e2d4c93fe9f032db669092929219185e12010f30bff758b67662a866291dc
+  metadata.gz: 27d7cb312d1d8b87e61cff2176d52c918132640cc4ba0cf159ad94fcd7771d12bd0a01af74302cb01a7fcfd1c53fd7d20a090097f2368111e93f82b256fd5a46
+  data.tar.gz: 45fdc84cdc1e0396f3e05976e9c40eb0a53af3561ea583fdaf64a3652fb4e9c8171aacc1271a65bbbbb7db13d580f95dcae6a837f6b3ab423169f8d55c8f17d5

data/app/controllers/api/v2/ansible_roles_controller.rb

@@ -10,8 +10,7 @@ module Api
 
       api :GET, '/ansible/ansible_roles/:id', N_('Show role')
       param :id, :identifier, :required => true
-      def show
-      end
+      def show; end
 
       api :GET, '/ansible/ansible_roles', N_('List Ansible roles')
       param_group :search_and_pagination, ::Api::V2::BaseController

data/app/controllers/foreman_ansible/api/v2/hostgroups_controller_extensions.rb

@@ -0,0 +1,76 @@
+module ForemanAnsible
+  module Api
+    module V2
+      # Extends the hostgroups controller to support playing ansible roles
+      module HostgroupsControllerExtensions
+        extend ActiveSupport::Concern
+        include ForemanTasks::Triggers
+
+        # Included blocks shouldn't be bound by length, as otherwise concerns
+        # cannot extend the method properly.
+        # rubocop:disable BlockLength
+        included do
+          api :POST, '/hostgroups/play_roles',
+              N_('Plays Ansible roles on hostgroups')
+          param :id, Array, :required => true
+
+          def play_roles
+            find_resource
+
+            @result = {
+              :hostgroup => @hostgroup, :foreman_tasks => async_task(
+                ::Actions::ForemanAnsible::PlayHostgroupRoles, @hostgroup
+              )
+            }
+
+            render_message @result
+          end
+
+          api :POST, '/hostgroups/play_roles',
+              N_('Plays Ansible roles on hostgroups')
+          param :id, Array, :required => true
+
+          def multiple_play_roles
+            find_multiple
+
+            @result = []
+
+            @hostgroups.uniq.each do |hostgroup|
+              @result.append(
+                :hostgroup => hostgroup, :foreman_tasks => async_task(
+                  ::Actions::ForemanAnsible::PlayHostgroupRoles, hostgroup
+                )
+              )
+            end
+
+            render_message @result
+          end
+        end
+
+        private
+
+        def find_multiple
+          hostgroup_ids = params.fetch(:hostgroup_ids, [])
+          hostgroup_names = params.fetch(:hostgroup_names, [])
+
+          @hostgroups = []
+          hostgroup_ids.uniq.each do |hostgroup_id|
+            @hostgroups.append(Hostgroup.find(hostgroup_id))
+          end
+          hostgroup_names.uniq.each do |hostgroup_name|
+            @hostgroups.append(Hostgroup.find_by(:name => hostgroup_name))
+          end
+        end
+
+        def action_permission
+          case params[:action]
+          when 'play_roles'
+            :view
+          else
+            super
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/foreman_ansible/api/v2/hosts_controller_extensions.rb

@@ -0,0 +1,54 @@
+module ForemanAnsible
+  module Api
+    module V2
+      # Extends the hosts controller to support playing ansible roles
+      module HostsControllerExtensions
+        extend ActiveSupport::Concern
+        include ForemanTasks::Triggers
+
+        included do
+          api :POST, '/hosts/:id/play_roles', N_('Plays Ansible roles on hosts')
+          param :id, String, :required => true
+
+          def play_roles
+            @result = {
+              :host => @host, :foreman_tasks => async_task(
+                ::Actions::ForemanAnsible::PlayHostRoles, @host
+              )
+            }
+
+            render_message @result
+          end
+
+          api :POST, '/hosts/play_roles', N_('Plays Ansible roles on hosts')
+          param :id, Array, :required => true
+
+          def multiple_play_roles
+            @result = []
+
+            @host.each do |item|
+              @result.append(
+                :host => item, :foreman_tasks => async_task(
+                  ::Actions::ForemanAnsible::PlayHostRoles, item
+                )
+              )
+            end
+
+            render_message @result
+          end
+        end
+
+        private
+
+        def action_permission
+          case params[:action]
+          when 'play_roles', 'multiple_play_roles'
+            :view
+          else
+            super
+          end
+        end
+      end
+    end
+  end
+end

data/app/controllers/foreman_ansible/concerns/hostgroups_controller_extensions.rb

@@ -0,0 +1,32 @@
+module ForemanAnsible
+  module Concerns
+    # Extra methods to enforce Ansible roles on a host or multiple hosts
+    module HostgroupsControllerExtensions
+      extend ActiveSupport::Concern
+      include ForemanTasks::Triggers
+
+      def play_roles
+        find_resource
+        task = async_task(
+          ::Actions::ForemanAnsible::PlayHostgroupRoles,
+          @hostgroup
+        )
+        redirect_to task
+      rescue Foreman::Exception => e
+        error e.message
+        redirect_to hostgroups_path
+      end
+
+      private
+
+      def action_permission
+        case params[:action]
+        when 'play_roles'
+          :view
+        else
+          super
+        end
+      end
+    end
+  end
+end

data/app/helpers/foreman_ansible/hosts_helper_extensions.rb

@@ -8,14 +8,27 @@ module ForemanAnsible
       alias_method_chain(:multiple_actions, :run_ansible_roles)
     end
 
-    def host_title_actions_with_run_ansible_roles(*args)
-      button = link_to(
+    def ansible_roles_present?(host)
+      host.ansible_roles.present? ||
+        host.inherited_ansible_roles.present?
+    end
+
+    def ansible_roles_button(host)
+      link_to(
         icon_text('play', ' ' + _('Ansible roles'), :kind => 'fa'),
-        play_roles_host_path(:id => args.first.id),
+        play_roles_host_path(:id => host.id),
         :id => :ansible_roles_button,
-        :class => 'btn btn-default'
+        :class => 'btn btn-default',
+        :'data-no-turbolink' => true
       )
-      title_actions(button_group(button)) if args.first.ansible_roles.present?
+    end
+
+    def host_title_actions_with_run_ansible_roles(*args)
+      host = args.first
+      if ansible_roles_present?(host)
+        button = ansible_roles_button(host)
+        title_actions(button_group(button))
+      end
       host_title_actions_without_run_ansible_roles(*args)
     end
 

data/app/lib/actions/foreman_ansible/helpers/host_common.rb

@@ -0,0 +1,41 @@
+module Actions
+  module ForemanAnsible
+    module Helpers
+      # Shared task methods between hostgroup and host roles actions
+      module HostCommon
+        def finalize
+          return unless delegated_output[:exit_status].to_s != '0'
+          error! _('Playbook execution failed')
+        end
+
+        def rescue_strategy
+          ::Dynflow::Action::Rescue::Fail
+        end
+
+        def humanized_name
+          _('Play Ansible roles')
+        end
+
+        def humanized_output
+          continuous_output.humanize
+        end
+
+        def continuous_output_providers
+          super << self
+        end
+
+        def fill_continuous_output(continuous_output)
+          delegated_output.fetch('result', []).each do |raw_output|
+            continuous_output.add_raw_output(raw_output)
+          end
+        rescue => e
+          continuous_output.add_exception(_('Error loading data from proxy'), e)
+        end
+
+        def find_options
+          { :verbosity_level => Setting[:ansible_verbosity] }
+        end
+      end
+    end
+  end
+end

data/app/lib/actions/foreman_ansible/helpers/play_roles_description.rb

@@ -0,0 +1,19 @@
+module Actions
+  module ForemanAnsible
+    module Helpers
+      # Returns the name of the proxy running the specified action, or Foreman
+      # if it's the one running the action instead.
+      module PlayRolesDescription
+        def running_proxy_name
+          proxy = input.fetch(:host, {})[:proxy_used]
+          proxy ||= input.fetch(:hostgroup, {})[:proxy_used]
+          if [:not_defined, 'Foreman'].include? proxy
+            _('Foreman')
+          else
+            proxy
+          end
+        end
+      end
+    end
+  end
+end

data/app/lib/actions/foreman_ansible/play_host_roles.rb

@@ -1,55 +1,42 @@
 module Actions
   module ForemanAnsible
-    # Actions that initiaztes the playbook run for roles assigned to
-    # the host. It doest that either locally or via a proxy when available.
+    # Action that initiates the playbook run for roles assigned to
+    # the host. It does that either locally or via a proxy when available.
     class PlayHostRoles < Actions::EntryAction
       include ::Actions::Helpers::WithContinuousOutput
       include ::Actions::Helpers::WithDelegatedAction
+      include Helpers::PlayRolesDescription
+      include Helpers::HostCommon
 
-      def plan(host, proxy_selector = ::ForemanAnsible::ProxySelector.new)
-        input[:host] = { :id => host.id, :name => host.fqdn }
-        proxy = proxy_selector.determine_proxy(host)
-        inventory_creator = ::ForemanAnsible::InventoryCreator.new([host])
+      def plan(host, proxy_selector = ::ForemanAnsible::ProxySelector.new,
+               options = {})
+        proxy = find_host_and_proxy(host, proxy_selector)
         role_names = host.all_ansible_roles.map(&:name)
+        inventory_creator = ::ForemanAnsible::InventoryCreator.new([host])
         playbook_creator = ::ForemanAnsible::PlaybookCreator.new(role_names)
-        plan_delegated_action(proxy, ::ForemanAnsibleCore::Actions::RunPlaybook,
+        plan_delegated_action(proxy,
+                              ::ForemanAnsibleCore::Actions::RunPlaybook,
                               :inventory => inventory_creator.to_hash.to_json,
-                              :playbook => playbook_creator.roles_playbook)
+                              :playbook => playbook_creator.roles_playbook,
+                              :options => find_options.merge(options))
         plan_self
       end
 
-      def finalize
-        if delegated_output[:exit_status].to_s != '0'
-          error! _('Playbook execution failed')
-        end
-      end
-
-      def rescue_strategy
-        ::Dynflow::Action::Rescue::Fail
-      end
-
       def humanized_input
-        _('on host %{name}') % { :name => input.fetch(:host, {})[:name] }
+        _('on host %{name} through %{proxy}') % {
+          :name => input.fetch(:host, {})[:name],
+          :proxy => running_proxy_name
+        }
       end
 
-      def humanized_name
-        _('Play Ansible roles')
-      end
-
-      def humanized_output
-        continuous_output.humanize
-      end
+      private
 
-      def continuous_output_providers
-        super << self
-      end
-
-      def fill_continuous_output(continuous_output)
-        delegated_output.fetch('result', []).each do |raw_output|
-          continuous_output.add_raw_output(raw_output)
-        end
-      rescue => e
-        continuous_output.add_exception(_('Error loading data from proxy'), e)
+      def find_host_and_proxy(host, proxy_selector)
+        proxy = proxy_selector.determine_proxy(host)
+        input[:host] = { :id => host.id,
+                         :name => host.fqdn,
+                         :proxy_used => proxy.try(:name) || :not_defined }
+        proxy
       end
     end
   end

data/app/lib/actions/foreman_ansible/play_hostgroup_roles.rb

@@ -0,0 +1,57 @@
+module Actions
+  module ForemanAnsible
+    # Action that initiates the playbook run for roles assigned to
+    # the hostgroup. It does that either locally or via a proxy when available.
+    class PlayHostgroupRoles < Actions::EntryAction
+      include ::Actions::Helpers::WithContinuousOutput
+      include ::Actions::Helpers::WithDelegatedAction
+      include Helpers::PlayRolesDescription
+      include Helpers::HostCommon
+
+      def plan(hostgroup, proxy_selector = ::ForemanAnsible::ProxySelector.new,
+               options = {})
+        proxy = find_hostgroup_and_proxy(hostgroup, proxy_selector)
+        inventory_creator = ::ForemanAnsible::
+          InventoryCreator.new(hostgroup.hosts)
+        playbook_creator = ::ForemanAnsible::
+          PlaybookCreator.new(hostgroup_ansible_roles(hostgroup))
+        plan_delegated_action(proxy, ::ForemanAnsibleCore::Actions::RunPlaybook,
+                              :inventory => inventory_creator.to_hash.to_json,
+                              :playbook => playbook_creator.roles_playbook,
+                              :options => find_options.merge(options))
+        plan_self
+      end
+
+      def humanized_input
+        _('on host group %{name} through proxy %{proxy}') % {
+          :name => input.fetch(:hostgroup, {})[:name],
+          :proxy => running_proxy_name
+        }
+      end
+
+      private
+
+      def hostgroup_ansible_roles(hostgroup)
+        role_names = []
+        hostgroup.hostgroup_ansible_roles.each do |ansible_role|
+          role_names.append(ansible_role.ansible_role_name)
+        end
+        role_names
+      end
+
+      def hostgroup_contains_hosts(hostgroup)
+        return unless hostgroup.hosts.empty?
+        raise ::Foreman::Exception.new(N_('host group is empty'))
+      end
+
+      def find_hostgroup_and_proxy(hostgroup, proxy_selector)
+        hostgroup_contains_hosts(hostgroup)
+        proxy = proxy_selector.determine_proxy(hostgroup.hosts[0])
+        input[:hostgroup] = { :id => hostgroup.id,
+                              :name => hostgroup.name,
+                              :proxy_used => proxy.try(:name) || :not_defined }
+        proxy
+      end
+    end
+  end
+end

data/app/models/concerns/foreman_ansible/host_managed_extensions.rb

@@ -7,12 +7,25 @@ module ForemanAnsible
       has_many :host_ansible_roles, :foreign_key => :host_id
       has_many :ansible_roles, :through => :host_ansible_roles,
                                :dependent => :destroy
+      before_provision :play_ansible_roles
       include ForemanAnsible::HasManyAnsibleRoles
 
       def inherited_ansible_roles
         return [] unless hostgroup
         hostgroup.all_ansible_roles
       end
+
+      def play_ansible_roles
+        return unless ansible_roles.present? || inherited_ansible_roles.present?
+        task = ::ForemanTasks.async_task(
+          ::Actions::ForemanAnsible::PlayHostRoles,
+          self,
+          ::ForemanAnsible::ProxySelector.new,
+          :timeout => Setting['ansible_post_provision_timeout']
+        )
+        logger.info("Task for Ansible roles on #{self} before_provision: "\
+                    "#{Rails.application.routes.url_helpers.task_path(task)}.")
+      end
     end
   end
 end

data/app/models/setting/ansible.rb

@@ -1,18 +1,85 @@
-class Setting::Ansible < ::Setting
-  def self.load_defaults
-    return unless super
-    self.transaction do
-      [
-        self.set('ansible_port', N_('Foreman will use this port to ssh into hosts for running playbooks'), 22, N_('Default port')),
-        self.set('ansible_user', N_('Foreman will try to connect as this user to hosts when running Ansible playbooks.'), 'root', N_('Default user')),
-        self.set('ansible_ssh_pass', N_('Foreman will use this password when running Ansible playbooks.'), 'ansible', N_('Default password'))
-      ].compact.each { |s| self.create s.update(:category => 'Setting::Ansible') }
-    end
+class Setting
+  # Provide settings related with Ansible
+  class Ansible < ::Setting
+    class << self
+      # It would be more disadvantages than advantages to split up
+      # load_defaults into multiple methods, this way it's already very
+      # manageable.
+      # rubocop:disable AbcSize
+      # rubocop:disable MethodLength
+      # rubocop:disable BlockLength
+      def load_defaults
+        return unless super
+        transaction do
+          [
+            set(
+              'ansible_port',
+              N_('Use this port to connect to hosts '\
+                 'and run Ansible. You can override this on hosts'\
+                ' by adding a parameter "ansible_port"'),
+              22,
+              N_('Port')
+            ),
+            set(
+              'ansible_user',
+              N_('Foreman will try to connect to hosts as this user by default'\
+                 ' when running Ansible playbooks. You can override this '\
+                 ' on hosts by adding a parameter "ansible_user"'),
+              'root',
+              N_('User')
+            ),
+            set(
+              'ansible_ssh_pass',
+              N_('Use this password by default when running Ansible '\
+                 'playbooks. You can override this on hosts '\
+                 'by adding a parameter "ansible_ssh_pass"'),
+              'ansible',
+              N_('Password')
+            ),
+            set(
+              'ansible_connection',
+              N_('Use this connection type by default when running '\
+                 'Ansible playbooks. You can override this on hosts by '\
+                 'adding a parameter "ansible_connection"'),
+              'ssh',
+              N_('Connection type')
+            ),
+            set(
+              'ansible_winrm_server_cert_validation',
+              N_('Enable/disable WinRM server certificate '\
+                 'validation when running Ansible playbooks. You can override '\
+                 'this on hosts by adding a parameter '\
+                 '"ansible_winrm_server_cert_validation"'),
+              'validate',
+              N_('WinRM cert Validation')
+            ),
+            set(
+              'ansible_verbosity',
+              N_('Foreman will add the this level of verbosity for '\
+                 'additional debugging output when running Ansible playbooks.'),
+              '0',
+              N_('Default verbosity level')
+            ),
+            set(
+              'ansible_post_provision_timeout',
+              N_('Timeout (in seconds) to set when Foreman will trigger a '\
+                 'play Ansible roles task after a host is fully provisioned. '\
+                 'Set this to the maximum time you expect a host to take until'\
+                 ' it is ready after a reboot.'),
+              '360',
+              N_('Post-provision timeout')
+            )
+          ].compact.each do |s|
+            create(s.update(:category => 'Setting::Ansible'))
+          end
+        end
 
-    true
-  end
+        true
+      end
 
-  def self.humanized_category
-    N_('Ansible')
+      def humanized_category
+        N_('Ansible')
+      end
+    end
   end
 end

data/app/overrides/hostgroup_play_roles.rb

@@ -0,0 +1,7 @@
+# Displays Ansible roles button in host group action buttons
+Deface::Override.new(
+  :virtual_path => 'hostgroups/index',
+  :name => 'hostgroup_ansible_roles_button',
+  :replace => "erb[loud]:contains('action_buttons')",
+  :partial => 'foreman_ansible/ansible_roles/hostgroup_ansible_roles_button'
+)

data/app/services/foreman_ansible/fact_parser.rb

@@ -49,7 +49,7 @@ module ForemanAnsible
       if pref.present?
         (facts[:ansible_interfaces] - [pref]).unshift(pref)
       else
-        (facts[:ansible_interfaces].sort unless facts[:ansible_interfaces].nil?) || []
+        ansible_interfaces
       end
     end
 
@@ -64,6 +64,11 @@ module ForemanAnsible
 
     private
 
+    def ansible_interfaces
+      return [] unless facts[:ansible_interfaces].present?
+      facts[:ansible_interfaces].sort
+    end
+
     def ip_from_interface(interface)
       return unless facts[:"ansible_#{interface}"]['ipv4'].present?
       facts[:"ansible_#{interface}"]['ipv4']['address']

data/app/services/foreman_ansible/inventory_creator.rb

@@ -38,15 +38,25 @@ module ForemanAnsible
       params = {
         'ansible_port' => host_port(host),
         'ansible_user' => host_user(host),
-        'ansible_ssh_pass' => host_ssh_pass(host)
+        'ansible_ssh_pass' => host_ssh_pass(host),
+        'ansible_connection' => connection_type(host),
+        'ansible_winrm_server_cert_validation' => winrm_cert_validation(host)
       }
-
-      #Backward compatibility for Ansible 1.x
+      # Backward compatibility for Ansible 1.x
       params['ansible_ssh_port'] = params['ansible_port']
       params['ansible_ssh_user'] = params['ansible_user']
       params
     end
 
+    def winrm_cert_validation(host)
+      host.host_params['ansible_winrm_server_cert_validation'] ||
+        Setting['ansible_winrm_server_cert_validation']
+    end
+
+    def connection_type(host)
+      host.host_params['ansible_connection'] || Setting['ansible_connection']
+    end
+
     def host_roles(host)
       host.all_ansible_roles.map(&:name)
     end

data/app/services/foreman_ansible/proxy_selector.rb

@@ -8,6 +8,14 @@ module ForemanAnsible
       proxies
     end
 
+    def determine_proxy(*args)
+      result = super
+      return result unless result == :not_available
+      # Always run roles in some way, even if there are no proxies, Foreman
+      # should take that role in that case.
+      :not_defined
+    end
+
     private
 
     def proxy_scope(host)

data/app/views/foreman_ansible/ansible_roles/_hostgroup_ansible_roles_button.erb

@@ -0,0 +1,14 @@
+<%=
+if hostgroup.all_ansible_roles.empty?
+  action_buttons(
+              display_link_if_authorized(_('Nest'),    hash_for_nest_hostgroup_path(:id => hostgroup)),
+              display_link_if_authorized(_('Clone'),   hash_for_clone_hostgroup_path(:id => hostgroup)),
+              display_delete_if_authorized(hash_for_hostgroup_path(:id => hostgroup).merge(:auth_object => hostgroup, :authorizer => authorizer), :data => { :confirm => warning_message(hostgroup) }))
+else
+  action_buttons(
+              display_link_if_authorized(_('Nest'),    hash_for_nest_hostgroup_path(:id => hostgroup)),
+              display_link_if_authorized(_('Clone'),   hash_for_clone_hostgroup_path(:id => hostgroup)),
+              display_link_if_authorized(_('Play Roles'),   hash_for_play_roles_hostgroup_path(:id => hostgroup),   :'data-no-turbolink' => true),
+              display_delete_if_authorized(hash_for_hostgroup_path(:id => hostgroup).merge(:auth_object => hostgroup, :authorizer => authorizer), :data => { :confirm => warning_message(hostgroup) }))
+end
+%>

data/app/views/foreman_ansible/ansible_roles/_select_tab_content.html.erb

@@ -1,6 +1,16 @@
 <div class='tab-pane' id='ansible_roles'>
-  <%= multiple_selects(f, :ansible_roles, AnsibleRole, f.object.all_ansible_roles.map(&:id),
-                           {:disabled => f.object.inherited_ansible_roles.map(&:id),
-                            :label => _('Available roles')},
-                           { 'data-inheriteds' => f.object.inherited_ansible_roles.map(&:id).to_json }) %>
+  <%= multiple_selects(
+    f,
+    :ansible_roles,
+    AnsibleRole,
+    f.object.all_ansible_roles.map(&:id),
+    {
+      :disabled => f.object.inherited_ansible_roles.map(&:id),
+      :label => _('Available roles'),
+      :help_inline => popover('' ,
+          _('This list of roles will be applied when the host finishes '\
+            'provisioning. Users can also play these roles through the API '\
+            'or by clicking on the Play Roles button on the Host page '))
+    },
+    { 'data-inheriteds' => f.object.inherited_ansible_roles.map(&:id).to_json }) %>
 </div>

data/config/routes.rb

@@ -9,6 +9,11 @@ Rails.application.routes.draw do
           get :multiple_play_roles
         end
       end
+      resources :hostgroups, :only => [] do
+        member do
+          get :play_roles
+        end
+      end
     end
 
     resources :ansible_roles, :only => [:index, :destroy] do
@@ -25,6 +30,26 @@ Rails.application.routes.draw do
             :apiv        => /v1|v2/,
             :constraints => ApiConstraints.new(:version => 2) do
 
+        constraints(:id => %r{[^\/]+}) do
+          resources :hosts, :only => [] do
+            member do
+              post :play_roles
+            end
+            collection do
+              post :multiple_play_roles
+            end
+          end
+
+          resources :hostgroups, :only => [] do
+            member do
+              post :play_roles
+            end
+            collection do
+              post :multiple_play_roles
+            end
+          end
+        end
+
         resources :ansible_roles, :only => [:show, :index, :destroy] do
           collection do
             put :import

data/lib/foreman_ansible/engine.rb

@@ -35,9 +35,16 @@ module ForemanAnsible
         requires_foreman '>= 1.12'
 
         security_block :foreman_ansible do
-          permission :play_roles,
-                     { :hosts => [:play_roles, :multiple_play_roles] },
+          permission :play_roles_on_host,
+                     { :hosts => [:play_roles, :multiple_play_roles],
+                       :'api/v2/hosts' => [:play_roles,
+                                           :multiple_play_roles] },
                      :resource_type => 'Host'
+          permission :play_roles_on_hostgroup,
+                     { :hostgroups => [:play_roles],
+                       :'api/v2/hostgroups' => [:play_roles,
+                                                :multiple_play_roles] },
+                     :resource_type => 'Hostgroup'
           permission :view_ansible_roles,
                      { :ansible_roles => [:index],
                        :'api/v2/ansible_roles' => [:index, :show] },
@@ -53,7 +60,8 @@ module ForemanAnsible
         end
 
         role 'Ansible Roles Manager',
-             [:play_roles, :view_ansible_roles, :destroy_ansible_roles,
+             [:play_roles_on_host, :play_roles_on_hostgroup,
+              :view_ansible_roles, :destroy_ansible_roles,
               :import_ansible_roles]
 
         role_assignment_params = { :ansible_role_ids => [],
@@ -113,6 +121,15 @@ module ForemanAnsible
         ::HostsController.send(
           :include, ForemanAnsible::Concerns::HostsControllerExtensions
         )
+        ::Api::V2::HostsController.send(
+          :include, ForemanAnsible::Api::V2::HostsControllerExtensions
+        )
+        ::HostgroupsController.send(
+          :include, ForemanAnsible::Concerns::HostgroupsControllerExtensions
+        )
+        ::Api::V2::HostgroupsController.send(
+          :include, ForemanAnsible::Api::V2::HostgroupsControllerExtensions
+        )
       rescue => e
         Rails.logger.warn "Foreman Ansible: skipping engine hook (#{e})"
       end

data/lib/foreman_ansible/version.rb

@@ -2,5 +2,5 @@
 # This way other parts of Foreman can just call ForemanAnsible::VERSION
 # and detect what version the plugin is running.
 module ForemanAnsible
-  VERSION = '1.3.1'.freeze
+  VERSION = '1.4.0'.freeze
 end

data/test/functional/api/v2/hostgroups_controller_test.rb

@@ -0,0 +1,49 @@
+require 'test_plugin_helper'
+
+module Api
+  module V2
+    class HostgroupsControllerTest < ActionController::TestCase
+      include ::Dynflow::Testing
+
+      setup do
+        @host1 = FactoryGirl.create(:host, :with_hostgroup)
+        @host2 = FactoryGirl.create(:host, :with_hostgroup)
+      end
+
+      after do
+        ::ForemanTasks::Task::DynflowTask.all.each do |task|
+          task.destroy
+          task.delete
+        end
+      end
+
+      test 'should return an not_found due to non-existent host_id' do
+        post :play_roles, :id => 'non-existent'
+        response = JSON.parse(@response.body)
+        refute_empty response
+        assert_response :not_found
+      end
+
+      test 'should trigger task on host group' do
+        post :play_roles, :id => @host1.hostgroup.id
+        response = JSON.parse(@response.body)
+
+        assert response['message']['foreman_tasks'].key?('id'),
+               'task id not contained in response'
+        assert_equal response['message']['hostgroup']['name'],
+                     @host1.hostgroup.name,
+                     'host group name not contained in response'
+        assert_response :success
+      end
+
+      test 'should trigger two host group tasks' do
+        post :multiple_play_roles,
+             :hostgroup_names => [@host1.hostgroup.name, @host2.hostgroup.name]
+        response = JSON.parse(@response.body)
+
+        assert response['message'].length == 2, 'should trigger two tasks'
+        assert_response :success
+      end
+    end
+  end
+end

data/test/functional/api/v2/hosts_controller_test.rb

@@ -0,0 +1,48 @@
+require 'test_plugin_helper'
+
+module Api
+  module V2
+    class HostsControllerTest < ActionController::TestCase
+      include ::Dynflow::Testing
+
+      setup do
+        @host1 = FactoryGirl.create(:host)
+        @host2 = FactoryGirl.create(:host)
+      end
+
+      after do
+        ::ForemanTasks::Task::DynflowTask.all.each do |task|
+          task.destroy
+          task.delete
+        end
+      end
+
+      test 'should return an not_found due to non-existent host_id' do
+        post :play_roles, :id => 'non-existent'
+        response = JSON.parse(@response.body)
+        refute_empty response
+        assert_response :not_found
+      end
+
+      test 'should trigger task on host' do
+        post :play_roles, :id => @host1.id
+        response = JSON.parse(@response.body)
+
+        assert response['message']['foreman_tasks'].key?('id'),
+               'task id not contained in response'
+        assert_equal response['message']['host']['name'],
+                     @host1.name,
+                     'host name not contained in response'
+        assert_response :success
+      end
+
+      test 'should trigger two host tasks' do
+        post :multiple_play_roles, :id => [@host1.id, @host2.id]
+        response = JSON.parse(@response.body)
+
+        assert response['message'].length == 2, 'should trigger two tasks'
+        assert_response :success
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_ansible
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.4.0
 platform: ruby
 authors:
 - Daniel Lobato Garcia
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-12-19 00:00:00.000000000 Z
+date: 2017-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
@@ -93,12 +93,18 @@ files:
 - app/assets/images/Ansible.png
 - app/controllers/ansible_roles_controller.rb
 - app/controllers/api/v2/ansible_roles_controller.rb
+- app/controllers/foreman_ansible/api/v2/hostgroups_controller_extensions.rb
+- app/controllers/foreman_ansible/api/v2/hosts_controller_extensions.rb
+- app/controllers/foreman_ansible/concerns/hostgroups_controller_extensions.rb
 - app/controllers/foreman_ansible/concerns/hosts_controller_extensions.rb
 - app/helpers/foreman_ansible/ansible_plugin_helper.rb
 - app/helpers/foreman_ansible/ansible_reports_helper.rb
 - app/helpers/foreman_ansible/ansible_roles_helper.rb
 - app/helpers/foreman_ansible/hosts_helper_extensions.rb
+- app/lib/actions/foreman_ansible/helpers/host_common.rb
+- app/lib/actions/foreman_ansible/helpers/play_roles_description.rb
 - app/lib/actions/foreman_ansible/play_host_roles.rb
+- app/lib/actions/foreman_ansible/play_hostgroup_roles.rb
 - app/lib/actions/foreman_ansible/play_hosts_roles.rb
 - app/lib/proxy_api/ansible.rb
 - app/models/ansible_role.rb
@@ -111,6 +117,7 @@ files:
 - app/models/setting/ansible.rb
 - app/overrides/ansible_roles_tab.rb
 - app/overrides/hostgroup_ansible_roles_tab.rb
+- app/overrides/hostgroup_play_roles.rb
 - app/overrides/report_output.rb
 - app/services/foreman_ansible/api_roles_importer.rb
 - app/services/foreman_ansible/fact_importer.rb
@@ -129,6 +136,7 @@ files:
 - app/views/api/v2/ansible_roles/index.json.rabl
 - app/views/api/v2/ansible_roles/obsolete.json.rabl
 - app/views/api/v2/ansible_roles/show.json.rabl
+- app/views/foreman_ansible/ansible_roles/_hostgroup_ansible_roles_button.erb
 - app/views/foreman_ansible/ansible_roles/_select_tab_content.html.erb
 - app/views/foreman_ansible/ansible_roles/_select_tab_title.html.erb
 - app/views/foreman_ansible/api/v2/ansible_roles/import.json.rabl
@@ -159,6 +167,8 @@ files:
 - test/fixtures/sample_facts.json
 - test/functional/ansible_roles_controller_test.rb
 - test/functional/api/v2/ansible_roles_controller_test.rb
+- test/functional/api/v2/hostgroups_controller_test.rb
+- test/functional/api/v2/hosts_controller_test.rb
 - test/functional/hosts_controller_test.rb
 - test/support/fixture_support.rb
 - test/support/foreman_tasks/task.rb
@@ -200,7 +210,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.0
+rubygems_version: 2.4.5.1
 signing_key: 
 specification_version: 4
 summary: Ansible integration with Foreman (theforeman.org)
@@ -213,6 +223,8 @@ test_files:
 - test/support/foreman_test_helper_additions.rb
 - test/support/foreman_tasks/task.rb
 - test/functional/api/v2/ansible_roles_controller_test.rb
+- test/functional/api/v2/hostgroups_controller_test.rb
+- test/functional/api/v2/hosts_controller_test.rb
 - test/functional/ansible_roles_controller_test.rb
 - test/functional/hosts_controller_test.rb
 - test/test_plugin_helper.rb