foreman_ansible 8.0.1 → 9.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3ae2b6a17514b657c6d7fa74889675aff19f214da4f923d8bca2bc02e62a8b45
-  data.tar.gz: c51baa9cc8ab0ae30c86e9dcc4353f9696ec4dc999d2a1b37a37d1196f8fdb53
+  metadata.gz: df3c4d8c1514c442f1da8c0c6ef356482f5edb63ca14df0e39ef83818076f22b
+  data.tar.gz: 253b5ef0614bb34d78ad96b7312537b496b4850ea34d6ba7a960f9df34da5e02
 SHA512:
-  metadata.gz: 21cd91f053a0f88fd02e8b312bba23da2b3d0d8f28b578f8a14c6b66294198c336cbdf6eb69ea31c3f75e762c503b36710629870fce900a772ddfbe1fcb60fd3
-  data.tar.gz: 373026d1e7cfea4c30f715dfbb409ce6159081cc321fe315c35c89de5bc3a9b132b1e317b192caab40f24238e22cbfa331cec5d4ef26e3f19de56cf5b901e6fa
+  metadata.gz: b6f8201c41db492b56888c675cb460f88e5dae92aeb808487747783ba43031961a27f66eb2df975216385b8e003d2df645f4208f0a1f0d4bec44b0c02f878984
+  data.tar.gz: da19e080f0fa135ae2cb4757fae4a10a946989ecc953cf41eb774877b075bcfc68455707d4abc3a4265fdcb1421714572947bb14eefc709a8d825d6c23623987

data/app/helpers/foreman_ansible/ansible_hostgroups_helper.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module ForemanAnsible
+  module AnsibleHostgroupsHelper
+    def ansible_hostgroups_actions(hostgroup)
+      play_roles = if hostgroup.all_ansible_roles.empty?
+                     { action: (link_to _('Run all Ansible roles'), 'javascript:void(0);', disabled: true, title: 'No Roles assigned'), priority: 31 }
+                   else
+                     { action: display_link_if_authorized(_('Run all Ansible roles'), hash_for_play_roles_hostgroup_path(id: hostgroup), 'data-no-turbolink': true, title: _('Run all Ansible roles on hosts belonging to this host group')), priority: 31 }
+                   end
+
+      [play_roles] if User.current.can?(:create_job_invocations)
+    end
+  end
+end

data/app/helpers/foreman_ansible/ansible_reports_helper.rb

@@ -57,10 +57,6 @@ module ForemanAnsible
       _('No additional data')
     end
 
-    def ansible_report_origin_icon
-      'foreman_ansible/Ansible.png'
-    end
-
     def ansible_report_origin_partial
       'foreman_ansible/config_reports/ansible'
     end

data/lib/foreman_ansible/register.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 Foreman::Plugin.register :foreman_ansible do
-  requires_foreman '>= 3.3'
+  requires_foreman '>= 3.4'
 
   settings do
     category :ansible, N_('Ansible') do
@@ -240,4 +240,8 @@ Foreman::Plugin.register :foreman_ansible do
   describe_host do
     multiple_actions_provider :ansible_hosts_multiple_actions
   end
+
+  describe_hostgroup do
+    hostgroup_actions_provider :ansible_hostgroups_actions
+  end
 end

data/lib/foreman_ansible/register.rb.orig

@@ -0,0 +1,257 @@
+# frozen_string_literal: true
+
+Foreman::Plugin.register :foreman_ansible do
+  requires_foreman '>= 3.3'
+
+  settings do
+    category :ansible, N_('Ansible') do
+      setting 'ansible_ssh_private_key_file',
+              type: :string,
+              description: N_('Use this to supply a path to an SSH Private Key '\
+                               'that Ansible will use in lieu of a password '\
+                               'Override with "ansible_ssh_private_key_file" '\
+                               'host parameter'),
+              default: '',
+              full_name: N_('Private Key Path')
+      setting 'ansible_connection',
+              type: :string,
+              description: N_('Use this connection type by default when running '\
+                               'Ansible playbooks. You can override this on hosts by '\
+                               'adding a parameter "ansible_connection"'),
+              default: 'ssh',
+              full_name: N_('Connection type')
+      setting 'ansible_winrm_server_cert_validation',
+              type: :string,
+              description: N_('Enable/disable WinRM server certificate '\
+                               'validation when running Ansible playbooks. You can override '\
+                               'this on hosts by adding a parameter '\
+                               '"ansible_winrm_server_cert_validation"'),
+              default: 'validate',
+              full_name: N_('WinRM cert Validation')
+      setting 'ansible_verbosity',
+              type: :integer,
+              description: N_('Foreman will add this level of verbosity for '\
+                               'additional debugging output when running Ansible playbooks.'),
+              default: '0',
+              full_name: N_('Default verbosity level'),
+              value: nil,
+              collection: proc {
+                { '0' => N_('Disabled'),
+                  '1' => N_('Level 1 (-v)'),
+                  '2' => N_('Level 2 (-vv)'),
+                  '3' => N_('Level 3 (-vvv)'),
+                  '4' => N_('Level 4 (-vvvv)') }
+              }
+      setting 'ansible_post_provision_timeout',
+              type: :integer,
+              description: N_('Timeout (in seconds) to set when Foreman will trigger a '\
+                               'play Ansible roles task after a host is fully provisioned. '\
+                               'Set this to the maximum time you expect a host to take '\
+                               'until it is ready after a reboot.'),
+              default: '360',
+              full_name: N_('Post-provision timeout')
+      setting 'ansible_interval',
+              type: :integer,
+              description: N_('Timeout (in minutes) when hosts should have reported.'),
+              default: '30',
+              full_name: N_('Ansible report timeout')
+      setting 'ansible_out_of_sync_disabled',
+              type: :boolean,
+              description: format(N_('Disable host configuration status turning to out of'\
+                               ' sync for %{cfgmgmt} after report does not arrive within'\
+                               ' configured interval'), :cfgmgmt => 'Ansible'),
+              default: false,
+              full_name: format(N_('%{cfgmgmt} out of sync disabled'), :cfgmgmt => 'Ansible')
+      setting  'ansible_inventory_template',
+               type: :string,
+               description: N_('Foreman will use this template to schedule the report '\
+                                 'with Ansible inventory'),
+               default: 'Ansible - Ansible Inventory',
+               full_name: N_('Default Ansible inventory report template')
+      setting 'ansible_roles_to_ignore',
+              type: :array,
+              description: N_('Those roles will be excluded when importing roles from smart proxy, '\
+                'The expected input is comma separated values and you can use * wildcard metacharacters'\
+                'For example: foo*, *b*,*bar'),
+              default: [],
+              full_name: N_('Ansible roles to ignore')
+      setting 'foreman_ansible_proxy_batch_size',
+              type: :integer,
+              description: N_('Number of tasks which should be sent to the smart proxy in one request, '\
+                              'if foreman_tasks_proxy_batch_trigger is enabled. '\
+                              'If set, overrides foreman_tasks_proxy_batch_size setting for Ansible jobs.'),
+              default: nil,
+              full_name: N_('Proxy tasks batch size for Ansible')
+    end
+  end
+
+  security_block :foreman_ansible do
+    permission :play_roles_on_host,
+               { :hosts => [:play_roles, :multiple_play_roles],
+                 :'api/v2/hosts' => [:play_roles,
+                                     :multiple_play_roles] },
+               :resource_type => 'Host'
+    permission :play_roles_on_hostgroup,
+               { :hostgroups => [:play_roles],
+                 :'api/v2/hostgroups' => [:play_roles,
+                                          :multiple_play_roles] },
+               :resource_type => 'Hostgroup'
+    permission :view_ansible_roles,
+               { :ansible_roles => [:index, :auto_complete_search],
+                 :'api/v2/ansible_roles' => [:index, :show, :fetch],
+                 :ui_ansible_roles => [:index] },
+               :resource_type => 'AnsibleRole'
+    permission :destroy_ansible_roles,
+               { :ansible_roles => [:destroy],
+                 :'api/v2/ansible_roles' => [:destroy, :obsolete] },
+               :resource_type => 'AnsibleRole'
+    permission :import_ansible_roles,
+               { :ansible_roles => [:import, :confirm_import],
+                 :'api/v2/ansible_roles' => [:import, :sync] },
+               :resource_type => 'AnsibleRole'
+    permission :view_ansible_variables,
+               {
+                 :lookup_values => [:index],
+                 :ansible_variables => [:index, :auto_complete_search],
+                 :'api/v2/ansible_variables' => [:index, :show]
+               },
+               :resource_type => 'AnsibleVariable'
+    permission :edit_ansible_variables,
+               { :lookup_values => [:update],
+                 :ansible_variables => [:edit, :update],
+                 :'api/v2/ansible_variables' => [:update],
+                 :'api/v2/ansible_override_values' => [:create, :destroy] },
+               :resource_type => 'AnsibleVariable'
+    permission :destroy_ansible_variables,
+               {
+                 :lookup_values => [:destroy],
+                 :ansible_variables => [:destroy],
+                 :'api/v2/ansible_variables' => [:destroy, :obsolete]
+               },
+               :resource_type => 'AnsibleVariable'
+    permission :create_ansible_variables,
+               {
+                 :lookup_values => [:create],
+                 :ansible_variables => [:new, :create],
+                 :'api/v2/ansible_variables' => [:create]
+               },
+               :resource_type => 'AnsibleVariable'
+    permission :import_ansible_variables,
+               {
+                 :ansible_variables => [:import, :confirm_import],
+                 :'api/v2/ansible_variables' => [:import]
+               },
+               :resource_type => 'AnsibleVariable'
+    permission :view_hosts,
+               { :'api/v2/hosts' => [:ansible_roles],
+                 :'api/v2/ansible_inventories' => [:hosts] },
+               :resource_type => 'Host'
+    permission :view_hostgroups,
+               { :'api/v2/hostgroups' => [:ansible_roles],
+                 :'api/v2/ansible_inventories' => [:hostgroups] },
+               :resource_type => 'Hostgroup'
+    permission :edit_hosts,
+               { :'api/v2/hosts' => [:assign_ansible_roles] },
+               :resource_type => 'Host'
+    permission :edit_hostgroups,
+               { :'api/v2/hostgroups' => [:assign_ansible_roles] },
+               :resource_type => 'Hostgroup'
+    permission :generate_ansible_inventory,
+               { :'api/v2/ansible_inventories' => [:schedule] }
+    permission :import_ansible_playbooks,
+               { :'api/v2/ansible_playbooks' => [:sync, :fetch] }
+  end
+
+  role 'Ansible Roles Manager',
+       [:play_roles_on_host, :play_roles_on_hostgroup,
+        :create_job_invocations, :view_job_templates,      # to allow the play_roles
+        :create_template_invocations, :view_smart_proxies, # ...
+        :view_ansible_roles, :destroy_ansible_roles,
+        :import_ansible_roles, :view_ansible_variables,
+        :create_ansible_variables, :import_ansible_variables,
+        :edit_ansible_variables, :destroy_ansible_variables, :import_ansible_playbooks]
+
+  role 'Ansible Tower Inventory Reader',
+       [:view_hosts, :view_hostgroups, :view_facts, :generate_report_templates, :generate_ansible_inventory,
+        :view_report_templates],
+       'Permissions required for the user which is used by Ansible Tower Dynamic Inventory Item'
+
+  add_all_permissions_to_default_roles
+  extend_template_helpers ForemanAnsible::RendererMethods
+  allowed_template_helpers :insights_remediation
+
+  base_role_assignment_params = { :ansible_role_ids => [],
+                                  :ansible_roles => [] }
+  parameter_filter Host::Managed, base_role_assignment_params.merge(:host_ansible_roles_attributes => {})
+  parameter_filter Hostgroup, base_role_assignment_params.merge(:hostgroup_ansible_roles_attributes => {})
+
+  register_global_js_file 'global'
+
+  extend_graphql_type :type => '::Types::Host' do
+    field :all_ansible_roles, ::Types::InheritedAnsibleRole.connection_type, :null => true, :method => :present_all_ansible_roles
+    field :own_ansible_roles, ::Types::AnsibleRole.connection_type, :null => true
+    field :available_ansible_roles, ::Types::AnsibleRole.connection_type, :null => true
+    field :ansible_variables_with_overrides, Types::OverridenAnsibleVariable.connection_type, :null => false
+
+    def present_all_ansible_roles
+      inherited_ansible_roles = object.inherited_ansible_roles.map { |role| ::Presenters::AnsibleRolePresenter.new(role, true) }
+      ansible_roles = object.ansible_roles.map { |role| ::Presenters::AnsibleRolePresenter.new(role, false) }
+      (inherited_ansible_roles + ansible_roles).uniq
+    end
+
+    def ansible_variables_with_overrides
+      resolver = ::ForemanAnsible::OverrideResolver.new(object)
+      AnsibleVariable.where(:ansible_role_id => object.all_ansible_roles.pluck(:id), :override => true).map { |variable| ::Presenters::OverridenAnsibleVariablePresenter.new variable, resolver }
+    end
+  end
+
+  register_graphql_query_field :ansible_roles, '::Types::AnsibleRole', :collection_field
+  register_graphql_mutation_field :assign_ansible_roles, '::Mutations::Hosts::AssignAnsibleRoles'
+  register_graphql_mutation_field :delete_ansible_variable_override, ::Mutations::AnsibleVariableOverrides::Delete
+  register_graphql_mutation_field :update_ansible_variable_override, ::Mutations::AnsibleVariableOverrides::Update
+  register_graphql_mutation_field :create_ansible_variable_override, ::Mutations::AnsibleVariableOverrides::Create
+
+  divider :top_menu, :caption => N_('Ansible'), :parent => :configure_menu
+  menu :top_menu, :ansible_roles,
+       :caption => N_('Roles'),
+       :url_hash => { :controller => :ansible_roles, :action => :index },
+       :parent => :configure_menu
+  menu :top_menu, :ansible_variables,
+       :caption => N_('Variables'),
+       :url_hash => { :controller => :ansible_variables, :action => :index },
+       :parent => :configure_menu
+
+  apipie_documented_controllers [
+    "#{ForemanAnsible::Engine.root}/app/controllers/api/v2/*.rb"
+  ]
+  ApipieDSL.configuration.dsl_classes_matchers += [
+    "#{ForemanAnsible::Engine.root}/app/models/*.rb",
+    "#{ForemanAnsible::Engine.root}/app/services/foreman_ansible/*.rb"
+  ]
+
+  register_info_provider ForemanAnsible::AnsibleInfo
+
+  # For backwards compatiblity with 1.17
+  if respond_to?(:register_report_scanner)
+    register_report_scanner ForemanAnsible::AnsibleReportScanner
+    register_report_origin 'Ansible', 'ConfigReport'
+  end
+
+<<<<<<< HEAD
+  describe_host do
+    multiple_actions_provider :ansible_hosts_multiple_actions
+=======
+  extend_page('smart_proxies/show') do |context|
+    context.add_pagelet :smart_proxy_title_actions,
+                        :name => _('Update Smart Proxy'),
+                        :partial => 'foreman/smart_proxies/update_smart_proxy',
+                        :onlyif => ->(proxy, view) { view.can_update_proxy?(proxy) }
+  end
+  extend_page('smart_proxies/index') do |context|
+    context.add_pagelet :smart_proxy_title_actions,
+                        :name => _('Update Smart Proxy'),
+                        :partial => 'foreman/smart_proxies/update_smart_proxy',
+                        :onlyif => ->(proxy, view) { view.can_update_proxy?(proxy) }
+>>>>>>> a707dab (Fixes #35143 - Add a smart proxy update button)
+  end
+end

data/lib/foreman_ansible/version.rb

@@ -4,5 +4,5 @@
 # This way other parts of Foreman can just call ForemanAnsible::VERSION
 # and detect what version the plugin is running.
 module ForemanAnsible
-  VERSION = '8.0.1'
+  VERSION = '9.0.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_ansible
 version: !ruby/object:Gem::Version
-  version: 8.0.1
+  version: 9.0.0
 platform: ruby
 authors:
 - Daniel Lobato Garcia
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-07-07 00:00:00.000000000 Z
+date: 2022-08-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: acts_as_list
@@ -109,6 +109,7 @@ files:
 - app/graphql/types/ansible_variable_override.rb
 - app/graphql/types/inherited_ansible_role.rb
 - app/graphql/types/overriden_ansible_variable.rb
+- app/helpers/foreman_ansible/ansible_hostgroups_helper.rb
 - app/helpers/foreman_ansible/ansible_plugin_helper.rb
 - app/helpers/foreman_ansible/ansible_reports_helper.rb
 - app/helpers/foreman_ansible/ansible_roles_data_preparations.rb
@@ -127,7 +128,6 @@ files:
 - app/models/hostgroup_ansible_role.rb
 - app/overrides/ansible_roles_tab.rb
 - app/overrides/hostgroup_ansible_roles_tab.rb
-- app/overrides/hostgroup_play_roles.rb
 - app/overrides/report_output.rb
 - app/services/foreman_ansible/ansible_info.rb
 - app/services/foreman_ansible/ansible_report_importer.rb
@@ -171,7 +171,6 @@ files:
 - app/views/api/v2/ansible_variables/show.json.rabl
 - app/views/api/v2/hostgroups/ansible_roles.json.rabl
 - app/views/api/v2/hosts/ansible_roles.json.rabl
-- app/views/foreman_ansible/ansible_roles/_hostgroup_ansible_roles_button.erb
 - app/views/foreman_ansible/ansible_roles/_select_tab_content.html.erb
 - app/views/foreman_ansible/ansible_roles/_select_tab_title.html.erb
 - app/views/foreman_ansible/api/v2/ansible_roles/import.json.rabl
@@ -223,6 +222,7 @@ files:
 - lib/foreman_ansible.rb
 - lib/foreman_ansible/engine.rb
 - lib/foreman_ansible/register.rb
+- lib/foreman_ansible/register.rb.orig
 - lib/foreman_ansible/remote_execution.rb
 - lib/foreman_ansible/version.rb
 - locale/Makefile

data/app/overrides/hostgroup_play_roles.rb

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-# Displays Ansible roles button in host group action buttons
-Deface::Override.new(
-  :virtual_path => 'hostgroups/index',
-  :name => 'hostgroup_ansible_roles_button',
-  :replace => "erb[loud]:contains('action_buttons')",
-  :partial => 'foreman_ansible/ansible_roles/hostgroup_ansible_roles_button'
-)

data/app/views/foreman_ansible/ansible_roles/_hostgroup_ansible_roles_button.erb

@@ -1,19 +0,0 @@
-<%=
-  play_roles = if hostgroup.all_ansible_roles.empty?
-    link_to _('Run all Ansible roles'), 'javascript:void(0);', disabled: true, title: 'No Roles assigned'
-  else
-    display_link_if_authorized(_('Run all Ansible roles'), hash_for_play_roles_hostgroup_path(id: hostgroup), :'data-no-turbolink' => true, title: _('Run all Ansible roles on hosts belonging to this host group'))
-  end
-
-  assign_jobs = link_to(_("Configure Ansible Job"), "/ansible/hostgroups/#{hostgroup.id}", { class: 'la' })
-
-  actions = [
-    display_link_if_authorized(_('Nest'),    hash_for_nest_hostgroup_path(:id => hostgroup)),
-    display_link_if_authorized(_('Clone'),   hash_for_clone_hostgroup_path(:id => hostgroup))
-  ]
-  actions.push play_roles if User.current.can?(:create_job_invocations)
-  actions.push assign_jobs if User.current.can?(:view_job_invocations) && User.current.can?(:view_recurring_logics)
-  actions.push display_delete_if_authorized(hash_for_hostgroup_path(:id => hostgroup).merge(:auth_object => hostgroup, :authorizer => authorizer), :data => { :confirm => warning_message(hostgroup) })
-
-  action_buttons(*actions)
-%>