smart_proxy_ansible 3.6.0 → 3.6.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c94b0334ddc75bab338d79841ac4cc17d813b5f40c5e06c6f739cfd531d88320
-  data.tar.gz: bcf96f811ef107f4737bfa5f37ee9f2ac757bf50ac4a7b64b3e8c31397f60fc0
+  metadata.gz: 10b497d0820ed673dd5a1c22eee9340f412b8da5da5cfcf592d7c95f1f61b971
+  data.tar.gz: eef960a9a5e56832222fabba46c0fd6f413f22d5007bd8c70d9939bc1553b76e
 SHA512:
-  metadata.gz: f4f41d9c0a2875c5f33d245d8fec3fb8a15b457102c344bd20bd801e54911de91eabdced4816c968b3ce655ebae3e9292a822f2d75d57553c073aee93e4ac1a6
-  data.tar.gz: 8fbbf65cb55fc9082ed7194fee478f8334a15a90a1ab3302fef22cde827e920dce29aac775b374b2ba5d651240425c233a08ec72fe6404329137b148aa453e85
+  metadata.gz: 3133b0693041281d4c2d657fa762e414732e987a938e353a64444b3951265933634a7da8623b09680fae648a41b8650061058f5392e2d320d1737c510ba0148d
+  data.tar.gz: 7d59d08e818ad2ee5dbd280fbb10cc2b523c7d9f1accaa800e949f23fef13e9ff5efd03aa380488e8a7de247ed2b708a5372fda0926922a9cf037a665233d196

data/lib/smart_proxy_ansible/runner/ansible_runner.rb

@@ -23,11 +23,13 @@ module Proxy::Ansible
         @rex_command = action_input[:remote_execution_command]
         @check_mode = action_input[:check_mode]
         @job_check_mode = action_input[:job_check_mode]
+        @diff_mode = action_input[:diff_mode]
         @tags = action_input[:tags]
         @tags_flag = action_input[:tags_flag]
         @passphrase = action_input['secrets']['key_passphrase']
         @execution_timeout_interval = action_input[:execution_timeout_interval]
         @cleanup_working_dirs = action_input.fetch(:cleanup_working_dirs, true)
+        prune_known_hosts_on_first_execution
       end
 
       def start
@@ -214,7 +216,7 @@ module Proxy::Ansible
       end
 
       def cmdline
-        cmd_args = [tags_cmd, check_cmd].reject(&:empty?)
+        cmd_args = [tags_cmd, check_cmd, diff_cmd].reject(&:empty?)
         return nil unless cmd_args.any?
         cmd_args.join(' ')
       end
@@ -232,6 +234,10 @@ module Proxy::Ansible
         end
       end
 
+      def diff_cmd
+        diff_mode? ? '"--diff"' : ''
+      end
+
       def verbosity
         '-' + 'v' * @verbosity_level.to_i
       end
@@ -248,6 +254,10 @@ module Proxy::Ansible
         @job_check_mode == true
       end
 
+      def diff_mode?
+        @diff_mode == true
+      end
+
       def prepare_directory_structure
         inner = %w[inventory project env].map { |part| File.join(@root, part) }
         ([@root] + inner).each do |path|
@@ -261,21 +271,40 @@ module Proxy::Ansible
         logger.debug("[foreman_ansible] - handling event #{description}: #{JSON.pretty_generate(event)}") if logger.level <= ::Logger::DEBUG
       end
 
-      # Each per-host task has inventory only for itself, we must
-      # collect all the partial inventories into one large inventory
-      # containing all the hosts.
+      # Rebuilds a unified Ansible inventory from multiple per-host inventories.
+      # @param input [Hash] The input hash mapping hostnames to inventory data.
+      # @return [Hash] The merged inventory.
       def rebuild_inventory(input)
-        action_inputs = input.values.map { |hash| hash[:input][:action_input] }
-        inventories = action_inputs.map { |hash| hash[:ansible_inventory] }
-        host_vars = inventories.map { |i| i['_meta']['hostvars'] }.reduce({}) do |acc, hosts|
-          hosts.reduce(acc) do |inner_acc, (hostname, vars)|
+        action_inputs = input.values.map { |entry| entry['input']['action_input'] }
+        inventories = action_inputs.map { |action_input| action_input['ansible_inventory'] }
+        first_execution_by_host = action_inputs.to_h { |action_input| [action_input['name'], action_input['first_execution']] }
+
+        host_vars = merge_hostvars_from_inventories(inventories)
+
+        # Use the first inventory's group vars as a base, fallback to empty hash if missing
+        group_vars = inventories.first.dig('all', 'vars') || {}
+
+        inventory = {
+          'all' => {
+            'hosts' => host_vars,
+            'vars' => group_vars
+          }
+        }
+
+        update_first_execution_flags(inventory['all']['hosts'], first_execution_by_host)
+
+        inventory
+      end
+
+      # Helper: Merges hostvars from a list of inventories, ensuring ssh key is set.
+      def merge_hostvars_from_inventories(inventories)
+        inventories.each_with_object({}) do |inventory, acc|
+          inventory.dig('_meta', 'hostvars')&.each do |hostname, vars|
+            # Ensure the ssh key is set for each host
             vars[:ansible_ssh_private_key_file] ||= Proxy::RemoteExecution::Ssh::Plugin.settings[:ssh_identity_key_file]
-            inner_acc.merge(hostname => vars)
+            acc[hostname] = vars
           end
         end
-
-        { 'all' => { 'hosts' => host_vars,
-                     'vars' => inventories.first['all']['vars'] } }
       end
 
       def working_dir
@@ -303,6 +332,57 @@ module Proxy::Ansible
 
         inventory
       end
+
+      # Removes known hosts entries for hosts marked as 'first_execution' in the inventory.
+      # This ensures SSH host key checking does not fail on first connection.
+      # @return [void]
+      def prune_known_hosts_on_first_execution
+        @inventory.dig('all', 'hosts')&.each_value do |host_data|
+          next unless host_data.dig("foreman", "first_execution")
+
+          interface = host_data.dig("foreman", "foreman_interfaces", 0)
+          next unless interface
+
+          extract_host_identifiers(interface, host_data).each do |host|
+            extract_ports(host_data).each do |port|
+              Proxy::RemoteExecution::Utils.prune_known_hosts!(host, port, logger)
+            end
+          end
+        end
+      end
+
+      private
+
+      # Updates the 'first_execution' flag in the foreman data for each host in the inventory.
+      # @param hosts [Hash] hostname => host data hash
+      # @param execution_flags [Hash] hostname => boolean (first_execution)
+      # @return [void]
+      def update_first_execution_flags(hosts, execution_flags)
+        hosts.each do |hostname, vars|
+          foreman = vars['foreman']
+          next unless foreman
+
+          if execution_flags.key?(hostname)
+            foreman['first_execution'] = execution_flags[hostname]
+          end
+        end
+      end
+
+      def extract_host_identifiers(interface, host_data)
+        [
+          interface["ip"],
+          interface["ip6"],
+          host_data["ansible_host"],
+          interface["name"]
+        ].compact.uniq
+      end
+
+      def extract_ports(host_data)
+        [
+          host_data["ansible_ssh_port"],
+          host_data["ansible_port"]
+        ].compact.uniq
+      end
     end
   end
 end

data/lib/smart_proxy_ansible/version.rb

@@ -2,6 +2,6 @@ module Proxy
   # Version, this allows the proxy and other plugins know
   # what version of the Ansible plugin is running
   module Ansible
-    VERSION = '3.6.0'
+    VERSION = '3.6.1'
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_ansible
 version: !ruby/object:Gem::Version
-  version: 3.6.0
+  version: 3.6.1
 platform: ruby
 authors:
 - Ivan Nečas
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-05-08 00:00:00.000000000 Z
+date: 2025-07-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -45,14 +45,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.5'
 description: "    Smart-Proxy ansible plugin\n"
 email:
 - inecas@redhat.com