diff options
author | Christian Kanthak <c.k@xyz.de> | 2020-05-15 11:11:22 +0200 |
---|---|---|
committer | Christian Kanthak <c.k@xyz.de> | 2020-05-15 11:24:34 +0200 |
commit | d8fa4f41269356ad85bd6d80d253bb5494d82bc9 (patch) | |
tree | 009109202adec95a38166e39e4f1e8c3ea58a9e0 | |
parent | 074985c7ff9360bb58be80ffab686746267f814f (diff) | |
download | python-jenkins-job-builder-d8fa4f41269356ad85bd6d80d253bb5494d82bc9.tar.gz python-jenkins-job-builder-d8fa4f41269356ad85bd6d80d253bb5494d82bc9.tar.xz python-jenkins-job-builder-d8fa4f41269356ad85bd6d80d253bb5494d82bc9.zip |
Introduce disable-host-key-checking for builder ansible-playbook
Implemented new parameter "disable-host-key-checking" to make the
"anbile-playbook" builder compatible with version >=1.0 of the ansible
plugin. The parameter defaults to "false" for security reasons (as the
plugin does).
The old parameter "host-key-checking" is still written to XML to keep
code working in a setup with plugin version <1.0. This has no impact
on newer setups because the plugin with version >=1.0 ignores the old
parameter value.
For same security reasons the default value of old parameter
"host-key-checking" was changed to "true" to "fix" older setups which
have the parameter not defined.
Change-Id: I4a592c1a4d6ba8bb4f365ce505296cf5c09f7e19
Task: 39789
Story: 2007678
-rw-r--r-- | jenkins_jobs/modules/builders.py | 21 | ||||
-rw-r--r-- | tests/builders/fixtures/ansible-playbook001.xml | 3 | ||||
-rw-r--r-- | tests/builders/fixtures/ansible-playbook002.xml | 1 | ||||
-rw-r--r-- | tests/builders/fixtures/ansible-playbook002.yaml | 1 | ||||
-rw-r--r-- | tests/builders/fixtures/ansible-playbook003.xml | 3 | ||||
-rw-r--r-- | tests/builders/fixtures/ansible-playbook003.yaml | 1 | ||||
-rw-r--r-- | tests/builders/fixtures/ansible-playbook004.xml | 3 | ||||
-rw-r--r-- | tests/builders/fixtures/ansible-playbook005.xml | 25 | ||||
-rw-r--r-- | tests/builders/fixtures/ansible-playbook005.yaml | 8 |
9 files changed, 59 insertions, 7 deletions
diff --git a/jenkins_jobs/modules/builders.py b/jenkins_jobs/modules/builders.py index 248ad90d..e26f98bb 100644 --- a/jenkins_jobs/modules/builders.py +++ b/jenkins_jobs/modules/builders.py @@ -4445,8 +4445,8 @@ def ansible_playbook(parser, xml_parent, data): (default true) :arg bool colorized-output: Check this box to allow ansible to render ANSI color codes in the Jenkins console. (default false) - :arg bool host-key-checking: Check this box to enforce the validation of - the hosts SSH server keys. (default false) + :arg bool disable-host-key-checking: Check this box to disable the + validation of the hosts SSH server keys. (>= 1.0) (default false) :arg str additional-parameters: Any additional parameters to pass to the ansible command. (default '') :arg list variables: List of extra variables to be passed to ansible. @@ -4457,6 +4457,12 @@ def ansible_playbook(parser, xml_parent, data): * **value** (`str`) -- Desired value (default '') * **hidden** (`bool`) -- Hide variable in build log (default false) + Outdated Options for versions >= 1.0 of plugin: + + :arg bool host-key-checking: Outdated, replaced with disable-host-key-checking. + Check this box to enforce the validation of the hosts SSH server keys. + (< 1.0) (default true) + Example: .. literalinclude:: @@ -4468,6 +4474,12 @@ def ansible_playbook(parser, xml_parent, data): .. literalinclude:: /../../tests/builders/fixtures/ansible-playbook002.yaml :language: yaml + + Example(s) versions < 1.0: + + .. literalinclude:: + /../../tests/builders/fixtures/ansible-playbook005.yaml + :language: yaml """ plugin = XML.SubElement( xml_parent, "org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder" @@ -4528,8 +4540,11 @@ def ansible_playbook(parser, xml_parent, data): XML.SubElement(plugin, "colorizedOutput").text = str( data.get("colorized-output", False) ).lower() + XML.SubElement(plugin, "disableHostKeyChecking").text = str( + data.get("disable-host-key-checking", False) + ).lower() XML.SubElement(plugin, "hostKeyChecking").text = str( - data.get("host-key-checking", False) + data.get("host-key-checking", True) ).lower() XML.SubElement(plugin, "additionalParameters").text = str( data.get("additional-parameters", "") diff --git a/tests/builders/fixtures/ansible-playbook001.xml b/tests/builders/fixtures/ansible-playbook001.xml index d19d6068..096ba8b7 100644 --- a/tests/builders/fixtures/ansible-playbook001.xml +++ b/tests/builders/fixtures/ansible-playbook001.xml @@ -17,7 +17,8 @@ <forks>5</forks> <unbufferedOutput>true</unbufferedOutput> <colorizedOutput>false</colorizedOutput> - <hostKeyChecking>false</hostKeyChecking> + <disableHostKeyChecking>false</disableHostKeyChecking> + <hostKeyChecking>true</hostKeyChecking> <additionalParameters/> <copyCredentialsInWorkspace>false</copyCredentialsInWorkspace> <extraVars> diff --git a/tests/builders/fixtures/ansible-playbook002.xml b/tests/builders/fixtures/ansible-playbook002.xml index afe13676..1933ec59 100644 --- a/tests/builders/fixtures/ansible-playbook002.xml +++ b/tests/builders/fixtures/ansible-playbook002.xml @@ -22,6 +22,7 @@ machine02.example.com <forks>2</forks> <unbufferedOutput>false</unbufferedOutput> <colorizedOutput>true</colorizedOutput> + <disableHostKeyChecking>false</disableHostKeyChecking> <hostKeyChecking>true</hostKeyChecking> <additionalParameters>-vvv</additionalParameters> <copyCredentialsInWorkspace>false</copyCredentialsInWorkspace> diff --git a/tests/builders/fixtures/ansible-playbook002.yaml b/tests/builders/fixtures/ansible-playbook002.yaml index db63b0ca..71b68911 100644 --- a/tests/builders/fixtures/ansible-playbook002.yaml +++ b/tests/builders/fixtures/ansible-playbook002.yaml @@ -19,7 +19,6 @@ builders: sudo-user: "cloud-user" unbuffered-output: false colorized-output: true - host-key-checking: true additional-parameters: "-vvv" variables: - name: "complete_var" diff --git a/tests/builders/fixtures/ansible-playbook003.xml b/tests/builders/fixtures/ansible-playbook003.xml index 8e15e776..a71ce84c 100644 --- a/tests/builders/fixtures/ansible-playbook003.xml +++ b/tests/builders/fixtures/ansible-playbook003.xml @@ -15,7 +15,8 @@ <forks>5</forks> <unbufferedOutput>true</unbufferedOutput> <colorizedOutput>false</colorizedOutput> - <hostKeyChecking>false</hostKeyChecking> + <disableHostKeyChecking>true</disableHostKeyChecking> + <hostKeyChecking>true</hostKeyChecking> <additionalParameters/> <copyCredentialsInWorkspace>false</copyCredentialsInWorkspace> </org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder> diff --git a/tests/builders/fixtures/ansible-playbook003.yaml b/tests/builders/fixtures/ansible-playbook003.yaml index 0ee8b01d..9de7c1cd 100644 --- a/tests/builders/fixtures/ansible-playbook003.yaml +++ b/tests/builders/fixtures/ansible-playbook003.yaml @@ -3,3 +3,4 @@ builders: - ansible-playbook: playbook: "path/to/playbook.yml" inventory-type: "do-not-specify" + disable-host-key-checking: true diff --git a/tests/builders/fixtures/ansible-playbook004.xml b/tests/builders/fixtures/ansible-playbook004.xml index bc4018bf..8fb52dbb 100644 --- a/tests/builders/fixtures/ansible-playbook004.xml +++ b/tests/builders/fixtures/ansible-playbook004.xml @@ -16,7 +16,8 @@ <forks>5</forks> <unbufferedOutput>true</unbufferedOutput> <colorizedOutput>false</colorizedOutput> - <hostKeyChecking>false</hostKeyChecking> + <disableHostKeyChecking>false</disableHostKeyChecking> + <hostKeyChecking>true</hostKeyChecking> <additionalParameters/> <copyCredentialsInWorkspace>false</copyCredentialsInWorkspace> </org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder> diff --git a/tests/builders/fixtures/ansible-playbook005.xml b/tests/builders/fixtures/ansible-playbook005.xml new file mode 100644 index 00000000..9e50b0ee --- /dev/null +++ b/tests/builders/fixtures/ansible-playbook005.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="utf-8"?> +<project> + <builders> + <org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder> + <playbook>path/to/playbook.yml</playbook> + <inventory class="org.jenkinsci.plugins.ansible.InventoryDoNotSpecify"/> + <limit/> + <tags/> + <skippedTags/> + <startAtTask/> + <credentialsId/> + <vaultCredentialsId/> + <sudo>false</sudo> + <become>true</become> + <becomeUser>cloud-user</becomeUser> + <forks>5</forks> + <unbufferedOutput>true</unbufferedOutput> + <colorizedOutput>false</colorizedOutput> + <disableHostKeyChecking>false</disableHostKeyChecking> + <hostKeyChecking>false</hostKeyChecking> + <additionalParameters/> + <copyCredentialsInWorkspace>false</copyCredentialsInWorkspace> + </org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder> + </builders> +</project> diff --git a/tests/builders/fixtures/ansible-playbook005.yaml b/tests/builders/fixtures/ansible-playbook005.yaml new file mode 100644 index 00000000..88c82695 --- /dev/null +++ b/tests/builders/fixtures/ansible-playbook005.yaml @@ -0,0 +1,8 @@ +--- +builders: + - ansible-playbook: + playbook: "path/to/playbook.yml" + inventory-type: "do-not-specify" + become: "yes" + become-user: "cloud-user" + host-key-checking: false |