From d8fa4f41269356ad85bd6d80d253bb5494d82bc9 Mon Sep 17 00:00:00 2001
From: Christian Kanthak <c.k@xyz.de>
Date: Fri, 15 May 2020 11:11:22 +0200
Subject: Introduce disable-host-key-checking for builder ansible-playbook

Implemented new parameter "disable-host-key-checking" to make the
"anbile-playbook" builder compatible with version >=1.0 of the ansible
plugin. The parameter defaults to "false" for security reasons (as the
plugin does).
The old parameter "host-key-checking" is still written to XML to keep
code working in a setup with plugin version <1.0. This has no impact
on newer setups because the plugin with version >=1.0 ignores the old
parameter value.
For same security reasons the default value of old parameter
"host-key-checking" was changed to "true" to "fix" older setups which
have the parameter not defined.

Change-Id: I4a592c1a4d6ba8bb4f365ce505296cf5c09f7e19
Task: 39789
Story: 2007678
---
 jenkins_jobs/modules/builders.py                 | 21 +++++++++++++++++---
 tests/builders/fixtures/ansible-playbook001.xml  |  3 ++-
 tests/builders/fixtures/ansible-playbook002.xml  |  1 +
 tests/builders/fixtures/ansible-playbook002.yaml |  1 -
 tests/builders/fixtures/ansible-playbook003.xml  |  3 ++-
 tests/builders/fixtures/ansible-playbook003.yaml |  1 +
 tests/builders/fixtures/ansible-playbook004.xml  |  3 ++-
 tests/builders/fixtures/ansible-playbook005.xml  | 25 ++++++++++++++++++++++++
 tests/builders/fixtures/ansible-playbook005.yaml |  8 ++++++++
 9 files changed, 59 insertions(+), 7 deletions(-)
 create mode 100644 tests/builders/fixtures/ansible-playbook005.xml
 create mode 100644 tests/builders/fixtures/ansible-playbook005.yaml

diff --git a/jenkins_jobs/modules/builders.py b/jenkins_jobs/modules/builders.py
index 248ad90d..e26f98bb 100644
--- a/jenkins_jobs/modules/builders.py
+++ b/jenkins_jobs/modules/builders.py
@@ -4445,8 +4445,8 @@ def ansible_playbook(parser, xml_parent, data):
         (default true)
     :arg bool colorized-output: Check this box to allow ansible to render ANSI
         color codes in the Jenkins console. (default false)
-    :arg bool host-key-checking: Check this box to enforce the validation of
-        the hosts SSH server keys. (default false)
+    :arg bool disable-host-key-checking: Check this box to disable the
+        validation of the hosts SSH server keys. (>= 1.0) (default false)
     :arg str additional-parameters: Any additional parameters to pass to the
         ansible command. (default '')
     :arg list variables: List of extra variables to be passed to ansible.
@@ -4457,6 +4457,12 @@ def ansible_playbook(parser, xml_parent, data):
             * **value** (`str`) -- Desired value (default '')
             * **hidden** (`bool`) -- Hide variable in build log (default false)
 
+    Outdated Options for versions >= 1.0 of plugin:
+
+    :arg bool host-key-checking: Outdated, replaced with disable-host-key-checking.
+        Check this box to enforce the validation of the hosts SSH server keys.
+        (< 1.0) (default true)
+
     Example:
 
     .. literalinclude::
@@ -4468,6 +4474,12 @@ def ansible_playbook(parser, xml_parent, data):
     .. literalinclude::
         /../../tests/builders/fixtures/ansible-playbook002.yaml
        :language: yaml
+
+    Example(s) versions < 1.0:
+
+    .. literalinclude::
+        /../../tests/builders/fixtures/ansible-playbook005.yaml
+       :language: yaml
     """
     plugin = XML.SubElement(
         xml_parent, "org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder"
@@ -4528,8 +4540,11 @@ def ansible_playbook(parser, xml_parent, data):
     XML.SubElement(plugin, "colorizedOutput").text = str(
         data.get("colorized-output", False)
     ).lower()
+    XML.SubElement(plugin, "disableHostKeyChecking").text = str(
+        data.get("disable-host-key-checking", False)
+    ).lower()
     XML.SubElement(plugin, "hostKeyChecking").text = str(
-        data.get("host-key-checking", False)
+        data.get("host-key-checking", True)
     ).lower()
     XML.SubElement(plugin, "additionalParameters").text = str(
         data.get("additional-parameters", "")
diff --git a/tests/builders/fixtures/ansible-playbook001.xml b/tests/builders/fixtures/ansible-playbook001.xml
index d19d6068..096ba8b7 100644
--- a/tests/builders/fixtures/ansible-playbook001.xml
+++ b/tests/builders/fixtures/ansible-playbook001.xml
@@ -17,7 +17,8 @@
       <forks>5</forks>
       <unbufferedOutput>true</unbufferedOutput>
       <colorizedOutput>false</colorizedOutput>
-      <hostKeyChecking>false</hostKeyChecking>
+      <disableHostKeyChecking>false</disableHostKeyChecking>
+      <hostKeyChecking>true</hostKeyChecking>
       <additionalParameters/>
       <copyCredentialsInWorkspace>false</copyCredentialsInWorkspace>
       <extraVars>
diff --git a/tests/builders/fixtures/ansible-playbook002.xml b/tests/builders/fixtures/ansible-playbook002.xml
index afe13676..1933ec59 100644
--- a/tests/builders/fixtures/ansible-playbook002.xml
+++ b/tests/builders/fixtures/ansible-playbook002.xml
@@ -22,6 +22,7 @@ machine02.example.com
       <forks>2</forks>
       <unbufferedOutput>false</unbufferedOutput>
       <colorizedOutput>true</colorizedOutput>
+      <disableHostKeyChecking>false</disableHostKeyChecking>
       <hostKeyChecking>true</hostKeyChecking>
       <additionalParameters>-vvv</additionalParameters>
       <copyCredentialsInWorkspace>false</copyCredentialsInWorkspace>
diff --git a/tests/builders/fixtures/ansible-playbook002.yaml b/tests/builders/fixtures/ansible-playbook002.yaml
index db63b0ca..71b68911 100644
--- a/tests/builders/fixtures/ansible-playbook002.yaml
+++ b/tests/builders/fixtures/ansible-playbook002.yaml
@@ -19,7 +19,6 @@ builders:
       sudo-user: "cloud-user"
       unbuffered-output: false
       colorized-output: true
-      host-key-checking: true
       additional-parameters: "-vvv"
       variables:
         - name: "complete_var"
diff --git a/tests/builders/fixtures/ansible-playbook003.xml b/tests/builders/fixtures/ansible-playbook003.xml
index 8e15e776..a71ce84c 100644
--- a/tests/builders/fixtures/ansible-playbook003.xml
+++ b/tests/builders/fixtures/ansible-playbook003.xml
@@ -15,7 +15,8 @@
       <forks>5</forks>
       <unbufferedOutput>true</unbufferedOutput>
       <colorizedOutput>false</colorizedOutput>
-      <hostKeyChecking>false</hostKeyChecking>
+      <disableHostKeyChecking>true</disableHostKeyChecking>
+      <hostKeyChecking>true</hostKeyChecking>
       <additionalParameters/>
       <copyCredentialsInWorkspace>false</copyCredentialsInWorkspace>
     </org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder>
diff --git a/tests/builders/fixtures/ansible-playbook003.yaml b/tests/builders/fixtures/ansible-playbook003.yaml
index 0ee8b01d..9de7c1cd 100644
--- a/tests/builders/fixtures/ansible-playbook003.yaml
+++ b/tests/builders/fixtures/ansible-playbook003.yaml
@@ -3,3 +3,4 @@ builders:
   - ansible-playbook:
       playbook: "path/to/playbook.yml"
       inventory-type: "do-not-specify"
+      disable-host-key-checking: true
diff --git a/tests/builders/fixtures/ansible-playbook004.xml b/tests/builders/fixtures/ansible-playbook004.xml
index bc4018bf..8fb52dbb 100644
--- a/tests/builders/fixtures/ansible-playbook004.xml
+++ b/tests/builders/fixtures/ansible-playbook004.xml
@@ -16,7 +16,8 @@
       <forks>5</forks>
       <unbufferedOutput>true</unbufferedOutput>
       <colorizedOutput>false</colorizedOutput>
-      <hostKeyChecking>false</hostKeyChecking>
+      <disableHostKeyChecking>false</disableHostKeyChecking>
+      <hostKeyChecking>true</hostKeyChecking>
       <additionalParameters/>
       <copyCredentialsInWorkspace>false</copyCredentialsInWorkspace>
     </org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder>
diff --git a/tests/builders/fixtures/ansible-playbook005.xml b/tests/builders/fixtures/ansible-playbook005.xml
new file mode 100644
index 00000000..9e50b0ee
--- /dev/null
+++ b/tests/builders/fixtures/ansible-playbook005.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<project>
+  <builders>
+    <org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder>
+      <playbook>path/to/playbook.yml</playbook>
+      <inventory class="org.jenkinsci.plugins.ansible.InventoryDoNotSpecify"/>
+      <limit/>
+      <tags/>
+      <skippedTags/>
+      <startAtTask/>
+      <credentialsId/>
+      <vaultCredentialsId/>
+      <sudo>false</sudo>
+      <become>true</become>
+      <becomeUser>cloud-user</becomeUser>
+      <forks>5</forks>
+      <unbufferedOutput>true</unbufferedOutput>
+      <colorizedOutput>false</colorizedOutput>
+      <disableHostKeyChecking>false</disableHostKeyChecking>
+      <hostKeyChecking>false</hostKeyChecking>
+      <additionalParameters/>
+      <copyCredentialsInWorkspace>false</copyCredentialsInWorkspace>
+    </org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder>
+  </builders>
+</project>
diff --git a/tests/builders/fixtures/ansible-playbook005.yaml b/tests/builders/fixtures/ansible-playbook005.yaml
new file mode 100644
index 00000000..88c82695
--- /dev/null
+++ b/tests/builders/fixtures/ansible-playbook005.yaml
@@ -0,0 +1,8 @@
+---
+builders:
+  - ansible-playbook:
+      playbook: "path/to/playbook.yml"
+      inventory-type: "do-not-specify"
+      become: "yes"
+      become-user: "cloud-user"
+      host-key-checking: false
-- 
cgit