c1f1b2029c
* Move var plugins handling to a separate file * Allow var plugins to require whitelisting * Add global configuration ('demand', 'start') for users to control when they execute * Add 'stage' configuration ('all', 'task', 'inventory') for users to control on a per-plugin basis when they execute * Update ansible-inventory and InventoryManager to the global and stage configuration * Update host_group_vars to use stage configuration and whitelisting * Add documentation for using new options and to the developer's guide * Add integration tests to exercise whitelisting and the new configuration options, using vars plugins in collections, and maintain backward compatibility * Changelog Co-Authored-By: Brian Coca <brian.coca+git@gmail.com> Co-Authored-By: Sandra McCann <samccann@redhat.com>
99 lines
4.1 KiB
Bash
Executable file
99 lines
4.1 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
|
|
set -eux
|
|
|
|
# Collections vars plugins must be whitelisted with FQCN because PluginLoader.all() does not search collections
|
|
|
|
# Let vars plugins run for inventory by using the global setting
|
|
export ANSIBLE_RUN_VARS_PLUGINS=start
|
|
|
|
# Test vars plugin in a playbook-adjacent collection
|
|
export ANSIBLE_VARS_ENABLED=testns.content_adj.custom_adj_vars
|
|
|
|
ansible-inventory -i a.statichost.yml --list --playbook-dir=./ | tee out.txt
|
|
|
|
grep '"collection": "adjacent"' out.txt
|
|
grep '"adj_var": "value"' out.txt
|
|
|
|
# Test vars plugin in a collection path
|
|
export ANSIBLE_VARS_ENABLED=testns.testcoll.custom_vars
|
|
export ANSIBLE_COLLECTIONS_PATHS=$PWD/collection_root_user:$PWD/collection_root_sys
|
|
|
|
ansible-inventory -i a.statichost.yml --list --playbook-dir=./ | tee out.txt
|
|
|
|
grep '"collection": "collection_root_user"' out.txt
|
|
grep -v '"adj_var": "value"' out.txt
|
|
|
|
# Test enabled vars plugins order reflects the order in which variables are merged
|
|
export ANSIBLE_VARS_ENABLED=testns.content_adj.custom_adj_vars,testns.testcoll.custom_vars
|
|
|
|
ansible-inventory -i a.statichost.yml --list --playbook-dir=./ | tee out.txt
|
|
|
|
grep '"collection": "collection_root_user"' out.txt
|
|
grep '"adj_var": "value"' out.txt
|
|
grep -v '"collection": "adjacent"' out.txt
|
|
|
|
# Test that 3rd party plugins in plugin_path do not need to require whitelisting by default
|
|
# Plugins shipped with Ansible and in the custom plugin dir should be used first
|
|
export ANSIBLE_VARS_PLUGINS=./custom_vars_plugins
|
|
|
|
ansible-inventory -i a.statichost.yml --list --playbook-dir=./ | tee out.txt
|
|
|
|
grep '"name": "v2_vars_plugin"' out.txt
|
|
grep '"collection": "collection_root_user"' out.txt
|
|
grep '"adj_var": "value"' out.txt
|
|
grep -v '"whitelisted": true' out.txt
|
|
|
|
# Test plugins in plugin paths that opt-in to require whitelisting
|
|
unset ANSIBLE_VARS_ENABLED
|
|
unset ANSIBLE_COLLECTIONS_PATHS
|
|
|
|
ANSIBLE_VARS_ENABLED=vars_req_whitelist ansible-inventory -i a.statichost.yml --list --playbook-dir=./ | tee out.txt
|
|
|
|
grep '"whitelisted": true' out.txt
|
|
|
|
# Test vars plugins that support the stage setting don't run for inventory when stage is set to 'task'
|
|
# and that the vars plugins that don't support the stage setting don't run for inventory when the global setting is 'demand'
|
|
ANSIBLE_VARS_PLUGIN_STAGE=task ansible-inventory -i a.statichost.yml --list --playbook-dir=./ | tee out.txt
|
|
|
|
grep -v '"v1_vars_plugin": true' out.txt
|
|
grep -v '"v2_vars_plugin": true' out.txt
|
|
grep -v '"vars_req_whitelist": true' out.txt
|
|
grep -v '"collection": "adjacent"' out.txt
|
|
grep -v '"collection": "collection_root_user"' out.txt
|
|
grep -v '"adj_var": "value"' out.txt
|
|
|
|
# Test vars plugins that support the stage setting run for inventory when stage is set to 'inventory'
|
|
ANSIBLE_VARS_PLUGIN_STAGE=inventory ansible-inventory -i a.statichost.yml --list --playbook-dir=./ | tee out.txt
|
|
|
|
grep -v '"v1_vars_plugin": true' out.txt
|
|
grep -v '"vars_req_whitelist": true' out.txt
|
|
grep '"v2_vars_plugin": true' out.txt
|
|
grep '"name": "v2_vars_plugin"' out.txt
|
|
|
|
# Test that the global setting allows v1 and v2 plugins to run after importing inventory
|
|
ANSIBLE_RUN_VARS_PLUGINS=start ansible-inventory -i a.statichost.yml --list --playbook-dir=./ | tee out.txt
|
|
|
|
grep -v '"vars_req_whitelist": true' out.txt
|
|
grep '"v1_vars_plugin": true' out.txt
|
|
grep '"v2_vars_plugin": true' out.txt
|
|
grep '"name": "v2_vars_plugin"' out.txt
|
|
|
|
# Test that vars plugins in collections and in the vars plugin path are available for tasks
|
|
cat << EOF > "test_task_vars.yml"
|
|
---
|
|
- hosts: localhost
|
|
connection: local
|
|
gather_facts: no
|
|
tasks:
|
|
- debug: msg="{{ name }}"
|
|
- debug: msg="{{ collection }}"
|
|
- debug: msg="{{ adj_var }}"
|
|
EOF
|
|
|
|
export ANSIBLE_VARS_ENABLED=testns.content_adj.custom_adj_vars
|
|
|
|
ANSIBLE_VARS_PLUGIN_STAGE=task ANSIBLE_VARS_PLUGINS=./custom_vars_plugins ansible-playbook test_task_vars.yml | grep "ok=3"
|
|
ANSIBLE_RUN_VARS_PLUGINS=start ANSIBLE_VARS_PLUGIN_STAGE=inventory ANSIBLE_VARS_PLUGINS=./custom_vars_plugins ansible-playbook test_task_vars.yml | grep "ok=3"
|
|
ANSIBLE_RUN_VARS_PLUGINS=demand ANSIBLE_VARS_PLUGIN_STAGE=inventory ANSIBLE_VARS_PLUGINS=./custom_vars_plugins ansible-playbook test_task_vars.yml | grep "ok=3"
|
|
ANSIBLE_VARS_PLUGINS=./custom_vars_plugins ansible-playbook test_task_vars.yml | grep "ok=3"
|