def test_containerization_unsafe_write_setting(tmp_path, runtime, mocker):
mock_containerized = mocker.patch(
'ansible_runner.config._base.BaseConfig.containerized',
new_callable=mocker.PropertyMock)
rc = BaseConfig(private_data_dir=tmp_path)
rc.ident = 'foo'
rc.cmdline_args = ['main.yaml', '-i', '/tmp/inventory']
rc.command = ['ansible-playbook'] + rc.cmdline_args
rc.process_isolation = True
rc.runner_mode = 'pexpect'
rc.process_isolation_executable = runtime
rc.container_image = 'my_container'
rc.container_volume_mounts = ['/host1:/container1', 'host2:/container2']
mock_containerized.return_value = True
rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS
rc._prepare_env()
rc._handle_command_wrap(rc.execution_mode, rc.cmdline_args)
expected = {
'docker': None,
'podman': '1',
}
assert rc.env.get('ANSIBLE_UNSAFE_WRITES') == expected[runtime]
def test_container_volume_mounting_with_Z(tmp_path, mocker):
mocker.patch('os.path.isdir', return_value=False)
mocker.patch('os.path.exists', return_value=True)
mocker.patch('os.makedirs', return_value=True)
rc = BaseConfig(private_data_dir=str(tmp_path))
os.path.isdir = mocker.Mock()
rc.container_volume_mounts = ['project_path:project_path:Z']
rc.container_name = 'foo'
rc.runner_mode = 'pexpect'
rc.env = {}
rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS
rc.command = ['ansible-playbook', 'foo.yml']
rc.container_image = 'network-ee'
rc.cmdline_args = ['foo.yml']
new_args = rc.wrap_args_for_containerization(rc.command, rc.execution_mode,
rc.cmdline_args)
assert new_args[0] == 'podman'
for i, entry in enumerate(new_args):
if entry == '-v':
mount = new_args[i + 1]
if mount.endswith('project_path/:Z'):
break
else:
raise Exception(
'Could not find expected mount, args: {}'.format(new_args))
def test_prepare_env_ansible_vars(mocker, tmp_path):
mocker.patch.dict(
'os.environ', {
'PYTHONPATH': '/python_path_via_environ',
'AWX_LIB_DIRECTORY': '/awx_lib_directory_via_environ',
})
artifact_dir = tmp_path.joinpath('some_artifacts')
rc = BaseConfig(artifact_dir=artifact_dir.as_posix())
rc.ssh_key_data = None
rc.env = {}
rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS
rc._prepare_env()
assert not hasattr(rc, 'ssh_key_path')
assert not hasattr(rc, 'command')
assert rc.env['ANSIBLE_STDOUT_CALLBACK'] == 'awx_display'
assert rc.env['ANSIBLE_RETRY_FILES_ENABLED'] == 'False'
assert rc.env['ANSIBLE_HOST_KEY_CHECKING'] == 'False'
assert rc.env['AWX_ISOLATED_DATA_DIR'] == artifact_dir.joinpath(
rc.ident).as_posix()
assert rc.env['PYTHONPATH'] == '/python_path_via_environ:/awx_lib_directory_via_environ', \
"PYTHONPATH is the union of the env PYTHONPATH and AWX_LIB_DIRECTORY"
del rc.env['PYTHONPATH']
os.environ['PYTHONPATH'] = "/foo/bar/python_path_via_environ"
rc._prepare_env()
assert rc.env['PYTHONPATH'] == "/foo/bar/python_path_via_environ:/awx_lib_directory_via_environ", \
"PYTHONPATH is the union of the explicit env['PYTHONPATH'] override and AWX_LIB_DIRECTORY"
def test_prepare_with_ssh_key(open_fifo_write_mock):
rc = BaseConfig(private_data_dir='/tmp')
rc.artifact_dir = '/tmp/artifact'
rc.env = {}
rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS
rc.ssh_key_data = '01234567890'
rc.command = 'ansible-playbook'
rc.cmdline_args = []
with patch.dict('os.environ', {'AWX_LIB_DIRECTORY': '/tmp/artifact'}):
rc._prepare_env()
assert rc.ssh_key_path == '/tmp/artifact/ssh_key_data'
assert open_fifo_write_mock.called
def test_prepare_with_ssh_key(mocker, tmp_path):
open_fifo_write_mock = mocker.patch(
'ansible_runner.config._base.open_fifo_write')
custom_artifacts = tmp_path.joinpath('custom_arts')
rc = BaseConfig(private_data_dir=tmp_path.as_posix(),
artifact_dir=custom_artifacts.as_posix())
rc.artifact_dir = custom_artifacts.as_posix()
rc.env = {}
rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS
rc.ssh_key_data = '01234567890'
rc.command = 'ansible-playbook'
rc.cmdline_args = []
rc._prepare_env()
assert rc.ssh_key_path == custom_artifacts.joinpath(
'ssh_key_data').as_posix()
assert open_fifo_write_mock.called
def test_containerization_settings(tmpdir, container_runtime):
with patch('ansible_runner.config._base.BaseConfig.containerized',
new_callable=PropertyMock) as mock_containerized:
rc = BaseConfig(private_data_dir=tmpdir)
rc.ident = 'foo'
rc.cmdline_args = ['main.yaml', '-i', '/tmp/inventory']
rc.command = ['ansible-playbook'] + rc.cmdline_args
rc.process_isolation = True
rc.runner_mode = 'pexpect'
rc.process_isolation_executable = container_runtime
rc.container_image = 'my_container'
rc.container_volume_mounts = [
'/host1:/container1', 'host2:/container2'
]
mock_containerized.return_value = True
rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS
rc._prepare_env()
rc._handle_command_wrap(rc.execution_mode, rc.cmdline_args)
extra_container_args = []
if container_runtime == 'podman':
extra_container_args = ['--quiet']
else:
extra_container_args = ['--user={os.getuid()}']
expected_command_start = [container_runtime, 'run', '--rm', '--interactive', '--tty', '--workdir', '/runner/project'] + \
['-v', '{}/.ssh/:/home/runner/.ssh/'.format(os.environ['HOME'])]
if container_runtime == 'podman':
expected_command_start += [
'--group-add=root', '--userns=keep-id', '--ipc=host'
]
expected_command_start += ['-v', '{}/artifacts:/runner/artifacts:Z'.format(rc.private_data_dir)] + \
['-v', '{}:/runner:Z'.format(rc.private_data_dir)] + \
['--env-file', '{}/env.list'.format(rc.artifact_dir)] + \
extra_container_args + \
['--name', 'ansible_runner_foo'] + \
['my_container', 'ansible-playbook', 'main.yaml', '-i', '/tmp/inventory']
for index, element in enumerate(expected_command_start):
if '--user='******'--user=' in rc.command[index]
else:
assert rc.command[index] == element
def test_prepare_env_ansible_vars():
rc = BaseConfig(private_data_dir='/tmp')
rc.ssh_key_data = None
rc.artifact_dir = '/tmp/artifact'
rc.env = {}
rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS
rc._prepare_env()
assert not hasattr(rc, 'ssh_key_path')
assert not hasattr(rc, 'command')
assert rc.env['ANSIBLE_STDOUT_CALLBACK'] == 'awx_display'
assert rc.env['ANSIBLE_RETRY_FILES_ENABLED'] == 'False'
assert rc.env['ANSIBLE_HOST_KEY_CHECKING'] == 'False'
assert rc.env['AWX_ISOLATED_DATA_DIR'] == '/tmp/artifact'
assert rc.env['PYTHONPATH'] == '/python_path_via_environ:/awx_lib_directory_via_environ', \
"PYTHONPATH is the union of the env PYTHONPATH and AWX_LIB_DIRECTORY"
del rc.env['PYTHONPATH']
os.environ['PYTHONPATH'] = "/foo/bar/python_path_via_environ"
rc._prepare_env()
assert rc.env['PYTHONPATH'] == "/foo/bar/python_path_via_environ:/awx_lib_directory_via_environ", \
"PYTHONPATH is the union of the explicit env['PYTHONPATH'] override and AWX_LIB_DIRECTORY"
def test_containerization_settings(tmp_path, runtime, mocker):
mocker.patch.dict('os.environ', {'HOME': str(tmp_path)}, clear=True)
tmp_path.joinpath('.ssh').mkdir()
mock_containerized = mocker.patch(
'ansible_runner.config._base.BaseConfig.containerized',
new_callable=mocker.PropertyMock)
mock_containerized.return_value = True
rc = BaseConfig(private_data_dir=tmp_path)
rc.ident = 'foo'
rc.cmdline_args = ['main.yaml', '-i', '/tmp/inventory']
rc.command = ['ansible-playbook'] + rc.cmdline_args
rc.process_isolation = True
rc.runner_mode = 'pexpect'
rc.process_isolation_executable = runtime
rc.container_image = 'my_container'
rc.container_volume_mounts = ['/host1:/container1', 'host2:/container2']
rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS
rc._prepare_env()
rc._handle_command_wrap(rc.execution_mode, rc.cmdline_args)
extra_container_args = []
if runtime == 'podman':
extra_container_args = ['--quiet']
else:
extra_container_args = [f'--user={os.getuid()}']
expected_command_start = [
runtime,
'run',
'--rm',
'--tty',
'--interactive',
'--workdir',
'/runner/project',
'-v',
'{}/.ssh/:/home/runner/.ssh/'.format(str(tmp_path)),
'-v',
'{}/.ssh/:/root/.ssh/'.format(str(tmp_path)),
]
if runtime == 'podman':
expected_command_start.extend(['--group-add=root', '--ipc=host'])
expected_command_start.extend([
'-v',
'{}/artifacts/:/runner/artifacts/:Z'.format(rc.private_data_dir),
'-v',
'{}/:/runner/:Z'.format(rc.private_data_dir),
'--env-file',
'{}/env.list'.format(rc.artifact_dir),
])
expected_command_start.extend(extra_container_args)
expected_command_start.extend([
'--name',
'ansible_runner_foo',
'my_container',
'ansible-playbook',
'main.yaml',
'-i',
'/tmp/inventory',
])
assert expected_command_start == rc.command