示例#1
0
def test_containerization_unsafe_write_setting(tmp_path, runtime, mocker):
    mock_containerized = mocker.patch(
        'ansible_runner.config._base.BaseConfig.containerized',
        new_callable=mocker.PropertyMock)

    rc = BaseConfig(private_data_dir=tmp_path)
    rc.ident = 'foo'
    rc.cmdline_args = ['main.yaml', '-i', '/tmp/inventory']
    rc.command = ['ansible-playbook'] + rc.cmdline_args
    rc.process_isolation = True
    rc.runner_mode = 'pexpect'
    rc.process_isolation_executable = runtime
    rc.container_image = 'my_container'
    rc.container_volume_mounts = ['/host1:/container1', 'host2:/container2']
    mock_containerized.return_value = True
    rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS
    rc._prepare_env()
    rc._handle_command_wrap(rc.execution_mode, rc.cmdline_args)

    expected = {
        'docker': None,
        'podman': '1',
    }

    assert rc.env.get('ANSIBLE_UNSAFE_WRITES') == expected[runtime]
示例#2
0
def test_container_volume_mounting_with_Z(tmp_path, mocker):
    mocker.patch('os.path.isdir', return_value=False)
    mocker.patch('os.path.exists', return_value=True)
    mocker.patch('os.makedirs', return_value=True)

    rc = BaseConfig(private_data_dir=str(tmp_path))
    os.path.isdir = mocker.Mock()
    rc.container_volume_mounts = ['project_path:project_path:Z']
    rc.container_name = 'foo'
    rc.runner_mode = 'pexpect'
    rc.env = {}
    rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS
    rc.command = ['ansible-playbook', 'foo.yml']
    rc.container_image = 'network-ee'
    rc.cmdline_args = ['foo.yml']

    new_args = rc.wrap_args_for_containerization(rc.command, rc.execution_mode,
                                                 rc.cmdline_args)

    assert new_args[0] == 'podman'
    for i, entry in enumerate(new_args):
        if entry == '-v':
            mount = new_args[i + 1]
            if mount.endswith('project_path/:Z'):
                break
    else:
        raise Exception(
            'Could not find expected mount, args: {}'.format(new_args))
示例#3
0
def test_prepare_env_ansible_vars(mocker, tmp_path):
    mocker.patch.dict(
        'os.environ', {
            'PYTHONPATH': '/python_path_via_environ',
            'AWX_LIB_DIRECTORY': '/awx_lib_directory_via_environ',
        })

    artifact_dir = tmp_path.joinpath('some_artifacts')
    rc = BaseConfig(artifact_dir=artifact_dir.as_posix())
    rc.ssh_key_data = None
    rc.env = {}
    rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS

    rc._prepare_env()

    assert not hasattr(rc, 'ssh_key_path')
    assert not hasattr(rc, 'command')

    assert rc.env['ANSIBLE_STDOUT_CALLBACK'] == 'awx_display'
    assert rc.env['ANSIBLE_RETRY_FILES_ENABLED'] == 'False'
    assert rc.env['ANSIBLE_HOST_KEY_CHECKING'] == 'False'
    assert rc.env['AWX_ISOLATED_DATA_DIR'] == artifact_dir.joinpath(
        rc.ident).as_posix()
    assert rc.env['PYTHONPATH'] == '/python_path_via_environ:/awx_lib_directory_via_environ', \
        "PYTHONPATH is the union of the env PYTHONPATH and AWX_LIB_DIRECTORY"

    del rc.env['PYTHONPATH']
    os.environ['PYTHONPATH'] = "/foo/bar/python_path_via_environ"
    rc._prepare_env()
    assert rc.env['PYTHONPATH'] == "/foo/bar/python_path_via_environ:/awx_lib_directory_via_environ", \
        "PYTHONPATH is the union of the explicit env['PYTHONPATH'] override and AWX_LIB_DIRECTORY"
示例#4
0
def test_prepare_with_ssh_key(open_fifo_write_mock):
    rc = BaseConfig(private_data_dir='/tmp')
    rc.artifact_dir = '/tmp/artifact'
    rc.env = {}
    rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS
    rc.ssh_key_data = '01234567890'
    rc.command = 'ansible-playbook'
    rc.cmdline_args = []

    with patch.dict('os.environ', {'AWX_LIB_DIRECTORY': '/tmp/artifact'}):
        rc._prepare_env()

    assert rc.ssh_key_path == '/tmp/artifact/ssh_key_data'
    assert open_fifo_write_mock.called
示例#5
0
def test_prepare_with_ssh_key(mocker, tmp_path):
    open_fifo_write_mock = mocker.patch(
        'ansible_runner.config._base.open_fifo_write')
    custom_artifacts = tmp_path.joinpath('custom_arts')

    rc = BaseConfig(private_data_dir=tmp_path.as_posix(),
                    artifact_dir=custom_artifacts.as_posix())
    rc.artifact_dir = custom_artifacts.as_posix()
    rc.env = {}
    rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS
    rc.ssh_key_data = '01234567890'
    rc.command = 'ansible-playbook'
    rc.cmdline_args = []
    rc._prepare_env()

    assert rc.ssh_key_path == custom_artifacts.joinpath(
        'ssh_key_data').as_posix()
    assert open_fifo_write_mock.called
示例#6
0
def test_containerization_settings(tmpdir, container_runtime):
    with patch('ansible_runner.config._base.BaseConfig.containerized',
               new_callable=PropertyMock) as mock_containerized:
        rc = BaseConfig(private_data_dir=tmpdir)
        rc.ident = 'foo'
        rc.cmdline_args = ['main.yaml', '-i', '/tmp/inventory']
        rc.command = ['ansible-playbook'] + rc.cmdline_args
        rc.process_isolation = True
        rc.runner_mode = 'pexpect'
        rc.process_isolation_executable = container_runtime
        rc.container_image = 'my_container'
        rc.container_volume_mounts = [
            '/host1:/container1', 'host2:/container2'
        ]
        mock_containerized.return_value = True
        rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS
        rc._prepare_env()
        rc._handle_command_wrap(rc.execution_mode, rc.cmdline_args)

    extra_container_args = []
    if container_runtime == 'podman':
        extra_container_args = ['--quiet']
    else:
        extra_container_args = ['--user={os.getuid()}']

    expected_command_start = [container_runtime, 'run', '--rm', '--interactive', '--tty', '--workdir', '/runner/project'] + \
                             ['-v', '{}/.ssh/:/home/runner/.ssh/'.format(os.environ['HOME'])]
    if container_runtime == 'podman':
        expected_command_start += [
            '--group-add=root', '--userns=keep-id', '--ipc=host'
        ]

    expected_command_start += ['-v', '{}/artifacts:/runner/artifacts:Z'.format(rc.private_data_dir)] + \
        ['-v', '{}:/runner:Z'.format(rc.private_data_dir)] + \
        ['--env-file', '{}/env.list'.format(rc.artifact_dir)] + \
        extra_container_args + \
        ['--name', 'ansible_runner_foo'] + \
        ['my_container', 'ansible-playbook', 'main.yaml', '-i', '/tmp/inventory']

    for index, element in enumerate(expected_command_start):
        if '--user='******'--user=' in rc.command[index]
        else:
            assert rc.command[index] == element
示例#7
0
def test_prepare_env_ansible_vars():
    rc = BaseConfig(private_data_dir='/tmp')
    rc.ssh_key_data = None
    rc.artifact_dir = '/tmp/artifact'
    rc.env = {}
    rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS

    rc._prepare_env()

    assert not hasattr(rc, 'ssh_key_path')
    assert not hasattr(rc, 'command')

    assert rc.env['ANSIBLE_STDOUT_CALLBACK'] == 'awx_display'
    assert rc.env['ANSIBLE_RETRY_FILES_ENABLED'] == 'False'
    assert rc.env['ANSIBLE_HOST_KEY_CHECKING'] == 'False'
    assert rc.env['AWX_ISOLATED_DATA_DIR'] == '/tmp/artifact'
    assert rc.env['PYTHONPATH'] == '/python_path_via_environ:/awx_lib_directory_via_environ', \
        "PYTHONPATH is the union of the env PYTHONPATH and AWX_LIB_DIRECTORY"

    del rc.env['PYTHONPATH']
    os.environ['PYTHONPATH'] = "/foo/bar/python_path_via_environ"
    rc._prepare_env()
    assert rc.env['PYTHONPATH'] == "/foo/bar/python_path_via_environ:/awx_lib_directory_via_environ", \
        "PYTHONPATH is the union of the explicit env['PYTHONPATH'] override and AWX_LIB_DIRECTORY"
示例#8
0
def test_containerization_settings(tmp_path, runtime, mocker):
    mocker.patch.dict('os.environ', {'HOME': str(tmp_path)}, clear=True)
    tmp_path.joinpath('.ssh').mkdir()

    mock_containerized = mocker.patch(
        'ansible_runner.config._base.BaseConfig.containerized',
        new_callable=mocker.PropertyMock)
    mock_containerized.return_value = True

    rc = BaseConfig(private_data_dir=tmp_path)
    rc.ident = 'foo'
    rc.cmdline_args = ['main.yaml', '-i', '/tmp/inventory']
    rc.command = ['ansible-playbook'] + rc.cmdline_args
    rc.process_isolation = True
    rc.runner_mode = 'pexpect'
    rc.process_isolation_executable = runtime
    rc.container_image = 'my_container'
    rc.container_volume_mounts = ['/host1:/container1', 'host2:/container2']
    rc.execution_mode = BaseExecutionMode.ANSIBLE_COMMANDS
    rc._prepare_env()
    rc._handle_command_wrap(rc.execution_mode, rc.cmdline_args)

    extra_container_args = []
    if runtime == 'podman':
        extra_container_args = ['--quiet']
    else:
        extra_container_args = [f'--user={os.getuid()}']

    expected_command_start = [
        runtime,
        'run',
        '--rm',
        '--tty',
        '--interactive',
        '--workdir',
        '/runner/project',
        '-v',
        '{}/.ssh/:/home/runner/.ssh/'.format(str(tmp_path)),
        '-v',
        '{}/.ssh/:/root/.ssh/'.format(str(tmp_path)),
    ]

    if runtime == 'podman':
        expected_command_start.extend(['--group-add=root', '--ipc=host'])

    expected_command_start.extend([
        '-v',
        '{}/artifacts/:/runner/artifacts/:Z'.format(rc.private_data_dir),
        '-v',
        '{}/:/runner/:Z'.format(rc.private_data_dir),
        '--env-file',
        '{}/env.list'.format(rc.artifact_dir),
    ])

    expected_command_start.extend(extra_container_args)

    expected_command_start.extend([
        '--name',
        'ansible_runner_foo',
        'my_container',
        'ansible-playbook',
        'main.yaml',
        '-i',
        '/tmp/inventory',
    ])

    assert expected_command_start == rc.command