From d1d8189a83d18acfde0a4cb777e9288a297fffc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= <anders.f.bjorklund@gmail.com>
Date: Wed, 2 Oct 2024 19:55:46 +0200
Subject: [PATCH] Make sure that ansible params check the playbook
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The ansible provisioning supports using a separate yaml playbook,
so check this file (but only the top playbook) for any parameters...

The `ansible-playbook` command does not run remotely so it does not
use the param.env, which means that the env is set on the command.

Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
---
 hack/ansible-test.yaml             |  2 +-
 hack/test-templates.sh             |  8 +-------
 hack/test-templates/test-misc.yaml |  1 +
 pkg/instance/ansible.go            | 11 +++++++++++
 pkg/limayaml/validate.go           | 10 ++++++++++
 5 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/hack/ansible-test.yaml b/hack/ansible-test.yaml
index 255c7eca551f..ade4d0e12c80 100644
--- a/hack/ansible-test.yaml
+++ b/hack/ansible-test.yaml
@@ -2,5 +2,5 @@
   tasks:
   - name: Create test file
     file:
-      path: /tmp/ansible
+      path: "/tmp/param-{{ lookup('ansible.builtin.env', 'PARAM_ANSIBLE') }}"
       state: touch
diff --git a/hack/test-templates.sh b/hack/test-templates.sh
index e36eafe8a6e0..7415d9bd2645 100755
--- a/hack/test-templates.sh
+++ b/hack/test-templates.sh
@@ -35,7 +35,6 @@ declare -A CHECKS=(
 	["disk"]=""
 	["user-v2"]=""
 	["mount-path-with-spaces"]=""
-	["provision-ansible"]=""
 	["param-env-variables"]=""
 )
 
@@ -64,7 +63,6 @@ case "$NAME" in
 	CHECKS["snapshot-online"]="1"
 	CHECKS["snapshot-offline"]="1"
 	CHECKS["mount-path-with-spaces"]="1"
-	CHECKS["provision-ansible"]="1"
 	CHECKS["param-env-variables"]="1"
 	;;
 "net-user-v2")
@@ -149,13 +147,9 @@ if [[ -n ${CHECKS["mount-path-with-spaces"]} ]]; then
 	[ "$(limactl shell "$NAME" cat "/tmp/lima test dir with spaces/test file")" = "test file content" ]
 fi
 
-if [[ -n ${CHECKS["provision-ansible"]} ]]; then
-	INFO 'Testing that /tmp/ansible was created successfully on provision'
-	limactl shell "$NAME" test -e /tmp/ansible
-fi
-
 if [[ -n ${CHECKS["param-env-variables"]} ]]; then
 	INFO 'Testing that PARAM env variables are exported to all types of provisioning scripts and probes'
+	limactl shell "$NAME" test -e /tmp/param-ansible
 	limactl shell "$NAME" test -e /tmp/param-boot
 	limactl shell "$NAME" test -e /tmp/param-dependency
 	limactl shell "$NAME" test -e /tmp/param-probe
diff --git a/hack/test-templates/test-misc.yaml b/hack/test-templates/test-misc.yaml
index 2f2c17cae4be..31f3c2590f27 100644
--- a/hack/test-templates/test-misc.yaml
+++ b/hack/test-templates/test-misc.yaml
@@ -27,6 +27,7 @@ mounts:
   writable: true
 
 param:
+  ANSIBLE: ansible
   BOOT: boot
   DEPENDENCY: dependency
   PROBE: probe
diff --git a/pkg/instance/ansible.go b/pkg/instance/ansible.go
index a4cf236a562f..f217ddffbcc7 100644
--- a/pkg/instance/ansible.go
+++ b/pkg/instance/ansible.go
@@ -2,6 +2,7 @@ package instance
 
 import (
 	"context"
+	"fmt"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -33,6 +34,7 @@ func runAnsiblePlaybook(ctx context.Context, inst *store.Instance, playbook stri
 	logrus.Debugf("ansible-playbook -i %q %q", inventory, playbook)
 	args := []string{"-i", inventory, playbook}
 	cmd := exec.CommandContext(ctx, "ansible-playbook", args...)
+	cmd.Env = getAnsibleEnvironment(inst)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	return cmd.Run()
@@ -60,3 +62,12 @@ func createAnsibleInventory(inst *store.Instance) (string, error) {
 	inventory := filepath.Join(inst.Dir, filenames.AnsibleInventoryYAML)
 	return inventory, os.WriteFile(inventory, bytes, 0o644)
 }
+
+func getAnsibleEnvironment(inst *store.Instance) []string {
+	env := []string{}
+	env = append(env, os.Environ()...)
+	for key, val := range inst.Config.Param {
+		env = append(env, fmt.Sprintf("PARAM_%s=%s", key, val))
+	}
+	return env
+}
diff --git a/pkg/limayaml/validate.go b/pkg/limayaml/validate.go
index 65a6d4bef167..d803894f2dba 100644
--- a/pkg/limayaml/validate.go
+++ b/pkg/limayaml/validate.go
@@ -445,6 +445,16 @@ func ValidateParamIsUsed(y *LimaYAML) error {
 				keyIsUsed = true
 				break
 			}
+			if p.Playbook != "" {
+				playbook, err := os.ReadFile(p.Playbook)
+				if err != nil {
+					return err
+				}
+				if re.Match(playbook) {
+					keyIsUsed = true
+					break
+				}
+			}
 		}
 		for _, p := range y.Probes {
 			if re.MatchString(p.Script) {