Skip to content

Commit

Permalink
update core version
Browse files Browse the repository at this point in the history 
use key storage for passwords and keys
  • Loading branch information
@ltamaster
ltamaster committed Aug 16, 2023
1 parent 0d84661 commit af43f4a
Show file tree
Hide file tree
Showing 3 changed files with 123 additions and 27 deletions.
2 changes: 1 addition & 1 deletion build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ configurations {

dependencies {
pluginLibs 'com.google.code.gson:gson:2.10.1'
implementation('org.rundeck:rundeck-core:4.14.0-rc1-20230606')
implementation('org.rundeck:rundeck-core:4.16.0-rc1-20230815')
implementation 'org.codehaus.groovy:groovy-all:3.0.9'
}

Expand Down
143 changes: 117 additions & 26 deletions src/main/groovy/com/rundeck/plugins/ansible/plugin/AnsibleResourceModelSource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,12 +83,20 @@ public class AnsibleResourceModelSource implements ResourceModelSource, ProxySec
protected String vaultFile;
protected String vaultPassword;

protected String vaultPasswordPath;

protected String baseDirectoryPath;

protected String ansibleBinariesDirectoryPath;

protected String extraParameters;

protected String sshAgent;
protected String sshPassphraseStoragePath;

protected String becamePasswordStoragePath;


public AnsibleResourceModelSource(final Framework framework) {
this.framework = framework;
}
Expand Down Expand Up @@ -178,7 +186,13 @@ public void configure(Properties configuration) throws ConfigurationException {
sshPasswordPath = (String) resolveProperty(AnsibleDescribable.ANSIBLE_SSH_PASSWORD_STORAGE_PATH,null,configuration,executionDataContext);
sshPrivateKeyPath = (String) resolveProperty(AnsibleDescribable.ANSIBLE_SSH_KEYPATH_STORAGE_PATH,null,configuration,executionDataContext);

vaultPasswordPath = (String) resolveProperty(AnsibleDescribable.ANSIBLE_VAULTSTORE_PATH,null,configuration,executionDataContext);

sshAgent = (String) resolveProperty(AnsibleDescribable.ANSIBLE_SSH_USE_AGENT,null,configuration,executionDataContext);
sshPassphraseStoragePath = (String) resolveProperty(AnsibleDescribable.ANSIBLE_SSH_PASSPHRASE,null,configuration,executionDataContext);
vaultPasswordPath = (String) resolveProperty(AnsibleDescribable.ANSIBLE_BECOME_PASSWORD_STORAGE_PATH,null,configuration,executionDataContext);

becamePasswordStoragePath = (String) resolveProperty(AnsibleDescribable.ANSIBLE_BECOME_PASSWORD_STORAGE_PATH,null,configuration,executionDataContext);
}

public AnsibleRunner buildAnsibleRunner() throws ResourceModelSourceException{
Expand Down Expand Up @@ -218,6 +232,19 @@ public AnsibleRunner buildAnsibleRunner() throws ResourceModelSourceException{
}
}

if(sshAgent != null && sshAgent.equalsIgnoreCase("true")) {
runner = runner.sshUseAgent(Boolean.TRUE);

if(sshPassphraseStoragePath != null && !sshPassphraseStoragePath.isEmpty()) {
try {
String sshPassphrase = getStorageContentString(sshPassphraseStoragePath, storageTree);
runner = runner.sshPassphrase(sshPassphrase);
} catch (ConfigurationException e) {
throw new ResourceModelSourceException("Could not read passphrase from storage path " + sshPassphraseStoragePath,e);
}
}
}

} else if ( sshAuthType.equalsIgnoreCase(AuthenticationType.password.name()) ) {
if (sshPassword != null) {
runner = runner.sshUsePassword(Boolean.TRUE).sshPass(sshPassword);
Expand All @@ -233,7 +260,6 @@ public AnsibleRunner buildAnsibleRunner() throws ResourceModelSourceException{
}
}


if (inventory != null) {
runner = runner.setInventory(inventory);
}
Expand Down Expand Up @@ -265,34 +291,52 @@ public AnsibleRunner buildAnsibleRunner() throws ResourceModelSourceException{
runner = runner.becomePassword(becomePassword);
}

if (configFile != null) {
runner = runner.configFile(configFile);
if(becamePasswordStoragePath != null && !becamePasswordStoragePath.isEmpty()){
try {
becomePassword = getStorageContentString(becamePasswordStoragePath, storageTree);
runner = runner.becomePassword(becomePassword);
} catch (Exception e) {
throw new ResourceModelSourceException("Could not read becomePassword from storage path " + becamePasswordStoragePath,e);
}
}

if(vaultPassword!=null) {
if (configFile != null) {
runner = runner.configFile(configFile);
}

if(vaultPassword!=null) {
runner.vaultPass(vaultPassword);
}
}

if (vaultFile != null) {
String vaultPassword;
try {
vaultPassword = new String(Files.readAllBytes(Paths.get(vaultFile)));
} catch (IOException e) {
throw new ResourceModelSourceException("Could not read vault file " + vaultFile,e);
}
runner.vaultPass(vaultPassword);
}
if (baseDirectoryPath != null) {
runner.baseDirectory(baseDirectoryPath);
if(vaultPasswordPath!=null && !vaultPasswordPath.isEmpty()){
try {
vaultPassword = getStorageContentString(vaultPasswordPath, storageTree);
} catch (Exception e) {
throw new ResourceModelSourceException("Could not read vaultPassword " + vaultPasswordPath,e);
}
runner = runner.vaultPass(vaultPassword);
}

if (ansibleBinariesDirectoryPath != null) {
runner.ansibleBinariesDirectory(ansibleBinariesDirectoryPath);
if (vaultFile != null) {
String vaultPassword;
try {
vaultPassword = new String(Files.readAllBytes(Paths.get(vaultFile)));
} catch (IOException e) {
throw new ResourceModelSourceException("Could not read vault file " + vaultFile,e);
}
runner.vaultPass(vaultPassword);
}
if (baseDirectoryPath != null) {
runner.baseDirectory(baseDirectoryPath);
}

if (extraParameters != null){
runner.extraParams(extraParameters);
}
if (ansibleBinariesDirectoryPath != null) {
runner.ansibleBinariesDirectory(ansibleBinariesDirectoryPath);
}

if (extraParameters != null){
runner.extraParams(extraParameters);
}



Expand Down Expand Up @@ -612,13 +656,36 @@ public List<String> listSecretsPathResourceModel(Map<String, Object> configurati

String passwordStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_SSH_PASSWORD_STORAGE_PATH);
String privateKeyStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_SSH_KEYPATH_STORAGE_PATH);
String passphraseStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_SSH_PASSPHRASE);
String vaultPasswordStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_VAULTSTORE_PATH);
String becamePasswordStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_BECOME_PASSWORD_STORAGE_PATH);

if(passwordStoragePath!=null){
if(passwordStoragePath!=null && !passwordStoragePath.isEmpty()){
keys.add(passwordStoragePath);
}

if(privateKeyStoragePath!=null){
keys.add(privateKeyStoragePath);
if(privateKeyStoragePath!=null && !privateKeyStoragePath.isEmpty()){
if(!keys.contains(privateKeyStoragePath)){
keys.add(privateKeyStoragePath);
}
}

if(passphraseStoragePath!=null && !passphraseStoragePath.isEmpty()){
if(!keys.contains(passphraseStoragePath)){
keys.add(passphraseStoragePath);
}
}

if(vaultPasswordStoragePath!=null && !vaultPasswordStoragePath.isEmpty()){
if(!keys.contains(vaultPasswordStoragePath)){
keys.add(vaultPasswordStoragePath);
}
}

if(becamePasswordStoragePath!=null && !becamePasswordStoragePath.isEmpty()){
if(!keys.contains(becamePasswordStoragePath)){
keys.add(becamePasswordStoragePath);
}
}

return keys;
Expand All @@ -634,21 +701,45 @@ public SecretBundle prepareSecretBundleResourceModel(Services services, Map<Stri

String passwordStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_SSH_PASSWORD_STORAGE_PATH);
String privateKeyStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_SSH_KEYPATH_STORAGE_PATH);
String passphraseStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_SSH_PASSPHRASE);
String vaultPasswordStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_VAULTSTORE_PATH);
String becamePasswordStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_BECOME_PASSWORD_STORAGE_PATH);

if(passwordStoragePath!=null){
if(passwordStoragePath!=null && !passwordStoragePath.isEmpty()){
secretBundle.addSecret(
passwordStoragePath,
getStorageContent(passwordStoragePath,storageTree )
);
}

if(privateKeyStoragePath!=null){
if(privateKeyStoragePath!=null && !privateKeyStoragePath.isEmpty()){
secretBundle.addSecret(
privateKeyStoragePath,
getStorageContent(privateKeyStoragePath,storageTree )
);
}

if(passphraseStoragePath!=null && !passphraseStoragePath.isEmpty()){
secretBundle.addSecret(
passphraseStoragePath,
getStorageContent(passphraseStoragePath,storageTree )
);
}

if(vaultPasswordStoragePath!=null && !vaultPasswordStoragePath.isEmpty()){
secretBundle.addSecret(
vaultPasswordStoragePath,
getStorageContent(vaultPasswordStoragePath,storageTree )
);
}

if(becamePasswordStoragePath!=null && !becamePasswordStoragePath.isEmpty()){
secretBundle.addSecret(
becamePasswordStoragePath,
getStorageContent(becamePasswordStoragePath,storageTree )
);
}

return secretBundle;

} catch (Exception e) {
Expand Down
5 changes: 5 additions & 0 deletions src/main/groovy/com/rundeck/plugins/ansible/plugin/AnsibleResourceModelSourceFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,14 @@ public AnsibleResourceModelSourceFactory(final Framework framework) {
builder.property(BECOME_PASSWORD_PROP);
builder.property(VAULT_KEY_FILE_PROP);
builder.property(VAULT_PASSWORD_PROP);
builder.property(VAULT_KEY_STORAGE_PROP);

builder.property(SSH_PASSWORD_STORAGE_PROP);
builder.property(SSH_KEY_STORAGE_PROP);
builder.property(SSH_PASSPHRASE);

builder.property(SSH_USE_AGENT);
builder.property(BECOME_PASSWORD_STORAGE_PROP);

builder.mapping(ANSIBLE_INVENTORY,PROJ_PROP_PREFIX + ANSIBLE_INVENTORY);
builder.frameworkMapping(ANSIBLE_INVENTORY,FWK_PROP_PREFIX + ANSIBLE_INVENTORY);
Expand Down

0 comments on commit af43f4a

Please sign in to comment.