From af43f4a9742f8aeafaf174f6f6275985328d82c4 Mon Sep 17 00:00:00 2001
From: Luis Toledo <luis@variacode.com>
Date: Wed, 16 Aug 2023 11:33:59 -0400
Subject: [PATCH] update core version use key storage for passwords and keys

---
 build.gradle                                  |   2 +-
 .../plugin/AnsibleResourceModelSource.java    | 143 ++++++++++++++----
 .../AnsibleResourceModelSourceFactory.java    |   5 +
 3 files changed, 123 insertions(+), 27 deletions(-)

diff --git a/build.gradle b/build.gradle
index ed7b06e4..38970e34 100644
--- a/build.gradle
+++ b/build.gradle
@@ -46,7 +46,7 @@ configurations {
 
 dependencies {
   pluginLibs 'com.google.code.gson:gson:2.10.1'
-  implementation('org.rundeck:rundeck-core:4.14.0-rc1-20230606')
+  implementation('org.rundeck:rundeck-core:4.16.0-rc1-20230815')
   implementation 'org.codehaus.groovy:groovy-all:3.0.9'
 }
 
diff --git a/src/main/groovy/com/rundeck/plugins/ansible/plugin/AnsibleResourceModelSource.java b/src/main/groovy/com/rundeck/plugins/ansible/plugin/AnsibleResourceModelSource.java
index 973dc87d..e23cf21a 100644
--- a/src/main/groovy/com/rundeck/plugins/ansible/plugin/AnsibleResourceModelSource.java
+++ b/src/main/groovy/com/rundeck/plugins/ansible/plugin/AnsibleResourceModelSource.java
@@ -83,12 +83,20 @@ public class AnsibleResourceModelSource implements ResourceModelSource, ProxySec
   protected String vaultFile;
   protected String vaultPassword;
 
+  protected String vaultPasswordPath;
+
   protected String baseDirectoryPath;
 
   protected String ansibleBinariesDirectoryPath;
 
   protected String extraParameters;
 
+  protected String sshAgent;
+  protected String sshPassphraseStoragePath;
+
+  protected String becamePasswordStoragePath;
+
+
   public AnsibleResourceModelSource(final Framework framework) {
       this.framework = framework;
   }
@@ -178,7 +186,13 @@ public void configure(Properties configuration) throws ConfigurationException {
     sshPasswordPath = (String) resolveProperty(AnsibleDescribable.ANSIBLE_SSH_PASSWORD_STORAGE_PATH,null,configuration,executionDataContext);
     sshPrivateKeyPath = (String) resolveProperty(AnsibleDescribable.ANSIBLE_SSH_KEYPATH_STORAGE_PATH,null,configuration,executionDataContext);
 
+    vaultPasswordPath = (String) resolveProperty(AnsibleDescribable.ANSIBLE_VAULTSTORE_PATH,null,configuration,executionDataContext);
 
+    sshAgent = (String) resolveProperty(AnsibleDescribable.ANSIBLE_SSH_USE_AGENT,null,configuration,executionDataContext);
+    sshPassphraseStoragePath = (String) resolveProperty(AnsibleDescribable.ANSIBLE_SSH_PASSPHRASE,null,configuration,executionDataContext);
+    vaultPasswordPath = (String) resolveProperty(AnsibleDescribable.ANSIBLE_BECOME_PASSWORD_STORAGE_PATH,null,configuration,executionDataContext);
+
+    becamePasswordStoragePath = (String) resolveProperty(AnsibleDescribable.ANSIBLE_BECOME_PASSWORD_STORAGE_PATH,null,configuration,executionDataContext);
   }
 
   public AnsibleRunner buildAnsibleRunner() throws ResourceModelSourceException{
@@ -218,6 +232,19 @@ public AnsibleRunner buildAnsibleRunner() throws ResourceModelSourceException{
         }
       }
 
+      if(sshAgent != null && sshAgent.equalsIgnoreCase("true")) {
+        runner = runner.sshUseAgent(Boolean.TRUE);
+
+        if(sshPassphraseStoragePath != null && !sshPassphraseStoragePath.isEmpty()) {
+          try {
+            String sshPassphrase = getStorageContentString(sshPassphraseStoragePath, storageTree);
+            runner = runner.sshPassphrase(sshPassphrase);
+          } catch (ConfigurationException e) {
+            throw new ResourceModelSourceException("Could not read passphrase from storage path " + sshPassphraseStoragePath,e);
+          }
+        }
+      }
+
     } else if ( sshAuthType.equalsIgnoreCase(AuthenticationType.password.name()) ) {
       if (sshPassword != null) {
         runner = runner.sshUsePassword(Boolean.TRUE).sshPass(sshPassword);
@@ -233,7 +260,6 @@ public AnsibleRunner buildAnsibleRunner() throws ResourceModelSourceException{
       }
     }
 
-
     if (inventory != null) {
       runner = runner.setInventory(inventory);
     }
@@ -265,34 +291,52 @@ public AnsibleRunner buildAnsibleRunner() throws ResourceModelSourceException{
       runner = runner.becomePassword(becomePassword);
     }
 
-      if (configFile != null) {
-        runner = runner.configFile(configFile);
+    if(becamePasswordStoragePath != null && !becamePasswordStoragePath.isEmpty()){
+      try {
+        becomePassword = getStorageContentString(becamePasswordStoragePath, storageTree);
+        runner = runner.becomePassword(becomePassword);
+      } catch (Exception e) {
+        throw new ResourceModelSourceException("Could not read becomePassword from storage path " + becamePasswordStoragePath,e);
       }
+    }
 
-      if(vaultPassword!=null) {
+    if (configFile != null) {
+      runner = runner.configFile(configFile);
+    }
+
+    if(vaultPassword!=null) {
       runner.vaultPass(vaultPassword);
-      }
+    }
 
-      if (vaultFile != null) {
-        String vaultPassword;
-        try {
-          vaultPassword = new String(Files.readAllBytes(Paths.get(vaultFile)));
-        } catch (IOException e) {
-          throw new ResourceModelSourceException("Could not read vault file " + vaultFile,e);
-        }
-        runner.vaultPass(vaultPassword);
-      }
-      if (baseDirectoryPath != null) {
-	      runner.baseDirectory(baseDirectoryPath);
+    if(vaultPasswordPath!=null && !vaultPasswordPath.isEmpty()){
+      try {
+        vaultPassword = getStorageContentString(vaultPasswordPath, storageTree);
+      } catch (Exception e) {
+        throw new ResourceModelSourceException("Could not read vaultPassword " + vaultPasswordPath,e);
       }
+      runner = runner.vaultPass(vaultPassword);
+    }
 
-      if (ansibleBinariesDirectoryPath != null) {
-        runner.ansibleBinariesDirectory(ansibleBinariesDirectoryPath);
+    if (vaultFile != null) {
+      String vaultPassword;
+      try {
+        vaultPassword = new String(Files.readAllBytes(Paths.get(vaultFile)));
+      } catch (IOException e) {
+        throw new ResourceModelSourceException("Could not read vault file " + vaultFile,e);
       }
+      runner.vaultPass(vaultPassword);
+    }
+    if (baseDirectoryPath != null) {
+        runner.baseDirectory(baseDirectoryPath);
+    }
 
-      if (extraParameters != null){
-        runner.extraParams(extraParameters);
-      }
+    if (ansibleBinariesDirectoryPath != null) {
+      runner.ansibleBinariesDirectory(ansibleBinariesDirectoryPath);
+    }
+
+    if (extraParameters != null){
+      runner.extraParams(extraParameters);
+    }
 
 
 
@@ -612,13 +656,36 @@ public List<String> listSecretsPathResourceModel(Map<String, Object> configurati
 
     String passwordStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_SSH_PASSWORD_STORAGE_PATH);
     String privateKeyStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_SSH_KEYPATH_STORAGE_PATH);
+    String passphraseStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_SSH_PASSPHRASE);
+    String vaultPasswordStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_VAULTSTORE_PATH);
+    String becamePasswordStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_BECOME_PASSWORD_STORAGE_PATH);
 
-    if(passwordStoragePath!=null){
+    if(passwordStoragePath!=null && !passwordStoragePath.isEmpty()){
       keys.add(passwordStoragePath);
     }
 
-    if(privateKeyStoragePath!=null){
-      keys.add(privateKeyStoragePath);
+    if(privateKeyStoragePath!=null && !privateKeyStoragePath.isEmpty()){
+      if(!keys.contains(privateKeyStoragePath)){
+        keys.add(privateKeyStoragePath);
+      }
+    }
+
+    if(passphraseStoragePath!=null && !passphraseStoragePath.isEmpty()){
+      if(!keys.contains(passphraseStoragePath)){
+        keys.add(passphraseStoragePath);
+      }
+    }
+
+    if(vaultPasswordStoragePath!=null && !vaultPasswordStoragePath.isEmpty()){
+      if(!keys.contains(vaultPasswordStoragePath)){
+        keys.add(vaultPasswordStoragePath);
+      }
+    }
+
+    if(becamePasswordStoragePath!=null && !becamePasswordStoragePath.isEmpty()){
+      if(!keys.contains(becamePasswordStoragePath)){
+        keys.add(becamePasswordStoragePath);
+      }
     }
 
     return keys;
@@ -634,21 +701,45 @@ public SecretBundle prepareSecretBundleResourceModel(Services services, Map<Stri
 
       String passwordStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_SSH_PASSWORD_STORAGE_PATH);
       String privateKeyStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_SSH_KEYPATH_STORAGE_PATH);
+      String passphraseStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_SSH_PASSPHRASE);
+      String vaultPasswordStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_VAULTSTORE_PATH);
+      String becamePasswordStoragePath = (String) configuration.get(AnsibleDescribable.ANSIBLE_BECOME_PASSWORD_STORAGE_PATH);
 
-      if(passwordStoragePath!=null){
+      if(passwordStoragePath!=null && !passwordStoragePath.isEmpty()){
         secretBundle.addSecret(
                 passwordStoragePath,
                 getStorageContent(passwordStoragePath,storageTree )
         );
       }
 
-      if(privateKeyStoragePath!=null){
+      if(privateKeyStoragePath!=null && !privateKeyStoragePath.isEmpty()){
         secretBundle.addSecret(
                 privateKeyStoragePath,
                 getStorageContent(privateKeyStoragePath,storageTree )
         );
       }
 
+      if(passphraseStoragePath!=null && !passphraseStoragePath.isEmpty()){
+        secretBundle.addSecret(
+                passphraseStoragePath,
+                getStorageContent(passphraseStoragePath,storageTree )
+        );
+      }
+
+      if(vaultPasswordStoragePath!=null && !vaultPasswordStoragePath.isEmpty()){
+        secretBundle.addSecret(
+                vaultPasswordStoragePath,
+                getStorageContent(vaultPasswordStoragePath,storageTree )
+        );
+      }
+
+      if(becamePasswordStoragePath!=null && !becamePasswordStoragePath.isEmpty()){
+        secretBundle.addSecret(
+                becamePasswordStoragePath,
+                getStorageContent(becamePasswordStoragePath,storageTree )
+        );
+      }
+
       return secretBundle;
 
     } catch (Exception e) {
diff --git a/src/main/groovy/com/rundeck/plugins/ansible/plugin/AnsibleResourceModelSourceFactory.java b/src/main/groovy/com/rundeck/plugins/ansible/plugin/AnsibleResourceModelSourceFactory.java
index 431a0ef1..a49366df 100644
--- a/src/main/groovy/com/rundeck/plugins/ansible/plugin/AnsibleResourceModelSourceFactory.java
+++ b/src/main/groovy/com/rundeck/plugins/ansible/plugin/AnsibleResourceModelSourceFactory.java
@@ -54,9 +54,14 @@ public AnsibleResourceModelSourceFactory(final Framework framework) {
         builder.property(BECOME_PASSWORD_PROP);
         builder.property(VAULT_KEY_FILE_PROP);
         builder.property(VAULT_PASSWORD_PROP);
+        builder.property(VAULT_KEY_STORAGE_PROP);
 
         builder.property(SSH_PASSWORD_STORAGE_PROP);
         builder.property(SSH_KEY_STORAGE_PROP);
+        builder.property(SSH_PASSPHRASE);
+
+        builder.property(SSH_USE_AGENT);
+        builder.property(BECOME_PASSWORD_STORAGE_PROP);
 
         builder.mapping(ANSIBLE_INVENTORY,PROJ_PROP_PREFIX + ANSIBLE_INVENTORY);
         builder.frameworkMapping(ANSIBLE_INVENTORY,FWK_PROP_PREFIX + ANSIBLE_INVENTORY);