Skip to content

RUN-4085 Generate Inventory with SSH password authentication #421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ltamaster merged 46 commits into from
Jan 26, 2026
Merged

RUN-4085 Generate Inventory with SSH password authentication #421

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
46 commits
Select commit Hold shift + click to select a range
7bd89d5
add new feature to add the node auth in the generated inventory
ltamaster Nov 19, 2025
de654c6
fix getting ssh-password from nodes
ltamaster Dec 11, 2025
1fa16df
group_vars and properties in nodeexecutor
edbaltra Dec 11, 2025
71b4af9
Added Inline Playbook option for testing
edbaltra Dec 19, 2025
70d64d2
authentitacion debug logs
edbaltra Dec 24, 2025
1f7a793
fix encrypted group vars for generated inventory
ltamaster Jan 6, 2026
4a4c3c2
Added checkboxes at project level, added execution-tmp folder creatio…
edbaltra Jan 6, 2026
1590942
Added Vault validation and Name escaping, added debug logs to yaml fi…
edbaltra Jan 6, 2026
e635344
clean debug messages
ltamaster Jan 6, 2026
d6635a3
removed ANSIBLE_GENERATE_INVENTORY_NODES_AUTH to only use plugin grou…
edbaltra Jan 6, 2026
0b6c7dd
reverted back to node exec and project config file
edbaltra Jan 6, 2026
736f0d6
remove flag generate inventory at workflow step level
ltamaster Jan 7, 2026
5ab9954
clean messages
ltamaster Jan 7, 2026
0a77dab
fix debug message
ltamaster Jan 7, 2026
9fe662a
Added unit tests
edbaltra Jan 8, 2026
22d8b74
fix issue with password with especial character
ltamaster Jan 8, 2026
d6fd35a
Added unit tests for passwords with special characters
edbaltra Jan 8, 2026
3298d3b
clean AnsiblePlaybookInlineWorkflowNodeStep
ltamaster Jan 8, 2026
b514ed2
Added Multiple node auth functional tests, added missing README files
edbaltra Jan 9, 2026
24d84cc
remove unnecesary logs
edbaltra Jan 9, 2026
35ffd42
improve workflow step node authentication type
ltamaster Jan 13, 2026
80a3296
Refactored code, added private key and functoinal test
edbaltra Jan 14, 2026
84d816a
changed error messages, changed debug logs
edbaltra Jan 14, 2026
684aa51
added node name sanitization and unit test
edbaltra Jan 14, 2026
6a46aed
send private keys to runner
ltamaster Jan 14, 2026
85a4136
addressed copilot comments
edbaltra Jan 15, 2026
6d8c548
Copilot comments
edbaltra Jan 15, 2026
65ab770
enable again the send node keys to runner in node-executor
ltamaster Jan 15, 2026
f224449
copilot comments
edbaltra Jan 15, 2026
19ad662
copilot comments
edbaltra Jan 16, 2026
636cede
copilot comments
edbaltra Jan 16, 2026
69f0b9d
Copilot comments
edbaltra Jan 16, 2026
f40645c
Update src/main/groovy/com/rundeck/plugins/ansible/ansible/AnsibleRun…
edbaltra Jan 16, 2026
46e56db
Update functional-test/build.gradle
edbaltra Jan 16, 2026
27b2e6b
Update src/main/groovy/com/rundeck/plugins/ansible/ansible/AnsibleRun…
edbaltra Jan 16, 2026
958f407
Update src/main/groovy/com/rundeck/plugins/ansible/ansible/AnsibleRun…
edbaltra Jan 16, 2026
19045a8
copilot comments
edbaltra Jan 16, 2026
93a0f74
Update src/main/groovy/com/rundeck/plugins/ansible/ansible/AnsibleRun…
edbaltra Jan 16, 2026
01e918f
Update functional-test/src/test/resources/project-import/ansible-mult…
edbaltra Jan 16, 2026
bc32a3b
Update src/main/groovy/com/rundeck/plugins/ansible/ansible/AnsibleRun…
edbaltra Jan 16, 2026
6b4e921
Update src/main/groovy/com/rundeck/plugins/ansible/ansible/AnsibleRun…
edbaltra Jan 16, 2026
2784ac9
Copilot comments
edbaltra Jan 16, 2026
a435600
Copilot comments debug
edbaltra Jan 16, 2026
6bf39e9
Update functional-test/src/test/resources/docker/ansible-multi-node-a…
edbaltra Jan 16, 2026
65ae444
Final Copilot comments
edbaltra Jan 16, 2026
7db271f
fix NPE
ltamaster Jan 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
181 changes: 181 additions & 0 deletions functional-test/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,181 @@
# Functional Tests for Ansible Plugin

This directory contains functional tests for the Rundeck Ansible plugin using Testcontainers and Docker.

## Prerequisites

- Docker (Docker Desktop or Rancher Desktop)
- Java 11 or later
- Gradle 7.2 or later

## Docker Configuration

The functional tests use Testcontainers to spin up Docker containers for Rundeck and SSH nodes. Depending on your Docker setup, you may need to configure the Docker socket path.

### Option 1: Using ~/.testcontainers.properties (Recommended)

Create a file at `~/.testcontainers.properties` with the following content:

**For Rancher Desktop on macOS:**
```properties
docker.host=unix:///Users/<your-username>/.rd/docker.sock
```

**For Docker Desktop on macOS/Linux:**
```properties
docker.host=unix:///var/run/docker.sock
```

**For Windows with Docker Desktop:**
```properties
docker.host=tcp://localhost:2375
```

### Option 2: Modify build.gradle

Edit `functional-test/build.gradle` and update the `docker.host` paths on lines 52-53:

```gradle
systemProperty('docker.host', "unix:///path/to/your/docker.sock")
environment 'DOCKER_HOST', 'unix:///path/to/your/docker.sock'
```

## Running the Tests

### Run All Functional Tests

```bash
./gradlew :functional-test:functionalTest
```

### Run Specific Test Suite

```bash
# Multi-node authentication tests
./gradlew :functional-test:functionalTest --tests "*MultiNodeAuthSpec*"

# Basic integration tests
./gradlew :functional-test:functionalTest --tests "*BasicIntegrationSpec*"

# Plugin group tests
./gradlew :functional-test:functionalTest --tests "*PluginGroupIntegrationSpec*"
```

## Test Suites

### MultiNodeAuthSpec
Tests the multi-node authentication feature where each node can have its own password stored in Rundeck's key storage.

**Tests:**
- `test ansible playbook with multi-node authentication` - Verifies Ansible playbooks execute across multiple nodes with per-node credentials
- `test multi-node authentication with different passwords` - Tests script execution on multiple nodes with different passwords
- `test nodes are accessible with different credentials` - Validates node registration and discovery
- `test passwords with special characters are properly escaped` - Verifies YAML escaping for special characters in passwords

**Test Environment:**
- 3 SSH nodes (ssh-node, ssh-node-2, ssh-node-3)
- Each node has a different password, including special characters
- Tests both WorkflowStep (Ansible playbooks) and NodeStep (scripts) execution

### BasicIntegrationSpec
Basic integration tests for the Ansible plugin functionality.

### PluginGroupIntegrationSpec
Tests for plugin group configuration and execution.

## Test Structure

```
functional-test/
├── build.gradle # Test configuration
├── README.md # This file
└── src/
└── test/
├── groovy/functional/ # Test specifications
│ ├── MultiNodeAuthSpec.groovy
│ ├── BasicIntegrationSpec.groovy
│ └── PluginGroupIntegrationSpec.groovy
└── resources/
├── docker/ # Docker compose and configs
│ ├── docker-compose.yml
│ ├── ansible-multi-node-auth/ # Multi-node test configs
│ ├── keys/ # SSH keys for tests
│ ├── node/ # SSH node Docker configs
│ └── rundeck/ # Rundeck Docker configs
└── project-import/ # Rundeck project definitions
└── ansible-multi-node-auth/
└── rundeck-ansible-multi-node-auth/
├── files/etc/project.properties
└── jobs/*.xml
```

## Troubleshooting

### Tests Fail with "Could not find Docker socket"

**Problem:** Testcontainers cannot locate the Docker socket.

**Solution:**
1. Verify Docker is running: `docker ps`
2. Check your Docker socket path:
- Rancher Desktop: `ls -la ~/.rd/docker.sock`
- Docker Desktop: `ls -la /var/run/docker.sock`
3. Update `~/.testcontainers.properties` or `build.gradle` with the correct path

### Tests Timeout or Hang

**Problem:** Tests take too long or appear to hang.

**Solution:**
1. Check Docker container status: `docker ps -a`
2. Check Docker logs: `docker logs <container-id>`
3. Increase test timeout in build.gradle if needed
4. Ensure sufficient Docker resources (memory/CPU)

### Port Conflicts

**Problem:** Tests fail with "port already in use" errors.

**Solution:**
1. Check for running containers: `docker ps`
2. Stop conflicting containers: `docker stop <container-name>`
3. Clean up: `docker-compose down` in the docker directory

### Platform Mismatch Warnings (Apple Silicon)

**Problem:** Warnings about platform mismatch (linux/amd64 vs linux/arm64).

**Solution:** These warnings are expected on Apple Silicon Macs and can be safely ignored. Docker will use Rosetta 2 for emulation.

## Test Reports

After running tests, view the HTML report at:
```
functional-test/build/reports/tests/functionalTest/index.html
```

## Adding New Tests

1. Create a new Spock specification in `src/test/groovy/functional/`
2. Extend `BaseTestConfiguration` for common test utilities
3. Add any required Docker configs to `src/test/resources/docker/`
4. Add project imports to `src/test/resources/project-import/`
5. Follow existing test patterns for consistency

## Multi-Node Authentication Feature

The multi-node authentication feature allows running Ansible playbooks across multiple nodes where each node has its own password stored in Rundeck's key storage.

**How it works:**
1. Enable at project level: `project.ansible-generate-inventory-nodes-auth=true`
2. Store per-node passwords in Key Storage with paths specified in node attributes
3. Plugin generates `group_vars/all.yaml` with vault-encrypted passwords
4. Ansible uses host-specific credentials from group_vars

**Requirements:**
- Must use Ansible Playbook **Workflow Steps** (not Node Steps); the multi-node authentication logic and inventory generation are only implemented for the Workflow Step variant of the plugin and are not executed for Node Steps, so enabling `project.ansible-generate-inventory-nodes-auth` while using Node Steps will not apply per-node credentials. This limitation exists because Node Steps run independently on each target node and do not share the global inventory context that the multi-node authentication feature relies on.
- Node attributes must include `ansible-ssh-password-storage-path` for each node
- Passwords are automatically encrypted using Ansible Vault
- Supports special characters with proper YAML escaping

See `MultiNodeAuthSpec.groovy` for comprehensive test examples.
15 changes: 14 additions & 1 deletion functional-test/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,20 @@ dependencies {

tasks.register('functionalTest', Test) {
useJUnitPlatform()
systemProperty('RUNDECK_TEST_IMAGE', "rundeck/rundeck:5.1.1")

// Rundeck test image version
// Minimum supported Rundeck version for this plugin: 5.1.1 (see main README/changelog).
// Functional tests intentionally run against a newer version, Rundeck 5.18.0, to validate
// compatibility with current releases. When raising the minimum supported version, update
// this test image tag in tandem.
systemProperty('RUNDECK_TEST_IMAGE', "rundeck/rundeck:5.18.0")

// Docker configuration for Testcontainers
// For Rancher Desktop on macOS: Use /Users/<username>/.rd/docker.sock
// For Docker Desktop on macOS: Use /var/run/docker.sock
// For Linux: Use /var/run/docker.sock
// You can also configure this via ~/.testcontainers.properties (see functional-test/README.md)

description = "Run Ansible integration tests"
}

Expand Down
Loading
Loading