diff --git a/src/main/java/org/jenkinsci/plugins/ansible/AnsiblePlaybookBuilder.java b/src/main/java/org/jenkinsci/plugins/ansible/AnsiblePlaybookBuilder.java index 846108a..297afd6 100644 --- a/src/main/java/org/jenkinsci/plugins/ansible/AnsiblePlaybookBuilder.java +++ b/src/main/java/org/jenkinsci/plugins/ansible/AnsiblePlaybookBuilder.java @@ -274,12 +274,17 @@ public void perform( invocation.setCredentials( StringUtils.isNotBlank(credentialsId) ? CredentialsProvider.findCredentialById( - credentialsId, StandardUsernameCredentials.class, run) + run.getEnvironment(listener).expand(credentialsId), + StandardUsernameCredentials.class, + run) : null, copyCredentialsInWorkspace); invocation.setVaultCredentials( StringUtils.isNotBlank(vaultCredentialsId) - ? CredentialsProvider.findCredentialById(vaultCredentialsId, StandardCredentials.class, run) + ? CredentialsProvider.findCredentialById( + run.getEnvironment(listener).expand(vaultCredentialsId), + StandardCredentials.class, + run) : null); invocation.setVaultTmpPath( StringUtils.isNotBlank(vaultTmpPath) ? new FilePath(new File(vaultTmpPath)) : null); diff --git a/src/main/java/org/jenkinsci/plugins/ansible/AnsibleVaultBuilder.java b/src/main/java/org/jenkinsci/plugins/ansible/AnsibleVaultBuilder.java index 6b1b75d..3c7c2c4 100644 --- a/src/main/java/org/jenkinsci/plugins/ansible/AnsibleVaultBuilder.java +++ b/src/main/java/org/jenkinsci/plugins/ansible/AnsibleVaultBuilder.java @@ -131,12 +131,17 @@ public void perform( invocation.setAction(action); invocation.setVaultCredentials( StringUtils.isNotBlank(vaultCredentialsId) - ? CredentialsProvider.findCredentialById(vaultCredentialsId, StandardCredentials.class, run) + ? CredentialsProvider.findCredentialById( + run.getEnvironment(listener).expand(vaultCredentialsId), + StandardCredentials.class, + run) : null); invocation.setNewVaultCredentials( StringUtils.isNotBlank(newVaultCredentialsId) ? CredentialsProvider.findCredentialById( - newVaultCredentialsId, StandardCredentials.class, run) + run.getEnvironment(listener).expand(newVaultCredentialsId), + StandardCredentials.class, + run) : null); invocation.setVaultTmpPath( StringUtils.isNotBlank(vaultTmpPath) ? new FilePath(new File(vaultTmpPath)) : null); diff --git a/src/test/java/org/jenkinsci/plugins/ansible/jobdsl/JobDslIntegrationTest.java b/src/test/java/org/jenkinsci/plugins/ansible/jobdsl/JobDslIntegrationTest.java index ba18aaa..0db20d3 100644 --- a/src/test/java/org/jenkinsci/plugins/ansible/jobdsl/JobDslIntegrationTest.java +++ b/src/test/java/org/jenkinsci/plugins/ansible/jobdsl/JobDslIntegrationTest.java @@ -1,16 +1,34 @@ package org.jenkinsci.plugins.ansible.jobdsl; import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.allOf; +import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.isA; import static org.hamcrest.Matchers.notNullValue; - +import static org.junit.Assume.assumeFalse; + +import com.cloudbees.plugins.credentials.CredentialsProvider; +import com.cloudbees.plugins.credentials.CredentialsScope; +import com.cloudbees.plugins.credentials.CredentialsStore; +import com.cloudbees.plugins.credentials.domains.Domain; +import hudson.model.FreeStyleBuild; +import hudson.model.FreeStyleProject; +import hudson.model.ParameterValue; +import hudson.model.ParametersAction; +import hudson.model.StringParameterValue; +import hudson.util.Secret; +import java.util.ArrayList; +import java.util.List; +import org.apache.commons.lang3.SystemUtils; import org.hamcrest.Matcher; import org.jenkinsci.plugins.ansible.AnsibleAdHocCommandBuilder; import org.jenkinsci.plugins.ansible.AnsiblePlaybookBuilder; import org.jenkinsci.plugins.ansible.AnsibleVaultBuilder; import org.jenkinsci.plugins.ansible.InventoryContent; import org.jenkinsci.plugins.ansible.InventoryPath; +import org.jenkinsci.plugins.plaincredentials.StringCredentials; +import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl; import org.junit.Rule; import org.junit.Test; import org.junit.rules.RuleChain; @@ -21,6 +39,7 @@ */ public class JobDslIntegrationTest { public static final String ANSIBLE_DSL_GROOVY_PLAYBOOK = "jobdsl/playbook.groovy"; + public static final String ANSIBLE_DSL_GROOVY_EXPANDER = "jobdsl/expander.groovy"; public static final String ANSIBLE_DSL_GROOVY_SECURITY_630 = "jobdsl/security630.groovy"; public static final String ANSIBLE_DSL_GROOVY_PLAYBOOK_LEGACY = "jobdsl/legacyPlaybook.groovy"; public static final String ANSIBLE_DSL_GROOVY_ADHOC = "jobdsl/adhoc.groovy"; @@ -69,6 +88,48 @@ public void shouldCreateJobWithPlaybookDsl() throws Exception { assertThat("extraVar.hidden", step.extraVars.get(0).isHidden(), is(true)); } + @Test + @DslJobRule.WithJobDsl(ANSIBLE_DSL_GROOVY_EXPANDER) + public void shouldCreateJobWithVarExpander() throws Exception { + + assumeFalse(SystemUtils.IS_OS_WINDOWS); + + // Add credentials + StringCredentials vaultCredentials = new StringCredentialsImpl( + CredentialsScope.GLOBAL, + "vaultCredentialsString", + "test username password", + Secret.fromString("test-secret")); + StringCredentials credentials = new StringCredentialsImpl( + CredentialsScope.GLOBAL, "credentialsString", "test credentials", Secret.fromString("test")); + CredentialsStore store = + CredentialsProvider.lookupStores(jenkins.jenkins).iterator().next(); + store.addCredentials(Domain.global(), vaultCredentials); + store.addCredentials(Domain.global(), credentials); + + // Create job via jobdsl with var expander + AnsiblePlaybookBuilder step = dsl.getGeneratedJob().getBuildersList().get(AnsiblePlaybookBuilder.class); + assertThat("Should add playbook builder", step, notNullValue()); + assertThat("playbook", step.playbook, is("playbook.yml")); + assertThat("inventory", step.inventory, (Matcher) isA(InventoryPath.class)); + assertThat("vaultCredentialsId", step.vaultCredentialsId, is("${vault_credentials_id}")); + assertThat("credentialsId", step.credentialsId, is("${credentials_id}")); + + List parameters = new ArrayList<>(); + parameters.add(new StringParameterValue("inventory_repository", "inventory")); + parameters.add(new StringParameterValue("vault_credentials_id", "vaultCredentialsString")); + parameters.add(new StringParameterValue("credentials_id", "credentialsString")); + ParametersAction parametersAction = new ParametersAction(parameters); + + FreeStyleProject freeStyleProject = jenkins.getInstance().getItemByFullName("ansible", FreeStyleProject.class); + FreeStyleBuild build = + freeStyleProject.scheduleBuild2(0, parametersAction).get(); + assertThat( + build.getLog(), + allOf(containsString( + "ansible-playbook playbook.yml -i inventory/inventory.yml -f 5 --vault-password-file "))); + } + @Test @DslJobRule.WithJobDsl(ANSIBLE_DSL_GROOVY_PLAYBOOK_LEGACY) public void shouldCreateJobWithLegacyPlaybookDsl() throws Exception { diff --git a/src/test/resources/jobdsl/expander.groovy b/src/test/resources/jobdsl/expander.groovy new file mode 100644 index 0000000..95b3384 --- /dev/null +++ b/src/test/resources/jobdsl/expander.groovy @@ -0,0 +1,23 @@ +job('ansible') { + steps { + shell('''cat > playbook.yml << EOL +- hosts: localhost + connection: local + gather_facts: no + tasks: + - debug: msg=test +EOL + ''') + shell('mkdir -p inventory') + ansiblePlaybook('playbook.yml') { + inventoryPath('${inventory_repository}/inventory.yml') + vaultCredentialsId('${vault_credentials_id}') + credentialsId('${credentials_id}') + } + } + parameters { + stringParam('inventory_repository') + stringParam('vault_credentials_id') + stringParam('credentials_id') + } +}