feat(ansible): per-variable fields in the playbook run form
When you click Run, Steward now parses the playbook and renders a field for each declared variable instead of a blank extra-vars textarea. The form loads on demand via HTMX (/ansible/run-form/<source>/<playbook>). - sources.discover_playbook_variables: parse vars: defaults + vars_prompt: (vars_prompt wins on name collision; non-scalar vars skipped; role/include vars not traversed). Flags secret-looking names + vars_prompt private. - Run-time values flow through a JSON extra-vars file (-e @file), which is space/quote-safe — fixes a latent shlex-split bug in the old -e key=value textarea path. executor.build_extra_vars_file (pure) + start_run merge. - Secret-flagged fields are masked AND routed through an unpersisted secret_vars channel (runner.trigger_run → start_run), so passwords entered at run time never land in the DB / run history. - Defaults shown as placeholders (not prefilled): an untouched field falls through to the inventory/play default instead of overriding it. - routes: run_form HTMX endpoint; _parse_run_params now returns (params, secret_vars, err) and reads var__/secret__ fields. Schedules drop secret vars (can't prompt unattended). - templates: ansible/_run_form.html fragment; browse.html rewired to HTMX, static JS run-form removed. Advanced section keeps limit/tags/check + a free-form extra-vars escape hatch. - tests: test_playbook_variables.py (discovery + extra-vars file). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,110 @@
|
||||
"""Unit tests for playbook variable discovery + run-time extra-vars file."""
|
||||
import json
|
||||
|
||||
from steward.ansible.executor import build_extra_vars_file
|
||||
from steward.ansible.sources import discover_playbook_variables
|
||||
|
||||
|
||||
def _names(variables):
|
||||
return [v["name"] for v in variables]
|
||||
|
||||
|
||||
def test_vars_block_defaults_surface_as_fields():
|
||||
content = """
|
||||
- hosts: all
|
||||
vars:
|
||||
steward_url: ""
|
||||
agent_interval: 30
|
||||
enabled: true
|
||||
tasks: []
|
||||
"""
|
||||
variables = discover_playbook_variables(content)
|
||||
assert _names(variables) == ["steward_url", "agent_interval", "enabled"]
|
||||
interval = next(v for v in variables if v["name"] == "agent_interval")
|
||||
assert interval["default"] == 30
|
||||
assert interval["required"] is False
|
||||
assert interval["secret"] is False
|
||||
|
||||
|
||||
def test_secretish_names_flagged():
|
||||
content = """
|
||||
- hosts: all
|
||||
vars:
|
||||
db_password: ""
|
||||
api_token: ""
|
||||
vault_secret: ""
|
||||
plain_value: "x"
|
||||
"""
|
||||
by = {v["name"]: v for v in discover_playbook_variables(content)}
|
||||
assert by["db_password"]["secret"] is True
|
||||
assert by["api_token"]["secret"] is True
|
||||
assert by["vault_secret"]["secret"] is True
|
||||
assert by["plain_value"]["secret"] is False
|
||||
|
||||
|
||||
def test_vars_prompt_required_and_private():
|
||||
content = """
|
||||
- hosts: all
|
||||
vars_prompt:
|
||||
- name: release_tag
|
||||
prompt: "Which release?"
|
||||
- name: admin_pw
|
||||
prompt: "Admin password"
|
||||
private: true
|
||||
default: ""
|
||||
tasks: []
|
||||
"""
|
||||
by = {v["name"]: v for v in discover_playbook_variables(content)}
|
||||
# No default → required; vars_prompt defaults to private=yes → secret.
|
||||
assert by["release_tag"]["required"] is True
|
||||
assert by["release_tag"]["secret"] is True
|
||||
assert by["release_tag"]["prompt"] == "Which release?"
|
||||
# Explicit private + has default → secret but not required.
|
||||
assert by["admin_pw"]["secret"] is True
|
||||
assert by["admin_pw"]["required"] is False
|
||||
|
||||
|
||||
def test_vars_prompt_wins_on_name_collision():
|
||||
content = """
|
||||
- hosts: all
|
||||
vars_prompt:
|
||||
- name: dup
|
||||
prompt: "from prompt"
|
||||
private: false
|
||||
vars:
|
||||
dup: "from vars"
|
||||
"""
|
||||
variables = discover_playbook_variables(content)
|
||||
assert _names(variables) == ["dup"]
|
||||
assert variables[0]["prompt"] == "from prompt"
|
||||
|
||||
|
||||
def test_non_scalar_vars_skipped():
|
||||
content = """
|
||||
- hosts: all
|
||||
vars:
|
||||
scalar: 1
|
||||
a_list: [1, 2]
|
||||
a_map: {k: v}
|
||||
"""
|
||||
assert _names(discover_playbook_variables(content)) == ["scalar"]
|
||||
|
||||
|
||||
def test_malformed_yaml_returns_empty():
|
||||
assert discover_playbook_variables("this: : : not valid") == []
|
||||
assert discover_playbook_variables("just a string") == []
|
||||
|
||||
|
||||
def test_extra_vars_file_roundtrip_and_space_safe():
|
||||
merged = {"agent_interval": "30", "msg": "hello world", "q": 'a "quote"'}
|
||||
args, files = build_extra_vars_file(merged, "/td")
|
||||
assert args == ["-e", "@/td/extravars.json"]
|
||||
path, content = files[0]
|
||||
assert path == "/td/extravars.json"
|
||||
# JSON keeps spaces/quotes intact — no shlex hazard like -e key=value.
|
||||
assert json.loads(content) == merged
|
||||
|
||||
|
||||
def test_extra_vars_file_empty_is_noop():
|
||||
assert build_extra_vars_file({}, "/td") == ([], [])
|
||||
assert build_extra_vars_file(None, "/td") == ([], [])
|
||||
Reference in New Issue
Block a user