a996cc6908
When you click Run, Steward now parses the playbook and renders a field for each declared variable instead of a blank extra-vars textarea. The form loads on demand via HTMX (/ansible/run-form/<source>/<playbook>). - sources.discover_playbook_variables: parse vars: defaults + vars_prompt: (vars_prompt wins on name collision; non-scalar vars skipped; role/include vars not traversed). Flags secret-looking names + vars_prompt private. - Run-time values flow through a JSON extra-vars file (-e @file), which is space/quote-safe — fixes a latent shlex-split bug in the old -e key=value textarea path. executor.build_extra_vars_file (pure) + start_run merge. - Secret-flagged fields are masked AND routed through an unpersisted secret_vars channel (runner.trigger_run → start_run), so passwords entered at run time never land in the DB / run history. - Defaults shown as placeholders (not prefilled): an untouched field falls through to the inventory/play default instead of overriding it. - routes: run_form HTMX endpoint; _parse_run_params now returns (params, secret_vars, err) and reads var__/secret__ fields. Schedules drop secret vars (can't prompt unattended). - templates: ansible/_run_form.html fragment; browse.html rewired to HTMX, static JS run-form removed. Advanced section keeps limit/tags/check + a free-form extra-vars escape hatch. - tests: test_playbook_variables.py (discovery + extra-vars file). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
111 lines
3.1 KiB
Python
111 lines
3.1 KiB
Python
"""Unit tests for playbook variable discovery + run-time extra-vars file."""
|
|
import json
|
|
|
|
from steward.ansible.executor import build_extra_vars_file
|
|
from steward.ansible.sources import discover_playbook_variables
|
|
|
|
|
|
def _names(variables):
|
|
return [v["name"] for v in variables]
|
|
|
|
|
|
def test_vars_block_defaults_surface_as_fields():
|
|
content = """
|
|
- hosts: all
|
|
vars:
|
|
steward_url: ""
|
|
agent_interval: 30
|
|
enabled: true
|
|
tasks: []
|
|
"""
|
|
variables = discover_playbook_variables(content)
|
|
assert _names(variables) == ["steward_url", "agent_interval", "enabled"]
|
|
interval = next(v for v in variables if v["name"] == "agent_interval")
|
|
assert interval["default"] == 30
|
|
assert interval["required"] is False
|
|
assert interval["secret"] is False
|
|
|
|
|
|
def test_secretish_names_flagged():
|
|
content = """
|
|
- hosts: all
|
|
vars:
|
|
db_password: ""
|
|
api_token: ""
|
|
vault_secret: ""
|
|
plain_value: "x"
|
|
"""
|
|
by = {v["name"]: v for v in discover_playbook_variables(content)}
|
|
assert by["db_password"]["secret"] is True
|
|
assert by["api_token"]["secret"] is True
|
|
assert by["vault_secret"]["secret"] is True
|
|
assert by["plain_value"]["secret"] is False
|
|
|
|
|
|
def test_vars_prompt_required_and_private():
|
|
content = """
|
|
- hosts: all
|
|
vars_prompt:
|
|
- name: release_tag
|
|
prompt: "Which release?"
|
|
- name: admin_pw
|
|
prompt: "Admin password"
|
|
private: true
|
|
default: ""
|
|
tasks: []
|
|
"""
|
|
by = {v["name"]: v for v in discover_playbook_variables(content)}
|
|
# No default → required; vars_prompt defaults to private=yes → secret.
|
|
assert by["release_tag"]["required"] is True
|
|
assert by["release_tag"]["secret"] is True
|
|
assert by["release_tag"]["prompt"] == "Which release?"
|
|
# Explicit private + has default → secret but not required.
|
|
assert by["admin_pw"]["secret"] is True
|
|
assert by["admin_pw"]["required"] is False
|
|
|
|
|
|
def test_vars_prompt_wins_on_name_collision():
|
|
content = """
|
|
- hosts: all
|
|
vars_prompt:
|
|
- name: dup
|
|
prompt: "from prompt"
|
|
private: false
|
|
vars:
|
|
dup: "from vars"
|
|
"""
|
|
variables = discover_playbook_variables(content)
|
|
assert _names(variables) == ["dup"]
|
|
assert variables[0]["prompt"] == "from prompt"
|
|
|
|
|
|
def test_non_scalar_vars_skipped():
|
|
content = """
|
|
- hosts: all
|
|
vars:
|
|
scalar: 1
|
|
a_list: [1, 2]
|
|
a_map: {k: v}
|
|
"""
|
|
assert _names(discover_playbook_variables(content)) == ["scalar"]
|
|
|
|
|
|
def test_malformed_yaml_returns_empty():
|
|
assert discover_playbook_variables("this: : : not valid") == []
|
|
assert discover_playbook_variables("just a string") == []
|
|
|
|
|
|
def test_extra_vars_file_roundtrip_and_space_safe():
|
|
merged = {"agent_interval": "30", "msg": "hello world", "q": 'a "quote"'}
|
|
args, files = build_extra_vars_file(merged, "/td")
|
|
assert args == ["-e", "@/td/extravars.json"]
|
|
path, content = files[0]
|
|
assert path == "/td/extravars.json"
|
|
# JSON keeps spaces/quotes intact — no shlex hazard like -e key=value.
|
|
assert json.loads(content) == merged
|
|
|
|
|
|
def test_extra_vars_file_empty_is_noop():
|
|
assert build_extra_vars_file({}, "/td") == ([], [])
|
|
assert build_extra_vars_file(None, "/td") == ([], [])
|