jenkinsci / ansible-plugin Goto Github PK

Jenkins and plugins versions report

Jenkins: 2.410
OS: Linux - 5.15.0-1037-aws
Java: 11.0.19 - Ubuntu (OpenJDK 64-Bit Server VM)
---
ansible:231.va_d0cb_802c621

What Operating System are you using (both controller, and any agents involved in the problem)?

Linux (controller and agents)

Reproduction steps

To reproduce, invoke plugin in a pipeline script giving a number for a value of an extra var. E.g.:

ansiblePlaybook(
   playbook: 'playbook.yml',
   extraVars: [serial_override: 8],
)

Expected Results

The command-line generated by the plugin will be

ansible-playbook playbook.yml -e serial_override=8

Actual Results

A NullPointerException is triggered.

Anything else?

No response

Jenkins and plugins versions report

OS: Linux - 4.18.0-513.18.2.el8_9.x86_64
Java: 11.0.22 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)

Ansible plugin version 307.va_1f3ef06575a_

What Operating System are you using (both controller, and any agents involved in the problem)?

Runing on Debian Bullseye nodes, with Ansible 2.10.8

Reproduction steps

With a Jenkinsfile like:

withCredentials([file(credentialsId: 'ansible-vault-dev-password', variable: 'ansibleVaultKeyFile')]) {
  ansibleVault(
      action: "decrypt",
      input: "./secret_file/ansible_ecdsa",
      output: "./secret_file/ansible_ecdsa",
      vaultCredentialsId: ansibleVaultKeyFile
  )
}

Expected Results

No error.

Actual Results

[Pipeline] ansibleVault
[XXX] $ ansible-vault decrypt ./secret_file/ansible_ecdsa ./secret_file/ansible_ecdsa
/usr/lib/python3.11/getpass.py:91: GetPassWarning: Can not control echo on the terminal.
  passwd = fallback_getpass(prompt, stream)
Warning: Password input may be echoed.
Vault password: [WARNING]: Error in vault password prompt (default): EOFError (ctrl-d) on
prompt for (default)
ERROR! EOFError (ctrl-d) on prompt for (default)
FATAL: command execution failed
hudson.AbortException: Ansible vault execution failed
	at org.jenkinsci.plugins.ansible.AnsibleVaultBuilder.perform(AnsibleVaultBuilder.java:155)
	at org.jenkinsci.plugins.ansible.workflow.AnsibleVaultStep$AnsibleVaultExecution.run(AnsibleVaultStep.java:230)
	at org.jenkinsci.plugins.ansible.workflow.AnsibleVaultStep$AnsibleVaultExecution.run(AnsibleVaultStep.java:190)
	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
	at hudson.security.ACL.impersonate2(ACL.java:451)
	at hudson.security.ACL.impersonate(ACL.java:463)
	at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)

Anything else?

No response

Are you interested in contributing a fix?

No response

What feature do you want to see added?

Please add support for running the Job in check_mode aka. --check.

see: https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_checkmode.html

I'd like to use a Jenkins Boolean Parameter / Environment Variable like ANSIBLE_CHECK_MODE to set it

The problem is afaik I cat just simply do the following, because --check can not be assigned and can not be set via environment variables.

--check="${ANSIBLE_CHECK_MODE}"
# or
-e ansible_check_mode="${ANSIBLE_CHECK_MODE}"

Upstream changes

Are you interested in contributing this feature?

I'll try to, but I haven't touched JAVA code in a long time and never done any Jenkins Plugin Development, so I don't know If I can do this.

Jenkins and plugins versions report

Jenkins: 2.401.2
OS: Linux - 5.15.0-76-generic
Java: 17.0.7 - Private Build (OpenJDK 64-Bit Server VM)
---
adoptopenjdk:1.5
analysis-model-api:11.3.0
ansible:240.vc26740a_625c0
ansicolor:1.0.2
ant:497.v94e7d9fffa_b_9
antisamy-markup-formatter:159.v25b_c67cd35fb_
apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5
apache-httpcomponents-client-5-api:5.2.1-1.0
authentication-tokens:1.53.v1c90fd9191a_b_
authorize-project:1.7.0
bootstrap4-api:4.6.0-6
bootstrap5-api:5.3.0-1
bouncycastle-api:2.28
branch-api:2.1122.v09cb_8ea_8a_724
build-timeout:1.31
caffeine-api:3.1.6-115.vb_8b_b_328e59d8
checks-api:2.0.0
cloud-stats:267.v577e3742c282
cloudbees-folder:6.815.v0dd5a_cb_40e0e
command-launcher:100.v2f6722292ee8
commons-httpclient3-api:3.1-3
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.10.0-36.vc008c8fcda_7b_
conditional-buildstep:1.4.2
config-file-provider:938.ve2b_8a_591c596
credentials:1254.vb_96f366e7b_a_d
credentials-binding:604.vb_64480b_c56ca_
cvs:2.19.1
data-tables-api:1.13.4-3
display-url-api:2.3.7
docker-commons:422.v9d1a_89cede51
docker-java-api:3.3.1-79.v20b_53427e041
docker-plugin:1.4
docker-workflow:563.vd5d2e5c4007f
durable-task:507.v050055d0cb_dd
echarts-api:5.4.0-5
email-ext:2.99
external-monitor-job:206.v9a_94ff0b_4a_10
font-awesome-api:6.4.0-1
forensics-api:2.3.0
git:5.1.0
git-changelog:3.30
git-client:4.4.0
git-parameter:0.9.18
git-server:99.va_0826a_b_cdfa_d
github:1.37.1
github-api:1.314-431.v78d72a_3fe4c3
github-branch-source:1728.v859147241f49
gitlab-api:5.3.0-91.v1f9a_fda_d654f
gitlab-branch-source:664.v877fdc293c89
gitlab-plugin:1.7.14
gradle:2.8.1
greenballs:1.15.1
handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953
instance-identity:173.va_37c494ec4e5
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.2-350.v0c2f3f8fc595
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javadoc:233.vdc1a_ec702cff
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:66.vd8fa_64ee91b_d
jersey2-api:2.40-1
jjwt-api:0.11.5-77.v646c772fddb_0
jquery:1.12.4-1
jquery3-api:3.7.0-1
jsch:0.2.8-65.v052c39de79b_2
junit:1214.va_2f9db_3e6de0
ldap:682.v7b_544c9d1512
lockable-resources:1172.v4b_8fc8eed570
mailer:457.v3f72cb_e015e5
mapdb-api:1.0.9-28.vf251ce40855d
matrix-auth:3.1.8
matrix-project:789.v57a_725b_63c79
maven-plugin:3.22
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
multibranch-scan-webhook-trigger:1.0.9
nexus-artifact-uploader:2.14
nexus-jenkins-plugin:3.16.501.ve3d6b_58f1d37
nodejs:1.6.0
okhttp-api:4.11.0-145.vcb_8de402ef81
pam-auth:1.10
parameterized-trigger:2.46
pipeline-build-step:496.v2449a_9a_221f2
pipeline-github-lib:42.v0739460cda_c4
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:656.va_a_ceeb_6ffb_f7
pipeline-input-step:468.va_5db_051498a_4
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2141.v5402e818a_779
pipeline-model-definition:2.2141.v5402e818a_779
pipeline-model-extensions:2.2141.v5402e818a_779
pipeline-rest-api:2.33
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2141.v5402e818a_779
pipeline-stage-view:2.33
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.3.0
popper-api:1.16.1-3
popper2-api:2.11.6-2
prism-api:1.29.0-7
resource-disposer:0.22
role-strategy:633.v836e5b_3e80a_5
run-condition:1.6
scm-api:676.v886669a_199a_a_
script-security:1251.vfe552ed55f8d
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
ssh-credentials:305.v8f4381501156
ssh-slaves:2.877.v365f5eb_a_b_eec
sshd:3.303.vefc7119b_ec23
structs:324.va_f5d6774f3a_d
subversion:2.17.2
thinBackup:1.17
timestamper:1.25
token-macro:359.vb_cde11682e0c
translation:1.16
trilead-api:2.84.v72119de229b_7
variant:59.vf075fe829ccb
warnings-ng:10.2.0
workflow-aggregator:596.v8c21c963d92d
workflow-api:1219.v05cd837ea_249
workflow-basic-steps:1017.vb_45b_302f0cea_
workflow-cps:3697.vb_470e454c232
workflow-durable-task-step:1247.v7f9dfea_b_4fd0
workflow-job:1316.vd2290d3341a_f
workflow-multibranch:756.v891d88f2cd46
workflow-scm-step:415.v434365564324
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:839.v35e2736cfd5c
ws-cleanup:0.45

What Operating System are you using (both controller, and any agents involved in the problem)?

Ubuntu, not sure what Version but it should be latest LTS

Reproduction steps

  stage ('Fancy Ansible') {
        steps {
            wrap([$class: 'AnsiColorBuildWrapper', colorMapName: "xterm"]) {
                step([$class: 'AnsiblePlaybookBuilder',
                      credentialsId: 'cd-docker-compose',
                      playbook: 'deploy-docker-compose.yml',
                      inventory: [$class: 'InventoryContent',
                                  content: '''[project_devel]
                                              ${DEPLOY_HOST_ADDRESS}''',
                                  dynamic: false],
                      limit: 'project_devel',
                      extraVars: [[$class: 'ExtraVar', key: 'ansible_port', value: "${DEPLOY_HOST_PORT}"],
                                  [$class: 'ExtraVar', key: 'image_tag', value: "${IMAGE_TAG}"],
                                  [$class: 'ExtraVar', key: 'restore_from_dump', value: "${RESTORE_FROM_DUMP}"],
                                  [$class: 'ExtraVar', key: 'exclude_immutable_collections', value: "${EXCLUDE_IMMUTABLE_COLLECTIONS}"]],
                      disableHostKeyChecking: true,
                      colorizedOutput: true,
                      additionalParameters: '-v'])
            }
        }
    }

Expected Results

The script running utilizing the defined extraVars.

Actual Results

WARNING: Unknown parameter(s) found for class type 'org.jenkinsci.plugins.ansible.ExtraVar': value
WARNING: Unknown parameter(s) found for class type 'org.jenkinsci.plugins.ansible.ExtraVar': value
WARNING: Unknown parameter(s) found for class type 'org.jenkinsci.plugins.ansible.ExtraVar': value
WARNING: Unknown parameter(s) found for class type 'org.jenkinsci.plugins.ansible.ExtraVar': value
[WARN] Omitting extra var ansible_port: check value is a supported type.
[WARN] Omitting extra var image_tag: check value is a supported type.
[WARN] Omitting extra var restore_from_dump: check value is a supported type.
[WARN] Omitting extra var exclude_immutable_collections: check value is a supported type.

Anything else?

I don't know enough about how jenkins plugins work, but looking at the Code of the plugin I found 4cbc486#diff-63e2588a63bc0ffffd5eb82b66dd8ab4c588b277b7abbda76be684c2e0ef94a0

Here value in ExtraVars has been declared transient and all setters have been replaced by secretValue. I have no clue though how I should use this now.

The job is running rarely, so I'm not 1005 sure, but I believe we did an update round of jenkins and all its plugins between the last time it ran successfully in June and now.

What feature do you want to see added?

Please see: #127 Recent security requirements has made the plugin difficult to use. We do not use any variables that need to be concealed. Our variables are filenames and paths. Re-configuration of jobs is difficult now as we cannot see what a concealed variable is set to so that we can edit a variable. A possible solution might be to add a new type of key variable that is not concealed. Or add an option to not conceal a variable.

Thanks,
Adrien.

Upstream changes

No response

What feature do you want to see added?

Currently inconvenient place:
At present, you need to manually Install ansible to use Ansible-Playbook, and when you use Install automatically, you will encounter permission problems, and you can only use sudo to install it on the machine

Upstream changes

No response

Are you interested in contributing this feature?

No response

Jenkins and plugins versions report

Jenkins: 2.414.1
OS: Linux - 6.2.0-1011-gcp
Java: 11.0.20 - Ubuntu (OpenJDK 64-Bit Server VM)
---
ansible:253.v4fe719ffdd8a_

What Operating System are you using (both controller, and any agents involved in the problem)?

osx

Reproduction steps

1. Create src/test/resources/jobdsl/playbookBuilder.groovy with:

freeStyleJob('ansible') {
    steps {
        ansiblePlaybookBuilder {
            playbook('path/playbook.yml')
            inventory {
                inventoryDoNotSpecify()
            }
            unbufferedOutput(true)
            extraVars {
                extraVar {
                    key('key')
                    value('value')
                    hidden(true)
                }
            }
        }
    }
}

2. Add the below code snippet in src/test/java/org/jenkinsci/plugins/ansible/jobdsl/JobDslIntegrationTest.java:

public static final String ANSIBLE_DSL_GROOVY_PLAYBOOK_BUILDER = "jobdsl/playbookBuilder.groovy";

@Test
@DslJobRule.WithJobDsl(ANSIBLE_DSL_GROOVY_PLAYBOOK_BUILDER)
public void shouldCreateJobWithPlaybookBuilderDsl() throws Exception {
    AnsiblePlaybookBuilder step = dsl.getGeneratedJob().getBuildersList().get(AnsiblePlaybookBuilder.class);
    assertThat("Should add playbook builder", step, notNullValue());

    assertThat("playbook", step.playbook, is("path/playbook.yml"));
    assertThat("extraVar.key", step.extraVars.get(0).getKey(), is("key"));
    assertThat("extraVar.value", step.extraVars.get(0).getSecretValue().getPlainText(), is("value"));
    assertThat("extraVar.hidden", step.extraVars.get(0).isHidden(), is(true));

}

3. Launch mvn test

Expected Results

BUILD SUCCESS

Actual Results

Processing provided DSL script
ERROR: (script, line 12) No signature of method: value() is applicable for argument types: (java.lang.String) values: [value]
Possible solutions: hidden(), key(), secretValue()
Finished: FAILURE

Anything else?

• It is broken since SECURITY-3017.

• If I replace value() by secretValue() in src/test/resources/jobdsl/playbookBuilder.groovy, I have the following error:

Processing provided DSL script
ERROR: (script, line 12) No signature of method: javaposse.jobdsl.plugin.structs.DescribableContext.secretValue() is applicable for argument types: (java.lang.String) values: [value]
Finished: FAILURE

Describe your use-case which is not covered by existing documentation.

From Jenkins dev list (Probably more visibility here)

Hi!

6 month ago I've adopted the Ansible Plugin (https://github.com/jenkinsci/ansible-plugin) that was abandoned many years ago. I was able to refresh it, fix some issue (including security ones) but I overestimated the work to be done on this widely used plugin (~20k) installations.

It has pretty much no tests, no support for durable infrastructure, use deprecated Jenkins core API etc...

Sadly I don't have time to take care of all of this and I'm looking for other maintainers and at least people that want to invest time to stabilize it and avoid regression in the future.

Thanks!

Reference any relevant documentation, other materials or issues/pull requests that can be used for inspiration.

https://groups.google.com/g/jenkinsci-dev/c/xiKhmhCBspw

Jenkins and plugins versions report

Jenkins: 2.414.1
OS: Linux - 4.18.0-477.15.1.el8_8.x86_64
Java: 17.0.4.1 - Oracle Corporation (Java HotSpot(TM) 64-Bit Server VM)
---
ace-editor:1.1
active-directory:2.33
ansible:204.v8191fd551eb_f
ant:497.v94e7d9fffa_b_9
antisamy-markup-formatter:162.v0e6ec0fcfcf6
apache-httpcomponents-client-4-api:4.5.14-208.v438351942757
artifact-promotion:0.5.2
artifactdeployer:1.3
audit-trail:333.vb_e1b_b_0f1238c
authentication-tokens:1.53.v1c90fd9191a_b_
badge:1.9.1
bootstrap4-api:4.6.0-6
bootstrap5-api:5.3.0-1
bouncycastle-api:2.29
branch-api:2.1122.v09cb_8ea_8a_724
build-keeper-plugin:19.va_df8a_2c65123
build-name-setter:2.3.0
build-pipeline-plugin:1.5.8
build-user-vars-plugin:1.9
caffeine-api:3.1.8-133.v17b_1ff2e0599
checks-api:2.0.0
clone-workspace-scm:84.v147686859e1c
cloudbees-folder:6.848.ve3b_fd7839a_81
command-launcher:107.v773860566e2e
commons-lang3-api:3.13.0-62.v7d18e55f51e2
commons-text-api:1.10.0-68.v0d0b_c439292b_
conditional-buildstep:1.4.3
config-file-provider:953.v0432a_802e4d2
copy-data-to-workspace-plugin:1.0
copy-to-slave:1.4.4
copyartifact:722.v0662a_9b_e22a_c
credentials:1271.v54b_1c2c6388a_
credentials-binding:631.v861c06d062b_4
custom-tools-plugin:0.8
cvs:2.19.1
data-tables-api:1.13.5-1
date-parameter:0.0.4
delivery-pipeline-plugin:1.4.2
deploy:1.16
description-setter:1.10
display-url-api:2.3.9
docker-commons:439.va_3cb_0a_6a_fb_29
docker-workflow:572.v950f58993843
dtkit-api:3.0.2
durable-task:523.va_a_22cf15d5e0
dynamic_extended_choice_parameter:1.0.1
dynamicparameter:0.2.0
echarts-api:5.4.0-5
elastic-axis:464.va_7ed499b_9d75
email-ext:2.100
envinject:2.908.v66a_774b_31d93
envinject-api:1.199.v3ce31253ed13
extended-choice-parameter:376.v2e02857547b_a_
extended-read-permission:53.v6499940139e5
external-monitor-job:207.v98a_a_37a_85525
filesystem_scm:2.1
font-awesome-api:6.4.0-2
git:5.2.0
git-client:4.4.0
git-server:99.va_0826a_b_cdfa_d
global-post-script:1.1.4
gradle:2.8.2
groovy:453.vcdb_a_c5c99890
groovy-postbuild:2.5
handlebars:3.0.8
http_request:1.18
icon-shim:3.0.0
instance-identity:173.va_37c494ec4e5
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.2-350.v0c2f3f8fc595
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javadoc:243.vb_b_503b_b_45537
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:73.vddf737284550
jersey2-api:2.40-1
jira:3.10
jnr-posix-api:3.1.17-1
jobConfigHistory:1227.v7a_79fc4dc01f
jquery:1.12.4-1
jquery-detached:1.2.1
jquery-ui:1.0.2
jquery3-api:3.7.0-1
jsch:0.2.8-65.v052c39de79b_2
junit:1217.v4297208a_a_b_ce
ldap:694.vc02a_69c9787f
lockable-resources:1185.v0c528656ce04
mailer:463.vedf8358e006b_
mapdb-api:1.0.9-28.vf251ce40855d
matrix-auth:3.2
matrix-project:808.v5a_b_5f56d6966
maven-plugin:3.23
maven-repo-cleaner:1.3
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
momentjs:1.1.1
msbuild:1.30
multiple-scms:0.8
next-build-number:1.8
nodejs:1.6.1
nodelabelparameter:1.12.0
pam-auth:1.10
parameterized-trigger:2.46
pipeline-build-step:505.v5f0844d8d126
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:685.v8ee9ed91d574
pipeline-input-step:477.v339683a_8d55e
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2144.v077a_d1928a_40
pipeline-model-declarative-agent:1.1.1
pipeline-model-definition:2.2144.v077a_d1928a_40
pipeline-model-extensions:2.2144.v077a_d1928a_40
pipeline-rest-api:2.33
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2144.v077a_d1928a_40
pipeline-stage-view:2.33
pipeline-utility-steps:2.16.0
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.3.0
popper-api:1.16.1-3
popper2-api:2.11.6-2
postbuildscript:3.2.0-550.v88192b_d3e922
powershell:2.0
promoted-builds:892.vd6219fc0a_efb
publish-over:0.22
publish-over-ssh:1.25
repository:1.10
resource-disposer:0.23
reverse-proxy-auth-plugin:1.7.7
role-strategy:689.v731678c3e0eb_
run-condition:1.7
saml:4.429.v9a_781a_61f1da_
scm-api:676.v886669a_199a_a_
script-security:1274.v2b_33362a_f2f5
scriptler:321.v74a_851a_e7ed6
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
ssh-credentials:308.ve4497b_ccd8f4
ssh-slaves:2.916.vd17b_43357ce4
sshd:3.312.v1c601b_c83b_0e
started-by-envvar:1.0
structs:325.vcb_307d2a_2782
subversion:2.17.3
tap:2.3
token-macro:384.vf35b_f26814ec
translation:1.16
trilead-api:2.84.v72119de229b_7
uno-choice:2.7.2
variant:59.vf075fe829ccb
windows-slaves:1.8.1
workflow-aggregator:596.v8c21c963d92d
workflow-api:1267.vd9b_a_ddd9eb_47
workflow-basic-steps:1042.ve7b_140c4a_e0c
workflow-cps:3774.v4a_d648d409ce
workflow-cps-global-lib:609.vd95673f149b_b
workflow-durable-task-step:1289.v4d3e7b_01546b_
workflow-job:1342.v046651d5b_dfe
workflow-multibranch:756.v891d88f2cd46
workflow-scm-step:415.v434365564324
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:848.v5a_383b_d14921
ws-cleanup:0.45
xunit:3.1.3

What Operating System are you using (both controller, and any agents involved in the problem)?

Red Hat Enterprise Linux release 8.8

Reproduction steps

If we update Ansible Plugin to next version after: https://updates.jenkins.io/download/plugins/ansible/204.v8191fd551eb_f/ansible.hpi

For build step Invoke Ansible Playbook, we used to see Extra Variables values when editing configuration Advanced, Key Value. Now we see Value Concealed and button Change Password.

Looking at the config xml we see:

<org.jenkinsci.plugins.ansible.ExtraVar>
file_pattern
{AQAAABAAAAAgefgTpYgLMUqURb+QY+kmRF3RiD1N2a8HuBsBATfv+MuNM6o8X66E1LjNPUTOumzt}
false
</org.jenkinsci.plugins.ansible.ExtraVar>

These variables should not be concealed.

Expected Results

Extra Variable values should be clear text.

Actual Results

Extra Variable values are concealed like secrets are.

Anything else?

No response

Jenkins and plugins versions report

Paste the output here

• Jenkins: 2.426.3

• OS: Linux - 3.10.0-1160.59.1.el7.x86_64

• Java: 17.0.10 - Oracle Corporation (Java HotSpot(TM) 64-Bit Server VM)

• ansible:307.va_1f3ef06575a_

What Operating System are you using (both controller, and any agents involved in the problem)?

centOS7

Reproduction steps

steps { ansiblePlaybook( extraVars:[ var1: 'test', var2: ['test1', 'test2'] ]) }

Expected Results

Should override the variables in inventory at run time.
[Pipeline] ansiblePlaybook [tag1] $ /usr/bin/ansible-playbook myPlaybook.yml -i inventory -l host1 -t tag1 -b --become-user root -e ******** -e ********

Actual Results

Anything else?

Tried degrading jenkins ansible plugin versions, earlier worked with the latest version I'm currently using.
The playbook works just fine when extra vars are passed through command line.

Are you interested in contributing a fix?

yes

Jenkins and plugins versions report

Jenkins: 2.413
OS: Linux - 5.15.0-76-generic
Java: 11.0.19 - Ubuntu (OpenJDK 64-Bit Server VM)
---
ansible:240.vc26740a_625c0

The only way Ansible can detect boolean extra-variables is by passing JSON using the extras parameter, like shown below.
Otherwise, they are interpreted as Strings.

ansiblePlaybook(
    playbook: './src/main.yml',
    extras: '''
        --extra-vars "{bar: false}"
    '''
)

Equivalent when using the terminal:

$ ansible-playbook playbook.yml --extra-vars "{bar: false}"

What Operating System are you using (both controller, and any agents involved in the problem)?

Alpine Docker container running Ansible.

Reproduction steps

1. Declare a variable in Ansible that should default to a different value if extra variable is given as false:

foo: "{{ bar | default(99, true) }}"

2. Run the script through Jenkins:

ansiblePlaybook(
    playbook: './src/main.yml',
    extraVars: [
        'bar': false
    ]
)

Expected Results

foo: 99

Actual Results

foo: "false"

Jenkins and plugins versions report

What Operating System are you using (both controller, and any agents involved in the problem)?

When i execute the playbook on jenkins, via ansible plugin, it giving an error.

Reproduction steps

Install and Unistall Ansible Plugin, and created an instance several times

Expected Results

Playbook should execute

Actual Results

it will fetch the file and give a sucess

Anything else?

No response

Are you interested in contributing a fix?

Yes

Jenkins and plugins versions report

println("Jenkins: ${Jenkins.instance.getVersion()}")
println("OS: ${System.getProperty('os.name')} - ${System.getProperty('os.version')}")
println("Java: ${System.getProperty('java.version')} - ${System.getProperty('java.vm.vendor')} (${System.getProperty('java.vm.name')})")
println "---"

Jenkins.instance.pluginManager.plugins
.collect()
.sort { it.getShortName() }
.each {
  plugin -> println("${plugin.getShortName()}:${plugin.getVersion()}")
}
return

What Operating System are you using (both controller, and any agents involved in the problem)?

Rocky Linux 8.8

Reproduction steps

1. From the Jenkins Dashboard, enter an Ansible project
2. Under the project, select Configure
3. Scroll down to the Build Steps and click the Advanced button
4. Under the Extra Variables block, all Value fields are Concealed and offer a button that says Change Password

Expected Results

The Value filed should be treated as any other string field to be filled up with text.

Actual Results

The Key/Value variables were never concealed before and if some should be there should be a way to enable or disable the concealment. It is not possible to check what was typed in the Value field as it is all hidden checking for typos or what was used on the last run is not possible.

Anything else?

Nothing else.

Jenkins and plugins versions report

Paste the output here

What Operating System are you using (both controller, and any agents involved in the problem)?

Debian 12

Reproduction steps

1. Step 1: Create a new pipeline and assure that not exists in workspace dir the folder name of that pipeline, for example if the new pipeline name is 'test' assure that not exists the corresponding folder '/var/jenkins_home/workspace/test'
2. Step 2: Define a declarative pipeline with an ansible step like

pipeline {
    agent any
    stages {
        stage('test') {
            steps {
                ansiblePlaybook(playbook: '/ansible/test.yml')
            }
        }
    }
}

3. Step 3: Run it

Expected Results

Pipeline running

Actual Results

An error complain that workdir folder doesn't exists
'java.io.IOException: Process working directory '/var/jenkins_home/workspace/test' doesn't exist!'

Anything else?

I have fixed the issue in the CLIRunner class adding this.ws.mkdirs() before the line launcher.launch() in the execute() method,

Jenkins and plugins versions report

Commit message: "Update add_user.yml"

git rev-list --no-walk ca7cf49be7aced9030838e677f08730f18361b8e # timeout=10
[ntp_config] $ /bin/sh -xe /tmp/jenkins7648226585525754489.sh

• ansible-playbook -i /var/lib/jenkins/workspace/ntp_config/configure-playbooks/inventories/hosts /var/lib/jenkins/workspace/ntp_config/configure-playbooks/ntp_config.yml
  ERROR: Ansible requires Jinja2 3.0 or newer on the controller. Current version: 2.9.6
  Build step 'Execute shell' marked build as failure
  Finished: FAILURE

What Operating System are you using (both controller, and any agents involved in the problem)?

Description: Ubuntu 23.10
Release: 23.10
Codename: mantic

ansible [core 2.16.2]
python version = 3.11.6
jinja version = 3.1.2

Reproduction steps

Shell script used to build:

ansible-playbook -i /var/lib/jenkins/workspace/ntp_config/configure-playbooks/inventories/hosts /var/lib/jenkins/workspace/ntp_config/configure-playbooks/ntp_config.yml

Expected Results

Expected playbook to complete

Actual Results

Commit message: "Update add_user.yml"

git rev-list --no-walk ca7cf49be7aced9030838e677f08730f18361b8e # timeout=10
[ntp_config] $ /bin/sh -xe /tmp/jenkins7648226585525754489.sh

• ansible-playbook -i /var/lib/jenkins/workspace/ntp_config/configure-playbooks/inventories/hosts /var/lib/jenkins/workspace/ntp_config/configure-playbooks/ntp_config.yml
  ERROR: Ansible requires Jinja2 3.0 or newer on the controller. Current version: 2.9.6
  Build step 'Execute shell' marked build as failure
  Finished: FAILURE

Anything else?

No response

Are you interested in contributing a fix?

No response

What feature do you want to see added?

Hi,

I try to use Additional parameters for send the output to a file, by adding > output.log, but it does not seems to works

Regards

Upstream changes

No response

Are you interested in contributing this feature?

No response

Jenkins and plugins versions report

Jenkins: 2.401.1
OS: Linux - 3.10.0-693.11.6.el7.x86_64
Java: 11.0.3 - Amazon.com Inc. (OpenJDK 64-Bit Server VM)
---
ansible:240.vc26740a_625c0

What Operating System are you using (both controller, and any agents involved in the problem)?

CentOS 7

Reproduction steps

1. Create debug task that prints extra-var you've submitted

- name: print foobars
  debug:
    var: foobars

2. Run the script through Jenkins:

ansiblePlaybook(
    playbook: "playbook.yml",
    extraVars: [foobars: ["foo","bar"]]
)

Expected Results

[Pipeline] ansiblePlaybook
[WARN] Omitting extra var foobars: check value is a supported type.
[playbook] $ /app/ansible44/venv/bin/ansible-playbook jenkins/ansible/playbook.yml -i jenkins/ansible/localhost.ini -e ********

PLAY [playbook] **********************************************

TASK [print foobars] ***
ok: [localhost] => {
    "foobars": [
        "foo",
        "bar"
    ]
}

Actual Results

[Pipeline] ansiblePlaybook
[playbook] $ /app/ansible44/venv/bin/ansible-playbook jenkins/ansible/playbook.yml -i jenkins/ansible/localhost.ini 

PLAY [playbook] **********************************************

TASK [print foobars] ***
ok: [localhost] => {
    "foobars": "VARIABLE IS NOT DEFINED!"
}

Anything else?

Apparently #88 broke list-related logic, because with LTS 2.387 this was working.

Proposal: pass extra variables as json to Ansible.

What feature do you want to see added?

Currently we are able to test only jobs and pipelines by doing asserts on logs because of dependencies with ansible binary.

The idea is to implement a on the test suite testcontainer (GenericContainer) that will connect to the test harness instance and execute the test.

Some plugins are doing something similar for integration tests: https://github.com/search?q=org%3Ajenkinsci+genericContainer&type=code&p=3

This will also ensure execution of ansible command and validity with ansible versions

Upstream changes

No response

Are you interested in contributing this feature?

No response

What feature do you want to see added?

For the sake of re-usability, I'd like to be able configure freeStyleJobs that invoke an ansiblePlaybook via

job('My_Job') {
    steps {
            ansiblePlaybook('path/to/my/playbook.yml') {
                inventoryPath('${inventory_repository}/inventory.yml')
                vaultCredentialsId('${vault_credentials_id}')
            }
    }
    parameters {
        stringParam('inventory_repository')
        stringParam('vault_credentials_id')
    }
}

where both inventory_repository and vault_credentials_id are provided at build-time only.

While this works fine for inventoryPath, it does not for vaultCredentialsId (after processing the provided JobDSL file, the vault credentials setting in the Drop-Down menu is set to - current -.

Upstream changes

No response

Jenkins and plugins versions report

Jenkins 2.401.3
Ansible plugin: 253.v4fe719ffdd8a_
Java: openjdk 11.0.19 2023-04-18 LTS
Ansible: core 2.13.11

What Operating System are you using (both controller, and any agents involved in the problem)?

RHEL7

Reproduction steps

node() {
    stage('Create Play') {
        writeFile file: 'play.yaml', text: """
- hosts: myhost
  tasks:
  - debug: msg="{{ lookup('env', 'MyVar') }}"
  - debug: msg="{{ lookup('env', 'MyAnotherVar') }}"
"""
    }
    stage('Play') {
        env.MyVar = 'WannaSeeThis'
        withEnv(['MyAnotherVar=WannaSeeThis']) {
            step([
                $class: 'AnsiblePlaybookBuilder',
                playbook: "play.yaml",
                inventory: [
                    $class: 'InventoryContent',
                    content: "[myhost]\nlocalhost ansible_connection=local"
                ],
            ])
        }
    }
}

Expected Results

The environment variables I defined within the pipeline are visible inside the play.

Actual Results

The environment variables I defined within the pipeline are not visible inside the play.

Anything else?

The variables are visible in a play if I define variables within the "Prepare an environment for the run" feature in a job configuration.

Jenkins and plugins versions report

</details>


### What Operating System are you using (both controller, and any agents involved in the problem)?

Jenkins: Rocky Linux 8

### Reproduction steps

1. Create an Ansible playbook to show passwords:

```yaml
- hosts: all

  tasks:
    - name: show the current user
      ansible.builtin.debug:
        msg: "Current user is {{ ansible_user }}"

    - name: show the current user password
      ansible.builtin.debug:
        msg: "Current user is {{ ansible_ssh_passowrd }}"

pipeline{
    agent any
    stages{
        stage("Check Creds"){
            steps{
                withCredentials([usernamePassword(credentialsId: 'ansible4', passwordVariable: 'PASS', usernameVariable: 'USER')]){
                    sh "echo $USER"
                    sh "sshpass -p '${PASS}' ansible-playbook display_ssh_pass.yml -i hosts -u ansible4 -k"
                }
            }
        }
        stage("Execute Ansible"){
            steps{
                ansiblePlaybook colorized: true, credentialsId: 'ansible4', disableHostKeyChecking: true, inventory: 'hosts', playbook: 'display_ssh_pass.yml'
            }
        }
    }
}

[ansible4] $ sshpass -p 'pa$$word' ansible-playbook display_ssh_pass.yml -i hosts -u ansible4 -k

PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [all]

TASK [show the current user] ***************************************************
ok: [all] => {
    "msg": "Current user is:[ansible4]"
}

TASK [show the current user password] ******************************************
ok: [all] => {
    "msg": "Current user password is:['pa$word']"
}

PLAY RECAP *********************************************************************
all                 : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS

Jenkins and plugins versions report

Jenkins: 2.414
OS: Linux - 4.18.0-477.13.1.el8_8.x86_64
Java: 11.0.19 - Red Hat, Inc. (OpenJDK 64-Bit Server VM)
---
ansible:240.vc26740a_625c0

What Operating System are you using (both controller, and any agents involved in the problem)?

Rocky Linux 8.8

Reproduction steps

1. In a freestyle job, add an Invoke Ansible Ad-Hoc Command step
2. Specify host pattern (e.g: target_host)
3. Add a simple Inventory (fails for both inline content, and file) with no creds info, e.g:

[target_host]
10.6.6.6

4. Specify ping under Module (any command would fail, this is just for simplified testing).
5. Select a valid credential from the Credentials drop-down list (that you've previously set in Jenkins).
6. Save the Jenkins job and run it.

Expected Results

$ sshpass ******** ansible target_host -i temp_inventory.ini -m ping -f 5 -u ansiblesvc -k
10.6.6.6 | SUCCESS => {
   "ansible_facts": {
       "discovered_interpreter_python": "/usr/libexec/platform-python"
   },
   "changed": false,
   "ping": "pong"
}

Actual Results

$ sshpass ******** ansible target_host -i temp_inventory.ini -m ping -f 5 -u ansiblesvc -k
10.6.6.6 | UNREACHABLE! => {
    "changed": false,
    "msg": "Invalid/incorrect password: Permission denied, please try again.",
    "unreachable": true
}

Anything else?

This worked fine in our existing jobs when they were using version ansible:217.v1696cee03265
The issues started as we upgraded the plugin to version ansible:240.vc26740a_625c0.

After rolling back to version ansible:217.v1696cee03265 - ssh creds seem to be working fine,
so something must have broken between ansible:217.v1696cee03265 and ansible:240.vc26740a_625c0.

• It's worth noting that the same issues occur when using Invoke Ansible-Playbook(which is how we've discovered this issue originally).
  Using the Invoke Ansible Ad-Hoc Command is outlined in the "Reproduction steps" section as a quicker, easier way to replicate the issue.

Jenkins and plugins versions report

Jenkins: 2.401.3
OS: Linux - 5.15.0-79-generic
Java: 11.0.19 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
---
ansible:253.v4fe719ffdd8a_
ant:497.v94e7d9fffa_b_9
antisamy-markup-formatter:162.v0e6ec0fcfcf6
apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5
bootstrap5-api:5.3.0-1
bouncycastle-api:2.29
branch-api:2.1122.v09cb_8ea_8a_724
build-timeout:1.31
caffeine-api:3.1.8-133.v17b_1ff2e0599
checks-api:2.0.0
cloudbees-folder:6.848.ve3b_fd7839a_81
commons-lang3-api:3.13.0-62.v7d18e55f51e2
commons-text-api:1.10.0-68.v0d0b_c439292b_
credentials:1271.v54b_1c2c6388a_
credentials-binding:631.v861c06d062b_4
display-url-api:2.3.9
durable-task:523.va_a_22cf15d5e0
echarts-api:5.4.0-5
email-ext:2.100
font-awesome-api:6.4.0-2
git:5.2.0
git-client:4.4.0
github:1.37.3
github-api:1.314-431.v78d72a_3fe4c3
github-branch-source:1732.v3f1889a_c475b_
gradle:2.8.2
instance-identity:173.va_37c494ec4e5
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.2-350.v0c2f3f8fc595
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jjwt-api:0.11.5-77.v646c772fddb_0
jquery3-api:3.7.0-1
junit:1217.v4297208a_a_b_ce
ldap:694.vc02a_69c9787f
mailer:463.vedf8358e006b_
matrix-auth:3.1.10
matrix-project:808.v5a_b_5f56d6966
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
okhttp-api:4.11.0-157.v6852a_a_fa_ec11
pam-auth:1.10
pipeline-build-step:505.v5f0844d8d126
pipeline-github-lib:42.v0739460cda_c4
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:671.v07c339c842e8
pipeline-input-step:477.v339683a_8d55e
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2144.v077a_d1928a_40
pipeline-model-definition:2.2144.v077a_d1928a_40
pipeline-model-extensions:2.2144.v077a_d1928a_40
pipeline-rest-api:2.33
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2144.v077a_d1928a_40
pipeline-stage-view:2.33
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.3.0
resource-disposer:0.23
scm-api:676.v886669a_199a_a_
script-security:1271.vdede89739a_81
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
ssh-credentials:308.ve4497b_ccd8f4
ssh-slaves:2.916.vd17b_43357ce4
structs:325.vcb_307d2a_2782
timestamper:1.26
token-macro:384.vf35b_f26814ec
trilead-api:2.84.v72119de229b_7
variant:59.vf075fe829ccb
workflow-aggregator:596.v8c21c963d92d
workflow-api:1259.vb_47f14fffc8a_
workflow-basic-steps:1042.ve7b_140c4a_e0c
workflow-cps:3769.v8b_e595e4d40d
workflow-durable-task-step:1284.v4fcd365b_75b_e
workflow-job:1326.ve643e00e9220
workflow-multibranch:756.v891d88f2cd46
workflow-scm-step:415.v434365564324
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:848.v5a_383b_d14921
ws-cleanup:0.45 

What Operating System are you using (both controller, and any agents involved in the problem)?

Ubuntu 22.04

Reproduction steps

Have a passphrase for an SSH key that contains special chars, like 7D%TgX`EnfgHkfv$H9qhfg84sZSQwT&LjH~ZEfghjkzn@^sYpR (not actually in use).

Expected Results

Should work as expected

Actual Results

2: Syntax error: EOF in backquote substitution

Anything else?

Jenkins will create a sh script in /tmp, like 'ssh8566695972573467306.sh'. This doesn't escape the user provided SSH passphrase, having it fail like described above. This can be verified when calling it directly:

root@ansible02:~# ./ssh8566695972573467306.sh 
./ssh8566695972573467306.sh: 2: Syntax error: EOF in backquote substitution

What feature do you want to see added?

Option to specify a different temporary path for vault tmp files instead of workspace. I have a shared workspace and while the pipeline is running the generated temporary vault***.password file is visible to anyone has access to the workspace.
I cloned the project and implemented a solution that i want to share, maybe is useful to someone

Upstream changes

No response