From 329d8515a8138db30bdc45d962bfb56fbcee8f02 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= <anders.f.bjorklund@gmail.com>
Date: Wed, 2 Oct 2024 19:55:46 +0200
Subject: [PATCH] Make sure that ansible params check the playbook
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The ansible provisioning supports using a separate yaml playbook,
so check this file (but only the top playbook) for any parameters...

The `ansible-playbook` command does not run remotely so it does not
use the param.env, which means that the env is set on the command.

Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
---
 hack/ansible-test.yaml             |  2 +-
 hack/test-templates.sh             |  8 +-------
 hack/test-templates/test-misc.yaml |  1 +
 pkg/instance/ansible.go            | 10 ++++++++++
 pkg/limayaml/validate.go           | 10 ++++++++++
 5 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/hack/ansible-test.yaml b/hack/ansible-test.yaml
index 255c7eca551..ade4d0e12c8 100644
--- a/hack/ansible-test.yaml
+++ b/hack/ansible-test.yaml
@@ -2,5 +2,5 @@
   tasks:
   - name: Create test file
     file:
-      path: /tmp/ansible
+      path: "/tmp/param-{{ lookup('ansible.builtin.env', 'PARAM_ANSIBLE') }}"
       state: touch
diff --git a/hack/test-templates.sh b/hack/test-templates.sh
index d1c55bbb420..bb502ca685b 100755
--- a/hack/test-templates.sh
+++ b/hack/test-templates.sh
@@ -54,7 +54,6 @@ declare -A CHECKS=(
 	["disk"]=""
 	["user-v2"]=""
 	["mount-path-with-spaces"]=""
-	["provision-ansible"]=""
 	["provision-data"]=""
 	["param-env-variables"]=""
 	["set-user"]=""
@@ -82,7 +81,6 @@ case "$NAME" in
 	CHECKS["snapshot-online"]="1"
 	CHECKS["snapshot-offline"]="1"
 	CHECKS["mount-path-with-spaces"]="1"
-	CHECKS["provision-ansible"]="1"
 	CHECKS["provision-data"]="1"
 	CHECKS["param-env-variables"]="1"
 	CHECKS["set-user"]="1"
@@ -188,11 +186,6 @@ if [[ -n ${CHECKS["mount-path-with-spaces"]} ]]; then
 	[ "$(limactl shell "$NAME" cat "/tmp/lima test dir with spaces/test file")" = "test file content" ]
 fi
 
-if [[ -n ${CHECKS["provision-ansible"]} ]]; then
-	INFO 'Testing that /tmp/ansible was created successfully on provision'
-	limactl shell "$NAME" test -e /tmp/ansible
-fi
-
 if [[ -n ${CHECKS["provision-data"]} ]]; then
 	INFO 'Testing that /etc/sysctl.d/99-inotify.conf was created successfully on provision'
 	limactl shell "$NAME" grep -q fs.inotify.max_user_watches /etc/sysctl.d/99-inotify.conf
@@ -200,6 +193,7 @@ fi
 
 if [[ -n ${CHECKS["param-env-variables"]} ]]; then
 	INFO 'Testing that PARAM env variables are exported to all types of provisioning scripts and probes'
+	limactl shell "$NAME" test -e /tmp/param-ansible
 	limactl shell "$NAME" test -e /tmp/param-boot
 	limactl shell "$NAME" test -e /tmp/param-dependency
 	limactl shell "$NAME" test -e /tmp/param-probe
diff --git a/hack/test-templates/test-misc.yaml b/hack/test-templates/test-misc.yaml
index 1c660fff564..92d29184a84 100644
--- a/hack/test-templates/test-misc.yaml
+++ b/hack/test-templates/test-misc.yaml
@@ -14,6 +14,7 @@ mounts:
   writable: true
 
 param:
+  ANSIBLE: ansible
   BOOT: boot
   DEPENDENCY: dependency
   PROBE: probe
diff --git a/pkg/instance/ansible.go b/pkg/instance/ansible.go
index ad424415f23..e2fa1c4f073 100644
--- a/pkg/instance/ansible.go
+++ b/pkg/instance/ansible.go
@@ -5,6 +5,7 @@ package instance
 
 import (
 	"context"
+	"fmt"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -36,6 +37,7 @@ func runAnsiblePlaybook(ctx context.Context, inst *store.Instance, playbook stri
 	logrus.Debugf("ansible-playbook -i %q %q", inventory, playbook)
 	args := []string{"-i", inventory, playbook}
 	cmd := exec.CommandContext(ctx, "ansible-playbook", args...)
+	cmd.Env = getAnsibleEnvironment(inst)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	return cmd.Run()
@@ -63,3 +65,11 @@ func createAnsibleInventory(inst *store.Instance) (string, error) {
 	inventory := filepath.Join(inst.Dir, filenames.AnsibleInventoryYAML)
 	return inventory, os.WriteFile(inventory, bytes, 0o644)
 }
+
+func getAnsibleEnvironment(inst *store.Instance) []string {
+	env := os.Environ()
+	for key, val := range inst.Config.Param {
+		env = append(env, fmt.Sprintf("PARAM_%s=%s", key, val))
+	}
+	return env
+}
diff --git a/pkg/limayaml/validate.go b/pkg/limayaml/validate.go
index 1dce335cc4a..764fe488a9f 100644
--- a/pkg/limayaml/validate.go
+++ b/pkg/limayaml/validate.go
@@ -524,6 +524,16 @@ func ValidateParamIsUsed(y *LimaYAML) error {
 				keyIsUsed = true
 				break
 			}
+			if p.Playbook != "" {
+				playbook, err := os.ReadFile(p.Playbook)
+				if err != nil {
+					return err
+				}
+				if re.Match(playbook) {
+					keyIsUsed = true
+					break
+				}
+			}
 		}
 		for _, p := range y.Probes {
 			if re.MatchString(p.Script) {