diff options
Diffstat (limited to 'zuul')
27 files changed, 60 insertions, 8 deletions
diff --git a/zuul/ansible/2.7/action/command.py b/zuul/ansible/2.7/action/command.py new file mode 120000 index 000000000..56c6b636f --- /dev/null +++ b/zuul/ansible/2.7/action/command.py @@ -0,0 +1 @@ +../../base/action/command.py
\ No newline at end of file diff --git a/zuul/ansible/2.7/action/command.pyi b/zuul/ansible/2.7/action/command.pyi new file mode 120000 index 000000000..a003281ca --- /dev/null +++ b/zuul/ansible/2.7/action/command.pyi @@ -0,0 +1 @@ +../../base/action/command.pyi
\ No newline at end of file diff --git a/zuul/ansible/2.7/actiongeneral/command.py b/zuul/ansible/2.7/actiongeneral/command.py deleted file mode 120000 index f190db2cc..000000000 --- a/zuul/ansible/2.7/actiongeneral/command.py +++ /dev/null @@ -1 +0,0 @@ -../../base/actiongeneral/command.py
\ No newline at end of file diff --git a/zuul/ansible/2.7/actiongeneral/command.pyi b/zuul/ansible/2.7/actiongeneral/command.pyi deleted file mode 120000 index 81305dd03..000000000 --- a/zuul/ansible/2.7/actiongeneral/command.pyi +++ /dev/null @@ -1 +0,0 @@ -../../base/actiongeneral/command.pyi
\ No newline at end of file diff --git a/zuul/ansible/2.7/actiontrusted/__init__.py b/zuul/ansible/2.7/actiontrusted/__init__.py new file mode 120000 index 000000000..e64650426 --- /dev/null +++ b/zuul/ansible/2.7/actiontrusted/__init__.py @@ -0,0 +1 @@ +../../base/actiontrusted/__init__.py
\ No newline at end of file diff --git a/zuul/ansible/2.7/actiontrusted/command.py b/zuul/ansible/2.7/actiontrusted/command.py new file mode 120000 index 000000000..0eb995eaa --- /dev/null +++ b/zuul/ansible/2.7/actiontrusted/command.py @@ -0,0 +1 @@ +../../base/actiontrusted/command.py
\ No newline at end of file diff --git a/zuul/ansible/2.7/actiontrusted/command.pyi b/zuul/ansible/2.7/actiontrusted/command.pyi new file mode 120000 index 000000000..17d0db7f6 --- /dev/null +++ b/zuul/ansible/2.7/actiontrusted/command.pyi @@ -0,0 +1 @@ +../../base/actiontrusted/command.pyi
\ No newline at end of file diff --git a/zuul/ansible/2.8/action/command.py b/zuul/ansible/2.8/action/command.py new file mode 120000 index 000000000..56c6b636f --- /dev/null +++ b/zuul/ansible/2.8/action/command.py @@ -0,0 +1 @@ +../../base/action/command.py
\ No newline at end of file diff --git a/zuul/ansible/2.8/action/command.pyi b/zuul/ansible/2.8/action/command.pyi new file mode 120000 index 000000000..a003281ca --- /dev/null +++ b/zuul/ansible/2.8/action/command.pyi @@ -0,0 +1 @@ +../../base/action/command.pyi
\ No newline at end of file diff --git a/zuul/ansible/2.8/actiongeneral/command.py b/zuul/ansible/2.8/actiongeneral/command.py deleted file mode 120000 index f190db2cc..000000000 --- a/zuul/ansible/2.8/actiongeneral/command.py +++ /dev/null @@ -1 +0,0 @@ -../../base/actiongeneral/command.py
\ No newline at end of file diff --git a/zuul/ansible/2.8/actiongeneral/command.pyi b/zuul/ansible/2.8/actiongeneral/command.pyi deleted file mode 120000 index 81305dd03..000000000 --- a/zuul/ansible/2.8/actiongeneral/command.pyi +++ /dev/null @@ -1 +0,0 @@ -../../base/actiongeneral/command.pyi
\ No newline at end of file diff --git a/zuul/ansible/2.8/actiontrusted/__init__.py b/zuul/ansible/2.8/actiontrusted/__init__.py new file mode 120000 index 000000000..e64650426 --- /dev/null +++ b/zuul/ansible/2.8/actiontrusted/__init__.py @@ -0,0 +1 @@ +../../base/actiontrusted/__init__.py
\ No newline at end of file diff --git a/zuul/ansible/2.8/actiontrusted/command.py b/zuul/ansible/2.8/actiontrusted/command.py new file mode 120000 index 000000000..0eb995eaa --- /dev/null +++ b/zuul/ansible/2.8/actiontrusted/command.py @@ -0,0 +1 @@ +../../base/actiontrusted/command.py
\ No newline at end of file diff --git a/zuul/ansible/2.8/actiontrusted/command.pyi b/zuul/ansible/2.8/actiontrusted/command.pyi new file mode 120000 index 000000000..17d0db7f6 --- /dev/null +++ b/zuul/ansible/2.8/actiontrusted/command.pyi @@ -0,0 +1 @@ +../../base/actiontrusted/command.pyi
\ No newline at end of file diff --git a/zuul/ansible/2.9/action/command.py b/zuul/ansible/2.9/action/command.py new file mode 120000 index 000000000..56c6b636f --- /dev/null +++ b/zuul/ansible/2.9/action/command.py @@ -0,0 +1 @@ +../../base/action/command.py
\ No newline at end of file diff --git a/zuul/ansible/2.9/action/command.pyi b/zuul/ansible/2.9/action/command.pyi new file mode 120000 index 000000000..a003281ca --- /dev/null +++ b/zuul/ansible/2.9/action/command.pyi @@ -0,0 +1 @@ +../../base/action/command.pyi
\ No newline at end of file diff --git a/zuul/ansible/2.9/actiongeneral/command.py b/zuul/ansible/2.9/actiongeneral/command.py deleted file mode 120000 index f190db2cc..000000000 --- a/zuul/ansible/2.9/actiongeneral/command.py +++ /dev/null @@ -1 +0,0 @@ -../../base/actiongeneral/command.py
\ No newline at end of file diff --git a/zuul/ansible/2.9/actiongeneral/command.pyi b/zuul/ansible/2.9/actiongeneral/command.pyi deleted file mode 120000 index 81305dd03..000000000 --- a/zuul/ansible/2.9/actiongeneral/command.pyi +++ /dev/null @@ -1 +0,0 @@ -../../base/actiongeneral/command.pyi
\ No newline at end of file diff --git a/zuul/ansible/2.9/actiontrusted/__init__.py b/zuul/ansible/2.9/actiontrusted/__init__.py new file mode 120000 index 000000000..e64650426 --- /dev/null +++ b/zuul/ansible/2.9/actiontrusted/__init__.py @@ -0,0 +1 @@ +../../base/actiontrusted/__init__.py
\ No newline at end of file diff --git a/zuul/ansible/2.9/actiontrusted/command.py b/zuul/ansible/2.9/actiontrusted/command.py new file mode 120000 index 000000000..0eb995eaa --- /dev/null +++ b/zuul/ansible/2.9/actiontrusted/command.py @@ -0,0 +1 @@ +../../base/actiontrusted/command.py
\ No newline at end of file diff --git a/zuul/ansible/2.9/actiontrusted/command.pyi b/zuul/ansible/2.9/actiontrusted/command.pyi new file mode 120000 index 000000000..17d0db7f6 --- /dev/null +++ b/zuul/ansible/2.9/actiontrusted/command.pyi @@ -0,0 +1 @@ +../../base/actiontrusted/command.pyi
\ No newline at end of file diff --git a/zuul/ansible/base/action/command.py b/zuul/ansible/base/action/command.py new file mode 100644 index 000000000..bf2debc96 --- /dev/null +++ b/zuul/ansible/base/action/command.py @@ -0,0 +1,33 @@ +# Copyright 2018 BMW Car IT GmbH +# +# This module is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This software is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this software. If not, see <http://www.gnu.org/licenses/>. + + +from zuul.ansible import paths +from ansible.errors import AnsibleError +command = paths._import_ansible_action_plugin("command") + + +class ActionModule(command.ActionModule): + + def run(self, tmp=None, task_vars=None): + if paths._is_localhost_task(self): + raise AnsibleError("Executing local code is prohibited") + + # we need the zuul_log_id on shell and command tasks + host = paths._sanitize_filename(task_vars.get('inventory_hostname')) + if self._task.action in ('command', 'shell'): + self._task.args['zuul_log_id'] = "%s-%s" % (self._task._uuid, host) + + return super(ActionModule, self).run(tmp, task_vars) diff --git a/zuul/ansible/base/actiongeneral/command.pyi b/zuul/ansible/base/action/command.pyi index e69de29bb..e69de29bb 100644 --- a/zuul/ansible/base/actiongeneral/command.pyi +++ b/zuul/ansible/base/action/command.pyi diff --git a/zuul/ansible/base/actiontrusted/__init__.py b/zuul/ansible/base/actiontrusted/__init__.py new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/zuul/ansible/base/actiontrusted/__init__.py diff --git a/zuul/ansible/base/actiongeneral/command.py b/zuul/ansible/base/actiontrusted/command.py index f9b976ca0..f9b976ca0 100644 --- a/zuul/ansible/base/actiongeneral/command.py +++ b/zuul/ansible/base/actiontrusted/command.py diff --git a/zuul/ansible/base/actiontrusted/command.pyi b/zuul/ansible/base/actiontrusted/command.pyi new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/zuul/ansible/base/actiontrusted/command.pyi diff --git a/zuul/executor/server.py b/zuul/executor/server.py index 2b08d5bc7..4e909491a 100644 --- a/zuul/executor/server.py +++ b/zuul/executor/server.py @@ -859,6 +859,7 @@ class AnsibleJob(object): self.library_dir = os.path.join(plugin_dir, 'library') self.action_dir = os.path.join(plugin_dir, 'action') self.action_dir_general = os.path.join(plugin_dir, 'actiongeneral') + self.action_dir_trusted = os.path.join(plugin_dir, 'actiontrusted') self.callback_dir = os.path.join(plugin_dir, 'callback') self.lookup_dir = os.path.join(plugin_dir, 'lookup') self.filter_dir = os.path.join(plugin_dir, 'filter') @@ -2049,13 +2050,22 @@ class AnsibleJob(object): # 10s to respond config.write('timeout = 30\n') - # We need at least the general action dir as this overwrites the - # command action plugin for log streaming. + # We need the general action dir to make the zuul_return plugin + # available to every job. action_dirs = [self.action_dir_general] if not trusted: + # Untrusted jobs add the action dir which makes sure localhost + # modules are restricted where needed. Further the command + # plugin needs to be restricted and also inject zuul_log_id + # to make log streaming work. action_dirs.append(self.action_dir) config.write('lookup_plugins = %s\n' % self.lookup_dir) + else: + # Trusted jobs add the actiontrusted dir which adds the + # unrestricted command plugin to inject zuul_log_id to make + # log streaming work. + action_dirs.append(self.action_dir_trusted) config.write('action_plugins = %s\n' % ':'.join(action_dirs)) |