add jenkins_script module for running arbitrary jenkins console scrip…

[hogarthj]

ISSUE TYPE

• New Module Pull Request

COMPONENT NAME

jenkins_script

ANSIBLE VERSION

ansible 2.1.1.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides

SUMMARY

The jenkins cli functionality requires an existing SSH key and user to be created.
There are a number of things that require using the jenkins groovy console to configure programatically.
Currently it requires a lot of effort to handle this for a fully automated jenkins.

This allows for an arbitrary script, with basic python templating on the string for the script, to be passed to the jenkins instance and checks for a stacktrace or authentication error for a failure condition, otherwise the script is run and the results returned.

This allows for a fully configured jenkins via groovy console scripts where the rest API does not expose something suitable - eg authentication or credentials.

For example setting a proxy for jenkins can be carried out via this script, where the variable get replaced by python basic string templating from the args dict passed to the module:

import jenkins.model.*
    def instance = Jenkins.getInstance()
    final String name = "${proxy_host}"
    final int port = ${proxy_port}
    final def pc = new hudson.ProxyConfiguration(name, port)
    instance.proxy = pc
    instance.save()

[hogarthj]

Migrated from ansible/ansible-modules-extras#3068

[gundalow]

needs_revision

[gundalow]

2.3

[hogarthj]

updated as requested

[gundalow]

This module takes a script and a hash of values...

[hogarthj]

grammar cleaned up to make it more readable (yay languages calling dicts hashes and vice versa).

[gundalow]

All descriptions: should be full sentences, e.g. start with a capital letter, and end with a full stop.

[hogarthj]

Thanks - each description now full.

[gundalow]

To be inline with other modules please change to

validate_certs:
description: If set to C(no), the SSL certificates will not be validated. This should only set to C(no) used on personally controlled sites using self-signed certificates as it avoids verifying the source site.

The default should be True (e.g. require valid cert)

This means playbook writers need to explicitly write validate_certs: False, e.g. the default is to be secure

[hogarthj]

This isn't a validate_certs situation but rather whether the script should use http or https to connect to the jenkins server. A default quick jenkins server will have no SSL enabled, but some people will want it to use only https - particularly for a remote server.

The fetch_url enforces certificate validation by default, which is what's called, but I can see a use case for disabling validation for test environments etc so I'll add this in to be able to disable validation if required.

[gundalow]

, no_log=True to hide secret things.

[hogarthj]

no_log added to user and password

[hogarthj]

Thanks for the review. The changes requested have been pushed and the commit rebased against current devel.

[gundalow]

Thanks for the changes

Looking at this again I wonder if we can simplify it further:

url which has a default of http://localhost:8080/
validate_certs which has a default of True

And delete host, port and ssl

[hogarthj]

You know you're right. That is over complicated and I'm not sure how I ended going down that route before when I first built it internally ...

Probably something crazy like testing locally, then extending to manipulating a remote jenkins and then adding ssl ... but then after the incrementals no refactor to simplify.

I've dropped host, port and ssl from the parameters and just left it with url.

Running it through our local CI (which is where it was built for in the first place to fully automate our jenkins installs) looks good.

[hogarthj]

ready_for_review

[gundalow]

@hogarthj Easily done, that's a lot better now, thanks.
If you could just add this new module to the list in CHANGELOG.md in the root of the repo I'll get this merged.

[hogarthj]

rebased against current devel and module added to CHANGELOG as requested

thanks for taking the time to review this

ready_for_review

[gundalow]

Merged, thanks :)

[hogarthj]

Thanks for looking at this. Now when 2.3 gets released I can pull the internal library out :)

Also this means I should probably finish my blog article on using the jenkins_script module to make life nice and simple for people ;)