#998 Execute task-template within python-virtual environment and ensu…

lib/AnsiblePlaybook.go

@@ -16,17 +16,36 @@ type AnsiblePlaybook struct {
 }
 
 func (p AnsiblePlaybook) makeCmd(command string, args []string, environmentVars *[]string) *exec.Cmd {
-	cmd := exec.Command(command, args...) //nolint: gas
+	commandToExec := command
+	cmdInPythonDefaultVenv := fmt.Sprintf("%s/.venv/bin/%s", p.GetFullPath(), command)
+	if _, err := os.Stat(cmdInPythonDefaultVenv); !os.IsNotExist(err) {
+		// Run .venv/bin/command instead of the one in PATH
+		commandToExec = cmdInPythonDefaultVenv
+	}
+	cmd := exec.Command(commandToExec, args...) //nolint: gas
 	cmd.Dir = p.GetFullPath()
 
 	cmd.Env = os.Environ()
+	pythonDefaultVenv := fmt.Sprintf("%s/.venv", cmd.Dir)
+	if _, err := os.Stat(pythonDefaultVenv); !os.IsNotExist(err) {
+		// Prepend python .venv binaries to PATH allowing specific ansible version per task-template
+		p.Logger.Log(fmt.Sprintf("Using python venv at: %s\n", pythonDefaultVenv))
+		cmd.Env = append(cmd.Env, fmt.Sprintf("VIRTUAL_ENV=%s", pythonDefaultVenv))
+		cmd.Env = append(cmd.Env, fmt.Sprintf("PATH=%s/bin:%s", pythonDefaultVenv, os.Getenv("PATH")))
+	}
 	cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", util.Config.TmpPath))
 	cmd.Env = append(cmd.Env, fmt.Sprintf("PWD=%s", cmd.Dir))
 	cmd.Env = append(cmd.Env, "PYTHONUNBUFFERED=1")
 	cmd.Env = append(cmd.Env, "ANSIBLE_FORCE_COLOR=True")
 	if environmentVars != nil {
 		cmd.Env = append(cmd.Env, *environmentVars...)
 	}
+	// Remove sensitive env variables from cmd process as they can be read using ansible "debug" task and "-vvv"
+	cmd.Env = append(cmd.Env, "SEMAPHORE_ACCESS_KEY_ENCRYPTION=")
+	cmd.Env = append(cmd.Env, "SEMAPHORE_ADMIN_PASSWORD=")
+	cmd.Env = append(cmd.Env, "SEMAPHORE_DB_USER=")
+	cmd.Env = append(cmd.Env, "SEMAPHORE_DB_PASS=")
+	cmd.Env = append(cmd.Env, "SEMAPHORE_LDAP_PASSWORD=")
 
 	return cmd
 }