New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #34121 - Add/Delete a single Ansible role to Host(group) #10
Fixes #34121 - Add/Delete a single Ansible role to Host(group) #10
Conversation
@adiabramovitch, would you have time to do a quick review here? :) |
@ofedoren Maybe you should add some tests? :)
resulted:
so I think that --ansible-role[-id] should be required ditto for hostgroup |
associated_resource :ansible_roles | ||
desc _('Associate an Ansible role') | ||
|
||
success_message _('Ansible tole has been associated.') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo
associated_resource :ansible_roles | ||
desc _('Associate an Ansible role') | ||
|
||
success_message _('Ansible tole has been associated.') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo
28fc3e5
to
05b0edf
Compare
Thanks, @adiabramovitch, updated. For tests to be running #11 is required. |
Could you please rebase so the tests start running? |
05b0edf
to
00984b7
Compare
@adamruzicka, 🍏 :) |
If you run # bundle exec ruby bin/hammer host info --id 1 | grep 'Host Group'
Host Group: HG1
# bundle exec ruby bin/hammer hostgroup ansible-roles list --id 1
---|-----------------|--------------------
ID | NAME | IMPORTED AT
---|-----------------|--------------------
2 | adriagalin.motd | 2022/03/14 14:07:07
---|-----------------|--------------------
# bundle exec ruby bin/hammer host ansible-roles list --id 1
---|-----------------|--------------------
ID | NAME | IMPORTED AT
---|-----------------|--------------------
2 | adriagalin.motd | 2022/03/14 14:07:07
---|-----------------|--------------------
# bundle exec ruby bin/hammer host ansible-roles remove --id 1 --ansible-role-id 2
Ansible role has been disassociated.
# bundle exec ruby bin/hammer host ansible-roles list --id 1
---|-----------------|--------------------
ID | NAME | IMPORTED AT
---|-----------------|--------------------
2 | adriagalin.motd | 2022/03/14 14:07:07
---|-----------------|-------------------- Is there something we could do about this? |
Thanks, @adamruzicka, for the review!
I've checked the UI and it seems we can't disassociate an inherited role from a host, so we shouldn't (actually can't) do that via hammer/API. The only thing we can do about it is to modify the command, so we can print a different message if one tries to remove an inherited role. But to distinguish between the inherited and own ones we would need to modify the What do you think about that? |
I'd be fine with that. I just want to prevent showing that something happened when it in fact did not |
@adamruzicka, updated. Now it requires theforeman/foreman_ansible#525. I've decided to raise an error, so the users are aware that we/they cannot disassociate an inherited role via API (nor in UI). It will work without that patch as well. The changes in the main plugin are needed only to raise an error. |
if resource['inherited'] && resource['id'] == option_ansible_role_id | ||
raise ArgumentError, _('Ansible role %s is inherited and cannot be removed.') % resource['name'] | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This sadly does not catch all the cases when modifying hostgroup's roles. The list of roles for a hostgroup contains:
a) Roles explicitly assigned to the hostgroup
b) Roles assigned to hostgroup's ancestors
c) Roles explicitly assigned to hosts belonging to the hostgroup
Roles in group a) can be modified freely, roles in group b are caught by this check, but group c goes completely unnoticed and signals succesful removal even though nothing happens.
To me the easiest way out would be to treat "inherited" as "not directly assigned" instead of "passed from an ancestor of the same type", although it might be confusing if "inherited" has different meanings across the project. Maybe safer route would be renaming the field from "inherited" to "explicitly assigned"?
Thanks, @adamruzicka, for bearing with me. Somehow I missed more things than I'd expect. Updated, but requires theforeman/foreman_ansible#528 :/ P.S. Although I'm sure we're still not ready for merge, but just in case, could you please squash when we are? :) |
Almost there, but there's an issue when roles are specified by name # hammer hostgroup ansible-roles list --id 4
---|-----------------|---------------------|-----------|------------------
ID | NAME | IMPORTED AT | INHERITED | DIRECTLY ASSIGNED
---|-----------------|---------------------|-----------|------------------
3 | gcoop-libre.ssh | 2022/03/14 15:15:20 | yes | no
---|-----------------|---------------------|-----------|------------------
# hammer hostgroup ansible-roles remove --id 4 --ansible-role-id 3
Could not disassociate the Ansible role:
Ansible role gcoop-libre.ssh is not assigned directly and cannot be removed.
# hammer hostgroup ansible-roles remove --id 4 --ansible-role gcoop-libre.ssh
Ansible role has been disassociated.
# h hostgroup ansible-roles list --id 4
---|-----------------|---------------------|-----------|------------------
ID | NAME | IMPORTED AT | INHERITED | DIRECTLY ASSIGNED
---|-----------------|---------------------|-----------|------------------
3 | gcoop-libre.ssh | 2022/03/14 15:15:20 | yes | no
---|-----------------|---------------------|-----------|------------------ The same happens when trying to change host's roles |
Thanks a lot, @adamruzicka, for the reviews! Updated. Previously I relied on |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works as expected, ACK
Thank you @ofedoren ! |
This patch uses functionality from hammer-cli-foreman to allow associating/disassociating of a single resource, but the default
AssociatedCommand
class is usinghost info
endpoint and uses it's result to gather ids of the associated resource. Since we don't extendhost info
API response with Ansible roles, small override is needed and thusAssociatedAnsibleResource
is present. It was written for general use in case it will be needed foransible variables
or potentionally others.