ansible: Support vars in watches

This adds support for extra vars in top level watches for ansible, to allow for the same playbook to be used for multiple GVKs with different vars.

Fixes operator-framework#2138

CHANGELOG.md

@@ -1,6 +1,7 @@
 ## Unreleased
 
 ### Added
+- Support for vars in top level ansible watches. ([#2147](https://github.com/operator-framework/operator-sdk/pull/2147))
 
 ### Changed
 - Upgrade minimal Ansible version in the init projects from `2.4` to `2.6`. ([#2107](https://github.com/operator-framework/operator-sdk/pull/2107))

doc/ansible/user-guide.md

@@ -57,6 +57,8 @@ expects this mapping file in a predefined location: `/opt/ansible/watches.yaml`
 * **playbook**:  This is the path to the playbook that you have added to the
   container. This playbook is expected to be simply a way to call roles. This
   field is mutually exclusive with the "role" field.
+* **vars**: This is an arbitrary map of key-value pairs. The contents will be
+  passed as `extra_vars` to the playbook or role specified for this watch.
 * **reconcilePeriod** (optional): The reconciliation interval, how often the
   role/playbook is run, for a given CR.
 * **manageStatus** (optional): When true (default), the operator will manage
@@ -80,13 +82,16 @@ An example Watches file:
   playbook: /opt/ansible/playbook.yml
 
 # More complex example for our Baz kind
-# Here we will disable requeuing and be managing the CR status in the playbook
+# Here we will disable requeuing and be managing the CR status in the playbook,
+# and specify additional variables.
 - version: v1alpha1
   group: baz.example.com
   kind: Baz
   playbook: /opt/ansible/baz.yml
   reconcilePeriod: 0
   manageStatus: false
+  vars:
+    foo: bar
 ```
 
 ## Customize the operator logic
@@ -145,7 +150,7 @@ resource is modified.
 
 Defining the spec for an Ansible Operator can be done entirely in Ansible. The
 Ansible Operator will simply pass all key value pairs listed in the Custom
-Resource spec field along to Ansible as
+Resource spec field along to Ansible as extra
 [variables](https://docs.ansible.com/ansible/2.5/user_guide/playbooks_variables.html#passing-variables-on-the-command-line).
 The names of all variables in the spec field are converted to snake_case
 by the operator before running ansible. For example, `serviceAccount` in

pkg/ansible/runner/runner.go

@@ -103,13 +103,14 @@ func New(watch watches.Watch) (Runner, error) {
 		finalizerCmdFunc = playbookCmdFunc(verbosityString, watch.Finalizer.Playbook)
 	case watch.Finalizer.Role != "":
 		finalizerCmdFunc = roleCmdFunc(verbosityString, watch.Finalizer.Role)
-	case len(watch.Finalizer.Vars) != 0:
+	default:
 		finalizerCmdFunc = cmdFunc
 	}
 
 	return &runner{
 		Path:               path,
 		cmdFunc:            cmdFunc,
+		Vars:               watch.Vars,
 		Finalizer:          watch.Finalizer,
 		finalizerCmdFunc:   finalizerCmdFunc,
 		GVK:                watch.GroupVersionKind,
@@ -123,6 +124,7 @@ type runner struct {
 	GVK                schema.GroupVersionKind // GVK being watched that corresponds to the Path
 	Finalizer          *watches.Finalizer
 	cmdFunc            func(ident, inputDirPath string, maxArtifacts int) *exec.Cmd // returns a Cmd that runs ansible-runner
+	Vars               map[string]interface{}
 	finalizerCmdFunc   func(ident, inputDirPath string, maxArtifacts int) *exec.Cmd
 	maxRunnerArtifacts int
 }
@@ -249,7 +251,8 @@ func (r *runner) isFinalizerRun(u *unstructured.Unstructured) bool {
 //      "namespace": <object_namespace>,
 //   },
 //   <cr_spec_fields_as_snake_case>,
-//   ...
+//   <watch vars>,
+//   <finalizer vars>,
 //   _<group_as_snake>_<kind>: {
 //       <cr_object> as is
 //   }
@@ -274,6 +277,9 @@ func (r *runner) makeParameters(u *unstructured.Unstructured) map[string]interfa
 	specKey := fmt.Sprintf("%s_spec", objKey)
 	parameters[specKey] = spec
 
+	for k, v := range r.Vars {
+		parameters[k] = v
+	}
 	if r.isFinalizerRun(u) {
 		for k, v := range r.Finalizer.Vars {
 			parameters[k] = v

pkg/ansible/runner/runner_test.go

@@ -62,6 +62,7 @@ func TestNew(t *testing.T) {
 		gvk       schema.GroupVersionKind
 		playbook  string
 		role      string
+		vars      map[string]interface{}
 		finalizer *watches.Finalizer
 	}{
 		{
@@ -123,11 +124,29 @@ func TestNew(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "basic runner with playbook, vars + finalizer vars",
+			gvk: schema.GroupVersionKind{
+				Group:   "operator.example.com",
+				Version: "v1alpha1",
+				Kind:    "Example",
+			},
+			playbook: validPlaybook,
+			vars: map[string]interface{}{
+				"type": "this",
+			},
+			finalizer: &watches.Finalizer{
+				Name: "example.finalizer.com",
+				Vars: map[string]interface{}{
+					"state": "absent",
+				},
+			},
+		},
 	}
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			testWatch := watches.New(tc.gvk, tc.role, tc.playbook, tc.finalizer)
+			testWatch := watches.New(tc.gvk, tc.role, tc.playbook, tc.vars, tc.finalizer)
 
 			testRunner, err := New(*testWatch)
 			if err != nil {

pkg/ansible/watches/testdata/valid.yaml.tmpl

@@ -81,3 +81,9 @@
   group: app.example.com
   kind: AnsibleVerbosityEnv
   role: {{ .ValidRole }}
+- version: v1alpha1
+  group: app.example.com
+  kind: WatchWithVars
+  role: {{ .ValidRole }}
+  vars:
+    sentinel: reconciling

pkg/ansible/watches/watches.go

@@ -40,6 +40,7 @@ type Watch struct {
 	GroupVersionKind            schema.GroupVersionKind `yaml:",inline"`
 	Playbook                    string                  `yaml:"playbook"`
 	Role                        string                  `yaml:"role"`
+	Vars                        map[string]interface{}  `yaml:"vars"`
 	MaxRunnerArtifacts          int                     `yaml:"maxRunnerArtifacts"`
 	ReconcilePeriod             time.Duration           `yaml:"reconcilePeriod"`
 	ManageStatus                bool                    `yaml:"manageStatus"`
@@ -80,17 +81,18 @@ var (
 func (w *Watch) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	// Use an alias struct to handle complex types
 	type alias struct {
-		Group                       string     `yaml:"group"`
-		Version                     string     `yaml:"version"`
-		Kind                        string     `yaml:"kind"`
-		Playbook                    string     `yaml:"playbook"`
-		Role                        string     `yaml:"role"`
-		MaxRunnerArtifacts          int        `yaml:"maxRunnerArtifacts"`
-		ReconcilePeriod             string     `yaml:"reconcilePeriod"`
-		ManageStatus                bool       `yaml:"manageStatus"`
-		WatchDependentResources     bool       `yaml:"watchDependentResources"`
-		WatchClusterScopedResources bool       `yaml:"watchClusterScopedResources"`
-		Finalizer                   *Finalizer `yaml:"finalizer"`
+		Group                       string                 `yaml:"group"`
+		Version                     string                 `yaml:"version"`
+		Kind                        string                 `yaml:"kind"`
+		Playbook                    string                 `yaml:"playbook"`
+		Role                        string                 `yaml:"role"`
+		Vars                        map[string]interface{} `yaml:"vars"`
+		MaxRunnerArtifacts          int                    `yaml:"maxRunnerArtifacts"`
+		ReconcilePeriod             string                 `yaml:"reconcilePeriod"`
+		ManageStatus                bool                   `yaml:"manageStatus"`
+		WatchDependentResources     bool                   `yaml:"watchDependentResources"`
+		WatchClusterScopedResources bool                   `yaml:"watchClusterScopedResources"`
+		Finalizer                   *Finalizer             `yaml:"finalizer"`
 	}
 	var tmp alias
 
@@ -125,6 +127,7 @@ func (w *Watch) UnmarshalYAML(unmarshal func(interface{}) error) error {
 	w.GroupVersionKind = gvk
 	w.Playbook = tmp.Playbook
 	w.Role = tmp.Role
+	w.Vars = tmp.Vars
 	w.MaxRunnerArtifacts = tmp.MaxRunnerArtifacts
 	w.MaxWorkers = getMaxWorkers(gvk, maxWorkersDefault)
 	w.ReconcilePeriod = reconcilePeriod
@@ -166,12 +169,13 @@ func (w *Watch) Validate() error {
 }
 
 // New - returns a Watch with sensible defaults.
-func New(gvk schema.GroupVersionKind, role, playbook string, finalizer *Finalizer) *Watch {
+func New(gvk schema.GroupVersionKind, role, playbook string, vars map[string]interface{}, finalizer *Finalizer) *Watch {
 	reconcilePeriod, _ := time.ParseDuration(reconcilePeriodDefault)
 	return &Watch{
 		GroupVersionKind:            gvk,
 		Playbook:                    playbook,
 		Role:                        role,
+		Vars:                        vars,
 		MaxRunnerArtifacts:          maxRunnerArtifactsDefault,
 		MaxWorkers:                  maxWorkersDefault,
 		ReconcilePeriod:             reconcilePeriod,

pkg/ansible/watches/watches_test.go

@@ -37,6 +37,7 @@ func TestNew(t *testing.T) {
 		gvk            schema.GroupVersionKind
 		role           string
 		playbook       string
+		vars           map[string]interface{}
 		finalizer      *Finalizer
 		shouldValidate bool
 	}{
@@ -50,7 +51,7 @@ func TestNew(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			watch := New(tc.gvk, tc.role, tc.playbook, tc.finalizer)
+			watch := New(tc.gvk, tc.role, tc.playbook, tc.vars, tc.finalizer)
 			if watch.GroupVersionKind != tc.gvk {
 				t.Fatalf("Unexpected GVK %v expected %v", watch.GroupVersionKind, tc.gvk)
 			}
@@ -348,6 +349,16 @@ func TestLoad(t *testing.T) {
 					ManageStatus:     true,
 					AnsibleVerbosity: 4,
 				},
+				Watch{
+					GroupVersionKind: schema.GroupVersionKind{
+						Version: "v1alpha1",
+						Group:   "app.example.com",
+						Kind:    "WatchWithVars",
+					},
+					Role:         validTemplate.ValidRole,
+					ManageStatus: true,
+					Vars:         map[string]interface{}{"sentinel": "reconciling"},
+				},
 			},
 		},
 	}