From 99ff90128d29e77c6d2219cb75a7ccc4782b7d8c Mon Sep 17 00:00:00 2001
From: Nick Carboni <ncarboni@redhat.com>
Date: Mon, 15 Jul 2019 17:56:04 -0400
Subject: [PATCH] Pass credentials from ansible playbook automate methods to
 runner

---
 .../automation_manager/playbook_runner.rb     | 21 ++++++++++++-
 spec/factories/authentication.rb              |  4 +++
 .../playbook_runner_spec.rb                   | 31 +++++++++++++++++++
 3 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/app/models/manageiq/providers/embedded_ansible/automation_manager/playbook_runner.rb b/app/models/manageiq/providers/embedded_ansible/automation_manager/playbook_runner.rb
index 8ca45efb080..22f3b7687ef 100644
--- a/app/models/manageiq/providers/embedded_ansible/automation_manager/playbook_runner.rb
+++ b/app/models/manageiq/providers/embedded_ansible/automation_manager/playbook_runner.rb
@@ -35,11 +35,30 @@ def create_job_template
     my_signal(minimize_indirect, :post_ansible_run, err.message, 'error')
   end
 
+  def translate_credentials!(launch_options)
+    %i[credential vault_credential cloud_credential network_credential].each do |cred_type|
+      credential_id = launch_options.delete("#{cred_type}_id".to_sym)
+      next if credential_id.blank?
+
+      launch_options[cred_type] = Authentication.find(credential_id).native_ref
+    end
+  end
+
+  LAUNCH_OPTIONS_KEYS = %i[
+    cloud_credential_id
+    credential_id
+    extra_vars
+    limit
+    network_credential_id
+    vault_credential_id
+  ].freeze
+
   def launch_ansible_tower_job
     set_status('launching tower job')
 
-    launch_options = options.slice(:extra_vars, :limit)
+    launch_options = options.slice(*LAUNCH_OPTIONS_KEYS)
     launch_options[:hosts] = hosts_array(options[:hosts])
+    translate_credentials!(launch_options)
     tower_job = ManageIQ::Providers::EmbeddedAnsible::AutomationManager::Job.create_job(temp_configuration_script, launch_options)
     options[:tower_job_id] = tower_job.id
     self.name = "#{name}, Job ID: #{tower_job.id}"
diff --git a/spec/factories/authentication.rb b/spec/factories/authentication.rb
index 17ed0508a55..47021dda154 100644
--- a/spec/factories/authentication.rb
+++ b/spec/factories/authentication.rb
@@ -119,6 +119,10 @@
           :parent => :embedded_ansible_credential,
           :class  => "ManageIQ::Providers::EmbeddedAnsible::AutomationManager::VmwareCredential"
 
+  factory :embedded_ansible_network_credential,
+          :parent => :embedded_ansible_credential,
+          :class  => "ManageIQ::Providers::EmbeddedAnsible::AutomationManager::NetworkCredential"
+
   factory :auth_key_pair_cloud,     :class => "ManageIQ::Providers::CloudManager::AuthKeyPair"
   factory :auth_key_pair_amazon,    :class => "ManageIQ::Providers::Amazon::CloudManager::AuthKeyPair"
   factory :auth_key_pair_openstack, :class => "ManageIQ::Providers::Openstack::CloudManager::AuthKeyPair"
diff --git a/spec/models/manageiq/providers/embedded_ansible/automation_manager/playbook_runner_spec.rb b/spec/models/manageiq/providers/embedded_ansible/automation_manager/playbook_runner_spec.rb
index 3b672565165..822648866a7 100644
--- a/spec/models/manageiq/providers/embedded_ansible/automation_manager/playbook_runner_spec.rb
+++ b/spec/models/manageiq/providers/embedded_ansible/automation_manager/playbook_runner_spec.rb
@@ -103,6 +103,37 @@
         subject.launch_ansible_tower_job
       end
     end
+
+    context 'with credentials' do
+      let(:cloud_credential)   { FactoryBot.create(:embedded_ansible_amazon_credential) }
+      let(:machine_credential) { FactoryBot.create(:embedded_ansible_machine_credential) }
+      let(:network_credential) { FactoryBot.create(:embedded_ansible_network_credential) }
+      let(:vault_credential)   { FactoryBot.create(:embedded_ansible_vault_credential) }
+
+      let(:options) do
+        {
+          :cloud_credential_id   => cloud_credential.id,
+          :credential_id         => machine_credential.id,
+          :network_credential_id => network_credential.id,
+          :vault_credential_id   => vault_credential.id
+        }
+      end
+
+      it 'passes them to the job' do
+        expected_options = {
+          :hosts              => ["localhost"],
+          :cloud_credential   => cloud_credential.native_ref,
+          :credential         => machine_credential.native_ref,
+          :network_credential => network_credential.native_ref,
+          :vault_credential   => vault_credential.native_ref
+        }
+        expect(ManageIQ::Providers::EmbeddedAnsible::AutomationManager::Job).to receive(:create_job)
+          .with(an_instance_of(ManageIQ::Providers::EmbeddedAnsible::AutomationManager::ConfigurationScript), expected_options)
+          .and_return(double(:id => 'jb1'))
+        expect(subject).to receive(:queue_signal)
+        subject.launch_ansible_tower_job
+      end
+    end
   end
 
   describe '#poll_ansible_tower_job_status' do