Make sure that ansible params check the playbook

The ansible provisioning supports using a separate yaml playbook,
so check this file (but only the top playbook) for any parameters...

The `ansible-playbook` command does not run remotely so it does not
use the param.env, which means that the env is set on the command.

Signed-off-by: Anders F Björklund <[email protected]>

Author: afbjorklund

hack/ansible-test.yaml

@@ -2,5 +2,5 @@
   tasks:
   - name: Create test file
     file:
-      path: /tmp/ansible
+      path: "/tmp/{{ lookup('ansible.builtin.env', 'PARAM_ANSIBLE') }}"
       state: touch

hack/test-templates/test-misc.yaml

@@ -27,6 +27,7 @@ mounts:
   writable: true
 
 param:
+  ANSIBLE: ansible
   BOOT: boot
   DEPENDENCY: dependency
   PROBE: probe

pkg/instance/ansible.go

@@ -2,6 +2,7 @@ package instance
 
 import (
 	"context"
+	"fmt"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -33,6 +34,7 @@ func runAnsiblePlaybook(ctx context.Context, inst *store.Instance, playbook stri
 	logrus.Debugf("ansible-playbook -i %q %q", inventory, playbook)
 	args := []string{"-i", inventory, playbook}
 	cmd := exec.CommandContext(ctx, "ansible-playbook", args...)
+	cmd.Env = getAnsibleEnvironment(inst)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	return cmd.Run()
@@ -60,3 +62,14 @@ func createAnsibleInventory(inst *store.Instance) (string, error) {
 	inventory := filepath.Join(inst.Dir, filenames.AnsibleInventoryYAML)
 	return inventory, os.WriteFile(inventory, bytes, 0o644)
 }
+
+func getAnsibleEnvironment(inst *store.Instance) []string {
+	env := []string{}
+	for _, e := range os.Environ() {
+		env = append(env, e)
+	}
+	for key, val := range inst.Config.Param {
+		env = append(env, fmt.Sprintf("PARAM_%s=%s", key, val))
+	}
+	return env
+}

pkg/limayaml/validate.go

@@ -445,6 +445,16 @@ func ValidateParamIsUsed(y *LimaYAML) error {
 				keyIsUsed = true
 				break
 			}
+			if p.Playbook != "" {
+				playbook, err := os.ReadFile(p.Playbook)
+				if err != nil {
+					return err
+				}
+				if re.Match(playbook) {
+					keyIsUsed = true
+					break
+				}
+			}
 		}
 		for _, p := range y.Probes {
 			if re.MatchString(p.Script) {