From 79b39792e4b2c5fcc236d04eac7e612f0af4cdb9 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Fri, 11 Feb 2022 08:18:30 -0800
Subject: [PATCH] System Roles should consistently use ansible_managed in
 configuration files it manages

bz#2044640

The network role create an ifcfg file for initscripts. The file
used to append a comment "# this file was created by ansible".
This patch replaces the proprietary string with the ansible
standard {{ ansible_managed }} to adjust to the other system
roles.

For the implementation, it borrowed the method from kernel_settings,
getting the ansible managed comment using the get_ansible_managed.j2
template and pass the comment to network_connections which is added
to the ifcfg file.

In case network_provider is nm, the comment is not added to the
ifcfg file as the file is not managed by Ansible.

Note: the required parameter name to pass the ansible managed comment
to the network_connection module is "__header".

Do not use get_ansible_managed.j2 in the test scripts, but use a
hardcoded ansible managed comment to simplify the tests.

tests/tasks/get_profile_stat.yml: replace the '=' style with the YAML
notation in set_fact.

Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
---
 library/network_connections.py                |  3 +-
 tasks/main.yml                                |  3 ++
 templates/get_ansible_managed.j2              |  1 +
 tests/playbooks/tests_ethtool_features.yml    |  1 +
 tests/playbooks/tests_reapply.yml             |  1 +
 .../linux-system-roles.network/templates      |  1 +
 tests/tasks/assert_profile_present.yml        |  5 +++
 tests/tasks/get_profile_stat.yml              | 37 ++++++++++++++++---
 8 files changed, 46 insertions(+), 6 deletions(-)
 create mode 100644 templates/get_ansible_managed.j2
 create mode 120000 tests/roles/linux-system-roles.network/templates

diff --git a/library/network_connections.py b/library/network_connections.py
index c661ad7..5e51acf 100644
--- a/library/network_connections.py
+++ b/library/network_connections.py
@@ -1528,6 +1528,7 @@ class RunEnvironmentAnsible(RunEnvironment):
         "force_state_change": {"required": False, "default": False, "type": "bool"},
         "provider": {"required": True, "default": None, "type": "str"},
         "connections": {"required": False, "default": None, "type": "list"},
+        "__header": {"required": True, "default": None, "type": "str"},
         "__debug_flags": {"required": False, "default": "", "type": "str"},
     }
 
@@ -1541,7 +1542,7 @@ class RunEnvironmentAnsible(RunEnvironment):
 
     @property
     def ifcfg_header(self):
-        return "# this file was created by ansible"
+        return self.module.params["__header"]
 
     def run_command(self, argv, encoding=None):
         return self.module.run_command(argv, encoding=encoding)
diff --git a/tasks/main.yml b/tasks/main.yml
index 4ed23d9..4e94d5c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -85,6 +85,9 @@
     force_state_change: "{{ network_force_state_change | default(omit) }}"
     connections: "{{ network_connections | default([]) }}"
     __debug_flags: "{{ __network_debug_flags | default(omit) }}"
+    __header: "{{ __lsr_ansible_managed }}"
+  vars:
+    __lsr_ansible_managed: "{{ lookup('template', 'get_ansible_managed.j2') }}"
   register: __network_connections_result
 
 - name: Show stderr messages
diff --git a/templates/get_ansible_managed.j2 b/templates/get_ansible_managed.j2
new file mode 100644
index 0000000..5c02948
--- /dev/null
+++ b/templates/get_ansible_managed.j2
@@ -0,0 +1 @@
+{{ ansible_managed | comment }}
diff --git a/tests/playbooks/tests_ethtool_features.yml b/tests/playbooks/tests_ethtool_features.yml
index 678e8d4..3d419b4 100644
--- a/tests/playbooks/tests_ethtool_features.yml
+++ b/tests/playbooks/tests_ethtool_features.yml
@@ -145,6 +145,7 @@
                       features:
                         tx_tcp_segmentation: "no"
                         tx-tcp-segmentation: "no"
+                __header: "# Ansible managed test header"
               register: __network_connections_result
           rescue:
             - name: Show network_connections result
diff --git a/tests/playbooks/tests_reapply.yml b/tests/playbooks/tests_reapply.yml
index f68322c..949e003 100644
--- a/tests/playbooks/tests_reapply.yml
+++ b/tests/playbooks/tests_reapply.yml
@@ -46,6 +46,7 @@
                     - 192.0.2.72/31
                   dhcp4: false
                   auto6: false
+            __header: "# Ansible managed test header"
           ignore_errors: true
           register: test_module_run
         - name: Show test_module_run
diff --git a/tests/roles/linux-system-roles.network/templates b/tests/roles/linux-system-roles.network/templates
new file mode 120000
index 0000000..64f6ba6
--- /dev/null
+++ b/tests/roles/linux-system-roles.network/templates
@@ -0,0 +1 @@
+../../../templates/
\ No newline at end of file
diff --git a/tests/tasks/assert_profile_present.yml b/tests/tasks/assert_profile_present.yml
index 8e3bb0b..b08dbc5 100644
--- a/tests/tasks/assert_profile_present.yml
+++ b/tests/tasks/assert_profile_present.yml
@@ -5,3 +5,8 @@
   assert:
     that: lsr_net_profile_exists
     msg: "profile {{ profile }} does not exist"
+
+- name: "assert that ansible managed comment in '{{ profile }}' is present"
+  assert:
+    that: lsr_net_profile_ansible_managed
+    msg: "profile {{ profile }} does not have the ansible managed comment"
diff --git a/tests/tasks/get_profile_stat.yml b/tests/tasks/get_profile_stat.yml
index e10dd1f..e17ae53 100644
--- a/tests/tasks/get_profile_stat.yml
+++ b/tests/tasks/get_profile_stat.yml
@@ -1,7 +1,9 @@
 # SPDX-License-Identifier: BSD-3-Clause
 ---
-- name: Initialize NM profile exist flag
-  set_fact: lsr_net_profile_exists=false
+- name: Initialize NM profile exist and ansible_managed comment flag
+  set_fact:
+    lsr_net_profile_exists: false
+    lsr_net_profile_ansible_managed: false
 
 - name: stat profile file
   stat:
@@ -12,7 +14,8 @@
   register: profile_stat
 
 - name: Set NM profile exist flag based on the profile files
-  set_fact: lsr_net_profile_exists=true
+  set_fact:
+    lsr_net_profile_exists: true
   when: profile_stat.stat.exists
 
 # When certain profile is marked as absent but still up, the `nmcli connection`
@@ -24,6 +27,30 @@
   ignore_errors: yes
   changed_when: false
 
-- name: Set NM profile exist flag based on the nmcli output
-  set_fact: lsr_net_profile_exists=true
+# lsr_net_profile_ansible_managed:
+# under NetworkManager's control, the comment is not added by design.
+# Thus, set it always to true.
+- name: >-
+    Set NM profile exist flag and ansible_managed flag true
+    based on the nmcli output
+  set_fact:
+    lsr_net_profile_exists: true
+    lsr_net_profile_ansible_managed: true
   when: nm_profile_exists.rc == 0
+
+- name: Check ansible_managed comment for the initscripts case
+  block:
+    - name: Get the ansible_managed comment in ifcfg-{{ profile }}
+      command: >-
+        grep "^# Ansible managed"
+        /etc/sysconfig/network-scripts/ifcfg-{{ profile }}
+      register: _result
+
+    - name: Verify the ansible_managed comment in ifcfg-{{ profile }}
+      set_fact:
+        lsr_net_profile_ansible_managed: true
+      when:
+        - _result.stdout_lines | length == 1
+  when:
+    - profile_stat.stat.exists
+    - nm_profile_exists.rc != 0