send private keys to runner

ltamaster · ltamaster · commit 6a46aed89ca4 · 2026-01-14T15:43:22.000-03:00
diff --git a/src/main/groovy/com/rundeck/plugins/ansible/ansible/AnsibleRunner.java b/src/main/groovy/com/rundeck/plugins/ansible/ansible/AnsibleRunner.java
@@ -541,7 +541,10 @@ public int run() throws Exception {
                         if(!hostPasswords.isEmpty()){
                             procArgs.add("-e ansible_password=\"{{ host_passwords[inventory_hostname] }}\"");
                         }
-                        procArgs.add("-e ansible_ssh_private_key_file=\"{{ host_private_keys[inventory_hostname] }}\"");
+
+                        if(!hostKeys.isEmpty()){
+                            procArgs.add("-e ansible_ssh_private_key_file=\"{{ host_private_keys[inventory_hostname] }}\"");
+                        }
 
                     } catch (IOException e) {
                         System.err.println("ERROR: Failed to write all.yaml: " + e.getMessage());
diff --git a/src/main/groovy/com/rundeck/plugins/ansible/ansible/AnsibleRunnerContextBuilder.java b/src/main/groovy/com/rundeck/plugins/ansible/ansible/AnsibleRunnerContextBuilder.java
@@ -1047,6 +1047,10 @@ public Map<String, Map<String, String>> getNodesAuthenticationMap(){
 
     public List<String> getListNodesKeyPath(){
 
+        if(!generateInventoryNodesAuth()) {
+            return new ArrayList<>();
+        }
+
         List<String> secretPaths = new ArrayList<>();
 
         this.context.getNodes().forEach((node) -> {
@@ -1064,6 +1068,21 @@ public List<String> getListNodesKeyPath(){
                     secretPaths.add(keyPath);
                 }
             }
+
+            String privateKeyPath = PropertyResolver.resolveProperty(
+                    AnsibleDescribable.ANSIBLE_SSH_KEYPATH_STORAGE_PATH,
+                    null,
+                    getFrameworkProject(),
+                    getFramework(),
+                    node,
+                    getJobConf()
+            );
+
+            if(null!=privateKeyPath){
+                if(!secretPaths.contains(privateKeyPath)){
+                    secretPaths.add(privateKeyPath);
+                }
+            }
         });
 
         return secretPaths;
diff --git a/src/main/groovy/com/rundeck/plugins/ansible/plugin/AnsibleNodeExecutor.java b/src/main/groovy/com/rundeck/plugins/ansible/plugin/AnsibleNodeExecutor.java
@@ -200,13 +200,7 @@ public List<String> listSecretsPath(ExecutionContext context, INodeEntry node) {
         jobConf.put(AnsibleDescribable.ANSIBLE_LIMIT,node.getNodename());
         AnsibleRunnerContextBuilder builder = new AnsibleRunnerContextBuilder(node, context, context.getFramework(), jobConf);
 
-        List<String> secretPaths = AnsibleUtil.getSecretsPath(builder);
-        List<String> secretPathsNodes = builder.getListNodesKeyPath();
-
-        if(secretPathsNodes != null && !secretPathsNodes.isEmpty()){
-            secretPaths.addAll(secretPathsNodes);
-        }
-        return secretPaths;
+        return AnsibleUtil.getSecretsPath(builder);
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -200,13 +200,7 @@ public List<String> listSecretsPath(ExecutionContext context, INodeEntry node) {`
`200`	`200`	`jobConf.put(AnsibleDescribable.ANSIBLE_LIMIT,node.getNodename());`
`201`	`201`	`AnsibleRunnerContextBuilder builder = new AnsibleRunnerContextBuilder(node, context, context.getFramework(), jobConf);`
`202`	`202`
`203`		`- List<String> secretPaths = AnsibleUtil.getSecretsPath(builder);`
`204`		`- List<String> secretPathsNodes = builder.getListNodesKeyPath();`
`205`		`-`
`206`		`- if(secretPathsNodes != null && !secretPathsNodes.isEmpty()){`
`207`		`- secretPaths.addAll(secretPathsNodes);`
`208`		`- }`
`209`		`- return secretPaths;`
	`203`	`+ return AnsibleUtil.getSecretsPath(builder);`
`210`	`204`	`}`
`211`	`205`	`}`
`212`	`206`