From f989982b720a9a6c9207836eddc720b9fd1a63ef Mon Sep 17 00:00:00 2001
From: Nadja Heitmann <nadjah@atix.de>
Date: Thu, 10 Oct 2024 07:43:06 +0000
Subject: [PATCH] Fixes #37903 - Parse Ansible password in Windows default
 provisioning template correctly

---
 .../foreman/template_snapshot_service.rb      | 30 ++++++++++++++++++-
 .../windows_default_provisioning.erb          |  2 +-
 ...ows_default_finish.windows10_dhcp.snap.txt |  6 ++++
 ..._default_provision.windows10_dhcp.snap.txt | 14 ++++++++-
 4 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/app/services/foreman/template_snapshot_service.rb b/app/services/foreman/template_snapshot_service.rb
index 01ac0e9b3a5..66ad696fdaf 100644
--- a/app/services/foreman/template_snapshot_service.rb
+++ b/app/services/foreman/template_snapshot_service.rb
@@ -94,6 +94,34 @@ def define_host_params(host)
       host
     end
 
+    def define_host_params_windows(host)
+      host_params = {
+        "package_upgrade" => "true",
+        "ansible_tower_provisioning" => "true",
+        "schedule_reboot" => "true",
+        "fips_enabled" => "true",
+        "force-puppet" => "true",
+        "remote_execution_create_user" => "true",
+        "blacklist_kernel_modules" => "amodule",
+        "activation_key" => "key",
+        "host_registration_insights" => "true",
+        "syspurpose_usage" => "Development/Test",
+        "syspurpose_sla" => "Self-Support",
+        "syspurpose_addons" => "first addon, second addon, third addon",
+        'ansible_user' =>  'win_ansible_user',
+        'create_ansible_user' => 'true',
+        'ansible_ssh_pass' => 'win_ansible_user_ssh_pass',
+      }
+      host_params.each_pair do |name, value|
+        FactoryBot.build(:host_parameter, host: host, name: name, value: value)
+      end
+      host.define_singleton_method(:params) { host_params }
+      host.define_singleton_method(:host_param) do |name|
+        host_params[name]
+      end
+      host
+    end
+
     def ipv4_interface
       FactoryBot.build(:nic_primary_and_provision, identifier: 'eth0',
         mac: '00-f0-54-1a-7e-e0',
@@ -214,7 +242,7 @@ def windows10_dhcp
         name: 'snapshot-ipv4-dhcp-windows10',
         subnet: FactoryBot.build(:subnet_ipv4_dhcp_for_snapshots),
         interfaces: [ipv4_interface])
-      define_host_params(host)
+      define_host_params_windows(host)
     end
 
     private
diff --git a/app/views/unattended/provisioning_templates/provision/windows_default_provisioning.erb b/app/views/unattended/provisioning_templates/provision/windows_default_provisioning.erb
index e84d6428854..e8fb9c13afe 100644
--- a/app/views/unattended/provisioning_templates/provision/windows_default_provisioning.erb
+++ b/app/views/unattended/provisioning_templates/provision/windows_default_provisioning.erb
@@ -81,7 +81,7 @@ description: |
                 <LocalAccounts>
                     <LocalAccount wcm:action="add">
                         <Password>
-                            <Value>![CDATA[<%= host_param('ansible_ssh_pass') %>]]</Value>
+                            <Value><![CDATA[<%= host_param('ansible_ssh_pass') %>]]></Value>
                             <PlainText>true</PlainText>
                         </Password>
                         <Description>Ansible login service user</Description>
diff --git a/test/unit/foreman/renderer/snapshots/ProvisioningTemplate/finish/Windows_default_finish.windows10_dhcp.snap.txt b/test/unit/foreman/renderer/snapshots/ProvisioningTemplate/finish/Windows_default_finish.windows10_dhcp.snap.txt
index fee6e46538d..80763cc712e 100644
--- a/test/unit/foreman/renderer/snapshots/ProvisioningTemplate/finish/Windows_default_finish.windows10_dhcp.snap.txt
+++ b/test/unit/foreman/renderer/snapshots/ProvisioningTemplate/finish/Windows_default_finish.windows10_dhcp.snap.txt
@@ -45,6 +45,12 @@ w32tm /resync
 
 powershell /c "Get-NetConnectionProfile -InterfaceAlias \"Ethernet0\" | Set-NetConnectionProfile -NetworkCategory Private"
 
+powershell /c "set-localuser -name win_ansible_user -passwordneverexpires 1"
+powershell /c "Enable-PSRemoting"
+cmd /c "netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow"
+cmd /c winrm set winrm/config/service @{AllowUnencrypted="true"}
+cmd /c winrm set winrm/config/client/auth @{Basic="true"}
+cmd /c winrm set winrm/config/service/auth @{Basic="true"}
 
 
 
diff --git a/test/unit/foreman/renderer/snapshots/ProvisioningTemplate/provision/Windows_default_provision.windows10_dhcp.snap.txt b/test/unit/foreman/renderer/snapshots/ProvisioningTemplate/provision/Windows_default_provision.windows10_dhcp.snap.txt
index 0d0a6ddc492..dd38376a4af 100644
--- a/test/unit/foreman/renderer/snapshots/ProvisioningTemplate/provision/Windows_default_provision.windows10_dhcp.snap.txt
+++ b/test/unit/foreman/renderer/snapshots/ProvisioningTemplate/provision/Windows_default_provision.windows10_dhcp.snap.txt
@@ -51,7 +51,19 @@
                     <Value>$1$rtd8Ub7R$5Ohzuy8WXlkaK9cA2T1wb0</Value>
                     <PlainText>false</PlainText>
                 </AdministratorPassword>
-                        </UserAccounts>
+                            <LocalAccounts>
+                    <LocalAccount wcm:action="add">
+                        <Password>
+                            <Value><![CDATA[win_ansible_user_ssh_pass]]></Value>
+                            <PlainText>true</PlainText>
+                        </Password>
+                        <Description>Ansible login service user</Description>
+                        <DisplayName>win_ansible_user</DisplayName>
+                        <Group>Administrators</Group>
+                        <Name>win_ansible_user</Name>
+                    </LocalAccount>
+	            </LocalAccounts>
+	                    </UserAccounts>
             <TimeZone>GMT Standard Time</TimeZone>
                         <OOBE>
                 <HideEULAPage>true</HideEULAPage>