From c0048daed51cb35b490d2eabda70e6f6673ceba3 Mon Sep 17 00:00:00 2001
From: Artem Zavatskiy <artem.zavatskiy@bolt.eu>
Date: Thu, 23 Jul 2020 16:03:01 +0300
Subject: [PATCH 1/2] fix agent auth in ssh communicator for ansible
 provisioner (#9488)

---
 common/step_provision.go           | 1 +
 provisioner/ansible/provisioner.go | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/common/step_provision.go b/common/step_provision.go
index af6cd42b9..2326649b9 100644
--- a/common/step_provision.go
+++ b/common/step_provision.go
@@ -85,6 +85,7 @@ func PopulateProvisionHookData(state multistep.StateBag) map[string]interface{}
 	hookData["SSHPublicKey"] = string(commConf.SSHPublicKey)
 	hookData["SSHPrivateKey"] = string(commConf.SSHPrivateKey)
 	hookData["SSHPrivateKeyFile"] = commConf.SSHPrivateKeyFile
+	hookData["SSHAgentAuth"] = commConf.SSHAgentAuth
 
 	// Backwards compatibility; in practice, WinRMPassword is fulfilled by
 	// Password.
diff --git a/provisioner/ansible/provisioner.go b/provisioner/ansible/provisioner.go
index f36a6a7c6..02261d8f7 100644
--- a/provisioner/ansible/provisioner.go
+++ b/provisioner/ansible/provisioner.go
@@ -561,7 +561,8 @@ func (p *Provisioner) Provision(ctx context.Context, ui packer.Ui, comm packer.C
 			// In this situation, we need to make sure we have the
 			// private key we actually use to access the instance.
 			SSHPrivateKeyFile := generatedData["SSHPrivateKeyFile"].(string)
-			if SSHPrivateKeyFile != "" {
+			SSHAgentAuth := generatedData["SSHAgentAuth"].(bool)
+			if SSHPrivateKeyFile != "" || SSHAgentAuth {
 				privKeyFile = SSHPrivateKeyFile
 			} else {
 				// See if we can get a private key and write that to a tmpfile
@@ -695,7 +696,7 @@ func (p *Provisioner) createCmdArgs(httpAddr, inventory, playbook, privKeyFile s
 		args = append(args, "-e", fmt.Sprintf("packer_http_addr=%s", httpAddr))
 	}
 
-	if p.generatedData["ConnType"] == "ssh" {
+	if p.generatedData["ConnType"] == "ssh" && len(privKeyFile) > 0 {
 		// Add ssh extra args to set IdentitiesOnly
 		args = append(args, "--ssh-extra-args", "'-o IdentitiesOnly=yes'")
 	}

From bec367347d301adf37386ceb1003a91a4011ef57 Mon Sep 17 00:00:00 2001
From: Artem Zavatskiy <artem.zavatskiy@bolt.eu>
Date: Mon, 27 Jul 2020 14:31:32 +0300
Subject: [PATCH 2/2] ansible-provisioner: fix tests related to ssh agent

---
 provisioner/ansible/provisioner_test.go | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/provisioner/ansible/provisioner_test.go b/provisioner/ansible/provisioner_test.go
index 0db3d9e6a..cc2198de9 100644
--- a/provisioner/ansible/provisioner_test.go
+++ b/provisioner/ansible/provisioner_test.go
@@ -473,6 +473,7 @@ func basicGenData(input map[string]interface{}) map[string]interface{} {
 		"ConnType":          "ssh",
 		"SSHPrivateKeyFile": "",
 		"SSHPrivateKey":     "asdf",
+		"SSHAgentAuth":      false,
 		"User":              "PartyPacker",
 		"PackerHTTPAddr":    common.HttpAddrNotImplemented,
 		"PackerHTTPIP":      common.HttpIPNotImplemented,
@@ -544,7 +545,7 @@ func TestCreateCmdArgs(t *testing.T) {
 				"PackerHTTPAddr": "123.45.67.89",
 			}),
 			callArgs:        []string{"123.45.67.89", "/var/inventory", "test-playbook.yml", ""},
-			ExpectedArgs:    []string{"-e", "packer_build_name=\"packerparty\"", "-e", "packer_builder_type=fakebuilder", "-e", "packer_http_addr=123.45.67.89", "--ssh-extra-args", "'-o IdentitiesOnly=yes'", "-e", "hello-world", "-i", "/var/inventory", "test-playbook.yml"},
+			ExpectedArgs:    []string{"-e", "packer_build_name=\"packerparty\"", "-e", "packer_builder_type=fakebuilder", "-e", "packer_http_addr=123.45.67.89", "-e", "hello-world", "-i", "/var/inventory", "test-playbook.yml"},
 			ExpectedEnvVars: []string{},
 		},
 		{
@@ -600,7 +601,7 @@ func TestCreateCmdArgs(t *testing.T) {
 			ExtraArguments:  []string{"-e", "hello-world", "-e", "ansible_password=ilovebananapancakes"},
 			AnsibleEnvVars:  []string{"ENV_1=pancakes", "ENV_2=bananas"},
 			callArgs:        []string{"123.45.67.89", "/var/inventory", "test-playbook.yml", ""},
-			ExpectedArgs:    []string{"-e", "packer_builder_type=fakebuilder", "-e", "packer_http_addr=123.45.67.89", "--ssh-extra-args", "'-o IdentitiesOnly=yes'", "-e", "hello-world", "-e", "ansible_password=ilovebananapancakes", "-e", "ansible_host_key_checking=False", "-i", "/var/inventory", "test-playbook.yml"},
+			ExpectedArgs:    []string{"-e", "packer_builder_type=fakebuilder", "-e", "packer_http_addr=123.45.67.89", "-e", "hello-world", "-e", "ansible_password=ilovebananapancakes", "-e", "ansible_host_key_checking=False", "-i", "/var/inventory", "test-playbook.yml"},
 			ExpectedEnvVars: []string{"ENV_1=pancakes", "ENV_2=bananas"},
 		},
 		{
@@ -614,7 +615,7 @@ func TestCreateCmdArgs(t *testing.T) {
 			ExtraArguments:  []string{"-e", "hello-world", "-e", "ansible_password=ilovebananapancakes"},
 			AnsibleEnvVars:  []string{"ENV_1=pancakes", "ENV_2=bananas", "ANSIBLE_HOST_KEY_CHECKING=False"},
 			callArgs:        []string{"123.45.67.89", "/var/inventory", "test-playbook.yml", ""},
-			ExpectedArgs:    []string{"-e", "packer_builder_type=fakebuilder", "-e", "packer_http_addr=123.45.67.89", "--ssh-extra-args", "'-o IdentitiesOnly=yes'", "-e", "hello-world", "-e", "ansible_password=ilovebananapancakes", "-i", "/var/inventory", "test-playbook.yml"},
+			ExpectedArgs:    []string{"-e", "packer_builder_type=fakebuilder", "-e", "packer_http_addr=123.45.67.89", "-e", "hello-world", "-e", "ansible_password=ilovebananapancakes", "-i", "/var/inventory", "test-playbook.yml"},
 			ExpectedEnvVars: []string{"ENV_1=pancakes", "ENV_2=bananas", "ANSIBLE_HOST_KEY_CHECKING=False"},
 		},
 		{
@@ -627,12 +628,20 @@ func TestCreateCmdArgs(t *testing.T) {
 			ExpectedArgs:    []string{"-e", "packer_build_name=\"packerparty\"", "-e", "packer_builder_type=fakebuilder", "-e", "ansible_ssh_private_key_file=/path/to/privkey.pem", "--ssh-extra-args", "'-o IdentitiesOnly=yes'", "-e", "hello-world", "-i", "/var/inventory", "test-playbook.yml"},
 			ExpectedEnvVars: []string{},
 		},
+		{
+			TestName:        "Use SSH Agent",
+			UseProxy:        confighelper.TriTrue,
+			generatedData:   basicGenData(nil),
+			callArgs:        []string{common.HttpAddrNotImplemented, "/var/inventory", "test-playbook.yml", ""},
+			ExpectedArgs:    []string{"-e", "packer_builder_type=fakebuilder", "-i", "/var/inventory", "test-playbook.yml"},
+			ExpectedEnvVars: []string{},
+		},
 		{
 			// No builder name. This shouldn't cause an error, it just shouldn't be set. HCL, yo.
 			TestName:        "No builder name. This shouldn't cause an error, it just shouldn't be set. HCL, yo.",
 			generatedData:   basicGenData(nil),
 			callArgs:        []string{common.HttpAddrNotImplemented, "/var/inventory", "test-playbook.yml", ""},
-			ExpectedArgs:    []string{"-e", "packer_builder_type=fakebuilder", "--ssh-extra-args", "'-o IdentitiesOnly=yes'", "-i", "/var/inventory", "test-playbook.yml"},
+			ExpectedArgs:    []string{"-e", "packer_builder_type=fakebuilder", "-i", "/var/inventory", "test-playbook.yml"},
 			ExpectedEnvVars: []string{},
 		},
 	}