Add keys creation in rundeck

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 2e80846ebddd3232c73cc66aee018617a74fd046..ee67f999198d5e6911f16706cc9dc38208faae6c 100644 (file)
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -32,6 +32,10 @@ jobs:
         uses: ansible/ansible-lint-action@master
         with:
           targets: "${{ github.repository }}"
+          # override lint version due to
+          # https://github.com/ansible/ansible-lint-action/issues/59
+          override-deps: |
+            ansible-lint==5.3.2
       - run: |
           sudo apt update && sudo apt install -y python3-pip
           pip3 install -r ${{ github.repository }}/requirements.txt

diff --git a/README.md b/README.md
index cc3a38eebd4a6a26b4ae0d7cff7e35dbd08d41b7..8a5f903a329ad4b6f2a369f8861080b42b428f8b 100644 (file)
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ Role Variables
 * `rundeck_api_version` api version supported by rundeck server. Default to 26.
 * `rundeck_remove_missing` Whether to delete jobs present in rundeck and not in file. Defaults to true.
 * `rundeck_jobs_group` the group of job to check for removal
-* `rundeck_ignore_creation_errors` whether to ignore job creation error. Default to true to follow the 200 statu given by rundeck API
+* `rundeck_ignore_creation_errors` whether to ignore job creation error. Default to true to follow the 200 status given by rundeck API
 
 A [dhall](https://dhall-lang.org/) Type representing the roles' variables is available in the `./dhall/Config.dhall` file to help you configure your projects with some type checking.
 

diff --git a/defaults/main.yml b/defaults/main.yml
index 32342aab7eb855e76caff36d335cf5b0c782d169..dc73d56a0c6f4114a4ecb0685380e44cd7edf55f 100644 (file)
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,3 +2,5 @@
 rundeck_api_version: 26
 rundeck_remove_missing: true
 rundeck_ignore_creation_error: true
+rundeck_keys_scoped_by_project: true
+rundeck_jobs_keys: []

diff --git a/dhall/package.dhall b/dhall/package.dhall
index ceab8c0984a652cb5848f19f48241f7e40f7644d..ef0483b4f3f4919591580fef328a5b591b36096a 100644 (file)
--- a/dhall/package.dhall
+++ b/dhall/package.dhall
@@ -1,13 +1,30 @@
+let Key = { path : Text, value : Text, type : Text }
+
 let Vault = { apiToken : Text }
 
 let Config =
-      { rundeck_jobs_path : Text
-      , rundeck_project : Text
-      , rundeck_api_url : Text
-      , rundeck_api_token : Text
-      , rundeck_api_version : Optional Natural
-      , rundeck_remove_missing : Optional Bool
-      , rundeck_jobs_group : Optional Text
+      { Type =
+          { rundeck_jobs_path : Text
+          , rundeck_project : Text
+          , rundeck_api_url : Text
+          , rundeck_api_token : Text
+          , rundeck_api_version : Optional Natural
+          , rundeck_remove_missing : Optional Bool
+          , rundeck_ignore_creation_error : Optional Bool
+          , rundeck_jobs_group : Optional Text
+          , rundeck_jobs_keys : List Key
+          , rundeck_keys_scoped_by_project : Optional Bool
+          , rundeck_keys_scoped_by_group : Optional Bool
+          }
+      , default =
+        { rundeck_api_version = Some 26
+        , rundeck_remove_missing = Some True
+        , rundeck_ignore_creation_error = Some True
+        , rundeck_jobs_group = None Text
+        , rundeck_jobs_keys = [] : List Key
+        , rundeck_keys_scoped_by_project = Some True
+        , rundeck_keys_scoped_by_group = None Bool
+        }
       }
 
-in  { Vault = Vault, Config = Config }
+in  { Vault, Config, Key }

diff --git a/tasks/keys.yml b/tasks/keys.yml
new file mode 100644 (file)
index 0000000..98c6136
--- /dev/null
+++ b/tasks/keys.yml
@@ -0,0 +1,33 @@
+---
+- name: Build scoped path
+  set_fact:
+    rundeck_key_full_path: "{{ rundeck_keys_scoped_by_project | default(true) | ternary('project/' + rundeck_project + '/' + key_group_path, key_group_path) }}"
+  vars:
+    group_name: "{{ rundeck_jobs_group | default('') }}"
+    key_group_path: "{{ rundeck_keys_scoped_by_group | default((group_name|length) > 0) | ternary(group_name + '/' + item.path, item.path) }}"
+
+- name: Check key existence
+  uri:
+    url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}"
+    method: GET
+    headers:
+      Accept: application/json
+      X-Rundeck-Auth-Token: "{{ rundeck_api_token }}"
+    status_code: [200, 404]
+  register: rundeck_existing_key
+
+- name: Set method
+  set_fact:
+    rundeck_key_uri_method: "{{ (rundeck_existing_key.status == 404) | ternary('POST', 'PUT') }}"
+
+- name: Import key
+  uri:
+    url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}"
+    method: "{{ rundeck_key_uri_method }}"
+    headers:
+      Accept: application/json
+      Content-Type: "{{ item.type }}"
+      X-Rundeck-Auth-Token: "{{ rundeck_api_token }}"
+    status_code: [200, 201]
+    body: "{{ item.value }}"
+    body_format: raw

diff --git a/tasks/main.yml b/tasks/main.yml
index 3d41031ba6a3fa4ad702c0821ea4fc50173f259e..644fef0b0ca1cf63be00e1217fdb7bf88be6ba28 100644 (file)
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,3 +3,8 @@
   include_tasks: rundeck.yml
   tags:
     - rundeck-jobs
+- name: Include rundeck keys
+  include_tasks: keys.yml
+  tags:
+    - rundeck-keys
+  with_items: "{{ rundeck_jobs_keys }}"