diff options
author | ismaelbouyaf <ismael.bouya@fretlink.com> | 2022-03-21 17:46:58 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-21 17:46:58 +0100 |
commit | 2f5634ede6c4ad01f7a9d34407324459629c1856 (patch) | |
tree | f21120bf0a6e7bee5d2e7a3aebdf14f29538e0f7 | |
parent | 30a577fc43ef49e5e9925bc82116a2bd47f9a842 (diff) | |
parent | d58fd11546cd378ff4eba6227adc10f8c06c386a (diff) | |
download | ansible-rundeck-jobs-master.tar.gz ansible-rundeck-jobs-master.tar.zst ansible-rundeck-jobs-master.zip |
Add an option to remove existing keys that are not declared in ansible
-rw-r--r-- | README.md | 4 | ||||
-rw-r--r-- | defaults/main.yml | 1 | ||||
-rw-r--r-- | dhall/package.dhall | 2 | ||||
-rwxr-xr-x | files/fetch_keys.sh | 22 | ||||
-rw-r--r-- | tasks/key.yml | 30 | ||||
-rw-r--r-- | tasks/keys.yml | 43 | ||||
-rw-r--r-- | tasks/main.yml | 3 |
7 files changed, 82 insertions, 23 deletions
@@ -19,6 +19,10 @@ Role Variables | |||
19 | * `rundeck_remove_missing` Whether to delete jobs present in rundeck and not in file. Defaults to true. | 19 | * `rundeck_remove_missing` Whether to delete jobs present in rundeck and not in file. Defaults to true. |
20 | * `rundeck_jobs_group` the group of job to check for removal | 20 | * `rundeck_jobs_group` the group of job to check for removal |
21 | * `rundeck_ignore_creation_errors` whether to ignore job creation error. Default to true to follow the 200 status given by rundeck API | 21 | * `rundeck_ignore_creation_errors` whether to ignore job creation error. Default to true to follow the 200 status given by rundeck API |
22 | * `rundeck_jobs_keys` a list of keys to import in rundeck. Each key is a dict with a `path`, a `value` and a `type` as declared in [https://docs.rundeck.com/3.0.x/api/index.html#upload-keys](). | ||
23 | * `rundeck_keys_scoped_by_project` scope each key by project (In a project/ProjectName subdirectory) | ||
24 | * `rundeck_keys_scoped_by_group` scope each key by group. Defaults to true if the group is defined, false otherwise | ||
25 | * `rundeck_remove_missing_keys` remove keys that are not declared in ansible (possibly restrained to the scope defined above) | ||
22 | 26 | ||
23 | A [dhall](https://dhall-lang.org/) Type representing the roles' variables is available in the `./dhall/Config.dhall` file to help you configure your projects with some type checking. | 27 | A [dhall](https://dhall-lang.org/) Type representing the roles' variables is available in the `./dhall/Config.dhall` file to help you configure your projects with some type checking. |
24 | 28 | ||
diff --git a/defaults/main.yml b/defaults/main.yml index dc73d56..c3f0967 100644 --- a/defaults/main.yml +++ b/defaults/main.yml | |||
@@ -1,6 +1,7 @@ | |||
1 | --- | 1 | --- |
2 | rundeck_api_version: 26 | 2 | rundeck_api_version: 26 |
3 | rundeck_remove_missing: true | 3 | rundeck_remove_missing: true |
4 | rundeck_remove_missing_keys: false | ||
4 | rundeck_ignore_creation_error: true | 5 | rundeck_ignore_creation_error: true |
5 | rundeck_keys_scoped_by_project: true | 6 | rundeck_keys_scoped_by_project: true |
6 | rundeck_jobs_keys: [] | 7 | rundeck_jobs_keys: [] |
diff --git a/dhall/package.dhall b/dhall/package.dhall index 7ada0dc..4e3b668 100644 --- a/dhall/package.dhall +++ b/dhall/package.dhall | |||
@@ -10,6 +10,7 @@ let Config = | |||
10 | , rundeck_api_token : Text | 10 | , rundeck_api_token : Text |
11 | , rundeck_api_version : Optional Natural | 11 | , rundeck_api_version : Optional Natural |
12 | , rundeck_remove_missing : Optional Bool | 12 | , rundeck_remove_missing : Optional Bool |
13 | , rundeck_remove_missing_keys : Optional Bool | ||
13 | , rundeck_ignore_creation_error : Optional Bool | 14 | , rundeck_ignore_creation_error : Optional Bool |
14 | , rundeck_jobs_group : Optional Text | 15 | , rundeck_jobs_group : Optional Text |
15 | , rundeck_jobs_keys : List Key | 16 | , rundeck_jobs_keys : List Key |
@@ -19,6 +20,7 @@ let Config = | |||
19 | , default = | 20 | , default = |
20 | { rundeck_api_version = Some 26 | 21 | { rundeck_api_version = Some 26 |
21 | , rundeck_remove_missing = Some True | 22 | , rundeck_remove_missing = Some True |
23 | , rundeck_remove_missing_keys = Some False | ||
22 | , rundeck_ignore_creation_error = Some True | 24 | , rundeck_ignore_creation_error = Some True |
23 | , rundeck_jobs_group = None Text | 25 | , rundeck_jobs_group = None Text |
24 | , rundeck_jobs_keys = [] : List Key | 26 | , rundeck_jobs_keys = [] : List Key |
diff --git a/files/fetch_keys.sh b/files/fetch_keys.sh new file mode 100755 index 0000000..e15dc12 --- /dev/null +++ b/files/fetch_keys.sh | |||
@@ -0,0 +1,22 @@ | |||
1 | #!/usr/bin/env bash | ||
2 | |||
3 | set -euo pipefail | ||
4 | |||
5 | BASE_URL="$1" | ||
6 | TOKEN="$2" | ||
7 | BASE_PATH="$3" | ||
8 | |||
9 | list_path_rec() { | ||
10 | path="$1" | ||
11 | result=$(curl -ks "$BASE_URL/storage/$path?authtoken=$TOKEN") | ||
12 | |||
13 | case "$(echo "$result" | jq -r .type)" in | ||
14 | "file") echo "$result" | jq -r .path | sed -e "s@^$BASE_PATH/@@" | ||
15 | ;; | ||
16 | "directory") | ||
17 | echo "$result" | jq -r ".resources[]|.path" | while read p; do list_path_rec "$p"; done | ||
18 | ;; | ||
19 | esac | ||
20 | } | ||
21 | |||
22 | list_path_rec "$BASE_PATH" | ||
diff --git a/tasks/key.yml b/tasks/key.yml new file mode 100644 index 0000000..aa2b2d9 --- /dev/null +++ b/tasks/key.yml | |||
@@ -0,0 +1,30 @@ | |||
1 | --- | ||
2 | - name: Build scoped path | ||
3 | set_fact: | ||
4 | rundeck_key_full_path: "{{ rundeck_keys_base_path }}/{{ item.path }}" | ||
5 | |||
6 | - name: Check key existence | ||
7 | uri: | ||
8 | url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}" | ||
9 | method: GET | ||
10 | headers: | ||
11 | Accept: application/json | ||
12 | X-Rundeck-Auth-Token: "{{ rundeck_api_token }}" | ||
13 | status_code: [200, 404] | ||
14 | register: rundeck_existing_key | ||
15 | |||
16 | - name: Set method | ||
17 | set_fact: | ||
18 | rundeck_key_uri_method: "{{ (rundeck_existing_key.status == 404) | ternary('POST', 'PUT') }}" | ||
19 | |||
20 | - name: Import key | ||
21 | uri: | ||
22 | url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}" | ||
23 | method: "{{ rundeck_key_uri_method }}" | ||
24 | headers: | ||
25 | Accept: application/json | ||
26 | Content-Type: "{{ item.type }}" | ||
27 | X-Rundeck-Auth-Token: "{{ rundeck_api_token }}" | ||
28 | status_code: [200, 201] | ||
29 | body: "{{ item.value }}" | ||
30 | body_format: raw | ||
diff --git a/tasks/keys.yml b/tasks/keys.yml index 98c6136..7ca0904 100644 --- a/tasks/keys.yml +++ b/tasks/keys.yml | |||
@@ -1,33 +1,34 @@ | |||
1 | --- | 1 | --- |
2 | - name: Build scoped path | 2 | - name: Set scope variables |
3 | set_fact: | 3 | set_fact: |
4 | rundeck_key_full_path: "{{ rundeck_keys_scoped_by_project | default(true) | ternary('project/' + rundeck_project + '/' + key_group_path, key_group_path) }}" | 4 | rundeck_keys_base_path: "{{ rundeck_keys_scoped_by_project | default(true) | ternary('project/' + rundeck_project + '/' + rundeck_keys_group_path, rundeck_keys_group_path) }}" |
5 | vars: | 5 | vars: |
6 | group_name: "{{ rundeck_jobs_group | default('') }}" | 6 | group_name: "{{ rundeck_jobs_group | default('') }}" |
7 | key_group_path: "{{ rundeck_keys_scoped_by_group | default((group_name|length) > 0) | ternary(group_name + '/' + item.path, item.path) }}" | 7 | rundeck_keys_group_path: "{{ rundeck_keys_scoped_by_group | default((group_name|length) > 0) | ternary(group_name, '') }}" |
8 | 8 | ||
9 | - name: Check key existence | 9 | - name: Include rundeck key |
10 | uri: | 10 | include_tasks: key.yml |
11 | url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}" | 11 | with_items: "{{ rundeck_jobs_keys }}" |
12 | method: GET | 12 | |
13 | headers: | 13 | - name: Get all stored keys |
14 | Accept: application/json | 14 | script: |
15 | X-Rundeck-Auth-Token: "{{ rundeck_api_token }}" | 15 | cmd: "{{ role_path }}/files/fetch_keys.sh {{ rundeck_api_url }}/{{ rundeck_api_version }} {{ rundeck_api_token }} keys/{{ rundeck_keys_base_path }}" |
16 | status_code: [200, 404] | 16 | register: rundeck_existing_keys |
17 | register: rundeck_existing_key | 17 | when: rundeck_remove_missing_keys |
18 | 18 | ||
19 | - name: Set method | 19 | - name: "Prepare list of keys to remove" |
20 | set_fact: | 20 | set_fact: |
21 | rundeck_key_uri_method: "{{ (rundeck_existing_key.status == 404) | ternary('POST', 'PUT') }}" | 21 | rundeck_existing_keys: "{{ rundeck_existing_keys.stdout_lines | list }}" |
22 | rundeck_known_keys: "{{ rundeck_jobs_keys | map(attribute='path') | list }}" | ||
23 | when: rundeck_remove_missing_keys | ||
22 | 24 | ||
23 | - name: Import key | 25 | - name: "Remove jobs not declared" |
24 | uri: | 26 | uri: |
25 | url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}" | 27 | url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_keys_base_path }}/{{ item }}" |
26 | method: "{{ rundeck_key_uri_method }}" | 28 | method: DELETE |
27 | headers: | 29 | headers: |
28 | Accept: application/json | 30 | Accept: application/json |
29 | Content-Type: "{{ item.type }}" | ||
30 | X-Rundeck-Auth-Token: "{{ rundeck_api_token }}" | 31 | X-Rundeck-Auth-Token: "{{ rundeck_api_token }}" |
31 | status_code: [200, 201] | 32 | status_code: [204, 404] |
32 | body: "{{ item.value }}" | 33 | with_items: "{{ rundeck_existing_keys | difference(rundeck_known_keys) }}" |
33 | body_format: raw | 34 | when: rundeck_remove_missing_keys |
diff --git a/tasks/main.yml b/tasks/main.yml index 644fef0..955d0a9 100644 --- a/tasks/main.yml +++ b/tasks/main.yml | |||
@@ -4,7 +4,6 @@ | |||
4 | tags: | 4 | tags: |
5 | - rundeck-jobs | 5 | - rundeck-jobs |
6 | - name: Include rundeck keys | 6 | - name: Include rundeck keys |
7 | include_tasks: keys.yml | ||
8 | tags: | 7 | tags: |
9 | - rundeck-keys | 8 | - rundeck-keys |
10 | with_items: "{{ rundeck_jobs_keys }}" | 9 | include_tasks: keys.yml |