6 files changed, 70 insertions, 9 deletions
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 2e80846..ee67f99 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -32,6 +32,10 @@ jobs:
        uses: ansible/ansible-lint-action@master
        with:
          targets: "${{ github.repository }}"
+          # override lint version due to
+          # https://github.com/ansible/ansible-lint-action/issues/59
+          override-deps: |
+            ansible-lint==5.3.2
      - run: |
          sudo apt update && sudo apt install -y python3-pip
          pip3 install -r ${{ github.repository }}/requirements.txt
diff --git a/README.md b/README.md
index cc3a38e..8a5f903 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ Role Variables
 * `rundeck_api_version` api version supported by rundeck server. Default to 26.
 * `rundeck_remove_missing` Whether to delete jobs present in rundeck and not in file. Defaults to true.
 * `rundeck_jobs_group` the group of job to check for removal
-* `rundeck_ignore_creation_errors` whether to ignore job creation error. Default to true to follow the 200 statu given by rundeck API
+* `rundeck_ignore_creation_errors` whether to ignore job creation error. Default to true to follow the 200 status given by rundeck API
 A [dhall](https://dhall-lang.org/) Type representing the roles' variables is available in the `./dhall/Config.dhall` file to help you configure your projects with some type checking.
diff --git a/defaults/main.yml b/defaults/main.yml
index 32342aa..dc73d56 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,3 +2,5 @@
 rundeck_api_version: 26
 rundeck_remove_missing: true
 rundeck_ignore_creation_error: true
+rundeck_keys_scoped_by_project: true
+rundeck_jobs_keys: []
diff --git a/dhall/package.dhall b/dhall/package.dhall
index ceab8c0..ef0483b 100644
--- a/dhall/package.dhall
+++ b/dhall/package.dhall
@@ -1,13 +1,30 @@
+let Key = { path : Text, value : Text, type : Text }
 let Vault = { apiToken : Text }
 let Config =
-      { rundeck_jobs_path : Text
+      { Type =
-      , rundeck_project : Text
+          { rundeck_jobs_path : Text
-      , rundeck_api_url : Text
+          , rundeck_project : Text
-      , rundeck_api_token : Text
+          , rundeck_api_url : Text
-      , rundeck_api_version : Optional Natural
+          , rundeck_api_token : Text
-      , rundeck_remove_missing : Optional Bool
+          , rundeck_api_version : Optional Natural
-      , rundeck_jobs_group : Optional Text
+          , rundeck_remove_missing : Optional Bool
+          , rundeck_ignore_creation_error : Optional Bool
+          , rundeck_jobs_group : Optional Text
+          , rundeck_jobs_keys : List Key
+          , rundeck_keys_scoped_by_project : Optional Bool
+          , rundeck_keys_scoped_by_group : Optional Bool
+          }
+      , default =
+        { rundeck_api_version = Some 26
+        , rundeck_remove_missing = Some True
+        , rundeck_ignore_creation_error = Some True
+        , rundeck_jobs_group = None Text
+        , rundeck_jobs_keys = [] : List Key
+        , rundeck_keys_scoped_by_project = Some True
+        , rundeck_keys_scoped_by_group = None Bool
+        }
      }
-in  { Vault = Vault, Config = Config }
+in  { Vault, Config, Key }
diff --git a/tasks/keys.yml b/tasks/keys.yml
new file mode 100644
index 0000000..98c6136
--- /dev/null
+++ b/tasks/keys.yml
@@ -0,0 +1,33 @@
+---
+- name: Build scoped path
+  set_fact:
+    rundeck_key_full_path: "{{ rundeck_keys_scoped_by_project | default(true) | ternary('project/' + rundeck_project + '/' + key_group_path, key_group_path) }}"
+  vars:
+    group_name: "{{ rundeck_jobs_group | default('') }}"
+    key_group_path: "{{ rundeck_keys_scoped_by_group | default((group_name|length) > 0) | ternary(group_name + '/' + item.path, item.path) }}"
+- name: Check key existence
+  uri:
+    url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}"
+    method: GET
+    headers:
+      Accept: application/json
+      X-Rundeck-Auth-Token: "{{ rundeck_api_token }}"
+    status_code: [200, 404]
+  register: rundeck_existing_key
+- name: Set method
+  set_fact:
+    rundeck_key_uri_method: "{{ (rundeck_existing_key.status == 404) | ternary('POST', 'PUT') }}"
+- name: Import key
+  uri:
+    url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}"
+    method: "{{ rundeck_key_uri_method }}"
+    headers:
+      Accept: application/json
+      Content-Type: "{{ item.type }}"
+      X-Rundeck-Auth-Token: "{{ rundeck_api_token }}"
+    status_code: [200, 201]
+    body: "{{ item.value }}"
+    body_format: raw
diff --git a/tasks/main.yml b/tasks/main.yml
index 3d41031..644fef0 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,3 +3,8 @@
  include_tasks: rundeck.yml
  tags:
    - rundeck-jobs
+- name: Include rundeck keys
+  include_tasks: keys.yml
+  tags:
+    - rundeck-keys
+  with_items: "{{ rundeck_jobs_keys }}"

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 2e80846..ee67f99 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml
@@ -32,6 +32,10 @@ jobs:
32	uses: ansible/ansible-lint-action@master	32	uses: ansible/ansible-lint-action@master
33	with:	33	with:
34	targets: "${{ github.repository }}"	34	targets: "${{ github.repository }}"
		35	# override lint version due to
		36	# https://github.com/ansible/ansible-lint-action/issues/59
		37	override-deps: \|
		38	ansible-lint==5.3.2
35	- run: \|	39	- run: \|
36	sudo apt update && sudo apt install -y python3-pip	40	sudo apt update && sudo apt install -y python3-pip
37	pip3 install -r ${{ github.repository }}/requirements.txt	41	pip3 install -r ${{ github.repository }}/requirements.txt


diff --git a/README.md b/README.md index cc3a38e..8a5f903 100644 --- a/README.md +++ b/README.md
@@ -18,7 +18,7 @@ Role Variables
18	* `rundeck_api_version` api version supported by rundeck server. Default to 26.	18	* `rundeck_api_version` api version supported by rundeck server. Default to 26.
19	* `rundeck_remove_missing` Whether to delete jobs present in rundeck and not in file. Defaults to true.	19	* `rundeck_remove_missing` Whether to delete jobs present in rundeck and not in file. Defaults to true.
20	* `rundeck_jobs_group` the group of job to check for removal	20	* `rundeck_jobs_group` the group of job to check for removal
21	* `rundeck_ignore_creation_errors` whether to ignore job creation error. Default to true to follow the 200 statu given by rundeck API	21	* `rundeck_ignore_creation_errors` whether to ignore job creation error. Default to true to follow the 200 status given by rundeck API
22		22
23	A [dhall](https://dhall-lang.org/) Type representing the roles' variables is available in the `./dhall/Config.dhall` file to help you configure your projects with some type checking.	23	A [dhall](https://dhall-lang.org/) Type representing the roles' variables is available in the `./dhall/Config.dhall` file to help you configure your projects with some type checking.
24		24


diff --git a/defaults/main.yml b/defaults/main.yml index 32342aa..dc73d56 100644 --- a/defaults/main.yml +++ b/defaults/main.yml
@@ -2,3 +2,5 @@
2	rundeck_api_version: 26	2	rundeck_api_version: 26
3	rundeck_remove_missing: true	3	rundeck_remove_missing: true
4	rundeck_ignore_creation_error: true	4	rundeck_ignore_creation_error: true
		5	rundeck_keys_scoped_by_project: true
		6	rundeck_jobs_keys: []


diff --git a/dhall/package.dhall b/dhall/package.dhall index ceab8c0..ef0483b 100644 --- a/dhall/package.dhall +++ b/dhall/package.dhall
@@ -1,13 +1,30 @@
		1	let Key = { path : Text, value : Text, type : Text }
		2
1	let Vault = { apiToken : Text }	3	let Vault = { apiToken : Text }
2		4
3	let Config =	5	let Config =
4	{ rundeck_jobs_path : Text	6	{ Type =
5	, rundeck_project : Text	7	{ rundeck_jobs_path : Text
6	, rundeck_api_url : Text	8	, rundeck_project : Text
7	, rundeck_api_token : Text	9	, rundeck_api_url : Text
8	, rundeck_api_version : Optional Natural	10	, rundeck_api_token : Text
9	, rundeck_remove_missing : Optional Bool	11	, rundeck_api_version : Optional Natural
10	, rundeck_jobs_group : Optional Text	12	, rundeck_remove_missing : Optional Bool
		13	, rundeck_ignore_creation_error : Optional Bool
		14	, rundeck_jobs_group : Optional Text
		15	, rundeck_jobs_keys : List Key
		16	, rundeck_keys_scoped_by_project : Optional Bool
		17	, rundeck_keys_scoped_by_group : Optional Bool
		18	}
		19	, default =
		20	{ rundeck_api_version = Some 26
		21	, rundeck_remove_missing = Some True
		22	, rundeck_ignore_creation_error = Some True
		23	, rundeck_jobs_group = None Text
		24	, rundeck_jobs_keys = [] : List Key
		25	, rundeck_keys_scoped_by_project = Some True
		26	, rundeck_keys_scoped_by_group = None Bool
		27	}
11	}	28	}
12		29
13	in { Vault = Vault, Config = Config }	30	in { Vault, Config, Key }


diff --git a/tasks/keys.yml b/tasks/keys.yml new file mode 100644 index 0000000..98c6136 --- /dev/null +++ b/tasks/keys.yml
@@ -0,0 +1,33 @@
		1	---
		2	- name: Build scoped path
		3	set_fact:
		4	rundeck_key_full_path: "{{ rundeck_keys_scoped_by_project \| default(true) \| ternary('project/' + rundeck_project + '/' + key_group_path, key_group_path) }}"
		5	vars:
		6	group_name: "{{ rundeck_jobs_group \| default('') }}"
		7	key_group_path: "{{ rundeck_keys_scoped_by_group \| default((group_name\|length) > 0) \| ternary(group_name + '/' + item.path, item.path) }}"
		8
		9	- name: Check key existence
		10	uri:
		11	url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}"
		12	method: GET
		13	headers:
		14	Accept: application/json
		15	X-Rundeck-Auth-Token: "{{ rundeck_api_token }}"
		16	status_code: [200, 404]
		17	register: rundeck_existing_key
		18
		19	- name: Set method
		20	set_fact:
		21	rundeck_key_uri_method: "{{ (rundeck_existing_key.status == 404) \| ternary('POST', 'PUT') }}"
		22
		23	- name: Import key
		24	uri:
		25	url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}"
		26	method: "{{ rundeck_key_uri_method }}"
		27	headers:
		28	Accept: application/json
		29	Content-Type: "{{ item.type }}"
		30	X-Rundeck-Auth-Token: "{{ rundeck_api_token }}"
		31	status_code: [200, 201]
		32	body: "{{ item.value }}"
		33	body_format: raw


diff --git a/tasks/main.yml b/tasks/main.yml index 3d41031..644fef0 100644 --- a/tasks/main.yml +++ b/tasks/main.yml
@@ -3,3 +3,8 @@
3	include_tasks: rundeck.yml	3	include_tasks: rundeck.yml
4	tags:	4	tags:
5	- rundeck-jobs	5	- rundeck-jobs
		6	- name: Include rundeck keys
		7	include_tasks: keys.yml
		8	tags:
		9	- rundeck-keys
		10	with_items: "{{ rundeck_jobs_keys }}"