aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--README.md4
-rw-r--r--defaults/main.yml1
-rw-r--r--dhall/package.dhall2
-rwxr-xr-xfiles/fetch_keys.sh22
-rw-r--r--tasks/key.yml30
-rw-r--r--tasks/keys.yml43
-rw-r--r--tasks/main.yml3
7 files changed, 82 insertions, 23 deletions
diff --git a/README.md b/README.md
index 8a5f903..9962610 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,10 @@ Role Variables
19* `rundeck_remove_missing` Whether to delete jobs present in rundeck and not in file. Defaults to true. 19* `rundeck_remove_missing` Whether to delete jobs present in rundeck and not in file. Defaults to true.
20* `rundeck_jobs_group` the group of job to check for removal 20* `rundeck_jobs_group` the group of job to check for removal
21* `rundeck_ignore_creation_errors` whether to ignore job creation error. Default to true to follow the 200 status given by rundeck API 21* `rundeck_ignore_creation_errors` whether to ignore job creation error. Default to true to follow the 200 status given by rundeck API
22* `rundeck_jobs_keys` a list of keys to import in rundeck. Each key is a dict with a `path`, a `value` and a `type` as declared in [https://docs.rundeck.com/3.0.x/api/index.html#upload-keys]().
23* `rundeck_keys_scoped_by_project` scope each key by project (In a project/ProjectName subdirectory)
24* `rundeck_keys_scoped_by_group` scope each key by group. Defaults to true if the group is defined, false otherwise
25* `rundeck_remove_missing_keys` remove keys that are not declared in ansible (possibly restrained to the scope defined above)
22 26
23A [dhall](https://dhall-lang.org/) Type representing the roles' variables is available in the `./dhall/Config.dhall` file to help you configure your projects with some type checking. 27A [dhall](https://dhall-lang.org/) Type representing the roles' variables is available in the `./dhall/Config.dhall` file to help you configure your projects with some type checking.
24 28
diff --git a/defaults/main.yml b/defaults/main.yml
index dc73d56..c3f0967 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,6 +1,7 @@
1--- 1---
2rundeck_api_version: 26 2rundeck_api_version: 26
3rundeck_remove_missing: true 3rundeck_remove_missing: true
4rundeck_remove_missing_keys: false
4rundeck_ignore_creation_error: true 5rundeck_ignore_creation_error: true
5rundeck_keys_scoped_by_project: true 6rundeck_keys_scoped_by_project: true
6rundeck_jobs_keys: [] 7rundeck_jobs_keys: []
diff --git a/dhall/package.dhall b/dhall/package.dhall
index 7ada0dc..4e3b668 100644
--- a/dhall/package.dhall
+++ b/dhall/package.dhall
@@ -10,6 +10,7 @@ let Config =
10 , rundeck_api_token : Text 10 , rundeck_api_token : Text
11 , rundeck_api_version : Optional Natural 11 , rundeck_api_version : Optional Natural
12 , rundeck_remove_missing : Optional Bool 12 , rundeck_remove_missing : Optional Bool
13 , rundeck_remove_missing_keys : Optional Bool
13 , rundeck_ignore_creation_error : Optional Bool 14 , rundeck_ignore_creation_error : Optional Bool
14 , rundeck_jobs_group : Optional Text 15 , rundeck_jobs_group : Optional Text
15 , rundeck_jobs_keys : List Key 16 , rundeck_jobs_keys : List Key
@@ -19,6 +20,7 @@ let Config =
19 , default = 20 , default =
20 { rundeck_api_version = Some 26 21 { rundeck_api_version = Some 26
21 , rundeck_remove_missing = Some True 22 , rundeck_remove_missing = Some True
23 , rundeck_remove_missing_keys = Some False
22 , rundeck_ignore_creation_error = Some True 24 , rundeck_ignore_creation_error = Some True
23 , rundeck_jobs_group = None Text 25 , rundeck_jobs_group = None Text
24 , rundeck_jobs_keys = [] : List Key 26 , rundeck_jobs_keys = [] : List Key
diff --git a/files/fetch_keys.sh b/files/fetch_keys.sh
new file mode 100755
index 0000000..e15dc12
--- /dev/null
+++ b/files/fetch_keys.sh
@@ -0,0 +1,22 @@
1#!/usr/bin/env bash
2
3set -euo pipefail
4
5BASE_URL="$1"
6TOKEN="$2"
7BASE_PATH="$3"
8
9list_path_rec() {
10 path="$1"
11 result=$(curl -ks "$BASE_URL/storage/$path?authtoken=$TOKEN")
12
13 case "$(echo "$result" | jq -r .type)" in
14 "file") echo "$result" | jq -r .path | sed -e "s@^$BASE_PATH/@@"
15 ;;
16 "directory")
17 echo "$result" | jq -r ".resources[]|.path" | while read p; do list_path_rec "$p"; done
18 ;;
19 esac
20}
21
22list_path_rec "$BASE_PATH"
diff --git a/tasks/key.yml b/tasks/key.yml
new file mode 100644
index 0000000..aa2b2d9
--- /dev/null
+++ b/tasks/key.yml
@@ -0,0 +1,30 @@
1---
2- name: Build scoped path
3 set_fact:
4 rundeck_key_full_path: "{{ rundeck_keys_base_path }}/{{ item.path }}"
5
6- name: Check key existence
7 uri:
8 url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}"
9 method: GET
10 headers:
11 Accept: application/json
12 X-Rundeck-Auth-Token: "{{ rundeck_api_token }}"
13 status_code: [200, 404]
14 register: rundeck_existing_key
15
16- name: Set method
17 set_fact:
18 rundeck_key_uri_method: "{{ (rundeck_existing_key.status == 404) | ternary('POST', 'PUT') }}"
19
20- name: Import key
21 uri:
22 url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}"
23 method: "{{ rundeck_key_uri_method }}"
24 headers:
25 Accept: application/json
26 Content-Type: "{{ item.type }}"
27 X-Rundeck-Auth-Token: "{{ rundeck_api_token }}"
28 status_code: [200, 201]
29 body: "{{ item.value }}"
30 body_format: raw
diff --git a/tasks/keys.yml b/tasks/keys.yml
index 98c6136..7ca0904 100644
--- a/tasks/keys.yml
+++ b/tasks/keys.yml
@@ -1,33 +1,34 @@
1--- 1---
2- name: Build scoped path 2- name: Set scope variables
3 set_fact: 3 set_fact:
4 rundeck_key_full_path: "{{ rundeck_keys_scoped_by_project | default(true) | ternary('project/' + rundeck_project + '/' + key_group_path, key_group_path) }}" 4 rundeck_keys_base_path: "{{ rundeck_keys_scoped_by_project | default(true) | ternary('project/' + rundeck_project + '/' + rundeck_keys_group_path, rundeck_keys_group_path) }}"
5 vars: 5 vars:
6 group_name: "{{ rundeck_jobs_group | default('') }}" 6 group_name: "{{ rundeck_jobs_group | default('') }}"
7 key_group_path: "{{ rundeck_keys_scoped_by_group | default((group_name|length) > 0) | ternary(group_name + '/' + item.path, item.path) }}" 7 rundeck_keys_group_path: "{{ rundeck_keys_scoped_by_group | default((group_name|length) > 0) | ternary(group_name, '') }}"
8 8
9- name: Check key existence 9- name: Include rundeck key
10 uri: 10 include_tasks: key.yml
11 url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}" 11 with_items: "{{ rundeck_jobs_keys }}"
12 method: GET 12
13 headers: 13- name: Get all stored keys
14 Accept: application/json 14 script:
15 X-Rundeck-Auth-Token: "{{ rundeck_api_token }}" 15 cmd: "{{ role_path }}/files/fetch_keys.sh {{ rundeck_api_url }}/{{ rundeck_api_version }} {{ rundeck_api_token }} keys/{{ rundeck_keys_base_path }}"
16 status_code: [200, 404] 16 register: rundeck_existing_keys
17 register: rundeck_existing_key 17 when: rundeck_remove_missing_keys
18 18
19- name: Set method 19- name: "Prepare list of keys to remove"
20 set_fact: 20 set_fact:
21 rundeck_key_uri_method: "{{ (rundeck_existing_key.status == 404) | ternary('POST', 'PUT') }}" 21 rundeck_existing_keys: "{{ rundeck_existing_keys.stdout_lines | list }}"
22 rundeck_known_keys: "{{ rundeck_jobs_keys | map(attribute='path') | list }}"
23 when: rundeck_remove_missing_keys
22 24
23- name: Import key 25- name: "Remove jobs not declared"
24 uri: 26 uri:
25 url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}" 27 url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_keys_base_path }}/{{ item }}"
26 method: "{{ rundeck_key_uri_method }}" 28 method: DELETE
27 headers: 29 headers:
28 Accept: application/json 30 Accept: application/json
29 Content-Type: "{{ item.type }}"
30 X-Rundeck-Auth-Token: "{{ rundeck_api_token }}" 31 X-Rundeck-Auth-Token: "{{ rundeck_api_token }}"
31 status_code: [200, 201] 32 status_code: [204, 404]
32 body: "{{ item.value }}" 33 with_items: "{{ rundeck_existing_keys | difference(rundeck_known_keys) }}"
33 body_format: raw 34 when: rundeck_remove_missing_keys
diff --git a/tasks/main.yml b/tasks/main.yml
index 644fef0..955d0a9 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -4,7 +4,6 @@
4 tags: 4 tags:
5 - rundeck-jobs 5 - rundeck-jobs
6- name: Include rundeck keys 6- name: Include rundeck keys
7 include_tasks: keys.yml
8 tags: 7 tags:
9 - rundeck-keys 8 - rundeck-keys
10 with_items: "{{ rundeck_jobs_keys }}" 9 include_tasks: keys.yml