From 8ddcfb8038720aac49d1119fc68e280552e253da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@fretlink.com>
Date: Tue, 22 Feb 2022 14:03:41 +0100
Subject: Add keys creation in rundeck

---
 .github/workflows/pr.yml |  4 ++++
 README.md                |  2 +-
 defaults/main.yml        |  2 ++
 dhall/package.dhall      | 33 +++++++++++++++++++++++++--------
 tasks/keys.yml           | 33 +++++++++++++++++++++++++++++++++
 tasks/main.yml           |  5 +++++
 6 files changed, 70 insertions(+), 9 deletions(-)
 create mode 100644 tasks/keys.yml

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 2e80846..ee67f99 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -32,6 +32,10 @@ jobs:
         uses: ansible/ansible-lint-action@master
         with:
           targets: "${{ github.repository }}"
+          # override lint version due to
+          # https://github.com/ansible/ansible-lint-action/issues/59
+          override-deps: |
+            ansible-lint==5.3.2
       - run: |
           sudo apt update && sudo apt install -y python3-pip
           pip3 install -r ${{ github.repository }}/requirements.txt
diff --git a/README.md b/README.md
index cc3a38e..8a5f903 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ Role Variables
 * `rundeck_api_version` api version supported by rundeck server. Default to 26.
 * `rundeck_remove_missing` Whether to delete jobs present in rundeck and not in file. Defaults to true.
 * `rundeck_jobs_group` the group of job to check for removal
-* `rundeck_ignore_creation_errors` whether to ignore job creation error. Default to true to follow the 200 statu given by rundeck API
+* `rundeck_ignore_creation_errors` whether to ignore job creation error. Default to true to follow the 200 status given by rundeck API
 
 A [dhall](https://dhall-lang.org/) Type representing the roles' variables is available in the `./dhall/Config.dhall` file to help you configure your projects with some type checking.
 
diff --git a/defaults/main.yml b/defaults/main.yml
index 32342aa..dc73d56 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,3 +2,5 @@
 rundeck_api_version: 26
 rundeck_remove_missing: true
 rundeck_ignore_creation_error: true
+rundeck_keys_scoped_by_project: true
+rundeck_jobs_keys: []
diff --git a/dhall/package.dhall b/dhall/package.dhall
index ceab8c0..ef0483b 100644
--- a/dhall/package.dhall
+++ b/dhall/package.dhall
@@ -1,13 +1,30 @@
+let Key = { path : Text, value : Text, type : Text }
+
 let Vault = { apiToken : Text }
 
 let Config =
-      { rundeck_jobs_path : Text
-      , rundeck_project : Text
-      , rundeck_api_url : Text
-      , rundeck_api_token : Text
-      , rundeck_api_version : Optional Natural
-      , rundeck_remove_missing : Optional Bool
-      , rundeck_jobs_group : Optional Text
+      { Type =
+          { rundeck_jobs_path : Text
+          , rundeck_project : Text
+          , rundeck_api_url : Text
+          , rundeck_api_token : Text
+          , rundeck_api_version : Optional Natural
+          , rundeck_remove_missing : Optional Bool
+          , rundeck_ignore_creation_error : Optional Bool
+          , rundeck_jobs_group : Optional Text
+          , rundeck_jobs_keys : List Key
+          , rundeck_keys_scoped_by_project : Optional Bool
+          , rundeck_keys_scoped_by_group : Optional Bool
+          }
+      , default =
+        { rundeck_api_version = Some 26
+        , rundeck_remove_missing = Some True
+        , rundeck_ignore_creation_error = Some True
+        , rundeck_jobs_group = None Text
+        , rundeck_jobs_keys = [] : List Key
+        , rundeck_keys_scoped_by_project = Some True
+        , rundeck_keys_scoped_by_group = None Bool
+        }
       }
 
-in  { Vault = Vault, Config = Config }
+in  { Vault, Config, Key }
diff --git a/tasks/keys.yml b/tasks/keys.yml
new file mode 100644
index 0000000..98c6136
--- /dev/null
+++ b/tasks/keys.yml
@@ -0,0 +1,33 @@
+---
+- name: Build scoped path
+  set_fact:
+    rundeck_key_full_path: "{{ rundeck_keys_scoped_by_project | default(true) | ternary('project/' + rundeck_project + '/' + key_group_path, key_group_path) }}"
+  vars:
+    group_name: "{{ rundeck_jobs_group | default('') }}"
+    key_group_path: "{{ rundeck_keys_scoped_by_group | default((group_name|length) > 0) | ternary(group_name + '/' + item.path, item.path) }}"
+
+- name: Check key existence
+  uri:
+    url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}"
+    method: GET
+    headers:
+      Accept: application/json
+      X-Rundeck-Auth-Token: "{{ rundeck_api_token }}"
+    status_code: [200, 404]
+  register: rundeck_existing_key
+
+- name: Set method
+  set_fact:
+    rundeck_key_uri_method: "{{ (rundeck_existing_key.status == 404) | ternary('POST', 'PUT') }}"
+
+- name: Import key
+  uri:
+    url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}"
+    method: "{{ rundeck_key_uri_method }}"
+    headers:
+      Accept: application/json
+      Content-Type: "{{ item.type }}"
+      X-Rundeck-Auth-Token: "{{ rundeck_api_token }}"
+    status_code: [200, 201]
+    body: "{{ item.value }}"
+    body_format: raw
diff --git a/tasks/main.yml b/tasks/main.yml
index 3d41031..644fef0 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,3 +3,8 @@
   include_tasks: rundeck.yml
   tags:
     - rundeck-jobs
+- name: Include rundeck keys
+  include_tasks: keys.yml
+  tags:
+    - rundeck-keys
+  with_items: "{{ rundeck_jobs_keys }}"
-- 
cgit v1.2.3