From 8ddcfb8038720aac49d1119fc68e280552e253da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 22 Feb 2022 14:03:41 +0100 Subject: Add keys creation in rundeck --- .github/workflows/pr.yml | 4 ++++ README.md | 2 +- defaults/main.yml | 2 ++ dhall/package.dhall | 33 +++++++++++++++++++++++++-------- tasks/keys.yml | 33 +++++++++++++++++++++++++++++++++ tasks/main.yml | 5 +++++ 6 files changed, 70 insertions(+), 9 deletions(-) create mode 100644 tasks/keys.yml diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 2e80846..ee67f99 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -32,6 +32,10 @@ jobs: uses: ansible/ansible-lint-action@master with: targets: "${{ github.repository }}" + # override lint version due to + # https://github.com/ansible/ansible-lint-action/issues/59 + override-deps: | + ansible-lint==5.3.2 - run: | sudo apt update && sudo apt install -y python3-pip pip3 install -r ${{ github.repository }}/requirements.txt diff --git a/README.md b/README.md index cc3a38e..8a5f903 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Role Variables * `rundeck_api_version` api version supported by rundeck server. Default to 26. * `rundeck_remove_missing` Whether to delete jobs present in rundeck and not in file. Defaults to true. * `rundeck_jobs_group` the group of job to check for removal -* `rundeck_ignore_creation_errors` whether to ignore job creation error. Default to true to follow the 200 statu given by rundeck API +* `rundeck_ignore_creation_errors` whether to ignore job creation error. Default to true to follow the 200 status given by rundeck API A [dhall](https://dhall-lang.org/) Type representing the roles' variables is available in the `./dhall/Config.dhall` file to help you configure your projects with some type checking. diff --git a/defaults/main.yml b/defaults/main.yml index 32342aa..dc73d56 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,3 +2,5 @@ rundeck_api_version: 26 rundeck_remove_missing: true rundeck_ignore_creation_error: true +rundeck_keys_scoped_by_project: true +rundeck_jobs_keys: [] diff --git a/dhall/package.dhall b/dhall/package.dhall index ceab8c0..ef0483b 100644 --- a/dhall/package.dhall +++ b/dhall/package.dhall @@ -1,13 +1,30 @@ +let Key = { path : Text, value : Text, type : Text } + let Vault = { apiToken : Text } let Config = - { rundeck_jobs_path : Text - , rundeck_project : Text - , rundeck_api_url : Text - , rundeck_api_token : Text - , rundeck_api_version : Optional Natural - , rundeck_remove_missing : Optional Bool - , rundeck_jobs_group : Optional Text + { Type = + { rundeck_jobs_path : Text + , rundeck_project : Text + , rundeck_api_url : Text + , rundeck_api_token : Text + , rundeck_api_version : Optional Natural + , rundeck_remove_missing : Optional Bool + , rundeck_ignore_creation_error : Optional Bool + , rundeck_jobs_group : Optional Text + , rundeck_jobs_keys : List Key + , rundeck_keys_scoped_by_project : Optional Bool + , rundeck_keys_scoped_by_group : Optional Bool + } + , default = + { rundeck_api_version = Some 26 + , rundeck_remove_missing = Some True + , rundeck_ignore_creation_error = Some True + , rundeck_jobs_group = None Text + , rundeck_jobs_keys = [] : List Key + , rundeck_keys_scoped_by_project = Some True + , rundeck_keys_scoped_by_group = None Bool + } } -in { Vault = Vault, Config = Config } +in { Vault, Config, Key } diff --git a/tasks/keys.yml b/tasks/keys.yml new file mode 100644 index 0000000..98c6136 --- /dev/null +++ b/tasks/keys.yml @@ -0,0 +1,33 @@ +--- +- name: Build scoped path + set_fact: + rundeck_key_full_path: "{{ rundeck_keys_scoped_by_project | default(true) | ternary('project/' + rundeck_project + '/' + key_group_path, key_group_path) }}" + vars: + group_name: "{{ rundeck_jobs_group | default('') }}" + key_group_path: "{{ rundeck_keys_scoped_by_group | default((group_name|length) > 0) | ternary(group_name + '/' + item.path, item.path) }}" + +- name: Check key existence + uri: + url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}" + method: GET + headers: + Accept: application/json + X-Rundeck-Auth-Token: "{{ rundeck_api_token }}" + status_code: [200, 404] + register: rundeck_existing_key + +- name: Set method + set_fact: + rundeck_key_uri_method: "{{ (rundeck_existing_key.status == 404) | ternary('POST', 'PUT') }}" + +- name: Import key + uri: + url: "{{ rundeck_api_url }}/{{ rundeck_api_version }}/storage/keys/{{ rundeck_key_full_path }}" + method: "{{ rundeck_key_uri_method }}" + headers: + Accept: application/json + Content-Type: "{{ item.type }}" + X-Rundeck-Auth-Token: "{{ rundeck_api_token }}" + status_code: [200, 201] + body: "{{ item.value }}" + body_format: raw diff --git a/tasks/main.yml b/tasks/main.yml index 3d41031..644fef0 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -3,3 +3,8 @@ include_tasks: rundeck.yml tags: - rundeck-jobs +- name: Include rundeck keys + include_tasks: keys.yml + tags: + - rundeck-keys + with_items: "{{ rundeck_jobs_keys }}" -- cgit v1.2.3