├── .dockerignore ├── .drone.yml ├── .github ├── issue_template.md ├── pull_request_template.md └── settings.yml ├── .gitignore ├── .harness ├── eventPR.yaml ├── eventPush.yaml ├── eventTag.yaml └── harness.yaml ├── LICENSE ├── README.md ├── docker ├── Dockerfile.linux.amd64 ├── Dockerfile.linux.arm64 └── manifest.tmpl ├── go.mod ├── go.sum ├── main.go └── plugin.go /.dockerignore: -------------------------------------------------------------------------------- 1 | * 2 | !release/ 3 | -------------------------------------------------------------------------------- /.drone.yml: -------------------------------------------------------------------------------- 1 | kind: pipeline 2 | type: vm 3 | name: testing 4 | platform: 5 | os: linux 6 | arch: amd64 7 | pool: 8 | use: ubuntu 9 | 10 | steps: 11 | - name: lint 12 | image: golang:1.23 13 | pull: always 14 | commands: 15 | - go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest 16 | - golangci-lint version 17 | - golangci-lint run 18 | volumes: 19 | - name: gopath 20 | path: "/go" 21 | - name: test 22 | image: golang:1.23 23 | commands: 24 | - go test -cover ./... 25 | volumes: 26 | - name: gopath 27 | path: "/go" 28 | volumes: 29 | - name: gopath 30 | temp: {} 31 | trigger: 32 | ref: 33 | - refs/heads/master 34 | - refs/tags/** 35 | - refs/pull/** 36 | 37 | --- 38 | kind: pipeline 39 | type: vm 40 | name: linux-amd64 41 | platform: 42 | os: linux 43 | arch: amd64 44 | pool: 45 | use: ubuntu 46 | 47 | steps: 48 | - name: environment 49 | image: golang:1.23 50 | pull: always 51 | environment: 52 | CGO_ENABLED: "0" 53 | commands: 54 | - go version 55 | - go env 56 | - name: build 57 | image: golang:1.23 58 | environment: 59 | CGO_ENABLED: "0" 60 | commands: 61 | - go build -v -ldflags "-X main.version=" -a -tags netgo -o release/linux/amd64/drone-ansible . 62 | - name: docker 63 | image: plugins/docker 64 | settings: 65 | dockerfile: docker/Dockerfile.linux.amd64 66 | repo: plugins/ansible 67 | username: 68 | from_secret: docker_username 69 | password: 70 | from_secret: docker_password 71 | auto_tag: true 72 | auto_tag_suffix: linux-amd64 73 | depends_on: 74 | - testing 75 | trigger: 76 | ref: 77 | - refs/heads/master 78 | - refs/tags/** 79 | - refs/pull/** 80 | 81 | --- 82 | kind: pipeline 83 | type: vm 84 | name: linux-arm64 85 | platform: 86 | os: linux 87 | arch: arm64 88 | pool: 89 | use: ubuntu_arm64 90 | 91 | steps: 92 | - name: environment 93 | image: golang:1.23 94 | pull: always 95 | environment: 96 | CGO_ENABLED: "0" 97 | commands: 98 | - go version 99 | - go env 100 | - name: build 101 | image: golang:1.23 102 | environment: 103 | CGO_ENABLED: "0" 104 | commands: 105 | - go build -v -ldflags "-X main.version=" -a -tags netgo -o release/linux/arm64/drone-ansible . 106 | - name: docker 107 | image: plugins/docker 108 | settings: 109 | dockerfile: docker/Dockerfile.linux.arm64 110 | repo: plugins/ansible 111 | username: 112 | from_secret: docker_username 113 | password: 114 | from_secret: docker_password 115 | auto_tag: true 116 | auto_tag_suffix: linux-arm64 117 | depends_on: 118 | - testing 119 | trigger: 120 | ref: 121 | - refs/heads/master 122 | - refs/tags/** 123 | - refs/pull/** 124 | 125 | --- 126 | kind: pipeline 127 | type: vm 128 | name: manifest 129 | platform: 130 | os: linux 131 | arch: amd64 132 | pool: 133 | use: ubuntu 134 | 135 | steps: 136 | - name: manifest 137 | image: plugins/manifest 138 | settings: 139 | auto_tag: "true" 140 | username: 141 | from_secret: docker_username 142 | password: 143 | from_secret: docker_password 144 | spec: docker/manifest.tmpl 145 | ignore_missing: true 146 | depends_on: 147 | - linux-amd64 148 | - linux-arm64 149 | trigger: 150 | ref: 151 | - refs/heads/master 152 | - refs/tags/** 153 | -------------------------------------------------------------------------------- /.github/issue_template.md: -------------------------------------------------------------------------------- 1 | 10 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/drone-plugins/drone-ansible/2f2f2f78c625b7c9d4992aef7ce8324ddfe89f09/.github/pull_request_template.md -------------------------------------------------------------------------------- /.github/settings.yml: -------------------------------------------------------------------------------- 1 | repository: 2 | name: drone-ansible 3 | description: Drone plugin to provision via Ansible 4 | homepage: http://plugins.drone.io/drone-plugins/drone-ansible 5 | topics: drone, drone-plugin 6 | 7 | private: false 8 | has_issues: true 9 | has_wiki: false 10 | has_downloads: false 11 | 12 | default_branch: master 13 | 14 | allow_squash_merge: true 15 | allow_merge_commit: true 16 | allow_rebase_merge: true 17 | 18 | labels: 19 | - name: bug 20 | color: d73a4a 21 | description: Something isn't working 22 | - name: duplicate 23 | color: cfd3d7 24 | description: This issue or pull request already exists 25 | - name: enhancement 26 | color: a2eeef 27 | description: New feature or request 28 | - name: good first issue 29 | color: 7057ff 30 | description: Good for newcomers 31 | - name: help wanted 32 | color: 008672 33 | description: Extra attention is needed 34 | - name: invalid 35 | color: e4e669 36 | description: This doesn't seem right 37 | - name: question 38 | color: d876e3 39 | description: Further information is requested 40 | - name: renovate 41 | color: e99695 42 | description: Automated action from Renovate 43 | - name: wontfix 44 | color: ffffff 45 | description: This will not be worked on 46 | 47 | teams: 48 | - name: Admins 49 | permission: admin 50 | - name: Captain 51 | permission: admin 52 | - name: Maintainers 53 | permission: push 54 | 55 | branches: 56 | - name: master 57 | protection: 58 | required_pull_request_reviews: 59 | required_approving_review_count: 1 60 | dismiss_stale_reviews: false 61 | require_code_owner_reviews: false 62 | dismissal_restrictions: 63 | teams: 64 | - Admins 65 | - Captain 66 | required_status_checks: 67 | strict: true 68 | contexts: 69 | - continuous-integration/drone/pr 70 | enforce_admins: false 71 | restrictions: 72 | users: [] 73 | teams: 74 | - Admins 75 | - Captain 76 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | release/ 2 | 3 | coverage.out 4 | drone-ansible 5 | 6 | .codegpt -------------------------------------------------------------------------------- /.harness/eventPR.yaml: -------------------------------------------------------------------------------- 1 | inputSet: 2 | name: event-PR 3 | identifier: eventPR 4 | orgIdentifier: default 5 | projectIdentifier: Drone_Plugins 6 | pipeline: 7 | identifier: droneansibleharness 8 | properties: 9 | ci: 10 | codebase: 11 | build: 12 | type: PR 13 | spec: 14 | number: <+trigger.prNumber> 15 | -------------------------------------------------------------------------------- /.harness/eventPush.yaml: -------------------------------------------------------------------------------- 1 | inputSet: 2 | name: event-Push 3 | identifier: eventPush 4 | orgIdentifier: default 5 | projectIdentifier: Drone_Plugins 6 | pipeline: 7 | identifier: droneansibleharness 8 | properties: 9 | ci: 10 | codebase: 11 | build: 12 | type: branch 13 | spec: 14 | branch: <+trigger.branch> 15 | -------------------------------------------------------------------------------- /.harness/eventTag.yaml: -------------------------------------------------------------------------------- 1 | inputSet: 2 | name: event-Tag 3 | identifier: eventTag 4 | orgIdentifier: default 5 | projectIdentifier: Drone_Plugins 6 | pipeline: 7 | identifier: droneansibleharness 8 | properties: 9 | ci: 10 | codebase: 11 | build: 12 | type: tag 13 | spec: 14 | tag: <+trigger.tag> 15 | -------------------------------------------------------------------------------- /.harness/harness.yaml: -------------------------------------------------------------------------------- 1 | pipeline: 2 | orgIdentifier: default 3 | tags: {} 4 | stages: 5 | - stage: 6 | name: Code Testing 7 | identifier: testing 8 | description: "" 9 | type: CI 10 | spec: 11 | cloneCodebase: true 12 | platform: 13 | os: Linux 14 | arch: Amd64 15 | runtime: 16 | type: Cloud 17 | spec: {} 18 | execution: 19 | steps: 20 | - step: 21 | type: Run 22 | name: Lint 23 | identifier: Lint 24 | spec: 25 | connectorRef: Plugins_Docker_Hub_Connector 26 | image: golang:1.23 27 | shell: Sh 28 | command: |- 29 | go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest 30 | golangci-lint version 31 | golangci-lint run 32 | - step: 33 | type: Run 34 | name: Run Tests 35 | identifier: Run_Tests 36 | spec: 37 | connectorRef: Plugins_Docker_Hub_Connector 38 | image: golang:1.23 39 | shell: Bash 40 | command: go test -cover ./... 41 | caching: 42 | enabled: false 43 | paths: [] 44 | buildIntelligence: 45 | enabled: false 46 | - parallel: 47 | - stage: 48 | name: Linux amd64 49 | identifier: Pull_and_Push 50 | description: "" 51 | type: CI 52 | spec: 53 | cloneCodebase: true 54 | platform: 55 | os: Linux 56 | arch: Amd64 57 | runtime: 58 | type: Cloud 59 | spec: {} 60 | execution: 61 | steps: 62 | - step: 63 | type: Run 64 | name: Build Linux binary 65 | identifier: Build_Linux_binary 66 | spec: 67 | connectorRef: Plugins_Docker_Hub_Connector 68 | image: golang:1.23 69 | shell: Sh 70 | command: |- 71 | # force go modules 72 | export GOPATH="" 73 | 74 | # disable cgo 75 | export CGO_ENABLED=0 76 | 77 | set -e 78 | set -x 79 | 80 | # linux 81 | export GOOS=linux GOARCH=amd64 82 | go build -v -a -tags netgo -o release/linux/amd64/drone-ansible . 83 | - step: 84 | type: Plugin 85 | name: Build and push when Tag 86 | identifier: Plugin_1 87 | spec: 88 | connectorRef: Plugins_Docker_Hub_Connector 89 | image: plugins/docker 90 | settings: 91 | username: drone 92 | password: <+secrets.getValue("Plugins_Docker_Hub_Pat")> 93 | repo: plugins/ansible 94 | dockerfile: docker/Dockerfile.linux.amd64 95 | auto_tag: "true" 96 | auto_tag_suffix: linux-amd64 97 | when: 98 | stageStatus: Success 99 | condition: | 100 | <+codebase.build.type> == "tag" 101 | - step: 102 | type: BuildAndPushDockerRegistry 103 | name: Linux AMD64 104 | identifier: Linux_AMD64 105 | spec: 106 | connectorRef: Plugins_Docker_Hub_Connector 107 | repo: plugins/ansible 108 | tags: 109 | - linux-amd64 110 | dockerfile: docker/Dockerfile.linux.amd64 111 | when: 112 | stageStatus: Success 113 | condition: | 114 | <+codebase.build.type> == "branch" 115 | caching: 116 | enabled: false 117 | paths: [] 118 | buildIntelligence: 119 | enabled: false 120 | - stage: 121 | name: Linux arm64 122 | identifier: linux_arm64 123 | description: "" 124 | type: CI 125 | spec: 126 | cloneCodebase: true 127 | platform: 128 | os: Linux 129 | arch: Arm64 130 | runtime: 131 | type: Cloud 132 | spec: {} 133 | execution: 134 | steps: 135 | - step: 136 | type: Run 137 | name: Build Linux binary 138 | identifier: Build_Linux_binary 139 | spec: 140 | connectorRef: Plugins_Docker_Hub_Connector 141 | image: golang:1.23 142 | shell: Sh 143 | command: |- 144 | # force go modules 145 | export GOPATH="" 146 | 147 | # disable cgo 148 | export CGO_ENABLED=0 149 | 150 | set -e 151 | set -x 152 | 153 | # linux 154 | export GOOS=linux GOARCH=arm64 155 | go build -v -a -tags netgo -o release/linux/arm64/drone-ansible . 156 | - step: 157 | type: Plugin 158 | name: Build and push when Tag 159 | identifier: Plugin_1 160 | spec: 161 | connectorRef: Plugins_Docker_Hub_Connector 162 | image: plugins/docker 163 | settings: 164 | username: drone 165 | password: <+secrets.getValue("Plugins_Docker_Hub_Pat")> 166 | repo: plugins/ansible 167 | dockerfile: .docker/Dockerfile.linux.arm64 168 | auto_tag: "true" 169 | auto_tag_suffix: linux-arm64 170 | when: 171 | stageStatus: Success 172 | condition: | 173 | <+codebase.build.type> == "tag" 174 | - step: 175 | type: BuildAndPushDockerRegistry 176 | name: Linux ARM64 177 | identifier: Linux_AMD64 178 | spec: 179 | connectorRef: Plugins_Docker_Hub_Connector 180 | repo: plugins/ansible 181 | tags: 182 | - linux-arm64 183 | dockerfile: docker/Dockerfile.linux.arm64 184 | when: 185 | stageStatus: Success 186 | condition: | 187 | <+codebase.build.type> == "branch" 188 | caching: 189 | enabled: false 190 | paths: [] 191 | buildIntelligence: 192 | enabled: false 193 | - stage: 194 | name: Manifest 195 | identifier: security_scan 196 | description: "" 197 | type: CI 198 | spec: 199 | cloneCodebase: true 200 | platform: 201 | os: Linux 202 | arch: Amd64 203 | runtime: 204 | type: Cloud 205 | spec: {} 206 | execution: 207 | steps: 208 | - step: 209 | type: Plugin 210 | name: Manifest 211 | identifier: Manifest 212 | spec: 213 | connectorRef: Plugins_Docker_Hub_Connector 214 | image: plugins/manifest 215 | settings: 216 | username: drone 217 | password: <+secrets.getValue("Plugins_Docker_Hub_Pat")> 218 | auto_tag: "true" 219 | ignore_missing: "true" 220 | spec: docker/manifest.tmpl 221 | when: 222 | stageStatus: Success 223 | condition: <+codebase.build.type> == "tag" || "branch" 224 | caching: 225 | enabled: false 226 | paths: [] 227 | buildIntelligence: 228 | enabled: false 229 | allowStageExecutions: true 230 | properties: 231 | ci: 232 | codebase: 233 | connectorRef: GitHub_Drone_Plugins_Org 234 | repoName: drone-ansible 235 | build: <+input> 236 | sparseCheckout: [] 237 | projectIdentifier: Drone_Plugins 238 | identifier: droneansibleharness 239 | name: drone-ansible-harness 240 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # drone-ansible 2 | 3 | [![Build Status](http://cloud.drone.io/api/badges/drone-plugins/drone-ansible/status.svg)](http://cloud.drone.io/drone-plugins/drone-ansible) 4 | [![Gitter chat](https://badges.gitter.im/drone/drone.png)](https://gitter.im/drone/drone) 5 | [![Join the discussion at https://discourse.drone.io](https://img.shields.io/badge/discourse-forum-orange.svg)](https://discourse.drone.io) 6 | [![Drone questions at https://stackoverflow.com](https://img.shields.io/badge/drone-stackoverflow-orange.svg)](https://stackoverflow.com/questions/tagged/drone.io) 7 | [![](https://images.microbadger.com/badges/image/plugins/ansible.svg)](https://microbadger.com/images/plugins/ansible "Get your own image badge on microbadger.com") 8 | [![Go Doc](https://godoc.org/github.com/drone-plugins/drone-ansible?status.svg)](http://godoc.org/github.com/drone-plugins/drone-ansible) 9 | [![Go Report](https://goreportcard.com/badge/github.com/drone-plugins/drone-ansible)](https://goreportcard.com/report/github.com/drone-plugins/drone-ansible) 10 | 11 | Drone plugin to provision infrastructure with [Ansible](https://www.ansible.com/). For the usage information and a listing of the available options please take a look at [the docs](http://plugins.drone.io/drone-plugins/drone-ansible/). 12 | 13 | ## Build 14 | 15 | Build the binary with the following command: 16 | 17 | ```console 18 | export GOOS=linux 19 | export GOARCH=amd64 20 | export CGO_ENABLED=0 21 | export GO111MODULE=on 22 | 23 | go build -v -a -tags netgo -o release/linux/amd64/drone-ansible 24 | ``` 25 | 26 | ## Docker 27 | 28 | Build the Docker image with the following command: 29 | 30 | ```console 31 | docker build \ 32 | --label org.label-schema.build-date=$(date -u +"%Y-%m-%dT%H:%M:%SZ") \ 33 | --label org.label-schema.vcs-ref=$(git rev-parse --short HEAD) \ 34 | --file docker/Dockerfile.linux.amd64 --tag plugins/ansible . 35 | ``` 36 | 37 | ## Usage 38 | 39 | ```console 40 | docker run --rm \ 41 | -e PLUGIN_PRIVATE_KEY="$(cat ~/.ssh/id_rsa)" \ 42 | -e PLUGIN_PLAYBOOK="deployment/playbook.yml" \ 43 | -e PLUGIN_INVENTORY="deployment/hosts.yml" \ 44 | -v $(pwd):$(pwd) \ 45 | -w $(pwd) \ 46 | plugins/ansible 47 | ``` 48 | -------------------------------------------------------------------------------- /docker/Dockerfile.linux.amd64: -------------------------------------------------------------------------------- 1 | FROM plugins/base:linux-amd64 2 | 3 | LABEL maintainer="Drone.IO Community " \ 4 | org.label-schema.name="Drone Ansible" \ 5 | org.label-schema.vendor="Drone.IO Community" \ 6 | org.label-schema.schema-version="1.0" 7 | 8 | # Install dependencies and create a virtual environment 9 | RUN apk add --no-cache \ 10 | bash \ 11 | git \ 12 | curl \ 13 | rsync \ 14 | openssh-client \ 15 | sshpass \ 16 | py3-pip \ 17 | py3-requests \ 18 | py3-paramiko \ 19 | python3-dev \ 20 | libffi-dev \ 21 | libressl-dev \ 22 | libressl \ 23 | build-base && \ 24 | python3 -m venv /opt/venv && \ 25 | . /opt/venv/bin/activate && \ 26 | pip install --no-cache-dir -U pip && \ 27 | pip install --no-cache-dir ansible-core==2.14 boto3==1.13.10 && \ 28 | deactivate && \ 29 | apk del python3-dev libffi-dev libressl-dev build-base 30 | 31 | # Set the PATH to include the virtual environment 32 | ENV PATH="/opt/venv/bin:$PATH" 33 | 34 | # Add the built binary to the image 35 | COPY release/linux/amd64/drone-ansible /bin/ 36 | 37 | # Define the entrypoint 38 | ENTRYPOINT ["/bin/drone-ansible"] -------------------------------------------------------------------------------- /docker/Dockerfile.linux.arm64: -------------------------------------------------------------------------------- 1 | FROM plugins/base:linux-arm64 2 | 3 | LABEL maintainer="Drone.IO Community " \ 4 | org.label-schema.name="Drone Ansible" \ 5 | org.label-schema.vendor="Drone.IO Community" \ 6 | org.label-schema.schema-version="1.0" 7 | 8 | RUN apk add --no-cache bash git curl rsync openssh-client sshpass py3-pip py3-requests py3-paramiko python3-dev libffi-dev libressl-dev libressl build-base && \ 9 | pip3 install -U pip && \ 10 | pip3 install ansible-core==2.14 boto3==1.13.10 && \ 11 | apk del --no-cache python3-dev libffi-dev libressl-dev build-base 12 | 13 | ADD release/linux/arm64/drone-ansible /bin/ 14 | ENTRYPOINT ["/bin/drone-ansible"] 15 | -------------------------------------------------------------------------------- /docker/manifest.tmpl: -------------------------------------------------------------------------------- 1 | image: plugins/ansible:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} 2 | {{#if build.tags}} 3 | tags: 4 | {{#each build.tags}} 5 | - {{this}} 6 | {{/each}} 7 | {{/if}} 8 | manifests: 9 | - image: plugins/ansible:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64 10 | platform: 11 | architecture: amd64 12 | os: linux 13 | - image: plugins/ansible:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64 14 | platform: 15 | architecture: arm64 16 | os: linux 17 | variant: v8 -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/drone-plugins/drone-ansible 2 | 3 | go 1.23 4 | 5 | require ( 6 | github.com/pkg/errors v0.9.1 7 | github.com/urfave/cli v1.22.10 8 | ) 9 | 10 | require ( 11 | github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d // indirect 12 | github.com/russross/blackfriday/v2 v2.0.1 // indirect 13 | github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect 14 | ) 15 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= 2 | github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY= 3 | github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= 4 | github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= 5 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 6 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 7 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 8 | github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= 9 | github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= 10 | github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= 11 | github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= 12 | github.com/urfave/cli v1.22.10 h1:p8Fspmz3iTctJstry1PYS3HVdllxnEzTEsgIgtxTrCk= 13 | github.com/urfave/cli v1.22.10/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= 14 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 15 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 16 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "os" 6 | 7 | "github.com/pkg/errors" 8 | "github.com/urfave/cli" 9 | ) 10 | 11 | var ( 12 | version = "unknown" 13 | ) 14 | 15 | func main() { 16 | app := cli.NewApp() 17 | app.Name = "ansible plugin" 18 | app.Usage = "ansible plugin" 19 | app.Action = run 20 | app.Version = version 21 | app.Flags = []cli.Flag{ 22 | cli.StringFlag{ 23 | Name: "mode", 24 | Usage: "Mode of the functionality", 25 | EnvVar: "PLUGIN_MODE", 26 | }, 27 | cli.StringFlag{ 28 | Name: "requirements", 29 | Usage: "path to python requirements", 30 | EnvVar: "PLUGIN_REQUIREMENTS", 31 | }, 32 | cli.StringFlag{ 33 | Name: "galaxy", 34 | Usage: "path to galaxy requirements", 35 | EnvVar: "PLUGIN_GALAXY", 36 | }, 37 | cli.StringSliceFlag{ 38 | Name: "inventory", 39 | Usage: "specify inventory host path", 40 | EnvVar: "PLUGIN_INVENTORY,PLUGIN_INVENTORIES", 41 | }, 42 | cli.StringSliceFlag{ 43 | Name: "playbook", 44 | Usage: "list of playbooks to apply", 45 | EnvVar: "PLUGIN_PLAYBOOK,PLUGIN_PLAYBOOKS", 46 | }, 47 | cli.StringFlag{ 48 | Name: "limit", 49 | Usage: "further limit selected hosts to an additional pattern", 50 | EnvVar: "PLUGIN_LIMIT", 51 | }, 52 | cli.StringFlag{ 53 | Name: "skip-tags", 54 | Usage: "only run plays and tasks whose tags do not match", 55 | EnvVar: "PLUGIN_SKIP_TAGS", 56 | }, 57 | cli.StringFlag{ 58 | Name: "start-at-task", 59 | Usage: "start the playbook at the task matching this name", 60 | EnvVar: "PLUGIN_START_AT_TASK", 61 | }, 62 | cli.StringFlag{ 63 | Name: "tags", 64 | Usage: "only run plays and tasks tagged with these values", 65 | EnvVar: "PLUGIN_TAGS", 66 | }, 67 | cli.StringSliceFlag{ 68 | Name: "extra-vars", 69 | Usage: "set additional variables as key=value", 70 | EnvVar: "PLUGIN_EXTRA_VARS,ANSIBLE_EXTRA_VARS", 71 | }, 72 | cli.StringSliceFlag{ 73 | Name: "module-path", 74 | Usage: "prepend paths to module library", 75 | EnvVar: "PLUGIN_MODULE_PATH", 76 | }, 77 | cli.BoolTFlag{ 78 | Name: "galaxy-force", 79 | Usage: "force overwriting an existing role or collection", 80 | EnvVar: "PLUGIN_GALAXY_FORCE", 81 | }, 82 | cli.BoolFlag{ 83 | Name: "check", 84 | Usage: "run a check, do not apply any changes", 85 | EnvVar: "PLUGIN_CHECK", 86 | }, 87 | cli.BoolFlag{ 88 | Name: "diff", 89 | Usage: "show the differences, may print secrets", 90 | EnvVar: "PLUGIN_DIFF", 91 | }, 92 | cli.BoolFlag{ 93 | Name: "flush-cache", 94 | Usage: "clear the fact cache for every host in inventory", 95 | EnvVar: "PLUGIN_FLUSH_CACHE", 96 | }, 97 | cli.BoolFlag{ 98 | Name: "force-handlers", 99 | Usage: "run handlers even if a task fails", 100 | EnvVar: "PLUGIN_FORCE_HANDLERS", 101 | }, 102 | cli.BoolFlag{ 103 | Name: "list-hosts", 104 | Usage: "outputs a list of matching hosts", 105 | EnvVar: "PLUGIN_LIST_HOSTS", 106 | }, 107 | cli.BoolFlag{ 108 | Name: "list-tags", 109 | Usage: "list all available tags", 110 | EnvVar: "PLUGIN_LIST_TAGS", 111 | }, 112 | cli.BoolFlag{ 113 | Name: "list-tasks", 114 | Usage: "list all tasks that would be executed", 115 | EnvVar: "PLUGIN_LIST_TASKS", 116 | }, 117 | cli.BoolFlag{ 118 | Name: "syntax-check", 119 | Usage: "perform a syntax check on the playbook", 120 | EnvVar: "PLUGIN_SYNTAX_CHECK", 121 | }, 122 | cli.IntFlag{ 123 | Name: "forks", 124 | Usage: "specify number of parallel processes to use", 125 | EnvVar: "PLUGIN_FORKS", 126 | Value: 5, 127 | }, 128 | cli.StringFlag{ 129 | Name: "vault-id", 130 | Usage: "the vault identity to use", 131 | EnvVar: "PLUGIN_VAULT_ID,ANSIBLE_VAULT_ID", 132 | }, 133 | cli.StringFlag{ 134 | Name: "vault-password", 135 | Usage: "the vault password to use", 136 | EnvVar: "PLUGIN_VAULT_PASSWORD,ANSIBLE_VAULT_PASSWORD", 137 | }, 138 | cli.IntFlag{ 139 | Name: "verbose", 140 | Usage: "level of verbosity, 0 up to 4", 141 | EnvVar: "PLUGIN_VERBOSE", 142 | }, 143 | cli.StringFlag{ 144 | Name: "private-key", 145 | Usage: "use this key to authenticate the connection", 146 | EnvVar: "PLUGIN_PRIVATE_KEY,ANSIBLE_PRIVATE_KEY", 147 | }, 148 | cli.StringFlag{ 149 | Name: "user", 150 | Usage: "connect as this user", 151 | EnvVar: "PLUGIN_USER,ANSIBLE_USER", 152 | }, 153 | cli.StringFlag{ 154 | Name: "connection", 155 | Usage: "connection type to use", 156 | EnvVar: "PLUGIN_CONNECTION", 157 | }, 158 | cli.IntFlag{ 159 | Name: "timeout", 160 | Usage: "override the connection timeout in seconds", 161 | EnvVar: "PLUGIN_TIMEOUT", 162 | }, 163 | cli.StringFlag{ 164 | Name: "ssh-common-args", 165 | Usage: "specify common arguments to pass to sftp/scp/ssh", 166 | EnvVar: "PLUGIN_SSH_COMMON_ARGS", 167 | }, 168 | cli.StringFlag{ 169 | Name: "sftp-extra-args", 170 | Usage: "specify extra arguments to pass to sftp only", 171 | EnvVar: "PLUGIN_SFTP_EXTRA_ARGS", 172 | }, 173 | cli.StringFlag{ 174 | Name: "scp-extra-args", 175 | Usage: "specify extra arguments to pass to scp only", 176 | EnvVar: "PLUGIN_SCP_EXTRA_ARGS", 177 | }, 178 | cli.StringFlag{ 179 | Name: "ssh-extra-args", 180 | Usage: "specify extra arguments to pass to ssh only", 181 | EnvVar: "PLUGIN_SSH_EXTRA_ARGS", 182 | }, 183 | cli.BoolFlag{ 184 | Name: "become", 185 | Usage: "run operations with become", 186 | EnvVar: "PLUGIN_BECOME", 187 | }, 188 | cli.StringFlag{ 189 | Name: "become-method", 190 | Usage: "privilege escalation method to use", 191 | EnvVar: "PLUGIN_BECOME_METHOD,ANSIBLE_BECOME_METHOD", 192 | }, 193 | cli.StringFlag{ 194 | Name: "become-user", 195 | Usage: "run operations as this user", 196 | EnvVar: "PLUGIN_BECOME_USER,ANSIBLE_BECOME_USER", 197 | }, 198 | cli.BoolFlag{ 199 | Name: "disable-host-key-checking", 200 | Usage: "Disable validation of the host's SSH server keys", 201 | EnvVar: "PLUGIN_DISABLE_HOST_KEY_CHECKING", 202 | }, 203 | cli.BoolFlag{ 204 | Name: "host-key-checking", 205 | Usage: "Enable validation of the host's SSH server keys", 206 | EnvVar: "PLUGIN_HOST_KEY_CHECKING", 207 | }, 208 | cli.StringFlag{ 209 | Name: "installation", 210 | Usage: "Specify the path to Ansible installation", 211 | EnvVar: "PLUGIN_INSTALLATION", 212 | }, 213 | cli.StringFlag{ 214 | Name: "inventory-content", 215 | Usage: "Inline inventory content as a string", 216 | EnvVar: "PLUGIN_INVENTORY_CONTENT", 217 | }, 218 | cli.BoolFlag{ 219 | Name: "sudo", 220 | Usage: "Use sudo for operations", 221 | EnvVar: "PLUGIN_SUDO", 222 | }, 223 | cli.StringFlag{ 224 | Name: "sudo-user", 225 | Usage: "Specify the sudo user (default: root)", 226 | EnvVar: "PLUGIN_SUDO_USER", 227 | }, 228 | cli.StringFlag{ 229 | Name: "vault-tmp-path", 230 | Usage: "Temporary path for generated vault files", 231 | EnvVar: "PLUGIN_VAULT_TMP_PATH", 232 | }, 233 | // Ad-Hoc Specific Flags 234 | cli.StringFlag{ 235 | Name: "hosts", 236 | Usage: "Target hosts for ad-hoc command", 237 | EnvVar: "PLUGIN_HOSTS", 238 | }, 239 | cli.StringFlag{ 240 | Name: "module", 241 | Usage: "Module name for ad-hoc execution", 242 | EnvVar: "PLUGIN_MODULE", 243 | }, 244 | cli.StringFlag{ 245 | Name: "module-arguments", 246 | Usage: "Arguments for the specified module", 247 | EnvVar: "PLUGIN_MODULE_ARGUMENTS", 248 | }, 249 | cli.BoolFlag{ 250 | Name: "dynamic-inventory", 251 | Usage: "Enable dynamic inventory", 252 | EnvVar: "PLUGIN_DYNAMIC_INVENTORY", 253 | }, 254 | cli.StringFlag{ 255 | Name: "extras", 256 | Usage: "Additional options for ad-hoc execution", 257 | EnvVar: "PLUGIN_EXTRAS", 258 | }, 259 | cli.StringFlag{ 260 | Name: "vault-credentials-key", 261 | Usage: "Vault credentials ID for encrypted files", 262 | EnvVar: "PLUGIN_VAULT_CREDENTIALS_KEY", 263 | }, 264 | // Vault Specific Flags 265 | cli.StringFlag{ 266 | Name: "action", 267 | Usage: "Action for ansible-vault (e.g., encrypt, decrypt, view)", 268 | EnvVar: "PLUGIN_ACTION", 269 | }, 270 | cli.StringFlag{ 271 | Name: "content", 272 | Usage: "Content to encrypt or decrypt", 273 | EnvVar: "PLUGIN_CONTENT", 274 | }, 275 | cli.StringFlag{ 276 | Name: "input", 277 | Usage: "Input file for the vault operation", 278 | EnvVar: "PLUGIN_INPUT", 279 | }, 280 | cli.StringFlag{ 281 | Name: "output", 282 | Usage: "Output file for the vault operation", 283 | EnvVar: "PLUGIN_OUTPUT", 284 | }, 285 | cli.StringFlag{ 286 | Name: "new-vault-credentials-key", 287 | Usage: "New Vault Credentials Key for rekeying", 288 | EnvVar: "PLUGIN_NEW_VAULT_CREDENTIALS_KEY", 289 | }, 290 | } 291 | 292 | if err := app.Run(os.Args); err != nil { 293 | log.Fatal(err) 294 | } 295 | } 296 | 297 | func run(c *cli.Context) error { 298 | plugin := Plugin{ 299 | Config: Config{ 300 | Mode: c.String("mode"), 301 | Requirements: c.String("requirements"), 302 | Galaxy: c.String("galaxy"), 303 | Inventories: c.StringSlice("inventory"), 304 | Playbooks: c.StringSlice("playbook"), 305 | Limit: c.String("limit"), 306 | SkipTags: c.String("skip-tags"), 307 | StartAtTask: c.String("start-at-task"), 308 | Tags: c.String("tags"), 309 | ExtraVars: c.StringSlice("extra-vars"), 310 | ModulePath: c.StringSlice("module-path"), 311 | GalaxyForce: c.Bool("galaxy-force"), 312 | Check: c.Bool("check"), 313 | Diff: c.Bool("diff"), 314 | FlushCache: c.Bool("flush-cache"), 315 | ForceHandlers: c.Bool("force-handlers"), 316 | ListHosts: c.Bool("list-hosts"), 317 | ListTags: c.Bool("list-tags"), 318 | ListTasks: c.Bool("list-tasks"), 319 | SyntaxCheck: c.Bool("syntax-check"), 320 | Forks: c.Int("forks"), 321 | VaultID: c.String("vailt-id"), 322 | VaultPassword: c.String("vault-password"), 323 | Verbose: c.Int("verbose"), 324 | PrivateKey: c.String("private-key"), 325 | User: c.String("user"), 326 | Connection: c.String("connection"), 327 | Timeout: c.Int("timeout"), 328 | SSHCommonArgs: c.String("ssh-common-args"), 329 | SFTPExtraArgs: c.String("sftp-extra-args"), 330 | SCPExtraArgs: c.String("scp-extra-args"), 331 | SSHExtraArgs: c.String("ssh-extra-args"), 332 | Become: c.Bool("become"), 333 | BecomeMethod: c.String("become-method"), 334 | BecomeUser: c.String("become-user"), 335 | DisableHostKeyChecking: c.Bool("disable-host-key-checking"), // Disable SSH host key checking 336 | HostKeyChecking: c.Bool("host-key-checking"), // Enable SSH host key validation 337 | Installation: c.String("installation"), // Path to the Ansible executable or installation 338 | InventoryContent: c.String("inventory-content"), // Inline inventory content 339 | Sudo: c.Bool("sudo"), // Use sudo for operations 340 | SudoUser: c.String("sudo-user"), // Sudo user for operations 341 | VaultTmpPath: c.String("vault-tmp-path"), // Temporary path for vault password files and others 342 | // Ad-Hoc Parameters 343 | Hosts: c.String("hosts"), // Target hosts for ad-hoc command 344 | Module: c.String("module"), // Module name for ad-hoc command 345 | ModuleArguments: c.String("module-arguments"), // Module arguments for ad-hoc command 346 | DynamicInventory: c.Bool("dynamic-inventory"), // Enable dynamic inventory 347 | Extras: c.String("extras"), // Additional options for ad-hoc execution 348 | VaultCredentialsKey: c.String("vault-credentials-key"), // Vault credentials ID for encrypted files 349 | // Vault Parameters 350 | Action: c.String("action"), 351 | Content: c.String("content"), 352 | Input: c.String("input"), 353 | Output: c.String("output"), 354 | NewVaultCredentialsKey: c.String("new-vault-credentials-key"), 355 | }, 356 | } 357 | 358 | // Set default mode to "playbook" if not explicitly provided 359 | if plugin.Config.Mode == "" { 360 | plugin.Config.Mode = "playbook" 361 | } 362 | 363 | // Validate mode and required parameters based on the mode 364 | switch plugin.Config.Mode { 365 | case "playbook": 366 | if len(plugin.Config.Playbooks) == 0 { 367 | return errors.New("you must provide a playbook in playbook mode") 368 | } 369 | if len(plugin.Config.Inventories) == 0 && plugin.Config.InventoryContent == "" { 370 | return errors.New("you must provide an inventory or inventory content in playbook mode") 371 | } 372 | case "adhoc": 373 | if plugin.Config.Hosts == "" { 374 | return errors.New("you must provide hosts for adhoc mode") 375 | } 376 | // Module is optional; defaults to "command" if not provided 377 | case "vault": 378 | if plugin.Config.VaultCredentialsKey == "" { 379 | return errors.New("VaultCredentialsKey is mandatory for vault mode") 380 | } 381 | // Action, Content, Input, and Output are optional 382 | default: 383 | return errors.New("invalid mode: specify 'playbook', 'adhoc', or 'vault'") 384 | } 385 | 386 | return plugin.Exec() 387 | } 388 | -------------------------------------------------------------------------------- /plugin.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "os/exec" 7 | "path/filepath" 8 | "strconv" 9 | "strings" 10 | 11 | "github.com/pkg/errors" 12 | ) 13 | 14 | var ansibleFolder = "/etc/ansible" 15 | var ansibleConfig = "/etc/ansible/ansible.cfg" 16 | 17 | // var ansibleContent = ` 18 | // [defaults] 19 | // host_key_checking = False 20 | // ` 21 | 22 | const ( 23 | ModePlaybook = "playbook" 24 | ModeAdhoc = "adhoc" 25 | ModeVault = "vault" 26 | ) 27 | 28 | // Constants for valid actions 29 | const ( 30 | ActionEncrypt = "encrypt" 31 | ActionDecrypt = "decrypt" 32 | ActionEncryptString = "encrypt_string" 33 | ActionView = "view" 34 | ActionEdit = "edit" 35 | ActionRekey = "rekey" 36 | ) 37 | 38 | type ( 39 | Config struct { 40 | Mode string 41 | Requirements string 42 | Galaxy string 43 | Inventories []string 44 | Playbooks []string 45 | Limit string 46 | SkipTags string 47 | StartAtTask string 48 | Tags string 49 | ExtraVars []string 50 | ModulePath []string 51 | GalaxyForce bool 52 | Check bool 53 | Diff bool 54 | FlushCache bool 55 | ForceHandlers bool 56 | ListHosts bool 57 | ListTags bool 58 | ListTasks bool 59 | SyntaxCheck bool 60 | Forks int 61 | VaultID string 62 | VaultPassword string 63 | VaultPasswordFile string 64 | Verbose int 65 | PrivateKey string 66 | PrivateKeyFile string 67 | User string 68 | Connection string 69 | Timeout int 70 | SSHCommonArgs string 71 | SFTPExtraArgs string 72 | SCPExtraArgs string 73 | SSHExtraArgs string 74 | Become bool 75 | BecomeMethod string 76 | BecomeUser string 77 | DisableHostKeyChecking bool // Disable SSH host key checking 78 | HostKeyChecking bool // Enable SSH host key validation 79 | Installation string // Path to the Ansible executable or installation 80 | InventoryContent string // Inline inventory content 81 | Sudo bool // Use sudo for operations 82 | SudoUser string // Sudo user for operations 83 | VaultTmpPath string // Temporary path for vault password files and others 84 | // Ad-Hoc Parameters 85 | Hosts string // Target hosts for ad-hoc command 86 | Module string // Module name for ad-hoc command 87 | ModuleArguments string // Module arguments for ad-hoc command 88 | DynamicInventory bool // Enable dynamic inventory 89 | Extras string // Additional options for ad-hoc execution 90 | VaultCredentialsKey string // Vault credentials ID for encrypted files (optional) 91 | // Inventory string 92 | 93 | // Vault Parameters 94 | Action string // Action for vault operation (e.g., encrypt, decrypt) 95 | Content string // Content for vault operation 96 | Input string // Input file for vault operation 97 | NewVaultCredentialsKey string // New vault credentials ID for rekeying 98 | Output string // Output file for vault operation 99 | } 100 | 101 | Plugin struct { 102 | Config Config 103 | } 104 | ) 105 | 106 | func (p *Plugin) Exec() error { 107 | switch p.Config.Mode { 108 | case ModePlaybook: 109 | return p.executePlaybook() 110 | case ModeAdhoc: 111 | return p.executeAdhoc() 112 | case ModeVault: 113 | return p.executeVault() 114 | default: 115 | return errors.New("invalid mode: specify 'playbook' or 'adhoc'") 116 | } 117 | } 118 | 119 | func (p *Plugin) executePlaybook() error { 120 | if err := p.playbooks(); err != nil { 121 | return err 122 | } 123 | 124 | if err := p.ansibleConfig(); err != nil { 125 | return err 126 | } 127 | 128 | if p.Config.PrivateKey != "" { 129 | if err := p.privateKey(); err != nil { 130 | return err 131 | } 132 | 133 | defer os.Remove(p.Config.PrivateKeyFile) 134 | } 135 | 136 | if p.Config.VaultPassword != "" { 137 | if err := p.vaultPass(); err != nil { 138 | return err 139 | } 140 | 141 | defer os.Remove(p.Config.VaultPasswordFile) 142 | } 143 | 144 | // Handle inline inventory content 145 | if err := p.setupInventory(); err != nil { 146 | return err 147 | } 148 | 149 | // Validate custom Ansible installation 150 | if err := p.validateInstallation(); err != nil { 151 | return err 152 | } 153 | 154 | commands := []*exec.Cmd{ 155 | p.versionCommand(), 156 | } 157 | 158 | if p.Config.Requirements != "" { 159 | commands = append(commands, p.requirementsCommand()) 160 | } 161 | 162 | if p.Config.Galaxy != "" { 163 | commands = append(commands, p.galaxyCommand()) 164 | } 165 | 166 | for _, inventory := range p.Config.Inventories { 167 | commands = append(commands, p.ansibleCommand(inventory)) 168 | } 169 | 170 | for _, cmd := range commands { 171 | cmd.Stdout = os.Stdout 172 | cmd.Stderr = os.Stderr 173 | 174 | cmd.Env = os.Environ() 175 | cmd.Env = append(cmd.Env, "ANSIBLE_FORCE_COLOR=1") 176 | 177 | trace(cmd) 178 | 179 | if err := cmd.Run(); err != nil { 180 | return err 181 | } 182 | } 183 | 184 | return nil 185 | } 186 | 187 | // executeAdhoc executes the Ansible Ad-Hoc command 188 | func (p *Plugin) executeAdhoc() error { 189 | // Step 1: Validate required parameters 190 | if p.Config.Hosts == "" { 191 | return errors.New("hosts parameter is required for ad-hoc execution") 192 | } 193 | 194 | // Step 2: Default to 'command' module if no module is provided 195 | module := p.Config.Module 196 | if module == "" { 197 | module = "command" 198 | } 199 | 200 | // Step 3: Build arguments for the ad-hoc command 201 | args := []string{ 202 | p.Config.Hosts, // Target hosts 203 | "-m", module, // Module to execute 204 | } 205 | 206 | // Step 4: Add module arguments 207 | if p.Config.ModuleArguments != "" { 208 | args = append(args, "-a", p.Config.ModuleArguments) 209 | } 210 | 211 | // Step 5: Add inventory files or inline content 212 | if len(p.Config.Inventories) > 0 { 213 | for _, inventory := range p.Config.Inventories { 214 | args = append(args, "--inventory", inventory) 215 | } 216 | } 217 | 218 | if p.Config.InventoryContent != "" { 219 | tmpfile, err := os.CreateTemp("", "inventory") 220 | if err != nil { 221 | return fmt.Errorf("failed to create temporary inventory file: %w", err) 222 | } 223 | defer os.Remove(tmpfile.Name()) 224 | if _, err := tmpfile.WriteString(p.Config.InventoryContent); err != nil { 225 | return fmt.Errorf("failed to write inventory content to temporary file: %w", err) 226 | } 227 | args = append(args, "--inventory", tmpfile.Name()) 228 | } 229 | 230 | // Step 6: Handle privilege escalation 231 | if p.Config.Become { 232 | args = append(args, "--become") 233 | } 234 | if p.Config.BecomeUser != "" { 235 | args = append(args, "--become-user", p.Config.BecomeUser) 236 | } 237 | 238 | // Step 7: Handle dynamic inventory 239 | if p.Config.DynamicInventory { 240 | args = append(args, "--dynamic-inventory") 241 | } 242 | 243 | // Step 8: Add extra variables 244 | for _, ev := range p.Config.ExtraVars { 245 | args = append(args, "--extra-vars", ev) 246 | } 247 | 248 | // Step 9: Add additional options 249 | if p.Config.Extras != "" { 250 | args = append(args, p.Config.Extras) 251 | } 252 | 253 | // Step 10: Handle forks for parallelism 254 | if p.Config.Forks > 0 { 255 | args = append(args, "--forks", strconv.Itoa(p.Config.Forks)) 256 | } 257 | 258 | // Step 11: Handle host key checking 259 | env := os.Environ() 260 | if !p.Config.HostKeyChecking { 261 | env = append(env, "ANSIBLE_HOST_KEY_CHECKING=False") 262 | } else { 263 | env = append(env, "ANSIBLE_HOST_KEY_CHECKING=True") 264 | } 265 | 266 | // Step 12: Handle vault credentials key 267 | if p.Config.VaultCredentialsKey != "" { 268 | tmpVaultFile, err := os.CreateTemp("", "vault-pass") 269 | if err != nil { 270 | return fmt.Errorf("failed to create temporary vault password file: %w", err) 271 | } 272 | defer os.Remove(tmpVaultFile.Name()) 273 | if _, err := tmpVaultFile.WriteString(p.Config.VaultCredentialsKey); err != nil { 274 | return fmt.Errorf("failed to write vault password to temporary file: %w", err) 275 | } 276 | args = append(args, "--vault-password-file", tmpVaultFile.Name()) 277 | } 278 | 279 | // Step 13: Handle vault temporary path 280 | if p.Config.VaultTmpPath != "" { 281 | args = append(args, "--vault-password-file", p.Config.VaultTmpPath) 282 | } 283 | 284 | // Step 14: Handle private key file 285 | if p.Config.PrivateKeyFile != "" { 286 | args = append(args, "--private-key", p.Config.PrivateKeyFile) 287 | } 288 | 289 | // Step 15: Use custom Ansible installation if provided 290 | executable := "ansible" 291 | if p.Config.Installation != "" { 292 | executable = p.Config.Installation 293 | } 294 | 295 | // Step 16: Construct and execute the command 296 | cmd := exec.Command(executable, args...) 297 | cmd.Stdout = os.Stdout 298 | cmd.Stderr = os.Stderr 299 | cmd.Env = env // Pass environment variables 300 | 301 | // Log the command for debugging purposes 302 | fmt.Printf("Executing command: %s %v\n", executable, args) 303 | 304 | // Step 17: Run the command 305 | return cmd.Run() 306 | } 307 | 308 | // executeVault executes the Ansible Vault operation 309 | func (p *Plugin) executeVault() error { 310 | // Step 1: Validate the action 311 | if err := validateAction(p.Config.Action); err != nil { 312 | return err 313 | } 314 | 315 | // Step 2: Determine the ansible-vault executable path 316 | vaultExecutable := "ansible-vault" 317 | if p.Config.Installation != "" { 318 | vaultExecutable = p.Config.Installation 319 | } 320 | 321 | // Step 3: Build arguments for the ansible-vault command 322 | args := []string{p.Config.Action} 323 | 324 | // Step 4: Handle input or content based on the action 325 | if p.Config.Action == ActionEncryptString { 326 | if p.Config.Content == "" { 327 | return errors.New("content is required for encrypt_string action") 328 | } 329 | args = append(args, "--output", p.Config.Output) 330 | } else { 331 | if p.Config.Input == "" { 332 | return fmt.Errorf("input file is required for %s action", p.Config.Action) 333 | } 334 | args = append(args, p.Config.Input) 335 | } 336 | 337 | // Step 5: Add output file (if applicable) 338 | handleOutputFile(p.Config.Output, &args) 339 | 340 | // Step 6: Handle vault password key 341 | vaultPasswordFile, err := handleVaultPassword(p.Config.VaultCredentialsKey, p.Config.VaultTmpPath, &args) 342 | if err != nil { 343 | return err 344 | } 345 | defer os.Remove(vaultPasswordFile) // Clean up the temporary password file after execution 346 | 347 | // Step 7: Handle new vault password key for rekeying 348 | if p.Config.Action == ActionRekey && p.Config.NewVaultCredentialsKey != "" { 349 | newVaultPasswordFile, err := handleNewVaultPassword(p.Config.NewVaultCredentialsKey, p.Config.VaultTmpPath, &args) 350 | if err != nil { 351 | return err 352 | } 353 | defer os.Remove(newVaultPasswordFile) // Cleanup after execution 354 | } 355 | 356 | // Step 8: Construct the command 357 | cmd := exec.Command(vaultExecutable, args...) 358 | cmd.Stdout = os.Stdout 359 | cmd.Stderr = os.Stderr 360 | 361 | // Step 9: Pass the string content via stdin if encrypt_string 362 | if p.Config.Action == ActionEncryptString { 363 | stdin, err := cmd.StdinPipe() 364 | if err != nil { 365 | return fmt.Errorf("failed to open stdin pipe: %w", err) 366 | } 367 | go func() { 368 | defer stdin.Close() 369 | if _, writeErr := stdin.Write([]byte(p.Config.Content)); writeErr != nil { 370 | fmt.Fprintf(os.Stderr, "failed to write to stdin: %v\n", writeErr) 371 | } 372 | }() 373 | } 374 | 375 | // Step 10: Log the command for debugging purposes 376 | fmt.Printf("Executing command: %s %v\n", vaultExecutable, args) 377 | 378 | // Step 11: Execute the command 379 | if err := cmd.Run(); err != nil { 380 | return fmt.Errorf("ansible-vault command failed: %w", err) 381 | } 382 | 383 | return nil 384 | } 385 | 386 | // validateAction validates the provided action 387 | func validateAction(action string) error { 388 | validActions := map[string]bool{ 389 | ActionEncrypt: true, 390 | ActionDecrypt: true, 391 | ActionEncryptString: true, 392 | ActionView: true, 393 | ActionEdit: true, 394 | ActionRekey: true, 395 | } 396 | if !validActions[action] { 397 | return fmt.Errorf("invalid action: %s. Supported actions: encrypt, decrypt, encrypt_string, view, edit, rekey", action) 398 | } 399 | return nil 400 | } 401 | 402 | // handleOutputFile adds the output file flag if provided 403 | func handleOutputFile(output string, args *[]string) { 404 | if output != "" { 405 | *args = append(*args, "--output", output) 406 | } 407 | } 408 | 409 | // handleVaultPassword writes the vault password to a temporary file and appends it to args 410 | func handleVaultPassword(vaultKey string, vaultTmpPath string, args *[]string) (string, error) { 411 | if vaultKey == "" { 412 | return "", errors.New("vaultCredentialsKey is required for vault operations") 413 | } 414 | 415 | // Create a temporary Vault password file 416 | tmpVaultFile, err := createVaultTmpFile(vaultTmpPath, "vault-pass") 417 | if err != nil { 418 | return "", fmt.Errorf("failed to create temporary vault password file: %w", err) 419 | } 420 | 421 | // Write the password to the file 422 | if _, err := tmpVaultFile.WriteString(vaultKey); err != nil { 423 | tmpVaultFile.Close() 424 | return "", fmt.Errorf("failed to write vault key to temporary file: %w", err) 425 | } 426 | 427 | // Close the file to ensure the data is flushed 428 | if err := tmpVaultFile.Close(); err != nil { 429 | return "", fmt.Errorf("failed to close vault password file: %w", err) 430 | } 431 | 432 | // Set correct permissions 433 | if err := os.Chmod(tmpVaultFile.Name(), 0600); err != nil { 434 | return "", fmt.Errorf("failed to set permissions on vault password file: %w", err) 435 | } 436 | 437 | // Append the file path to the args 438 | *args = append(*args, "--vault-password-file", tmpVaultFile.Name()) 439 | return tmpVaultFile.Name(), nil 440 | } 441 | 442 | func handleNewVaultPassword(newVaultKey string, vaultTmpPath string, args *[]string) (string, error) { 443 | // Create a temporary file for the new vault password 444 | tmpNewVaultFile, err := createVaultTmpFile(vaultTmpPath, "new-vault-pass") 445 | if err != nil { 446 | return "", fmt.Errorf("failed to create temporary new vault password file: %w", err) 447 | } 448 | 449 | // Write the new password to the file 450 | if _, err := tmpNewVaultFile.WriteString(newVaultKey); err != nil { 451 | tmpNewVaultFile.Close() 452 | return "", fmt.Errorf("failed to write new vault key to temporary file: %w", err) 453 | } 454 | 455 | // Close the file to ensure the data is flushed 456 | if err := tmpNewVaultFile.Close(); err != nil { 457 | return "", fmt.Errorf("failed to close new vault password file: %w", err) 458 | } 459 | 460 | // Append the new vault password file to the args 461 | *args = append(*args, "--new-vault-password-file", tmpNewVaultFile.Name()) 462 | return tmpNewVaultFile.Name(), nil 463 | } 464 | 465 | // createVaultTmpFile creates a temporary file in the specified VaultTmpPath or system default 466 | func createVaultTmpFile(vaultTmpPath, prefix string) (*os.File, error) { 467 | if vaultTmpPath != "" { 468 | if err := ensureDirectoryExists(vaultTmpPath); err != nil { 469 | return nil, err 470 | } 471 | return os.CreateTemp(vaultTmpPath, prefix) 472 | } 473 | return os.CreateTemp("", prefix) 474 | } 475 | 476 | // ensureDirectoryExists ensures the directory exists or creates it 477 | func ensureDirectoryExists(dir string) error { 478 | info, err := os.Stat(dir) 479 | if os.IsNotExist(err) { 480 | return os.MkdirAll(dir, 0755) 481 | } 482 | if err != nil { 483 | return err 484 | } 485 | if !info.IsDir() { 486 | return fmt.Errorf("%s exists but is not a directory", dir) 487 | } 488 | return nil 489 | } 490 | 491 | func (p *Plugin) ansibleConfig() error { 492 | if err := os.MkdirAll(ansibleFolder, os.ModePerm); err != nil { 493 | return errors.Wrap(err, "failed to create ansible directory") 494 | } 495 | 496 | ansibleConfigContent := "[defaults]\n" 497 | if p.Config.DisableHostKeyChecking { 498 | ansibleConfigContent += "host_key_checking = False\n" 499 | } 500 | 501 | if err := os.WriteFile(ansibleConfig, []byte(ansibleConfigContent), 0600); err != nil { 502 | return errors.Wrap(err, "failed to create ansible config") 503 | } 504 | 505 | return nil 506 | } 507 | 508 | func (p *Plugin) privateKey() error { 509 | tmpfile, err := os.CreateTemp("", "privateKey") 510 | 511 | if err != nil { 512 | return errors.Wrap(err, "failed to create private key file") 513 | } 514 | 515 | if _, err := tmpfile.Write([]byte(p.Config.PrivateKey)); err != nil { 516 | return errors.Wrap(err, "failed to write private key file") 517 | } 518 | 519 | if err := tmpfile.Close(); err != nil { 520 | return errors.Wrap(err, "failed to close private key file") 521 | } 522 | 523 | p.Config.PrivateKeyFile = tmpfile.Name() 524 | return nil 525 | } 526 | 527 | func (p *Plugin) vaultPass() error { 528 | tmpfile, err := os.CreateTemp("", "vaultPass") 529 | 530 | if err != nil { 531 | return errors.Wrap(err, "failed to create vault password file") 532 | } 533 | 534 | if _, err := tmpfile.Write([]byte(p.Config.VaultPassword)); err != nil { 535 | return errors.Wrap(err, "failed to write vault password file") 536 | } 537 | 538 | if err := tmpfile.Close(); err != nil { 539 | return errors.Wrap(err, "failed to close vault password file") 540 | } 541 | 542 | p.Config.VaultPasswordFile = tmpfile.Name() 543 | return nil 544 | } 545 | 546 | // setupInventory handles inline inventory content 547 | func (p *Plugin) setupInventory() error { 548 | if p.Config.InventoryContent != "" { 549 | tmpfile, err := os.CreateTemp("", "inventory") 550 | if err != nil { 551 | return errors.Wrap(err, "failed to create temporary inventory file") 552 | } 553 | if _, err := tmpfile.WriteString(p.Config.InventoryContent); err != nil { 554 | return errors.Wrap(err, "failed to write inventory content") 555 | } 556 | defer tmpfile.Close() 557 | p.Config.Inventories = append(p.Config.Inventories, tmpfile.Name()) 558 | } 559 | return nil 560 | } 561 | 562 | // validateInstallation checks if the specified Ansible installation exists 563 | func (p *Plugin) validateInstallation() error { 564 | if p.Config.Installation != "" { 565 | if _, err := exec.LookPath(p.Config.Installation); err != nil { 566 | return errors.Wrapf(err, "specified Ansible installation not found: %s", p.Config.Installation) 567 | } 568 | } 569 | return nil 570 | } 571 | 572 | func (p *Plugin) playbooks() error { 573 | var ( 574 | playbooks []string 575 | ) 576 | 577 | for _, p := range p.Config.Playbooks { 578 | files, err := filepath.Glob(p) 579 | 580 | if err != nil { 581 | playbooks = append(playbooks, p) 582 | continue 583 | } 584 | 585 | playbooks = append(playbooks, files...) 586 | } 587 | 588 | if len(playbooks) == 0 { 589 | return errors.New("failed to find playbook files") 590 | } 591 | 592 | p.Config.Playbooks = playbooks 593 | return nil 594 | } 595 | 596 | func (p *Plugin) versionCommand() *exec.Cmd { 597 | args := []string{ 598 | "--version", 599 | } 600 | 601 | return exec.Command( 602 | "ansible", 603 | args..., 604 | ) 605 | } 606 | 607 | func (p *Plugin) requirementsCommand() *exec.Cmd { 608 | args := []string{ 609 | "install", 610 | "--upgrade", 611 | "--requirement", 612 | p.Config.Requirements, 613 | } 614 | 615 | return exec.Command( 616 | "pip", 617 | args..., 618 | ) 619 | } 620 | 621 | func (p *Plugin) galaxyCommand() *exec.Cmd { 622 | args := []string{ 623 | "install", 624 | } 625 | 626 | if p.Config.GalaxyForce { 627 | args = append(args, "--force") 628 | } 629 | 630 | args = append(args, 631 | "--role-file", 632 | p.Config.Galaxy, 633 | ) 634 | 635 | if p.Config.Verbose > 0 { 636 | args = append(args, fmt.Sprintf("-%s", strings.Repeat("v", p.Config.Verbose))) 637 | } 638 | 639 | return exec.Command( 640 | "ansible-galaxy", 641 | args..., 642 | ) 643 | } 644 | 645 | func (p *Plugin) ansibleCommand(inventory string) *exec.Cmd { 646 | args := []string{ 647 | "--inventory", 648 | inventory, 649 | } 650 | 651 | if len(p.Config.ModulePath) > 0 { 652 | args = append(args, "--module-path", strings.Join(p.Config.ModulePath, ":")) 653 | } 654 | 655 | if p.Config.VaultID != "" { 656 | args = append(args, "--vault-id", p.Config.VaultID) 657 | } 658 | 659 | if p.Config.VaultPasswordFile != "" { 660 | args = append(args, "--vault-password-file", p.Config.VaultPasswordFile) 661 | } 662 | 663 | if p.Config.VaultTmpPath != "" { 664 | args = append(args, "--vault-password-file", p.Config.VaultTmpPath) // Vault temporary path 665 | } 666 | 667 | for _, v := range p.Config.ExtraVars { 668 | args = append(args, "--extra-vars", v) 669 | } 670 | 671 | if p.Config.ListHosts { 672 | args = append(args, "--list-hosts") 673 | args = append(args, p.Config.Playbooks...) 674 | 675 | return exec.Command( 676 | "ansible-playbook", 677 | args..., 678 | ) 679 | } 680 | 681 | if p.Config.SyntaxCheck { 682 | args = append(args, "--syntax-check") 683 | args = append(args, p.Config.Playbooks...) 684 | 685 | return exec.Command( 686 | "ansible-playbook", 687 | args..., 688 | ) 689 | } 690 | 691 | if p.Config.Check { 692 | args = append(args, "--check") 693 | } 694 | 695 | if p.Config.Diff { 696 | args = append(args, "--diff") 697 | } 698 | 699 | if p.Config.FlushCache { 700 | args = append(args, "--flush-cache") 701 | } 702 | 703 | if p.Config.ForceHandlers { 704 | args = append(args, "--force-handlers") 705 | } 706 | 707 | if p.Config.Forks != 5 { 708 | args = append(args, "--forks", strconv.Itoa(p.Config.Forks)) 709 | } 710 | 711 | if p.Config.Limit != "" { 712 | args = append(args, "--limit", p.Config.Limit) 713 | } 714 | 715 | if p.Config.ListTags { 716 | args = append(args, "--list-tags") 717 | } 718 | 719 | if p.Config.ListTasks { 720 | args = append(args, "--list-tasks") 721 | } 722 | 723 | if p.Config.SkipTags != "" { 724 | args = append(args, "--skip-tags", p.Config.SkipTags) 725 | } 726 | 727 | if p.Config.StartAtTask != "" { 728 | args = append(args, "--start-at-task", p.Config.StartAtTask) 729 | } 730 | 731 | if p.Config.Tags != "" { 732 | args = append(args, "--tags", p.Config.Tags) 733 | } 734 | 735 | if p.Config.PrivateKeyFile != "" { 736 | args = append(args, "--private-key", p.Config.PrivateKeyFile) 737 | } 738 | 739 | if p.Config.User != "" { 740 | args = append(args, "--user", p.Config.User) 741 | } 742 | 743 | if p.Config.Connection != "" { 744 | args = append(args, "--connection", p.Config.Connection) 745 | } 746 | 747 | if p.Config.Timeout != 0 { 748 | args = append(args, "--timeout", strconv.Itoa(p.Config.Timeout)) 749 | } 750 | 751 | if p.Config.SSHCommonArgs != "" { 752 | args = append(args, "--ssh-common-args", p.Config.SSHCommonArgs) 753 | } 754 | 755 | if p.Config.SFTPExtraArgs != "" { 756 | args = append(args, "--sftp-extra-args", p.Config.SFTPExtraArgs) 757 | } 758 | 759 | if p.Config.SCPExtraArgs != "" { 760 | args = append(args, "--scp-extra-args", p.Config.SCPExtraArgs) 761 | } 762 | 763 | if p.Config.SSHExtraArgs != "" { 764 | args = append(args, "--ssh-extra-args", p.Config.SSHExtraArgs) 765 | } 766 | 767 | if p.Config.Become { 768 | args = append(args, "--become") 769 | } 770 | 771 | if p.Config.BecomeMethod != "" { 772 | args = append(args, "--become-method", p.Config.BecomeMethod) 773 | } 774 | 775 | if p.Config.BecomeUser != "" { 776 | args = append(args, "--become-user", p.Config.BecomeUser) 777 | } 778 | 779 | if p.Config.Verbose > 0 { 780 | args = append(args, fmt.Sprintf("-%s", strings.Repeat("v", p.Config.Verbose))) 781 | } 782 | 783 | args = append(args, p.Config.Playbooks...) 784 | 785 | return exec.Command(p.ansibleExecutable(), args...) 786 | 787 | // return exec.Command( 788 | // "ansible-playbook", 789 | // args..., 790 | // ) 791 | } 792 | 793 | // ansibleExecutable determines the executable to use 794 | func (p *Plugin) ansibleExecutable() string { 795 | if p.Config.Installation != "" { 796 | return p.Config.Installation 797 | } 798 | return "ansible-playbook" 799 | } 800 | 801 | func trace(cmd *exec.Cmd) { 802 | fmt.Println("$", strings.Join(cmd.Args, " ")) 803 | } 804 | --------------------------------------------------------------------------------