def run(self, context: ExecutionContext) -> bool:
playbook_name = context.get_arg_or_env('--playbook')
inventory_name = context.get_arg_or_env('--inventory')
git_private_key_path = context.get_arg_or_env('--git-key')
branch = context.get_arg('--branch')
profile = context.get_arg('--profile')
debug = context.get_arg('--debug')
# keep the vault arguments for decryption of deployment.yml
self._preserve_vault_parameters_for_usage_in_inner_tasks(context)
if not self.role_is_installed_and_configured():
self.io().error_msg(
'Deployment not configured. Use `harbor :deployment:files:update` first'
)
return False
try:
self.install_and_configure_role(context, force_update=False)
except MissingDeploymentConfigurationError as e:
self.io().error_msg(str(e))
return False
pwd_backup = os.getcwd()
pid = None
try:
command = ''
opts = ''
if git_private_key_path:
sock, pid = self.spawn_ssh_agent()
command += 'export SSH_AUTH_SOCK=%s; export SSH_AGENT_PID=%i; ssh-add %s; sleep 5; ' % \
(sock, pid, git_private_key_path)
if debug:
opts += ' -vv '
opts += ' -e git_branch="%s" ' % branch
opts += ' -e harbor_deployment_profile="%s" ' % profile
opts += self._get_vault_opts(context, '../../')
os.chdir(self.ansible_dir)
command += 'ansible-playbook ./%s -i %s %s' % (
playbook_name, inventory_name, opts)
self.spawn_ansible(command)
finally:
os.chdir(pwd_backup)
if pid:
self.kill_ssh_agent(pid)
return True
def _preserve_vault_parameters_for_usage_in_inner_tasks(
self, ctx: ExecutionContext):
"""Preserve original parameters related to Vault, so those parameters can be propagated to inner tasks"""
try:
vault_passwords = ctx.get_arg_or_env('--vault-passwords')
except MissingInputException:
vault_passwords = ''
# keep the vault arguments for decryption of deployment.yml
self.vault_args = ['--vault-passwords=' + vault_passwords]
if ctx.get_arg('--ask-vault-pass'):
self.vault_args.append('--ask-vault-pass')
def get_repositories_list(self, ctx: ExecutionContext) -> Dict[str, str]:
try:
repos = ctx.get_arg_or_env('--repositories').split(',')
repos_with_branch = {}
for repo in repos:
parts = repo.split('@@')
repos_with_branch[
parts[0]] = parts[1] if len(parts) >= 2 else 'master'
return repos_with_branch
except MissingInputException:
self.io().warn('No repositories specified')
return {}
def _get_vault_opts(self, ctx: ExecutionContext, chdir: str = '') -> str:
"""Creates options to pass in Ansible Vault commandline
The output will be a temporary vault file with password entered inline or a --ask-vault-pass switch
"""
try:
vault_passwords = ctx.get_arg_or_env('--vault-passwords').split(
'||')
except MissingInputException:
vault_passwords = []
num = 0
opts = ''
enforce_ask_pass = ctx.get_arg('--ask-vault-pass')
for passwd in vault_passwords:
num = num + 1
if not passwd:
continue
if passwd.startswith('./') or passwd.startswith('/'):
if os.path.isfile(passwd):
opts += ' --vault-password-file="%s" ' % (chdir + passwd)
else:
self.io().error(
'Vault password file "%s" does not exist, calling --ask-vault-pass'
% passwd)
enforce_ask_pass = True
else:
tmp_vault_file = self.temp.assign_temporary_file(mode=0o644)
with open(tmp_vault_file, 'w') as f:
f.write(passwd)
opts += ' --vault-password-file="%s" ' % (chdir +
tmp_vault_file)
if enforce_ask_pass:
opts += ' --ask-vault-pass '
return opts