def run(self, context: ExecutionContext) -> bool: playbook_name = context.get_arg_or_env('--playbook') inventory_name = context.get_arg_or_env('--inventory') git_private_key_path = context.get_arg_or_env('--git-key') branch = context.get_arg('--branch') profile = context.get_arg('--profile') debug = context.get_arg('--debug') # keep the vault arguments for decryption of deployment.yml self._preserve_vault_parameters_for_usage_in_inner_tasks(context) if not self.role_is_installed_and_configured(): self.io().error_msg( 'Deployment not configured. Use `harbor :deployment:files:update` first' ) return False try: self.install_and_configure_role(context, force_update=False) except MissingDeploymentConfigurationError as e: self.io().error_msg(str(e)) return False pwd_backup = os.getcwd() pid = None try: command = '' opts = '' if git_private_key_path: sock, pid = self.spawn_ssh_agent() command += 'export SSH_AUTH_SOCK=%s; export SSH_AGENT_PID=%i; ssh-add %s; sleep 5; ' % \ (sock, pid, git_private_key_path) if debug: opts += ' -vv ' opts += ' -e git_branch="%s" ' % branch opts += ' -e harbor_deployment_profile="%s" ' % profile opts += self._get_vault_opts(context, '../../') os.chdir(self.ansible_dir) command += 'ansible-playbook ./%s -i %s %s' % ( playbook_name, inventory_name, opts) self.spawn_ansible(command) finally: os.chdir(pwd_backup) if pid: self.kill_ssh_agent(pid) return True
def _preserve_vault_parameters_for_usage_in_inner_tasks( self, ctx: ExecutionContext): """Preserve original parameters related to Vault, so those parameters can be propagated to inner tasks""" try: vault_passwords = ctx.get_arg_or_env('--vault-passwords') except MissingInputException: vault_passwords = '' # keep the vault arguments for decryption of deployment.yml self.vault_args = ['--vault-passwords=' + vault_passwords] if ctx.get_arg('--ask-vault-pass'): self.vault_args.append('--ask-vault-pass')
def get_repositories_list(self, ctx: ExecutionContext) -> Dict[str, str]: try: repos = ctx.get_arg_or_env('--repositories').split(',') repos_with_branch = {} for repo in repos: parts = repo.split('@@') repos_with_branch[ parts[0]] = parts[1] if len(parts) >= 2 else 'master' return repos_with_branch except MissingInputException: self.io().warn('No repositories specified') return {}
def _get_vault_opts(self, ctx: ExecutionContext, chdir: str = '') -> str: """Creates options to pass in Ansible Vault commandline The output will be a temporary vault file with password entered inline or a --ask-vault-pass switch """ try: vault_passwords = ctx.get_arg_or_env('--vault-passwords').split( '||') except MissingInputException: vault_passwords = [] num = 0 opts = '' enforce_ask_pass = ctx.get_arg('--ask-vault-pass') for passwd in vault_passwords: num = num + 1 if not passwd: continue if passwd.startswith('./') or passwd.startswith('/'): if os.path.isfile(passwd): opts += ' --vault-password-file="%s" ' % (chdir + passwd) else: self.io().error( 'Vault password file "%s" does not exist, calling --ask-vault-pass' % passwd) enforce_ask_pass = True else: tmp_vault_file = self.temp.assign_temporary_file(mode=0o644) with open(tmp_vault_file, 'w') as f: f.write(passwd) opts += ' --vault-password-file="%s" ' % (chdir + tmp_vault_file) if enforce_ask_pass: opts += ' --ask-vault-pass ' return opts