Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save cinek810/62841f8eed8abc6805d163c2e8a89f9b to your computer and use it in GitHub Desktop.
Save cinek810/62841f8eed8abc6805d163c2e8a89f9b to your computer and use it in GitHub Desktop.
ansible review standard checking vaulted defaults in roles and verifying if all defaults are prefixed by role name
from ansible_vault import Vault
def check_defaults_prefix(candidate,setting):
result = Result(candidate.path)
pathSpliter = re.compile("roles/([a-zA-Z0-9_\-]+)/defaults/main.yml")
splittedPath = pathSpliter.match(candidate.path)
if splittedPath is not None:
with codecs.open(candidate.path, mode='rb', encoding='utf-8') as f:
vault_password = open('/etc/ansible/vault-password','r').readline().rstrip("\n")
vault = Vault(vault_password)
defaults = vault.load(f.read())
for key,value in defaults.iteritems():
if not key.startswith(splittedPath.group(1)):
result.errors.append(Error(key,"Missing prefix:"+splittedPath.group(1)+"_ in variable name."))
return result
all_defaults_start_with_rolename = Standard(dict(
name = "All default variables should start with role name",
check = check_defaults_prefix,
version = "0.1",
types=[ "defaults" ]
))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment