Last active
December 16, 2018 12:49
-
-
Save cinek810/62841f8eed8abc6805d163c2e8a89f9b to your computer and use it in GitHub Desktop.
ansible review standard checking vaulted defaults in roles and verifying if all defaults are prefixed by role name
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from ansible_vault import Vault | |
def check_defaults_prefix(candidate,setting): | |
result = Result(candidate.path) | |
pathSpliter = re.compile("roles/([a-zA-Z0-9_\-]+)/defaults/main.yml") | |
splittedPath = pathSpliter.match(candidate.path) | |
if splittedPath is not None: | |
with codecs.open(candidate.path, mode='rb', encoding='utf-8') as f: | |
vault_password = open('/etc/ansible/vault-password','r').readline().rstrip("\n") | |
vault = Vault(vault_password) | |
defaults = vault.load(f.read()) | |
for key,value in defaults.iteritems(): | |
if not key.startswith(splittedPath.group(1)): | |
result.errors.append(Error(key,"Missing prefix:"+splittedPath.group(1)+"_ in variable name.")) | |
return result | |
all_defaults_start_with_rolename = Standard(dict( | |
name = "All default variables should start with role name", | |
check = check_defaults_prefix, | |
version = "0.1", | |
types=[ "defaults" ] | |
)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment