summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-05-18 00:10:50 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-05-18 00:47:05 +0200
commit71aefcc229f999f92b25e51b9444b313d95fbc86 (patch)
tree0cfda622ac987e35543361dcc478dfe6b5b3fa08 /lib
parentf4c280d1c6f43f7ca0c1e498ab87fe7aa08d5eb2 (diff)
Add an ansible module 'fetch_cmd' to fetch the output of a remote command locally.
And use this to fetch all X.509 leaf certificates.
Diffstat (limited to 'lib')
-rw-r--r--lib/action_plugins/fetch_cmd.py61
-rw-r--r--lib/modules/fetch_cmd.py56
2 files changed, 117 insertions, 0 deletions
diff --git a/lib/action_plugins/fetch_cmd.py b/lib/action_plugins/fetch_cmd.py
new file mode 100644
index 0000000..99bdf2e
--- /dev/null
+++ b/lib/action_plugins/fetch_cmd.py
@@ -0,0 +1,61 @@
+# Fetch the output of a remote command
+# Copyright (c) 2016 Guilhem Moulin <guilhem@fripost.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import subprocess, os
+from ansible.plugins.action import ActionBase
+from ansible.utils.path import makedirs_safe
+from ansible.utils.hashing import checksum
+
+class ActionModule(ActionBase):
+ TRANSFERS_FILES = True
+
+ def run(self, tmp=None, task_vars=None):
+ if task_vars is None:
+ task_vars = dict()
+
+ if self._play_context.check_mode:
+ return dict(skipped=True, msg='check mode not supported for this module')
+
+ result = super(ActionModule, self).run(tmp, task_vars)
+
+ cmd = self._task.args.get('cmd', None)
+ stdin = self._task.args.get('stdin', None)
+ dest = self._task.args.get('dest', None)
+
+ if cmd is None or dest is None:
+ return dict(failed=True, msg="cmd and dest are required")
+
+ if stdin is not None:
+ stdin = self._connection._shell.join_path(stdin)
+ stdin = self._remote_expand_user(stdin)
+
+ stdout = self._connection._shell.join_path(self._make_tmp_path(), 'stdout')
+ result.update(self._execute_module(module_args=dict(cmd=cmd, stdin=stdin, dest=stdout), task_vars=task_vars))
+
+ # calculate checksum for the local file
+ local_checksum = checksum(dest)
+
+ # calculate checksum for the remote file, don't bother if using become as slurp will be used
+ remote_checksum = self._remote_checksum(stdout, all_vars=task_vars)
+
+ if remote_checksum != local_checksum:
+ makedirs_safe(os.path.dirname(dest))
+ self._connection.fetch_file(stdout, dest)
+ if checksum(dest) == remote_checksum:
+ result.update(dict(changed=True))
+ else:
+ result.update(dict(failed=True))
+ return result
diff --git a/lib/modules/fetch_cmd.py b/lib/modules/fetch_cmd.py
new file mode 100644
index 0000000..ac8757f
--- /dev/null
+++ b/lib/modules/fetch_cmd.py
@@ -0,0 +1,56 @@
+#!/usr/bin/python
+
+# Fetch the output of a remote command
+# Copyright (c) 2016 Guilhem Moulin <guilhem@fripost.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+# import module snippets
+from ansible.module_utils.basic import *
+
+def main():
+ module = AnsibleModule(
+ argument_spec = dict(
+ cmd = dict( default=None ),
+ stdin = dict( default=None ),
+ dest = dict( default=None ),
+ ),
+ supports_check_mode=False
+ )
+
+ params = module.params
+ cmd = params['cmd']
+ stdin = params['stdin']
+ dest = params['dest']
+
+ if cmd is None or dest is None:
+ return dict(failed=True, msg="cmd and dest are required")
+
+ changed = False
+ try:
+ if stdin is not None:
+ stdin = open(stdin, 'r')
+
+ with open(dest, 'w') as stdout:
+ subprocess.check_call(cmd.split(), stdin=stdin, stdout=stdout)
+ if stdin is not None:
+ stdin.close()
+
+ except KeyError, e:
+ module.fail_json(msg=str(e))
+
+ module.exit_json(changed=changed)
+
+main()