Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support local_action tasks #241

Merged
merged 1 commit into from
Jun 11, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions ansible_risk_insight/finder.py
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,15 @@ def find_module_name(data_block):
continue
if module_name_re.match(k):
return k
if "local_action" in keys:
local_action_value = data_block["local_action"]
module_name = ""
if isinstance(local_action_value, str):
module_name = local_action_value.split(" ")[0]
elif isinstance(local_action_value, dict):
module_name = local_action_value.get("module", "")
if module_name:
return module_name
return ""


Expand Down
10 changes: 10 additions & 0 deletions ansible_risk_insight/model_loader.py
Original file line number Diff line number Diff line change
Expand Up @@ -1489,6 +1489,16 @@ def load_task(
task_name = v
if k == module_name:
module_options = v
elif k == "local_action":
_opt = data_block[k]
if isinstance(_opt, str):
module_options = _opt.lstrip(module_name).lstrip(" ")
elif isinstance(_opt, dict):
for mk, mv in _opt.items():
if mk == "module":
continue
module_options[mk] = mv
task_options.update({k: v})
else:
task_options.update({k: v})

Expand Down
50 changes: 29 additions & 21 deletions ansible_risk_insight/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -1301,33 +1301,36 @@ def yaml(self, original_module="", use_yaml_lines=True):
task_data_wrapper = []
task_data = {}

is_local_action = "local_action" in self.options

# task name
if self.name:
task_data["name"] = self.name
elif "name" in task_data:
task_data.pop("name")

# module name
if original_module:
mo = deepcopy(task_data[original_module])
task_data[self.module] = mo
elif self.module and self.module not in task_data:
task_data[self.module] = self.module_options

# module options
if isinstance(self.module_options, dict):
current_mo = task_data[self.module]
# if the module options was an old style inline parameter in YAML,
# we can ignore them here because it is parsed as self.module_options
if not isinstance(current_mo, dict):
current_mo = {}
old_keys = list(current_mo.keys())
new_keys = list(self.module_options.keys())
for old_key in old_keys:
if old_key not in new_keys:
current_mo.pop(old_key)
recursive_copy_dict(self.module_options, current_mo)
task_data[self.module] = current_mo
if not is_local_action:
# module name
if original_module:
mo = deepcopy(task_data[original_module])
task_data[self.module] = mo
elif self.module and self.module not in task_data:
task_data[self.module] = self.module_options

# module options
if isinstance(self.module_options, dict):
current_mo = task_data[self.module]
# if the module options was an old style inline parameter in YAML,
# we can ignore them here because it is parsed as self.module_options
if not isinstance(current_mo, dict):
current_mo = {}
old_keys = list(current_mo.keys())
new_keys = list(self.module_options.keys())
for old_key in old_keys:
if old_key not in new_keys:
current_mo.pop(old_key)
recursive_copy_dict(self.module_options, current_mo)
task_data[self.module] = current_mo

# task options
if isinstance(self.options, dict):
Expand All @@ -1340,6 +1343,11 @@ def yaml(self, original_module="", use_yaml_lines=True):
if old_key not in new_keys:
current_to.pop(old_key)
options_without_name = {k: v for k, v in self.options.items() if k != "name"}
if is_local_action:
new_la_opt = {}
new_la_opt["module"] = self.module
recursive_copy_dict(self.module_options, new_la_opt)
options_without_name["local_action"] = new_la_opt
recursive_copy_dict(options_without_name, current_to)
if len(task_data_wrapper) == 0:
task_data_wrapper.append(current_to)
Expand Down
3 changes: 2 additions & 1 deletion ansible_risk_insight/risk_detector.py
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,7 @@ def detect(contexts: List[AnsibleRunContext], rules_dir: str = "", rules: list =
for rule in loaded_rules:
if not rule.enabled:
continue
rule_id = getattr(rule, "rule_id")
start_time = time.time()
r_result = RuleResult(file=t.file_info(), rule=rule.get_metadata())
detail = {}
Expand All @@ -198,7 +199,7 @@ def detect(contexts: List[AnsibleRunContext], rules_dir: str = "", rules: list =
fatal = detail.get("fatal", False) if detail else False
if fatal:
error = r_result.error or "unknown error"
error = f"ARI rule evaluation threw fatal exception: {error}"
error = f"ARI rule evaluation threw fatal exception: RuleID={rule_id}, error={error}"
raise FatalRuleResultError(error)
if rule.spec_mutation:
if isinstance(detail, dict):
Expand Down
Loading