From 5f6f641bb4e32643b9df282917563b1cdcdfb930 Mon Sep 17 00:00:00 2001
From: dvirlabs <dvirlabs@gmail.com>
Date: Fri, 24 Apr 2026 16:13:34 +0300
Subject: [PATCH] drift-check recursive

---
 ansible/playbooks/check_confd_content.yml | 38 +++++++++++++++++++++++
 ansible/playbooks/drift-check.yml         | 13 ++++++--
 2 files changed, 49 insertions(+), 2 deletions(-)
 create mode 100644 ansible/playbooks/check_confd_content.yml

diff --git a/ansible/playbooks/check_confd_content.yml b/ansible/playbooks/check_confd_content.yml
new file mode 100644
index 0000000..b9dca79
--- /dev/null
+++ b/ansible/playbooks/check_confd_content.yml
@@ -0,0 +1,38 @@
+---
+# Helper task to compare individual rsyslog.d config file content
+# Called from drift-check.yml with loop_var: confd_file
+
+- name: Read Git version of {{ confd_file }}
+  slurp:
+    src: "{{ playbook_dir }}/../../files/rsyslog.d/{{ confd_file }}"
+  delegate_to: localhost
+  register: git_file_content
+
+- name: Read server version of {{ confd_file }}
+  slurp:
+    src: "{{ rsyslog_config_dir }}/{{ confd_file }}"
+  register: server_file_content
+
+- name: Normalize and compare {{ confd_file }} content
+  set_fact:
+    git_normalized: "{{ git_file_content.content | b64decode | replace('\r\n', '\n') }}"
+    server_normalized: "{{ server_file_content.content | b64decode | replace('\r\n', '\n') }}"
+
+- name: Check if {{ confd_file }} content matches
+  set_fact:
+    file_matches: "{{ git_normalized == server_normalized }}"
+
+- name: Debug {{ confd_file }} comparison
+  debug:
+    msg: |
+      File: {{ confd_file }}
+      Git size: {{ git_normalized | length }} chars
+      Server size: {{ server_normalized | length }} chars
+      Match: {{ file_matches }}
+  when: not file_matches
+
+- name: Mark drift if {{ confd_file }} differs
+  set_fact:
+    drift_detected: true
+    drifted_files: "{{ drifted_files + ['rsyslog.d/' + confd_file] }}"
+  when: not file_matches
diff --git a/ansible/playbooks/drift-check.yml b/ansible/playbooks/drift-check.yml
index aa8d776..f4d569e 100644
--- a/ansible/playbooks/drift-check.yml
+++ b/ansible/playbooks/drift-check.yml
@@ -52,7 +52,7 @@
       when: not main_conf_match
 
     # ─────────────────────────────────────────────────────────────────────────
-    # Compare rsyslog.d directory files
+    # Compare rsyslog.d directory files (filenames and content)
     # ─────────────────────────────────────────────────────────────────────────
     - name: List Git rsyslog.d files
       find:
@@ -78,12 +78,21 @@
       set_fact:
         confd_match: "{{ git_confd_names == server_confd_names }}"
 
-    - name: Mark drift if rsyslog.d files differ
+    - name: Mark drift if rsyslog.d file list differs
       set_fact:
         drift_detected: true
         drifted_files: "{{ drifted_files + ['rsyslog.d/'] }}"
       when: not confd_match
 
+    # Compare content of each file in rsyslog.d (only if filenames match)
+    - name: Compare content of rsyslog.d config files
+      include_tasks:
+        file: check_confd_content.yml
+      loop: "{{ git_confd_names }}"
+      loop_control:
+        loop_var: confd_file
+      when: confd_match
+
     # ─────────────────────────────────────────────────────────────────────────
     # Output markers for update-gitops-status.sh parsing
     # ─────────────────────────────────────────────────────────────────────────