diff --git a/ansible/playbooks/drift-check.yml b/ansible/playbooks/drift-check.yml index c209942..415dff0 100644 --- a/ansible/playbooks/drift-check.yml +++ b/ansible/playbooks/drift-check.yml @@ -23,73 +23,81 @@ drifted_items: [] # ───────────────────────────────────────────────────────────────────── - # TASK 2: Check drift for each configured file - # Loops through deploy_items and compares local vs server files + # TASK 2: Read local files from repository # ───────────────────────────────────────────────────────────────────── - - name: Check drift for each file - block: - # Read local file from repo - - name: Read local file - slurp: - src: "{{ playbook_dir }}/{{ '../../' + item.src }}" - delegate_to: localhost - register: local_file_content - failed_when: false + - name: Read local files + slurp: + src: "{{ playbook_dir }}/{{ '../../' + item.src }}" + delegate_to: localhost + loop: "{{ deploy_items }}" + loop_control: + loop_var: item + label: "{{ item.name }}" + register: local_files + failed_when: false - # Read file from server - - name: Read server file - slurp: - src: "{{ item.dest }}" - register: server_file_content - failed_when: false - - # Build drift info if file is missing - - name: Add to drifted items if missing - set_fact: - drifted_items: "{{ drifted_items + [drift_info] }}" - vars: - drift_info: - name: "{{ item.name }}" - destination: "{{ item.dest }}" - status: "MISSING" - reason: "File not found on server" - when: server_file_content.rc != 0 - - # Build drift info if file content differs - - name: Add to drifted items if content differs - set_fact: - drifted_items: "{{ drifted_items + [drift_info] }}" - vars: - drift_info: - name: "{{ item.name }}" - destination: "{{ item.dest }}" - status: "CONTENT_DIFFERS" - reason: "File content differs from repository" - when: - - server_file_content.rc == 0 - - local_file_content.content | b64decode != server_file_content.content | b64decode + # ───────────────────────────────────────────────────────────────────── + # TASK 3: Read server files + # ───────────────────────────────────────────────────────────────────── + - name: Read server files + slurp: + src: "{{ item.dest }}" + loop: "{{ deploy_items }}" + loop_control: + loop_var: item + label: "{{ item.name }}" + register: server_files + failed_when: false + # ───────────────────────────────────────────────────────────────────── + # TASK 4: Compare files and detect drift + # Builds list of drifted files by comparing local vs server + # ───────────────────────────────────────────────────────────────────── + - name: Detect drift by comparing files + set_fact: + drifted_items: "{{ drifted_items | default([]) + [drift_item] }}" + vars: + local_result: "{{ local_files.results[item_index] }}" + server_result: "{{ server_files.results[item_index] }}" + item_index: "{{ loop_index0 }}" + drift_item: | + {%- if server_result.rc != 0 -%} + { + "name": "{{ item.name }}", + "destination": "{{ item.dest }}", + "status": "MISSING", + "reason": "File not found on server" + } + {%- elif local_result.content | b64decode != server_result.content | b64decode -%} + { + "name": "{{ item.name }}", + "destination": "{{ item.dest }}", + "status": "CONTENT_DIFFERS", + "reason": "File content differs from repository" + } + {%- endif -%} loop: "{{ deploy_items }}" loop_control: loop_var: item label: "{{ item.name }}" # ───────────────────────────────────────────────────────────────────── - # TASK 3: Update drift detection flag + # TASK 5: Update drift detection flag and filter results # ───────────────────────────────────────────────────────────────────── - name: Set drift_detected flag set_fact: - drift_detected: "{{ drifted_items | length > 0 }}" + drifted_items: "{{ drifted_items | map('from_json') | selectattr('status', 'defined') | list }}" + drift_detected: "{{ (drifted_items | map('from_json') | selectattr('status', 'defined') | list | length) > 0 }}" # ───────────────────────────────────────────────────────────────────── - # TASK 4: Generate JSON report with drift details + # TASK 6: Generate JSON report with drift details # ───────────────────────────────────────────────────────────────────── - name: Generate drift detection JSON report set_fact: drifted_files_json: "{{ drifted_items | to_nice_json }}" # ───────────────────────────────────────────────────────────────────── - # TASK 5: Save drift report to file for script consumption + # TASK 7: Save drift report to file for script consumption # ───────────────────────────────────────────────────────────────────── - name: Save drift report to file copy: @@ -101,7 +109,7 @@ delegate_to: localhost # ───────────────────────────────────────────────────────────────────── - # TASK 6: Output status summary + # TASK 8: Output status summary # ───────────────────────────────────────────────────────────────────── - name: Output SYNCED status debug: @@ -119,7 +127,7 @@ when: drift_detected # ───────────────────────────────────────────────────────────────────── - # TASK 7: Fail if drift detected (for CI/CD pipeline) + # TASK 9: Fail if drift detected (for CI/CD pipeline) # ───────────────────────────────────────────────────────────────────── - name: Fail if drift detected fail: