Try SpotterManage Quay Container Registry repository notifications
| "added in version" 0.0.1 of herve4m.quay"
Authors: Herve Quatremain (@herve4m)
Install with ansible-galaxy collection install herve4m.quay:==1.2.0
collections:
- name: herve4m.quay
version: 1.2.0Create and delete repository notifications.
- name: Ensure notification of type Quay Notification exists
herve4m.quay.quay_notification:
repository: production/smallimage
title: Test Quay Notification on image push
event: repo_push
method: quay_notification
config:
name: operators
type: team
state: present
quay_host: https://quay.example.com
quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
# You must enable the security scanner capability of your Quay installation
# to use the vulnerability_found event.
- name: Ensure notification of type webhook exists
herve4m.quay.quay_notification:
repository: production/smallimage
title: Webhook notification on critical image vulnerability
event: vulnerability_found
vulnerability_level: critical
method: webhook
config:
url: https://webhook.example.com/webhook/12345
template: "{{ lookup('file', 'post.json') | string }}"
state: present
quay_host: https://quay.example.com
quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
- name: Ensure notification of type Slack exists
herve4m.quay.quay_notification:
repository: production/smallimage
title: Notify image push to Slack
event: repo_push
method: slack
config:
url: https://hooks.slack.com/services/XXX/YYY/ZZZ
state: present
quay_host: https://quay.example.com
quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
- name: Test Slack notification
herve4m.quay.quay_notification:
repository: production/smallimage
title: Notify image push to Slack
test: true
state: present
quay_host: https://quay.example.com
quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
- name: Reset the failure counter for the Quay Notification
herve4m.quay.quay_notification:
repository: production/smallimage
regex: "Quay\\s+Notification\\s"
reset_failcount: true
state: present
quay_host: https://quay.example.com
quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
- name: Delete all the notifications triggered by canceled builds
herve4m.quay.quay_notification:
repository: production/smallimage
event: build_cancelled
state: absent
quay_host: https://quay.example.com
quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
- name: Delete all the notifications where the title includes "Test"
herve4m.quay.quay_notification:
repository: production/smallimage
search_string: Test
state: absent
quay_host: https://quay.example.com
quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
test:
default: false
description:
- Initiate a test of the notification.
type: bool
event:
choices:
- repo_push
- build_failure
- build_queued
- build_start
- build_success
- build_cancelled
- vulnerability_found
- repo_mirror_sync_started
- repo_mirror_sync_success
- repo_mirror_sync_failed
description:
- Event that triggers the notification.
- Depending of the activated Quay components, not all events might be available on
your system.
type: str
state:
choices:
- absent
- present
default: present
description:
- If C(absent), then the module deletes the notification.
- The module uses the I(title), I(regex), or I(search_string) parameters to select
the notifications to process. You can also omit those parameters and use instead
the I(event) and I(method) options to select all the notifications triggered by
a specific event or using a specific method.
- If C(present), then the module creates the notification if it does not already exist.
- If the notification already exists and I(reset_failcount) or I(test) are set, then
the module resets the failure counter or initiates a test of the notification.
type: str
title:
description:
- Notification title.
type: str
config:
description:
- Configuration parameters for the notification method.
suboptions:
email:
description:
- Destination email address.
- Required by the email notification method.
type: str
flow_api_token:
description:
- API token required for the Flowdock notification method.
type: str
name:
description:
- Name of the account, team, or organization. Robot accounts are not allowed.
- Required by the Quay Notification method.
type: str
notification_token:
description:
- Notification token required for the HipChat notification method.
type: str
room_id:
description:
- Chat room ID required for the HipChat notification method.
type: str
template:
description:
- JSON data for the body content of the webhook POST method.
type: str
type:
choices:
- user
- team
- org
default: user
description:
- Specifies the type of the account defined in I(name).
- Only applies to the Quay Notification method.
type: str
url:
description:
- Webhook URL for the Slack method or POST URL for the webhook POST method.
type: str
type: dict
method:
choices:
- email
- flowdock
- hipchat
- quay_notification
- slack
- webhook
description:
- Notification method. Each method requires a specific set of options that you define
by using the I(config) parameter.
- The email notification method is only available on Quay installations where the
mailing capability has been activated (C(FEATURE_MAILING) to C(true) in C(config.yaml)).
type: str
regexp:
aliases:
- regex
description:
- The regular expression to search in the title of the existing notifications. This
does not have to match the entire title.
- The module uses that regular expression to select the notifications to process.
- For C(state=present), the module resets the failure counter (if I(reset_failcount)
is C(true)) or initiates a test (if I(test) is C(true)) of all the matching notifications.
- For C(state=absent), the module deletes all the notifications that match.
- Uses Python regular expressions. See U(https://docs.python.org/3/library/re.html).
- Mutually exclusive with I(search_string).
type: str
quay_host:
default: http://127.0.0.1
description:
- URL for accessing the API. U(https://quay.example.com:8443) for example.
- If you do not set the parameter, then the module uses the C(QUAY_HOST) environment
variable.
- If you do no set the environment variable either, then the module uses the U(http://127.0.0.1)
URL.
type: str
quay_token:
description:
- OAuth access token for authenticating against the API.
- If you do not set the parameter, then the module tries the C(QUAY_TOKEN) environment
variable.
- Mutually exclusive with I(quay_username) and I(quay_password).
type: str
repository:
description:
- Name of the repository which contains the notifications to manage. The format for
the name is C(namespace)/C(shortname). The namespace can be an organization or a
personal namespace.
- If you omit the namespace part in the name, then the module looks for the repository
in your personal namespace.
required: true
type: str
quay_password:
description:
- The password to use for authenticating against the API.
- If you do not set the parameter, then the module tries the C(QUAY_PASSWORD) environment
variable.
- If you set I(quay_password), then you also need to set I(quay_username).
- Mutually exclusive with I(quay_token).
type: str
quay_username:
description:
- The username to use for authenticating against the API.
- If you do not set the parameter, then the module tries the C(QUAY_USERNAME) environment
variable.
- If you set I(quay_username), then you also need to set I(quay_password).
- Mutually exclusive with I(quay_token).
type: str
search_string:
description:
- The literal string to search in the title of the existing notifications. This does
not have to match the entire line.
- For C(state=present), the module resets the failure counter (if I(reset_failcount)
is C(true)) or initiates a test (if I(test) is C(true)) of all the matching notifications.
- For C(state=absent), the module deletes all the notifications that match.
- Mutually exclusive with I(regexp).
type: str
validate_certs:
aliases:
- verify_ssl
default: true
description:
- Whether to allow insecure connections to the API.
- If C(no), then the module does not validate SSL certificates.
- If you do not set the parameter, then the module tries the C(QUAY_VERIFY_SSL) environment
variable (C(yes), C(1), and C(True) mean yes, and C(no), C(0), C(False), and no
value mean no).
type: bool
reset_failcount:
default: false
description:
- Reset the notification failure counter.
type: bool
vulnerability_level:
choices:
- critical
- high
- medium
- low
- negligible
- unknown
description:
- Only used when I(event) is C(vulnerability_found).
- The notification is triggered when the vulnerability has a level equal or higher
to the level you define is I(vulnerability_level).
type: str