Exec Action
Exec action allows you to executes a command or a script file on the target host. The type of scripts executed include:
- Bash scripts
- Powershell scripts
scale-deployment.yamlapiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: scale-deployment
spec:
description: Scale Deployment
configs:
- types:
- Kubernetes::Deployment
parameters:
- name: replicas
label: The new desired number of replicas.
actions:
- name: kubectl scale
exec:
script: |
kubectl scale --replicas={{.params.replicas}} \
--namespace={{.config.tags.namespace}} \
deployment {{.config.name}}
| Field | Description | Scheme |
|---|---|---|
name* | Step Name |
|
script* | The script to execute |
|
artifacts | Artifacts produced by the action | |
checkout | Checkout a git repository before running the script | |
connections | Connections used by the action | |
env | Environment variables to set during execution | |
delay | A delay before running the action e.g. |
|
filter | Conditionally run an action | CEL with Playbook Context |
runsOn | Which runner (agent) to run the action on | |
templatesOn | Where templating (and secret management) of actions should occur |
|
timeout | Timeout on this action. |
Templating
Scripts are templatable with Go Templates
exec:
script: kubectl rollout release deployment -n $(.config.tags.namespace) $(.conf
Switching scripting language
Use a shebang (#!) line to choose a different shell (python, bash and pwsh are included in the base image)
exec:
script: |
#! pwsh
Get-Items | ConvertTo-JSON
Escaping templates in Helm Charts
If you need to pass a template through a Helm Chart and prevent Helm from templating you need to escape it:
{{`{{ .secret }}`}}
Alternatively change the templating delimiters
Multiline handling with YAML
If you are using a YAML multiline string use | and not > which will strip newlines
Instead of:
exec:
script: >
#! pwsh
Get-Items | ConvertTo-JSON
Do this:
exec:
script: |
#! pwsh
Get-Items | ConvertTo-JSON
Changing templating delimiters
The template delimiters can be changed from the defaults of $() and {{}} with gotemplate comments
exec:
script: |
#! pwsh
# gotemplate: left-delim=$[[ right-delim=]]
$message = "$[[.config.name]]"
Write-Host "{{ $message }}"
Write-Host @{ Number = 1; Shape = "Square"; Color = "Blue"} | ConvertTo-JSON
Connections
Exec connections allow you to specify credentials for a list of CLI tools that are needed by your scripts. Eg: You can specify the AWS connection name and the credential files along with the necessary environment variables will be setup on the host running the script.
| Field | Description | Type | Required |
|---|---|---|---|
aws | AWS connection | AWSConnection | |
gcp | GCP connection | GCPConnection | |
azure | Azure connection | AzureConnection |
Artifacts
exec-artifact.yamlapiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: exec-artifact
spec:
description: Simple script to generate an artifact
configs:
- types:
- EC2 Instance
labelSelector: "telemetry=enabled"
actions:
- name: 'Generate artifact'
exec:
script: echo "hello world" > /tmp/output.txt
artifacts:
- path: /tmp/output.txt
| Field | Description | Type | Required |
|---|---|---|---|
path | Path or glob. | string | true |
Git Checkout
exec-checkout.yamlapiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: read-git-repository
spec:
description: Clones the git repository and reads the first line of the file
configs:
- types:
- AWS::EKS::Cluster
actions:
- name: Clone and read go.sum
exec:
script: head -n 1 $READ_FILE
env:
- name: READ_FILE
value: go.sum
checkout:
url: https://github.com/flanksource/artifacts
connection: connection://github/aditya-all-access
| Field | Description | Scheme |
|---|---|---|
destination | Destination is the full path to where the contents of the URL should be downloaded to. If left empty, the sha256 hash of the URL will be used as the dir name | |
connection | The connection url to use, mutually exclusive with | |
url | If |
|
certificate | ||
username | ||
password |
Action Result
| Field | Description | Schema |
|---|---|---|
stdout | string | |
stderr | string | |
exitCode | Process exit code | int |
Templating
CEL Expressions
The following variables can be used within the CEL expressions of filter, if, delays and parameters.default:
| Field | Description | Schema |
|---|---|---|
config | Config passed to the playbook | ConfigItem |
component | Component passed to the playbook | Component |
check | Canary Check passed to the playbook | Check |
playbook | Playbook passed to the playbook | Playbook |
run | Current run | Run |
params | User provided parameters to the playbook | map[string]any |
request | Webhook request | Webhook Request |
env | Environment variables defined on the playbook | map[string]any |
user.name | Name of the user who invoked the action | string |
user.email | Email of the user who invoked the action | string |
agent.id | ID of the agent the resource belongs to. | string |
agent.name | Name of the agent the resource belongs to. | string |
Conditionally Running Actions
Playbook actions can be selectively executed based on CEL expressions. These expressions must either return
- a boolean value (
trueindicating run the action & skip the action otherwise) - or a special function among the ones listed below
| Function | Description |
|---|---|
always() | run no matter what; even if the playbook is cancelled/fails |
failure() | run if any of the previous actions failed |
skip() | skip running this action |
success() | run only if all previous actions succeeded (default) |
timeout() | run only if any of the previous actions timed out |
delete-kubernetes-pod.yaml---
apiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: notify-send-with-filter
spec:
parameters:
- name: message
label: The message for notification
default: '{{.config.name}}'
configs:
- types:
- Kubernetes::Pod
actions:
- name: Send notification
exec:
script: notify-send "{{.config.name}} was created"
- name: Bad script
exec:
script: deltaforce
- name: Send all success notification
if: success() # this filter practically skips this action as the second action above always fails
exec:
script: notify-send "Everything went successfully"
- name: Send notification regardless
if: always()
exec:
script: notify-send "a Pod config was created"
Defaulting Parameters
delete-kubernetes-pod.yamlapiVersion:
mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: edit
spec:
title: 'Edit Kustomize Resource'
icon: flux
parameters:
- default: 'chore: update $(.config.type)/$(.config.name)'
name: commit_message
Go Templating
When templating actions with Go Templates, the context variables are available as fields of the template's context object . eg .config, .user.email
Templating Actions
delete-kubernetes-pod.yamlapiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: scale-deployment
spec:
description: Scale Deployment
configs:
- types:
- Kubernetes::Deployment
parameters:
- name: replicas
label: The new desired number of replicas.
actions:
- name: kubectl scale
exec:
script: |
kubectl scale --replicas={{.params.replicas}} \
--namespace={{.config.tags.namespace}} \
deployment {{.config.name}}
Functions
| Function | Description | Return |
|---|---|---|
getLastAction() | Returns the result of the action that just run | Action Specific |
getAction({action}) | Return the result of a specific action | Action Specific |
Reusing Action Results
action-results.yamlapiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: use-previous-action-result
spec:
description: Creates a file with the content of the config
configs:
- types:
- Kubernetes::Pod
actions:
- name: Fetch all changes
sql:
query: SELECT id FROM config_changes WHERE config_id = '{{.config.id}}'
driver: postgres
connection: connection://postgres/local
- name: Send notification
if: 'last_result().count > 0'
notification:
title: 'Changes summary for {{.config.name}}'
connection: connection://slack/flanksource
message: |
{{$rows:=index last_result "count"}}
Found {{$rows}} changes