Skip to main content

Exec Action

Exec action allows you to executes a command or a script file on the target host. The type of scripts executed include:

  • Bash scripts
  • Powershell scripts
scale-deployment.yaml
apiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: scale-deployment
spec:
description: Scale Deployment
configs:
- types:
- Kubernetes::Deployment
parameters:
- name: replicas
label: The new desired number of replicas.
actions:
- name: kubectl scale
exec:
script: |
kubectl scale --replicas={{.params.replicas}} \
--namespace={{.config.tags.namespace}} \
deployment {{.config.name}}
FieldDescriptionScheme
name*

Step Name

string

script*

The script to execute

string

artifacts

Artifacts produced by the action

Artifacts

checkout

Checkout a git repository before running the script

Checkout

connections

Connections used by the action

Connections

env

Environment variables to set during execution

[]EnvVar

delay

A delay before running the action e.g. 8h

Duration or CEL with Playbook Context

filter

Conditionally run an action

CEL with Playbook Context

runsOn

Which runner (agent) to run the action on

[]Agent

templatesOn

Where templating (and secret management) of actions should occur

host or agent

timeout

Timeout on this action.

Duration

Templating

Scripts are templatable with Go Templates

exec:
script: kubectl rollout release deployment -n $(.config.tags.namespace) $(.conf
Switching scripting language

Use a shebang (#!) line to choose a different shell (python, bash and pwsh are included in the base image)

exec:
script: |
#! pwsh
Get-Items | ConvertTo-JSON
Escaping templates in Helm Charts

If you need to pass a template through a Helm Chart and prevent Helm from templating you need to escape it:

{{`{{ .secret }}`}}

Alternatively change the templating delimiters

Multiline handling with YAML

If you are using a YAML multiline string use | and not > which will strip newlines

Instead of:

exec:
script: >
#! pwsh
Get-Items | ConvertTo-JSON

Do this:

exec:
script: |
#! pwsh
Get-Items | ConvertTo-JSON
Changing templating delimiters

The template delimiters can be changed from the defaults of $() and {{}} with gotemplate comments

exec:
script: |
#! pwsh
# gotemplate: left-delim=$[[ right-delim=]]
$message = "$[[.config.name]]"
Write-Host "{{ $message }}"
Write-Host @{ Number = 1; Shape = "Square"; Color = "Blue"} | ConvertTo-JSON

Connections

Exec connections allow you to specify credentials for a list of CLI tools that are needed by your scripts. Eg: You can specify the AWS connection name and the credential files along with the necessary environment variables will be setup on the host running the script.

FieldDescriptionTypeRequired
awsAWS connectionAWSConnection
gcpGCP connectionGCPConnection
azureAzure connectionAzureConnection

Artifacts

exec-artifact.yaml
apiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: exec-artifact
spec:
description: Simple script to generate an artifact
configs:
- types:
- EC2 Instance
labelSelector: "telemetry=enabled"
actions:
- name: 'Generate artifact'
exec:
script: echo "hello world" > /tmp/output.txt
artifacts:
- path: /tmp/output.txt

FieldDescriptionTypeRequired
pathPath or glob.stringtrue

Git Checkout

exec-checkout.yaml
apiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: read-git-repository
spec:
description: Clones the git repository and reads the first line of the file
configs:
- types:
- AWS::EKS::Cluster
actions:
- name: Clone and read go.sum
exec:
script: head -n 1 $READ_FILE
env:
- name: READ_FILE
value: go.sum
checkout:
url: https://github.com/flanksource/artifacts
connection: connection://github/aditya-all-access



FieldDescriptionScheme
destination

Destination is the full path to where the contents of the URL should be downloaded to. If left empty, the sha256 hash of the URL will be used as the dir name

connection

The connection url to use, mutually exclusive with username and password

Connection

url

If connection is specified and it also includes a url, this field will take precedence

string

certificate

EnvVar

username

EnvVar

password

EnvVar

Action Result

FieldDescriptionSchema
stdoutstring
stderrstring
exitCodeProcess exit codeint

Templating

CEL Expressions

The following variables can be used within the CEL expressions of filter, if, delays and parameters.default:

FieldDescriptionSchema
configConfig passed to the playbookConfigItem
componentComponent passed to the playbookComponent
checkCanary Check passed to the playbookCheck
playbookPlaybook passed to the playbookPlaybook
runCurrent runRun
paramsUser provided parameters to the playbookmap[string]any
requestWebhook requestWebhook Request
envEnvironment variables defined on the playbookmap[string]any
user.nameName of the user who invoked the actionstring
user.emailEmail of the user who invoked the actionstring
agent.idID of the agent the resource belongs to.string
agent.nameName of the agent the resource belongs to.string
Conditionally Running Actions

Playbook actions can be selectively executed based on CEL expressions. These expressions must either return

  • a boolean value (true indicating run the action & skip the action otherwise)
  • or a special function among the ones listed below
FunctionDescription
always()run no matter what; even if the playbook is cancelled/fails
failure()run if any of the previous actions failed
skip()skip running this action
success()run only if all previous actions succeeded (default)
timeout()run only if any of the previous actions timed out
delete-kubernetes-pod.yaml
---
apiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: notify-send-with-filter
spec:
parameters:
- name: message
label: The message for notification
default: '{{.config.name}}'
configs:
- types:
- Kubernetes::Pod
actions:
- name: Send notification
exec:
script: notify-send "{{.config.name}} was created"
- name: Bad script
exec:
script: deltaforce
- name: Send all success notification
if: success() # this filter practically skips this action as the second action above always fails
exec:
script: notify-send "Everything went successfully"
- name: Send notification regardless
if: always()
exec:
script: notify-send "a Pod config was created"
Defaulting Parameters
delete-kubernetes-pod.yaml
apiVersion:
mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: edit
spec:
title: 'Edit Kustomize Resource'
icon: flux
parameters:
- default: 'chore: update $(.config.type)/$(.config.name)'
name: commit_message

Go Templating

When templating actions with Go Templates, the context variables are available as fields of the template's context object . eg .config, .user.email

Templating Actions
delete-kubernetes-pod.yaml
apiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: scale-deployment
spec:
description: Scale Deployment
configs:
- types:
- Kubernetes::Deployment
parameters:
- name: replicas
label: The new desired number of replicas.
actions:
- name: kubectl scale
exec:
script: |
kubectl scale --replicas={{.params.replicas}} \
--namespace={{.config.tags.namespace}} \
deployment {{.config.name}}

Functions

FunctionDescriptionReturn
getLastAction()Returns the result of the action that just runAction Specific
getAction({action})Return the result of a specific actionAction Specific
Reusing Action Results
action-results.yaml
apiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
name: use-previous-action-result
spec:
description: Creates a file with the content of the config
configs:
- types:
- Kubernetes::Pod
actions:
- name: Fetch all changes
sql:
query: SELECT id FROM config_changes WHERE config_id = '{{.config.id}}'
driver: postgres
connection: connection://postgres/local
- name: Send notification
if: 'last_result().count > 0'
notification:
title: 'Changes summary for {{.config.name}}'
connection: connection://slack/flanksource
message: |
{{$rows:=index last_result "count"}}
Found {{$rows}} changes