search

mondoohq / cnquery

open source, cloud-native, graph-based asset inventory
https://cnquery.io
Other
305 stars 20 forks source link

Fail better in ansible provider when provided non-ansible code #4186

Open tas50 opened 4 months ago

tas50 commented 4 months ago

Describe the bug Today if you try to scan YAML that's not necessary a playbook the provider throws unmarshall errors. We should validate the code to some degree and throw a friendly error message if we can't parse the code.

Example where I scan defaults/main.yml from our ansible role:

cnspec scan ansible main.yml
→ found a new version for 'ansible' provider installed=10.0.0 latest=11.0.0
→ successfully installed ansible provider path=/Users/tsmith/.config/mondoo/providers/ansible version=11.0.0
→ loaded configuration from /Users/tsmith/.config/mondoo/mondoo.yml using source default
→ using service account credentials
→ discover related assets for 1 asset(s)
x unable to create runtime for asset error="rpc error: code = Unknown desc = yaml: unmarshal errors:\n  line 7: cannot unmarshal !!map into play.Playbook" asset=
Asset:
-------

error: rpc error: code = Unknown desc = yaml: unmarshal errors:
  line 7: cannot unmarshal !!map into play.Playbook
benr commented 3 weeks ago

Raising this, there are parse errors in valid YAML, eg:

$ cnquery shell ansible playbook.yml 
→ no Mondoo configuration file provided, using defaults
x unable to create runtime for asset error="rpc error: code = Unknown desc = yaml: unmarshal errors:\n  line 15: cannot unmarshal !!seq into map[string]interface {}" asset=
FTL could not find an asset that we can connect to

$ yamllint playbook.yml 
playbook.yml
  3:11      warning  truthy value should be one of [false, true]  (truthy)
  9:8       warning  missing starting space in comment  (comments)
  9:7       warning  comment not indented like content  (comments-indentation)
  10:8      warning  missing starting space in comment  (comments)
  23:81     error    line too long (131 > 80 characters)  (line-length)
  45:81     error    line too long (115 > 80 characters)  (line-length)
  50:81     error    line too long (83 > 80 characters)  (line-length)
  94:81     error    line too long (140 > 80 characters)  (line-length)

Tested with https://github.com/mondoohq/private-runners/blob/main/playbook.yml

The offending YAML for my case is:

 - registration_token: "{{ lookup('env','MONDOO_TOKEN') }}"