Makefile

# ONF Ansbile Makefile
#
# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
# SPDX-License-Identifier: Apache-2.0

# Use bash for pushd/popd, and to fail quickly.
# No -u as virtualenv activate script has undefined vars
SHELL = bash -e -o pipefail

# tooling
VIRTUALENV        ?= python -m venv

# ansible files is all top-level playbooks
ANSIBLE_PLAYBOOKS ?= $(wildcard *.yml)
ANSIBLE_ROLES     ?= $(wildcard roles/*)

# YAML files, excluding venv and cookiecutter directories
YAML_FILES        ?= $(shell find . -type d \( -path "./venv_onfansible" -o -path "./cookiecutters" -o -path "./ansible_collections" -o -path "./roles" \) -prune -o -type f \( -name '*.yaml' -o -name '*.yml' \) -print )

# all files with extensions
PYTHON_FILES      ?= $(wildcard filter_plugins/*.py lint_rules/*.py cookiecutters/*/hooks/*.py roles/*/filter_plugins/*.py)

.DEFAULT_GOAL := help
.PHONY: test lint yamllint ansiblelint license help

# Create the virtualenv with all the tools installed
VENV_NAME = venv_onfansible

$(VENV_NAME): requirements.txt
	$(VIRTUALENV) $@ ;\
  source ./$@/bin/activate ; set -u ;\
  python -m pip install --upgrade pip;\
  python -m pip install -r requirements.txt
	echo "To enter virtualenv, run 'source $@/bin/activate'"

galaxy: $(VENV_NAME) galaxy.yml ## Download ansible galaxy provided collection and roles
	source ./$</bin/activate ; set -u ;\
	ansible-galaxy collection install -r galaxy.yml

license: $(VENV_NAME) ## Check license with the reuse tool
	source ./$</bin/activate ; set -u ;\
  reuse --version ;\
  reuse --root . lint

# Cookiecutter tests
test: yamllint ansiblelint flake8 pylint black ## run all standard tests

yamllint: $(VENV_NAME) ## lint YAML format using yamllint
	source ./$</bin/activate ; set -u ;\
  yamllint --version ;\
  yamllint \
	-d "{extends: default, rules: {line-length: {max: 99}}}" \
    -s $(YAML_FILES)

ansiblelint: $(VENV_NAME) ## lint ansible-specific format using ansible-lint
	source ./$</bin/activate ; set -u ;\
  ansible-lint --version ;\
  ansible-lint -R -v $(ANSIBLE_PLAYBOOKS) $(ANSIBLE_ROLES)

flake8: $(VENV_NAME) ## check python formatting with flake8
	source ./$</bin/activate ; set -u ;\
  flake8 --version ;\
  flake8 --max-line-length 99 $(PYTHON_FILES)

pylint: $(VENV_NAME) ## pylint check for python 3 compliance
	source ./$</bin/activate ; set -u ;\
  pylint --version ;\
  pylint --py3k $(PYTHON_FILES)

black: $(VENV_NAME) ## run black on python files in check mode
	source ./$</bin/activate ; set -u ;\
  black --version ;\
  black --check $(PYTHON_FILES)

blacken: $(VENV_NAME) ## run black on python files to reformat
	source ./$</bin/activate ; set -u ;\
  black --version ;\
  black $(PYTHON_FILES)

# Password generation for use with ansible
# from: https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module
# Ref on supported crypt types per OS: https://passlib.readthedocs.io/en/stable/modular_crypt_format.html#os-defined-hashes

# sha512 linux passwords
sha512_passwd: $(VENV_NAME)
	source ./$</bin/activate ; set -u ;\
  python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))"

# bcrypt openbsd passwords, per https://man.openbsd.org/crypt.3
bcrypt_passwd: $(VENV_NAME)
	source ./$</bin/activate ; set -u ;\
  python -c "from passlib.hash import bcrypt; import getpass; print(bcrypt.using(rounds=8).hash(getpass.getpass()))"

passwd: $(VENV_NAME) ## encrypt a password using required formats
	source ./$</bin/activate ; set -u ;\
  python -c "from passlib.hash import bcrypt,sha512_crypt; import getpass; pw=getpass.getpass(); print('bcrypt: %s\nsha512crypt: %s' % (bcrypt.using(rounds=8).hash(pw), sha512_crypt.using(rounds=5000).hash(pw)))"

clean:
	rm -rf $(VENV_NAME) ansible_collections

help: ## Print help for each target
	@echo infra-playbooks make targets
	@echo
	@grep '^[[:alnum:]_-]*:.* ##' $(MAKEFILE_LIST) \
    | sort | awk 'BEGIN {FS=":.* ## "}; {printf "%-25s %s\n", $$1, $$2};'