From 715090ec7c579c9219d98e2392741741a02516ae Mon Sep 17 00:00:00 2001
From: Juan Ferrer Toribio <juan@verdnatura.es>
Date: Tue, 4 Feb 2025 12:08:48 +0100
Subject: [PATCH] refs #8025 Local host vars

---
 .gitignore      |  5 +++++
 README.md       | 16 ++++++++++++----
 run-playbook.sh | 22 ++++++++++++++++++++++
 3 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index f71c7f0..18daa11 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,9 @@
 .vault.yml
 .passbolt.yml
 inventories/local
+inventories/local-*
+inventories/*/local-*.yml
+inventories/*/local-*.yaml
+inventories/host_vars/*.local.yml
+inventories/host_vars/*.local.yaml
 venv
diff --git a/README.md b/README.md
index 3aeee33..dbfddfc 100644
--- a/README.md
+++ b/README.md
@@ -40,10 +40,7 @@ ansible-galaxy collection install -r collections/requirements.yml
 
 ## Run playbook
 
-Before merging changes into protected branches, playbooks should be tested 
-locally to ensure they work properly. The *inventories/local* inventory is not 
-uploaded to the repository and can be used for local testing. In any case, it 
-is advisable to use a different repository to store inventories.
+It is advisable to use a different repository to store inventories.
 
 Run playbook on inventory host.
 ```
@@ -62,6 +59,17 @@ List available tags for playbook.
 ansible-playbook playbooks/<playbook_name>.yml --list-tags
 ```
 
+## Playbook testing
+
+Before merging changes into protected branches, playbooks should be tested 
+locally to ensure they work properly. The following file patterns are in 
+*.gitignore* and can be used for local testing:
+
+* Inventory: `inventories/local` or `inventories/local-*`
+* Host vars: `local-[hostname].{yml|yaml}` or `[hostname].local.{yml|yaml}`
+  (Only when *run-playbook.sh* is used)
+* Group vars: `local-[group].{yml|yaml}`
+
 ## Manage secrets
 
 Secrets can be managed by using Ansible vault or an external keystore, Passbolt 
diff --git a/run-playbook.sh b/run-playbook.sh
index 23f5d6a..de94a02 100755
--- a/run-playbook.sh
+++ b/run-playbook.sh
@@ -2,12 +2,34 @@
 
 EXTRA_ARGS=()
 
+OPTSTRING="i:l:"
+while getopts ${OPTSTRING} opt; do
+  case ${opt} in
+    i)
+      INVENTORY="$OPTARG"
+      ;;
+    l)
+      LIMIT="$OPTARG"
+      ;;
+  esac
+done
+
 if [ -f .passbolt.yml ]; then
     EXTRA_ARGS+=("--extra-vars" "@.passbolt.yml")
 fi
 if [ -f .vault-pass ]; then
     EXTRA_ARGS+=("--vault-password-file" ".vault-pass")
 fi
+if [[ -n "${LIMIT:-}" && -n "${INVENTORY:-}" ]]; then
+    INVENTORY_DIR=$(dirname "$INVENTORY")
+    LOCAL_HOST_VARS="$INVENTORY_DIR/host_vars/$LIMIT.local"
+    if [ -f "$LOCAL_HOST_VARS.yml" ]; then
+        EXTRA_ARGS+=("--extra-vars" "@$LOCAL_HOST_VARS.yml")
+    fi
+    if [ -f "$LOCAL_HOST_VARS.yaml" ]; then
+        EXTRA_ARGS+=("--extra-vars" "@$LOCAL_HOST_VARS.yaml")
+    fi
+fi
 
 #export PYTHONPATH=./venv/lib/python3.12/site-packages/
 ansible-playbook ${EXTRA_ARGS[@]} $@