core/modules/run.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

#!/bin/bash
# Module: run
# Description: Ejecuta comandos remotos vía SSH, con soporte para vault y sudo
# License: GPLv3
# Author: Luis GuLo
# Version: 2.0.0
# Dependencies: ssh, core/utils/vault_utils.sh

# Detectar raíz del proyecto si no está definida
PROJECT_ROOT="${SHFLOW_HOME:-$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)}"

# Cargar utilidades
source "$PROJECT_ROOT/core/utils/vault_utils.sh"

run_task() {
  local host="$1"; shift
  declare -A args

  while [[ "$#" -gt 0 ]]; do
    case "$1" in
      *=*)
        key="${1%%=*}"
        value="${1#*=}"
        args["$key"]="$value"
        ;;
    esac
    shift
  done

  local command="${args[command]}"
  local become="${args[become]:-}"
  local vault_key="${args[vault_key]:-}"

  local prefix=""
  [ "$become" = "true" ] && prefix="sudo"

  # 🌐 Cargar traducciones
  local lang="${shflow_vars[language]:-es}"
  local trfile="$(dirname "${BASH_SOURCE[0]}")/run.tr.${lang}"
  declare -A tr
  if [[ -f "$trfile" ]]; then
    while IFS='=' read -r k v; do tr["$k"]="$val"; done < "$trfile"
  fi

  # 🧠 Comandos que no deben ejecutarse con sudo
  local safe_cmds=("echo" "true" "false" "command" "which" "exit" "test")
  local first_cmd="${command%% *}"
  for safe in "${safe_cmds[@]}"; do
    if [[ "$first_cmd" == "$safe" ]]; then
      prefix=""
      break
    fi
  done

  # 🔁 Interpolación de variables ShFlow
  for var in $(compgen -A variable | grep '^shflow_vars_'); do
    key="${var#shflow_vars_}"
    value="${!var}"
    command="${command//\{\{ $key \}\}/$value}"
  done

  echo "$(render_msg "${tr[start]}" "host=$host" "command=$command" "prefix=$prefix")"

  if [ -n "$vault_key" ]; then
    local secret
    secret=$(get_secret "$vault_key") || {
      echo "$(render_msg "${tr[vault_fail]}" "vault_key=$vault_key")"
      return 1
    }
    ssh "$host" "$prefix TOKEN='$secret' $command"
  else
    ssh "$host" "$prefix $command"
  fi
}

check_dependencies_run() {
  local lang="${shflow_vars[language]:-es}"
  local trfile="$(dirname "${BASH_SOURCE[0]}")/run.tr.${lang}"
  declare -A tr
  if [[ -f "$trfile" ]]; then
    while IFS='=' read -r k v; do tr["$k"]="$v"; done < "$trfile"
  fi

  if ! command -v ssh &> /dev/null; then
    echo "${tr[missing_deps]:-❌ [run] ssh no está disponible.}"
    return 1
  fi
  echo "${tr[deps_ok]:-✅ [run] ssh disponible.}"
  return 0
}