{"resources":{"ansible":{"id":"ansible","name":"ansible","fields":{"collection":{"name":"collection","type":"\u001bansible.collection","title":"Collection vendored in the project","desc":"Examine a collection installed under collections/ansible_collections/. The `name` is the fully qualified `namespace.name` and selects the collection; `version` and `path` describe which revision is installed and where. Comparing these against the project's requirements reveals dependency drift.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"config":{"name":"config","type":"\u001bansible.config","title":"Ansible configuration file","desc":"Examine the project's ansible.cfg. The full file is available as `sections`, and the security-relevant settings are surfaced directly with Ansible's documented defaults applied: whether SSH host-key checking is enabled and whether privilege escalation is on by default.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"galaxy":{"name":"galaxy","type":"\u001bansible.galaxy","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"handler":{"name":"handler","type":"\u001bansible.handler","title":"Ansible handler triggered by task notifications","desc":"Examine the name a task references via `notify` and the module action the handler runs once at the end of a play when notified.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"inventory":{"name":"inventory","type":"\u001bansible.inventory","title":"Ansible inventory","desc":"Examine the project's static inventory: the groups and hosts it defines and the variables that apply to each, merged from inventory files and the group_vars/ and host_vars/ directories. Dynamic inventory plugins are not evaluated.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"play":{"name":"play","type":"\u001bansible.play","title":"Ansible play within a playbook","desc":"Examine which hosts a play targets, which user it connects as, whether it uses become / sudo (and to which user via which method), the fact-gathering policy, the failure-handling strategy (max_fail_percentage, any_errors_fatal, ignore_unreachable), and the variables, roles, tasks, and handlers it declares.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"playbook":{"name":"playbook","type":"\u001bansible.playbook","title":"Ansible playbook file","desc":"Examine a single playbook file within a project. The `path` selects the file and `plays` exposes the plays it defines — for example `ansible.project.playbooks.where(path == /site.yml/).first.plays`.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"plays":{"name":"plays","type":"\u0019\u001bansible.play","title":"Plays defined in the playbook","provider":"go.mondoo.com/mql/v13/providers/ansible"},"plugin":{"name":"plugin","type":"\u001bansible.plugin","title":"Custom module or plugin in the project","desc":"Examine custom code shipped inside the project — modules, module utilities, and plugins (filter, lookup, action, callback, and so on). This is code that executes during a run, so it forms part of the project's supply chain. The `name` is the file name without extension and `type` is the plugin type.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"project":{"name":"project","type":"\u001bansible.project","title":"Ansible project directory","desc":"Entry point for static analysis of a whole Ansible project, rather than a single playbook file. Discovers the project's playbooks, roles, inventory and host/group variables, Galaxy requirements, ansible.cfg, and vault-encrypted files, so audits can reason across the entire codebase without executing anything against an inventory. Populated only when the provider is pointed at a directory; a single file path yields the playbook model through the `ansible` resource instead.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"role":{"name":"role","type":"\u001bansible.role","title":"Ansible role","desc":"Examine a reusable role defined under the project's roles/ directory: the tasks and handlers it runs, the default and role-scoped variables it sets, its meta information (galaxy_info, minimum Ansible version), the roles it depends on, and the templates and files it ships. The `name` selects the role — for example `ansible.project.roles.where(name == \"nginx\").first`.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"task":{"name":"task","type":"\u001bansible.task","title":"Ansible task within a play or block","desc":"Examine the module action and arguments, conditional execution (when / failed_when / changed_when), task-level variables, registered output, the handlers it notifies, any imported / included playbooks or task files, and nested block / rescue tasks for error handling.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"vault":{"name":"vault","type":"\u001bansible.vault","title":"Ansible vault encryption usage","desc":"Examine where the project relies on Ansible Vault: fully encrypted files and individual variables encrypted inline with a `!vault` tag. Contents are never decrypted during static analysis, so each entry reports only its location and the metadata carried in the vault header.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true}},"title":"Ansible playbook","desc":"Entry point for static analysis of an Ansible playbook file. Exposes the list of plays so audits can inspect what each play targets, what privileges it escalates to, and which tasks and handlers it runs — without executing the playbook against any inventory.","min_provider_version":"10.0.0","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.collection":{"id":"ansible.collection","name":"ansible.collection","fields":{"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Fully qualified collection name (namespace.name)","provider":"go.mondoo.com/mql/v13/providers/ansible"},"namespace":{"name":"namespace","type":"\u0007","is_mandatory":true,"title":"Collection namespace","provider":"go.mondoo.com/mql/v13/providers/ansible"},"path":{"name":"path","type":"\u0007","is_mandatory":true,"title":"Absolute path of the installed collection","provider":"go.mondoo.com/mql/v13/providers/ansible"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"title":"Installed version","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Collection vendored in the project","desc":"Examine a collection installed under collections/ansible_collections/. The `name` is the fully qualified `namespace.name` and selects the collection; `version` and `path` describe which revision is installed and where. Comparing these against the project's requirements reveals dependency drift.","min_provider_version":"13.1.2","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.config":{"id":"ansible.config","name":"ansible.config","fields":{"become":{"name":"become","type":"\u0004","is_mandatory":true,"title":"Whether privilege escalation is enabled by default","provider":"go.mondoo.com/mql/v13/providers/ansible"},"becomeUser":{"name":"becomeUser","type":"\u0007","is_mandatory":true,"title":"Default user to become for privilege escalation","provider":"go.mondoo.com/mql/v13/providers/ansible"},"hostKeyChecking":{"name":"hostKeyChecking","type":"\u0004","is_mandatory":true,"title":"Whether SSH host-key checking is enabled (defaults to true when unset)","provider":"go.mondoo.com/mql/v13/providers/ansible"},"path":{"name":"path","type":"\u0007","is_mandatory":true,"title":"Absolute path of the ansible.cfg file","provider":"go.mondoo.com/mql/v13/providers/ansible"},"sections":{"name":"sections","type":"\u001a\u0007\n","is_mandatory":true,"title":"All configuration sections and their key/value pairs","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Ansible configuration file","desc":"Examine the project's ansible.cfg. The full file is available as `sections`, and the security-relevant settings are surfaced directly with Ansible's documented defaults applied: whether SSH host-key checking is enabled and whether privilege escalation is on by default.","min_provider_version":"13.1.2","defaults":"path","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.galaxy":{"id":"ansible.galaxy","fields":{"collection":{"name":"collection","type":"\u001bansible.galaxy.collection","title":"Ansible Galaxy collection requirement","desc":"Examine a single external collection dependency declared in requirements.yml. The `name` selects the entry; `version`, `source`, and `type` describe which revision is pinned and where the collection is fetched from.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"manifest":{"name":"manifest","type":"\u001bansible.galaxy.manifest","title":"Ansible collection manifest","desc":"Examine the project's own galaxy.yml, present when the project is itself an Ansible collection. Reports the collection's namespace, name, and version.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"requirements":{"name":"requirements","type":"\u001bansible.galaxy.requirements","title":"Ansible Galaxy requirements","desc":"Examine the external roles and collections a project pulls in through its requirements.yml — the supply chain of third-party Ansible content, with the source and pinned version of each dependency.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"role":{"name":"role","type":"\u001bansible.galaxy.role","title":"Ansible Galaxy role requirement","desc":"Examine a single external role dependency declared in requirements.yml. The `name` selects the entry; `src`, `version`, and `scm` describe where the role is fetched from and which revision is pinned.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true}},"is_extension":true},"ansible.galaxy.collection":{"id":"ansible.galaxy.collection","name":"ansible.galaxy.collection","fields":{"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Collection name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"source":{"name":"source","type":"\u0007","is_mandatory":true,"title":"Source the collection is fetched from (for example a Galaxy server URL)","provider":"go.mondoo.com/mql/v13/providers/ansible"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Dependency type (for example galaxy, git, file, or url)","provider":"go.mondoo.com/mql/v13/providers/ansible"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"title":"Pinned version or version range","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Ansible Galaxy collection requirement","desc":"Examine a single external collection dependency declared in requirements.yml. The `name` selects the entry; `version`, `source`, and `type` describe which revision is pinned and where the collection is fetched from.","min_provider_version":"13.1.2","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.galaxy.manifest":{"id":"ansible.galaxy.manifest","name":"ansible.galaxy.manifest","fields":{"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Collection name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"namespace":{"name":"namespace","type":"\u0007","is_mandatory":true,"title":"Collection namespace","provider":"go.mondoo.com/mql/v13/providers/ansible"},"path":{"name":"path","type":"\u0007","is_mandatory":true,"title":"Absolute path of the galaxy.yml file","provider":"go.mondoo.com/mql/v13/providers/ansible"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"title":"Collection version","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Ansible collection manifest","desc":"Examine the project's own galaxy.yml, present when the project is itself an Ansible collection. Reports the collection's namespace, name, and version.","min_provider_version":"13.1.2","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.galaxy.requirements":{"id":"ansible.galaxy.requirements","name":"ansible.galaxy.requirements","fields":{"collections":{"name":"collections","type":"\u0019\u001bansible.galaxy.collection","title":"External collections required by the project","provider":"go.mondoo.com/mql/v13/providers/ansible"},"path":{"name":"path","type":"\u0007","is_mandatory":true,"title":"Absolute path of the requirements file","provider":"go.mondoo.com/mql/v13/providers/ansible"},"roles":{"name":"roles","type":"\u0019\u001bansible.galaxy.role","title":"External roles required by the project","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Ansible Galaxy requirements","desc":"Examine the external roles and collections a project pulls in through its requirements.yml — the supply chain of third-party Ansible content, with the source and pinned version of each dependency.","min_provider_version":"13.1.2","defaults":"path","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.galaxy.role":{"id":"ansible.galaxy.role","name":"ansible.galaxy.role","fields":{"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Role name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"scm":{"name":"scm","type":"\u0007","is_mandatory":true,"title":"Source control system used to fetch the role (for example git)","provider":"go.mondoo.com/mql/v13/providers/ansible"},"src":{"name":"src","type":"\u0007","is_mandatory":true,"title":"Source of the role (Galaxy name, Git URL, or tarball URL)","provider":"go.mondoo.com/mql/v13/providers/ansible"},"version":{"name":"version","type":"\u0007","is_mandatory":true,"title":"Pinned version, tag, or branch","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Ansible Galaxy role requirement","desc":"Examine a single external role dependency declared in requirements.yml. The `name` selects the entry; `src`, `version`, and `scm` describe where the role is fetched from and which revision is pinned.","min_provider_version":"13.1.2","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.handler":{"id":"ansible.handler","name":"ansible.handler","fields":{"action":{"name":"action","type":"\n","is_mandatory":true,"title":"Module and arguments to execute","provider":"go.mondoo.com/mql/v13/providers/ansible"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Handler name (referenced in notify)","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Ansible handler triggered by task notifications","desc":"Examine the name a task references via `notify` and the module action the handler runs once at the end of a play when notified.","min_provider_version":"10.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.inventory":{"id":"ansible.inventory","name":"ansible.inventory","fields":{"group":{"name":"group","type":"\u001bansible.inventory.group","title":"Group of hosts in an Ansible inventory","desc":"Examine a named inventory group: its member hosts, child groups, and the variables applied to the group (from `[group:vars]` sections, YAML `vars`, or group_vars/). The `name` selects the group — for example `ansible.inventory.groups.where(name == \"webservers\").first`.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"groups":{"name":"groups","type":"\u0019\u001bansible.inventory.group","title":"Groups defined in the inventory","provider":"go.mondoo.com/mql/v13/providers/ansible"},"host":{"name":"host","type":"\u001bansible.inventory.host","title":"Host in an Ansible inventory","desc":"Examine a single inventory host: the groups it belongs to and the variables applied to it (from inline inventory variables or host_vars/). The `name` selects the host — for example `ansible.inventory.hosts.where(name == \"web1.example.com\").first`.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"hosts":{"name":"hosts","type":"\u0019\u001bansible.inventory.host","title":"Hosts defined in the inventory","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Ansible inventory","desc":"Examine the project's static inventory: the groups and hosts it defines and the variables that apply to each, merged from inventory files and the group_vars/ and host_vars/ directories. Dynamic inventory plugins are not evaluated.","min_provider_version":"13.1.2","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.inventory.group":{"id":"ansible.inventory.group","name":"ansible.inventory.group","fields":{"children":{"name":"children","type":"\u0019\u0007","is_mandatory":true,"title":"Names of child groups","provider":"go.mondoo.com/mql/v13/providers/ansible"},"hosts":{"name":"hosts","type":"\u0019\u0007","is_mandatory":true,"title":"Names of hosts that belong to the group","provider":"go.mondoo.com/mql/v13/providers/ansible"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Group name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"vars":{"name":"vars","type":"\u001a\u0007\n","is_mandatory":true,"title":"Variables applied to the group","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Group of hosts in an Ansible inventory","desc":"Examine a named inventory group: its member hosts, child groups, and the variables applied to the group (from `[group:vars]` sections, YAML `vars`, or group_vars/). The `name` selects the group — for example `ansible.inventory.groups.where(name == \"webservers\").first`.","min_provider_version":"13.1.2","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.inventory.host":{"id":"ansible.inventory.host","name":"ansible.inventory.host","fields":{"groups":{"name":"groups","type":"\u0019\u0007","is_mandatory":true,"title":"Names of groups the host belongs to","provider":"go.mondoo.com/mql/v13/providers/ansible"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Host name as it appears in the inventory","provider":"go.mondoo.com/mql/v13/providers/ansible"},"vars":{"name":"vars","type":"\u001a\u0007\n","is_mandatory":true,"title":"Variables applied to the host","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Host in an Ansible inventory","desc":"Examine a single inventory host: the groups it belongs to and the variables applied to it (from inline inventory variables or host_vars/). The `name` selects the host — for example `ansible.inventory.hosts.where(name == \"web1.example.com\").first`.","min_provider_version":"13.1.2","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.play":{"id":"ansible.play","name":"ansible.play","fields":{"anyErrorsFatal":{"name":"anyErrorsFatal","type":"\u0004","is_mandatory":true,"title":"Whether any task failure aborts the play","provider":"go.mondoo.com/mql/v13/providers/ansible"},"become":{"name":"become","type":"\u0004","is_mandatory":true,"title":"Become flag","provider":"go.mondoo.com/mql/v13/providers/ansible"},"becomeFlags":{"name":"becomeFlags","type":"\u0007","is_mandatory":true,"title":"Additional flags for become method","provider":"go.mondoo.com/mql/v13/providers/ansible"},"becomeMethod":{"name":"becomeMethod","type":"\u0007","is_mandatory":true,"title":"Become method","provider":"go.mondoo.com/mql/v13/providers/ansible"},"becomeUser":{"name":"becomeUser","type":"\u0007","is_mandatory":true,"title":"User to become (e.g., root)","provider":"go.mondoo.com/mql/v13/providers/ansible"},"collections":{"name":"collections","type":"\u0019\u0007","is_mandatory":true,"title":"Collection search order for unqualified module names","min_provider_version":"13.1.2","provider":"go.mondoo.com/mql/v13/providers/ansible"},"environment":{"name":"environment","type":"\u001a\u0007\n","is_mandatory":true,"title":"Environment variables applied to every task in the play","min_provider_version":"13.1.2","provider":"go.mondoo.com/mql/v13/providers/ansible"},"gatherFacts":{"name":"gatherFacts","type":"\u0007","is_mandatory":true,"title":"Whether to gather facts about remote hosts","min_provider_version":"11.0.120","provider":"go.mondoo.com/mql/v13/providers/ansible"},"handlers":{"name":"handlers","type":"\u0019\u001bansible.handler","title":"Handlers triggered by notify","provider":"go.mondoo.com/mql/v13/providers/ansible"},"hosts":{"name":"hosts","type":"\n","is_mandatory":true,"title":"Target hosts or host groups","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ignoreUnreachable":{"name":"ignoreUnreachable","type":"\u0004","is_mandatory":true,"title":"Whether to ignore unreachable hosts","provider":"go.mondoo.com/mql/v13/providers/ansible"},"maxFailPercentage":{"name":"maxFailPercentage","type":"\u0005","is_mandatory":true,"title":"Max percentage of failed hosts before aborting","provider":"go.mondoo.com/mql/v13/providers/ansible"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Play name displayed during execution","provider":"go.mondoo.com/mql/v13/providers/ansible"},"postTasks":{"name":"postTasks","type":"\u0019\u001bansible.task","title":"Tasks executed after roles and tasks","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/ansible"},"preTasks":{"name":"preTasks","type":"\u0019\u001bansible.task","title":"Tasks executed before roles","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/ansible"},"remoteUser":{"name":"remoteUser","type":"\u0007","is_mandatory":true,"title":"User for the connection","provider":"go.mondoo.com/mql/v13/providers/ansible"},"roleApplication":{"name":"roleApplication","type":"\u001bansible.play.roleApplication","title":"Role applied by a play","desc":"Examine how a play applies a role: the role name, the conditional (`when`) and tags that gate the application, the variables passed to the role at the call site, and the resolved role itself for traversal into its tasks and dependencies.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"roleApplications":{"name":"roleApplications","type":"\u0019\u001bansible.play.roleApplication","title":"Roles applied by this play, with their application directives","desc":"Each application carries the directives supplied at the call site (when, tags, vars) alongside the resolved role, so a play that applies a role conditionally or with parameters can be audited. The resolved role is empty when analyzing a standalone playbook file outside a project.","min_provider_version":"13.1.2","provider":"go.mondoo.com/mql/v13/providers/ansible"},"roles":{"name":"roles","type":"\u0019\u0007","is_mandatory":true,"title":"Names of roles applied by the play","provider":"go.mondoo.com/mql/v13/providers/ansible"},"serial":{"name":"serial","type":"\n","is_mandatory":true,"title":"Batch size for the play","desc":"Value supplied to the `serial:` keyword. Limits how many hosts run the play at once. Can be an integer (for example `3`), a percentage string (for example `\"30%\"`), or a list mixing both for rolling batches.","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/ansible"},"strategy":{"name":"strategy","type":"\u0007","is_mandatory":true,"title":"Strategy","provider":"go.mondoo.com/mql/v13/providers/ansible"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"Tags used to select or skip the play with --tags / --skip-tags","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/ansible"},"tasks":{"name":"tasks","type":"\u0019\u001bansible.task","title":"Tasks to execute","provider":"go.mondoo.com/mql/v13/providers/ansible"},"vars":{"name":"vars","type":"\u001a\u0007\n","is_mandatory":true,"title":"Play-level variables","provider":"go.mondoo.com/mql/v13/providers/ansible"},"varsFiles":{"name":"varsFiles","type":"\u0019\u0007","is_mandatory":true,"title":"Files of variables loaded into the play via vars_files","min_provider_version":"13.1.2","provider":"go.mondoo.com/mql/v13/providers/ansible"},"varsPrompt":{"name":"varsPrompt","type":"\u0019\n","is_mandatory":true,"title":"Variables prompted for interactively at runtime via vars_prompt","min_provider_version":"13.1.2","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Ansible play within a playbook","desc":"Examine which hosts a play targets, which user it connects as, whether it uses become / sudo (and to which user via which method), the fact-gathering policy, the failure-handling strategy (max_fail_percentage, any_errors_fatal, ignore_unreachable), and the variables, roles, tasks, and handlers it declares.","min_provider_version":"10.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.play.roleApplication":{"id":"ansible.play.roleApplication","name":"ansible.play.roleApplication","fields":{"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the applied role","provider":"go.mondoo.com/mql/v13/providers/ansible"},"role":{"name":"role","type":"\u001bansible.role","title":"The applied role, resolved within the project","desc":"Empty when analyzing a standalone playbook file, or when the name does not match a role under the project's roles/ directory.","provider":"go.mondoo.com/mql/v13/providers/ansible"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"Tags attached to the role application","provider":"go.mondoo.com/mql/v13/providers/ansible"},"vars":{"name":"vars","type":"\u001a\u0007\n","is_mandatory":true,"title":"Variables passed to the role at the application site","provider":"go.mondoo.com/mql/v13/providers/ansible"},"when":{"name":"when","type":"\u0007","is_mandatory":true,"title":"Condition gating the role application","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Role applied by a play","desc":"Examine how a play applies a role: the role name, the conditional (`when`) and tags that gate the application, the variables passed to the role at the call site, and the resolved role itself for traversal into its tasks and dependencies.","min_provider_version":"13.1.2","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.playbook":{"id":"ansible.playbook","name":"ansible.playbook","fields":{"path":{"name":"path","type":"\u0007","is_mandatory":true,"title":"Absolute path of the playbook file","provider":"go.mondoo.com/mql/v13/providers/ansible"},"plays":{"name":"plays","type":"\u0019\u001bansible.play","title":"Plays defined in the playbook","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Ansible playbook file","desc":"Examine a single playbook file within a project. The `path` selects the file and `plays` exposes the plays it defines — for example `ansible.project.playbooks.where(path == /site.yml/).first.plays`.","min_provider_version":"13.1.2","defaults":"path","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.plugin":{"id":"ansible.plugin","name":"ansible.plugin","fields":{"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Plugin file name without extension","provider":"go.mondoo.com/mql/v13/providers/ansible"},"path":{"name":"path","type":"\u0007","is_mandatory":true,"title":"Absolute path of the plugin file","provider":"go.mondoo.com/mql/v13/providers/ansible"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Plugin type (for example module, filter, lookup, action, callback)","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Custom module or plugin in the project","desc":"Examine custom code shipped inside the project — modules, module utilities, and plugins (filter, lookup, action, callback, and so on). This is code that executes during a run, so it forms part of the project's supply chain. The `name` is the file name without extension and `type` is the plugin type.","min_provider_version":"13.1.2","defaults":"name type","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.project":{"id":"ansible.project","name":"ansible.project","fields":{"collections":{"name":"collections","type":"\u0019\u001bansible.collection","title":"Collections vendored under collections/ansible_collections/","provider":"go.mondoo.com/mql/v13/providers/ansible"},"config":{"name":"config","type":"\u001bansible.config","title":"Parsed ansible.cfg settings","provider":"go.mondoo.com/mql/v13/providers/ansible"},"inventory":{"name":"inventory","type":"\u001bansible.inventory","title":"Static inventory and host/group variables","provider":"go.mondoo.com/mql/v13/providers/ansible"},"lintConfig":{"name":"lintConfig","type":"\u0007","title":"Path of the project's ansible-lint configuration, when present","provider":"go.mondoo.com/mql/v13/providers/ansible"},"manifest":{"name":"manifest","type":"\u001bansible.galaxy.manifest","title":"The project's own collection manifest (galaxy.yml), when it is a collection","provider":"go.mondoo.com/mql/v13/providers/ansible"},"moleculeScenarios":{"name":"moleculeScenarios","type":"\u0019\u0007","title":"Names of Molecule test scenarios defined under molecule/","provider":"go.mondoo.com/mql/v13/providers/ansible"},"path":{"name":"path","type":"\u0007","is_mandatory":true,"title":"Absolute path of the project root directory","provider":"go.mondoo.com/mql/v13/providers/ansible"},"playbooks":{"name":"playbooks","type":"\u0019\u001bansible.playbook","title":"Playbook files discovered in the project","provider":"go.mondoo.com/mql/v13/providers/ansible"},"plugins":{"name":"plugins","type":"\u0019\u001bansible.plugin","title":"Custom modules and plugins shipped in the project","provider":"go.mondoo.com/mql/v13/providers/ansible"},"requirements":{"name":"requirements","type":"\u001bansible.galaxy.requirements","title":"External roles and collections declared in requirements.yml","provider":"go.mondoo.com/mql/v13/providers/ansible"},"roles":{"name":"roles","type":"\u0019\u001bansible.role","title":"Roles defined under the project's roles/ directory","provider":"go.mondoo.com/mql/v13/providers/ansible"},"vault":{"name":"vault","type":"\u001bansible.vault","title":"Vault-encrypted files and inline encrypted variables detected in the project","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Ansible project directory","desc":"Entry point for static analysis of a whole Ansible project, rather than a single playbook file. Discovers the project's playbooks, roles, inventory and host/group variables, Galaxy requirements, ansible.cfg, and vault-encrypted files, so audits can reason across the entire codebase without executing anything against an inventory. Populated only when the provider is pointed at a directory; a single file path yields the playbook model through the `ansible` resource instead.","min_provider_version":"13.1.2","defaults":"path","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.role":{"id":"ansible.role","name":"ansible.role","fields":{"argumentSpecs":{"name":"argumentSpecs","type":"\n","is_mandatory":true,"title":"Declared input contract from meta/argument_specs.yml","desc":"Keyed by entry point (for example `main`); each entry describes the role's accepted options, their types, and whether they are required. Empty when the role declares no argument specs.","provider":"go.mondoo.com/mql/v13/providers/ansible"},"defaults":{"name":"defaults","type":"\u001a\u0007\n","is_mandatory":true,"title":"Default variables from defaults/main.yml","provider":"go.mondoo.com/mql/v13/providers/ansible"},"dependencies":{"name":"dependencies","type":"\u0019\u001bansible.role","title":"Roles this role depends on, resolved within the project","desc":"Resolves each dependency named in meta/main.yml to the matching role under the project's roles/ directory. Empty when a dependency points at an external role that is not vendored into the project.","provider":"go.mondoo.com/mql/v13/providers/ansible"},"files":{"name":"files","type":"\u0019\u0007","is_mandatory":true,"title":"Relative paths of files under files/","provider":"go.mondoo.com/mql/v13/providers/ansible"},"handlers":{"name":"handlers","type":"\u0019\u001bansible.handler","title":"Handlers defined in handlers/main.yml","provider":"go.mondoo.com/mql/v13/providers/ansible"},"meta":{"name":"meta","type":"\u001bansible.role.meta","title":"Role metadata from meta/main.yml","provider":"go.mondoo.com/mql/v13/providers/ansible"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Role name (its directory name under roles/)","provider":"go.mondoo.com/mql/v13/providers/ansible"},"path":{"name":"path","type":"\u0007","is_mandatory":true,"title":"Absolute path of the role directory","provider":"go.mondoo.com/mql/v13/providers/ansible"},"tasks":{"name":"tasks","type":"\u0019\u001bansible.task","title":"Tasks defined in tasks/main.yml","provider":"go.mondoo.com/mql/v13/providers/ansible"},"templates":{"name":"templates","type":"\u0019\u0007","is_mandatory":true,"title":"Relative paths of files under templates/","provider":"go.mondoo.com/mql/v13/providers/ansible"},"vars":{"name":"vars","type":"\u001a\u0007\n","is_mandatory":true,"title":"Role-scoped variables from vars/main.yml","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Ansible role","desc":"Examine a reusable role defined under the project's roles/ directory: the tasks and handlers it runs, the default and role-scoped variables it sets, its meta information (galaxy_info, minimum Ansible version), the roles it depends on, and the templates and files it ships. The `name` selects the role — for example `ansible.project.roles.where(name == \"nginx\").first`.","min_provider_version":"13.1.2","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.role.meta":{"id":"ansible.role.meta","name":"ansible.role.meta","fields":{"dependencies":{"name":"dependencies","type":"\u0019\u0007","is_mandatory":true,"title":"Names of roles this role depends on","provider":"go.mondoo.com/mql/v13/providers/ansible"},"galaxyInfo":{"name":"galaxyInfo","type":"\n","is_mandatory":true,"title":"Galaxy metadata block (author, description, license, platforms)","provider":"go.mondoo.com/mql/v13/providers/ansible"},"minAnsibleVersion":{"name":"minAnsibleVersion","type":"\u0007","is_mandatory":true,"title":"Minimum Ansible version the role supports","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Ansible role metadata","desc":"Examine the meta/main.yml of a role: the minimum Ansible version it declares, the galaxy_info block describing authorship and platform support, and the names of the roles it depends on.","min_provider_version":"13.1.2","defaults":"minAnsibleVersion","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.task":{"id":"ansible.task","name":"ansible.task","fields":{"action":{"name":"action","type":"\n","is_mandatory":true,"title":"Module and arguments to execute","provider":"go.mondoo.com/mql/v13/providers/ansible"},"always":{"name":"always","type":"\u0019\u001bansible.task","title":"Tasks that run after the block regardless of success or failure","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/ansible"},"become":{"name":"become","type":"\u0004","is_mandatory":true,"title":"Whether privilege escalation is activated for the task","min_provider_version":"13.0.14","provider":"go.mondoo.com/mql/v13/providers/ansible"},"becomeFlags":{"name":"becomeFlags","type":"\u0007","is_mandatory":true,"title":"Additional flags passed to the become method","min_provider_version":"13.0.14","provider":"go.mondoo.com/mql/v13/providers/ansible"},"becomeMethod":{"name":"becomeMethod","type":"\u0007","is_mandatory":true,"title":"Privilege escalation method for the task","min_provider_version":"13.0.14","provider":"go.mondoo.com/mql/v13/providers/ansible"},"becomeUser":{"name":"becomeUser","type":"\u0007","is_mandatory":true,"title":"User to become for the task (e.g., root)","min_provider_version":"13.0.14","provider":"go.mondoo.com/mql/v13/providers/ansible"},"block":{"name":"block","type":"\u0019\u001bansible.task","title":"Tasks in error handling block","provider":"go.mondoo.com/mql/v13/providers/ansible"},"changedWhen":{"name":"changedWhen","type":"\u0007","is_mandatory":true,"title":"Condition that marks task as changed","provider":"go.mondoo.com/mql/v13/providers/ansible"},"delegateTo":{"name":"delegateTo","type":"\u0007","is_mandatory":true,"title":"Host the task is delegated to","min_provider_version":"13.0.14","provider":"go.mondoo.com/mql/v13/providers/ansible"},"environment":{"name":"environment","type":"\u001a\u0007\n","is_mandatory":true,"title":"Environment variables set for the task","min_provider_version":"13.0.14","provider":"go.mondoo.com/mql/v13/providers/ansible"},"failedWhen":{"name":"failedWhen","type":"\u0007","is_mandatory":true,"title":"Condition that marks task as failed","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ignoreErrors":{"name":"ignoreErrors","type":"\n","is_mandatory":true,"title":"Whether task failure is ignored","desc":"The value supplied to the `ignore_errors:` keyword. Usually a boolean, but Ansible also accepts a Jinja2 expression string (for example `\"{{ ansible_check_mode }}\"`). Compare against `== true` to match the literal boolean case.","min_provider_version":"13.0.14","provider":"go.mondoo.com/mql/v13/providers/ansible"},"importPlaybook":{"name":"importPlaybook","type":"\u0007","is_mandatory":true,"title":"Statically import playbook at parse time","provider":"go.mondoo.com/mql/v13/providers/ansible"},"importTasks":{"name":"importTasks","type":"\u0007","is_mandatory":true,"title":"Statically import tasks at parse time","provider":"go.mondoo.com/mql/v13/providers/ansible"},"importedPlaybook":{"name":"importedPlaybook","type":"\u001bansible.playbook","title":"Playbook imported or included by this task, resolved within the project","desc":"Resolves the file referenced by `importPlaybook` or `includePlaybook` to its parsed playbook when the path is a literal. Null when the path is a Jinja2 expression that cannot be followed during static analysis.","min_provider_version":"13.1.2","provider":"go.mondoo.com/mql/v13/providers/ansible"},"importedTasks":{"name":"importedTasks","type":"\u0019\u001bansible.task","title":"Imported or included task files, resolved within the project","desc":"Resolves the file referenced by `importTasks` or `includeTasks` to its parsed tasks when the path is a literal. A path built from a Jinja2 expression cannot be followed during static analysis, so this is empty in that case and the raw string fields remain the source of truth.","min_provider_version":"13.1.2","provider":"go.mondoo.com/mql/v13/providers/ansible"},"includePlaybook":{"name":"includePlaybook","type":"\u0007","is_mandatory":true,"title":"Dynamically include playbook at runtime","provider":"go.mondoo.com/mql/v13/providers/ansible"},"includeTasks":{"name":"includeTasks","type":"\u0007","is_mandatory":true,"title":"Dynamically include tasks at runtime","provider":"go.mondoo.com/mql/v13/providers/ansible"},"loop":{"name":"loop","type":"\n","is_mandatory":true,"title":"Items the task iterates over","desc":"The value supplied to the `loop:` keyword. Typically a list of items, a Jinja2 expression that evaluates to a list (for example `{{ groups['webservers'] }}`), or a string referencing a variable.","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/ansible"},"loopControl":{"name":"loopControl","type":"\n","is_mandatory":true,"title":"Loop iteration controls","desc":"The value supplied to the `loop_control:` keyword, including settings such as `loop_var`, `label`, `index_var`, `pause`, and `extended`.","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/ansible"},"module":{"name":"module","type":"\u0007","title":"Module the task invokes","desc":"The action key as written in the source — for example `ansible.builtin.copy` or `command` — so tasks can be selected by module without knowing the exact key in `action`. Empty for pure control-flow tasks such as blocks or includes.","min_provider_version":"13.1.2","provider":"go.mondoo.com/mql/v13/providers/ansible"},"moduleArgs":{"name":"moduleArgs","type":"\n","title":"Arguments passed to the task's module","desc":"The mapping under the module key, or the free-form argument string for the `action:` shorthand. Null when the task invokes no module.","min_provider_version":"13.1.2","provider":"go.mondoo.com/mql/v13/providers/ansible"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Task name displayed during execution","provider":"go.mondoo.com/mql/v13/providers/ansible"},"noLog":{"name":"noLog","type":"\n","is_mandatory":true,"title":"Whether sensitive task output is hidden from logs","desc":"The value supplied to the `no_log:` keyword. Usually a boolean, but Ansible also accepts a Jinja2 expression string (for example `\"{{ hide_secrets }}\"`). Compare against `== true` to match the literal boolean case.","min_provider_version":"13.0.14","provider":"go.mondoo.com/mql/v13/providers/ansible"},"notify":{"name":"notify","type":"\u0019\u0007","is_mandatory":true,"title":"Handlers to trigger on change","provider":"go.mondoo.com/mql/v13/providers/ansible"},"register":{"name":"register","type":"\u0007","is_mandatory":true,"title":"Variable name to store task result","provider":"go.mondoo.com/mql/v13/providers/ansible"},"rescue":{"name":"rescue","type":"\u0019\u001bansible.task","title":"Tasks to run on block failure","provider":"go.mondoo.com/mql/v13/providers/ansible"},"runOnce":{"name":"runOnce","type":"\n","is_mandatory":true,"title":"Whether the task runs on only one host","desc":"The value supplied to the `run_once:` keyword. Usually a boolean, but Ansible also accepts a Jinja2 expression string (for example `\"{{ run_migration }}\"`). Compare against `== true` to match the literal boolean case.","min_provider_version":"13.0.14","provider":"go.mondoo.com/mql/v13/providers/ansible"},"tags":{"name":"tags","type":"\u0019\u0007","is_mandatory":true,"title":"Tags used to select or skip the task with --tags / --skip-tags","min_provider_version":"13.0.13","provider":"go.mondoo.com/mql/v13/providers/ansible"},"vars":{"name":"vars","type":"\u001a\u0007\n","is_mandatory":true,"title":"Task-level variables","provider":"go.mondoo.com/mql/v13/providers/ansible"},"when":{"name":"when","type":"\u0007","is_mandatory":true,"title":"Jinja2 condition for task execution","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Ansible task within a play or block","desc":"Examine the module action and arguments, conditional execution (when / failed_when / changed_when), task-level variables, registered output, the handlers it notifies, any imported / included playbooks or task files, and nested block / rescue tasks for error handling.","min_provider_version":"10.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.vault":{"id":"ansible.vault","name":"ansible.vault","fields":{"file":{"name":"file","type":"\u001bansible.vault.file","title":"Vault-encrypted file","desc":"Examine a single fully vault-encrypted file. The `path` selects the file; `format`, `cipher`, and `vaultId` come from the `$ANSIBLE_VAULT` header. The file's plaintext is not available because static analysis has no vault password.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"files":{"name":"files","type":"\u0019\u001bansible.vault.file","title":"Fully vault-encrypted files detected in the project","provider":"go.mondoo.com/mql/v13/providers/ansible"},"variable":{"name":"variable","type":"\u001bansible.vault.variable","title":"Inline vault-encrypted variable","desc":"Examine a single variable encrypted in place with a `!vault` tag inside an otherwise-plaintext file. The `key` is the variable's key path within the file and `file` is the file that contains it.","provider":"go.mondoo.com/mql/v13/providers/ansible","is_implicit_resource":true},"variables":{"name":"variables","type":"\u0019\u001bansible.vault.variable","title":"Variables encrypted inline with a !vault tag in otherwise-plaintext files","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Ansible vault encryption usage","desc":"Examine where the project relies on Ansible Vault: fully encrypted files and individual variables encrypted inline with a `!vault` tag. Contents are never decrypted during static analysis, so each entry reports only its location and the metadata carried in the vault header.","min_provider_version":"13.1.2","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.vault.file":{"id":"ansible.vault.file","name":"ansible.vault.file","fields":{"cipher":{"name":"cipher","type":"\u0007","is_mandatory":true,"title":"Cipher named in the header (for example AES256)","provider":"go.mondoo.com/mql/v13/providers/ansible"},"format":{"name":"format","type":"\u0007","is_mandatory":true,"title":"Vault format version from the header (for example 1.1 or 1.2)","provider":"go.mondoo.com/mql/v13/providers/ansible"},"path":{"name":"path","type":"\u0007","is_mandatory":true,"title":"Absolute path of the encrypted file","provider":"go.mondoo.com/mql/v13/providers/ansible"},"vaultId":{"name":"vaultId","type":"\u0007","is_mandatory":true,"title":"Vault-id label from the header, when present (format 1.2 and later)","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Vault-encrypted file","desc":"Examine a single fully vault-encrypted file. The `path` selects the file; `format`, `cipher`, and `vaultId` come from the `$ANSIBLE_VAULT` header. The file's plaintext is not available because static analysis has no vault password.","min_provider_version":"13.1.2","defaults":"path","provider":"go.mondoo.com/mql/v13/providers/ansible"},"ansible.vault.variable":{"id":"ansible.vault.variable","name":"ansible.vault.variable","fields":{"file":{"name":"file","type":"\u0007","is_mandatory":true,"title":"Absolute path of the file containing the encrypted variable","provider":"go.mondoo.com/mql/v13/providers/ansible"},"key":{"name":"key","type":"\u0007","is_mandatory":true,"title":"Key path of the encrypted variable within its file","provider":"go.mondoo.com/mql/v13/providers/ansible"}},"title":"Inline vault-encrypted variable","desc":"Examine a single variable encrypted in place with a `!vault` tag inside an otherwise-plaintext file. The `key` is the variable's key path within the file and `file` is the file that contains it.","min_provider_version":"13.1.2","defaults":"key","provider":"go.mondoo.com/mql/v13/providers/ansible"}}}