From 6868183dde7bcef9c2b6c491dba9b3b2f20e9c00 Mon Sep 17 00:00:00 2001
From: Dan Guite <dan.guite@cyberark.com>
Date: Fri, 24 Oct 2025 14:31:37 -0500
Subject: [PATCH] Adding prerunaction to playbooks

Adding a pre run action option to the playbooks to be able to populate environment variables from external scripts or applications.
---
 cmd/vcert/playbook.go             | 11 +++++++++++
 pkg/playbook/app/domain/config.go |  5 +++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/cmd/vcert/playbook.go b/cmd/vcert/playbook.go
index 84da93aa..192645d4 100644
--- a/cmd/vcert/playbook.go
+++ b/cmd/vcert/playbook.go
@@ -30,6 +30,7 @@ import (
 	"github.com/Venafi/vcert/v5/pkg/playbook/app/domain"
 	"github.com/Venafi/vcert/v5/pkg/playbook/app/parser"
 	"github.com/Venafi/vcert/v5/pkg/playbook/app/service"
+	pbutil "github.com/Venafi/vcert/v5/pkg/playbook/util"
 	"github.com/Venafi/vcert/v5/pkg/util"
 	"github.com/Venafi/vcert/v5/pkg/venafi"
 )
@@ -123,6 +124,16 @@ func doRunPlaybook(_ *cli.Context) error {
 		return nil
 	}
 
+	if len(playbook.Config.PreRunAction) > 0 {
+		zap.L().Info("running pre-run action", zap.String("file", playbook.Config.PreRunAction))
+		zap.L().Debug("running pre-run actions", zap.String("location", playbook.Config.PreRunAction))
+		_, err := pbutil.ExecuteScript(playbook.Config.PreRunAction)
+		if err != nil {
+			zap.L().Error("Running pre-run action failed", zap.String("file", playbook.Config.PreRunAction), zap.Error(err))
+			os.Exit(1)
+		}
+	}
+
 	// emulate the setTLSConfig from vcert
 	err = setPlaybookTLSConfig(playbook)
 	if err != nil {
diff --git a/pkg/playbook/app/domain/config.go b/pkg/playbook/app/domain/config.go
index 6f7108fd..0a4c8e70 100644
--- a/pkg/playbook/app/domain/config.go
+++ b/pkg/playbook/app/domain/config.go
@@ -18,8 +18,9 @@ package domain
 
 // Config contains all the values necessary to connect to a given Venafi platform: TPP or TLSPC
 type Config struct {
-	Connection Connection `yaml:"connection,omitempty"`
-	ForceRenew bool       `yaml:"-"`
+	Connection   Connection `yaml:"connection,omitempty"`
+	ForceRenew   bool       `yaml:"-"`
+	PreRunAction string     `yaml:"prerunaction,omitempty"`
 }
 
 // IsValid Ensures the provided connection configuration is valid and logical