diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-18 05:52:35 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-18 05:52:35 +0000 |
| commit | 7fec0b69a082aaeec72fee0612766aa42f6b1b4d (patch) | |
| tree | efb569b86ca4da888717f5433e757145fa322e08 /ansible_collections/cyberark | |
| parent | Releasing progress-linux version 7.7.0+dfsg-3~progress7.99u1. (diff) | |
| download | ansible-7fec0b69a082aaeec72fee0612766aa42f6b1b4d.tar.xz ansible-7fec0b69a082aaeec72fee0612766aa42f6b1b4d.zip | |
Merging upstream version 9.4.0+dfsg.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/cyberark')
111 files changed, 667 insertions, 2166 deletions
diff --git a/ansible_collections/cyberark/conjur/.github/workflows/ansible-test.yml b/ansible_collections/cyberark/conjur/.github/workflows/ansible-test.yml index 27d352352..aa74f4dea 100644 --- a/ansible_collections/cyberark/conjur/.github/workflows/ansible-test.yml +++ b/ansible_collections/cyberark/conjur/.github/workflows/ansible-test.yml @@ -1,15 +1,16 @@ # This file implements a Github action to run Ansible collection sanity tests -# on the Conjur Ansible Collection. The Ansible collection sanity tests are -# run across the following matrices: +# and unit tests on the Conjur Ansible Collection. The Ansible collection tests +# are run across the following matrices: # -#Ansible versions: -# - stable-2.10 -# - stable-2.11 -# - stable-2.12 -# - devel +# Ansible versions (Python versions): +# - stable-2.13 (3.8, 3.9, 3.10) +# - stable-2.14 (3.9, 3.10, 3.11) +# - stable-2.15 (3.9, 3.10, 3.11) +# - devel (3.10) # -#Python versions: -# - Python 3.9 +# As Ansible's devel version is unstable, it should be considered a smoke signal +# for the next released version. Failures against the devel version should not +# be considered blocking. name: CI on: @@ -20,23 +21,35 @@ on: jobs: ### -# Sanity tests (REQUIRED) +# Sanity tests # # https://docs.ansible.com/ansible/latest/dev_guide/testing_sanity.html sanity: - name: Sanity (${{ matrix.ansible }}+py${{ matrix.python }}) + name: Sanity (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }}) strategy: + # fail-fast means one failing matrix case will cancel all other + # still-incomplete cases. As tests against Ansible's devel branch are + # unstable, this is disabled. + fail-fast: false matrix: ansible: - # It's important that Sanity is tested against all stable-X.Y branches - # Testing against `devel` may fail as new tests are added. - - stable-2.10 - - stable-2.11 - - stable-2.12 - - devel + - stable-2.13 + - stable-2.14 + - stable-2.15 python: - - 3.9 + - '3.9' + - '3.10' + include: + - ansible: stable-2.13 + python: '3.8' + - ansible: stable-2.14 + python: '3.11' + - ansible: stable-2.15 + python: '3.11' + - ansible: devel + python: '3.10' + runs-on: ubuntu-latest steps: @@ -44,45 +57,59 @@ jobs: # .../ansible_collections/cyberark/conjur/ - name: Check out code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: path: ansible_collections/cyberark/conjur - name: Set up Python ${{ matrix.ansible }} - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: ${{ matrix.python }} - # Install the head of the given branch (devel, stable-2.10) + # Install the head of the given branch - name: Install ansible-base (${{ matrix.ansible }}) run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check # run ansible-test sanity inside of Docker. # The docker container has all the pinned dependencies that are required. - # Explicity specify the version of Python we want to test + # Explicitly specify the version of Python we want to test - name: Run sanity tests run: ansible-test sanity --docker -v --color --python ${{ matrix.python }} working-directory: ./ansible_collections/cyberark/conjur -# Unit tests (OPTIONAL) - +### +# Unit tests +# # https://docs.ansible.com/ansible/latest/dev_guide/testing_units.html units: name: Units (Ⓐ${{ matrix.ansible }}+py${{ matrix.python }}) strategy: + # fail-fast means one failing matrix case will cancel all other + # still-incomplete cases. As tests against Ansible's devel branch are + # unstable, this is disabled. + fail-fast: false matrix: ansible: - - stable-2.10 - - stable-2.11 - - stable-2.12 - - devel + - stable-2.13 + - stable-2.14 + - stable-2.15 python: - - 3.9 + - '3.9' + - '3.10' + include: + - ansible: stable-2.13 + python: '3.8' + - ansible: stable-2.14 + python: '3.11' + - ansible: stable-2.15 + python: '3.11' + - ansible: devel + python: '3.10' runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: path: ansible_collections/cyberark/conjur diff --git a/ansible_collections/cyberark/conjur/.gitignore b/ansible_collections/cyberark/conjur/.gitignore index 2be2e7467..c7b557863 100644 --- a/ansible_collections/cyberark/conjur/.gitignore +++ b/ansible_collections/cyberark/conjur/.gitignore @@ -8,11 +8,11 @@ tests/*/coverage/ tests/*/junit/ tests/*/reports/ -tests/*/conjur.pem -tests/*/conjur-enterprise.pem -tests/*/access_token +dev/conjur.pem +dev/access_token +dev/tmp + **/test-files/output -**/conjur-intro/ bot coverage junit diff --git a/ansible_collections/cyberark/conjur/.gitmodules b/ansible_collections/cyberark/conjur/.gitmodules new file mode 100644 index 000000000..a268993de --- /dev/null +++ b/ansible_collections/cyberark/conjur/.gitmodules @@ -0,0 +1,3 @@ +[submodule "dev/conjur-intro"] + path = dev/conjur-intro + url = https://github.com/conjurdemos/conjur-intro diff --git a/ansible_collections/cyberark/conjur/CHANGELOG.md b/ansible_collections/cyberark/conjur/CHANGELOG.md index 8fa9162e4..887e2a89b 100644 --- a/ansible_collections/cyberark/conjur/CHANGELOG.md +++ b/ansible_collections/cyberark/conjur/CHANGELOG.md @@ -6,6 +6,30 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] +## [1.2.2] - 2023-09-28 + +### Changed +- Bump required Ansible version to >= 2.13 + [cyberark/ansible-conjur-collection#198](https://github.com/cyberark/ansible-conjur-collection/pull/198) +- Ignore dev folder when building the collection + [cyberark/ansible-conjur-collection#198](https://github.com/cyberark/ansible-conjur-collection/pull/198) + +## [1.2.1] - 2023-09-20 + +### Fixed +- Restore custom error messages for missing required variables. + [cyberark/ansible-conjur-collection#197](https://github.com/cyberark/ansible-conjur-collection/pull/197) + +### Added +- Tests against Ansible versions 6, 7 and 8. + [cyberark/ansible-conjur-collection#195](https://github.com/cyberark/ansible-conjur-collection/pull/195) + +### Security +- Upgrade dev/test nginx base images to 1.24.0, ubuntu base image to 22.04. + [cyberark/ansible-conjur-collection#189](https://github.com/cyberark/ansible-conjur-collection/pull/189) +- Clean up unused Python imports. + [cyberark/ansible-conjur-collection#194](https://github.com/cyberark/ansible-conjur-collection/pull/194) + ## [1.2.0] - 2020-09-01 ### Added @@ -75,7 +99,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Migrated code from Ansible conjur_variable lookup plugin - Added support to configure the use of the plugin via environment variables -[Unreleased]: https://github.com/cyberark/ansible-conjur-collection/compare/v1.2.0...HEAD +[Unreleased]: https://github.com/cyberark/ansible-conjur-collection/compare/v1.2.2...HEAD +[1.2.2]: https://github.com/cyberark/ansible-conjur-collection/compare/v1.2.1...v1.2.2 +[1.2.1]: https://github.com/cyberark/ansible-conjur-collection/compare/v1.2.0...v1.2.1 [1.2.0]: https://github.com/cyberark/ansible-conjur-collection/compare/v1.1.0...v1.2.0 [1.1.0]: https://github.com/cyberark/ansible-conjur-collection/compare/v1.0.7...v1.1.0 [1.0.7]: https://github.com/cyberark/ansible-conjur-collection/compare/v1.0.6...v1.0.7 diff --git a/ansible_collections/cyberark/conjur/FILES.json b/ansible_collections/cyberark/conjur/FILES.json index 75f988f2c..4ae72bb59 100644 --- a/ansible_collections/cyberark/conjur/FILES.json +++ b/ansible_collections/cyberark/conjur/FILES.json @@ -11,7 +11,7 @@ "name": "README.md", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "4f950d62ff31f5dd42adccedf87aee3526c4d297843eef14db49452c802a9445", + "chksum_sha256": "91243325e5fdfc7e9f6a4b5bbbab1b91c433349af7df860af23d5e1932d8a341", "format": 1 }, { @@ -32,7 +32,7 @@ "name": ".github/workflows/ansible-test.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "3ea436b9dad8d9ea9ec8a5d07d60187cc85cabcbf455feaa1f3a21db10aa9fa1", + "chksum_sha256": "dee0253dc4b4a22ee8eb759ff1edb195e903f44911341e7f6389d0a3bb29f63f", "format": 1 }, { @@ -43,48 +43,6 @@ "format": 1 }, { - "name": "secrets.yml", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "de372b010bf7a57b35af4bc901681a75cabe48b2e182d0691ff48d95a9d2b96f", - "format": 1 - }, - { - "name": "ci", - "ftype": "dir", - "chksum_type": null, - "chksum_sha256": null, - "format": 1 - }, - { - "name": "ci/publish_to_galaxy", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "901e3836a10feba6a35d1c3b16e64a53e9069f87fed951edc2f292acc0fc1438", - "format": 1 - }, - { - "name": "ci/parse-changelog.sh", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "21337ea8fac801781f8299af7e0cb7818fbc851bab26cbfff6224a0e5cf8dbb8", - "format": 1 - }, - { - "name": "ci/test.sh", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "29d385e809a0a8c5e56a245244e1787d201c0c685182972ed39a5d3d07d5be0e", - "format": 1 - }, - { - "name": "ci/build_release", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "9fd1048e1e1af19e2eb301a04c18fe207cc9fff663abc6485352aad2ed2225ef", - "format": 1 - }, - { "name": ".codeclimate.yml", "ftype": "file", "chksum_type": "sha256", @@ -109,7 +67,7 @@ "name": "plugins/lookup/conjur_variable.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "fb3d6620f57c577a966cbbeb1f01d234cf43cafb81dc3edb44f0e3cd5b6d9679", + "chksum_sha256": "071df1f77b15701960faf7cee3ce8967143abedf76953f71550645068a57fcb2", "format": 1 }, { @@ -193,7 +151,7 @@ "name": "roles/conjur_host_identity/tasks/identity_check.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "681aa9e68a95921df2701bd96baf8c9335845863d75395293a3002b037ce2b94", + "chksum_sha256": "acafb6828d775f9cc51a5ab5488d18b6246235783e66f9d5553440b63ee0db1e", "format": 1 }, { @@ -246,27 +204,6 @@ "format": 1 }, { - "name": "roles/conjur_host_identity/tests/inventory.j2", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "f1474fb6e66c0fbcdd6129332de95feab1e1222f64f1be45325f4eac5101614f", - "format": 1 - }, - { - "name": "roles/conjur_host_identity/tests/.dockerignore", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "1a0dc73ccd02fc377cf4cb1d99237e42335beeaf8c0bdb012dd4ecfb54790d57", - "format": 1 - }, - { - "name": "roles/conjur_host_identity/tests/ansible.cfg", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "73a428e3f22914440bb8072e66b3e36b3f930e513623a0a46a23bbd644995776", - "format": 1 - }, - { "name": "roles/conjur_host_identity/tests/junit", "ftype": "dir", "chksum_type": null, @@ -277,168 +214,126 @@ "name": "roles/conjur_host_identity/tests/junit/configure-conjur-identity", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "c8c91315bc4679968e1f14101ae2ecc8606b82b32ab19e6aca4fb4905ee1e998", + "chksum_sha256": "43eeedf90a26a10532a10c174115a19abc03be3cb49b55b233b0041a0588f1d1", "format": 1 }, { "name": "roles/conjur_host_identity/tests/junit/cleanup-conjur-identity", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "24ac5dadeb28955ca2b4766e57bf27268a2fb10a186f425f06ff94200fc9e270", + "chksum_sha256": "9a5067e650b6e98e39eda4bc661a1199a64b45206713e7fb52dfdb9751a418d7", "format": 1 }, { - "name": "roles/conjur_host_identity/tests/test_app_centos", + "name": "roles/conjur_host_identity/tests/test_cases", "ftype": "dir", "chksum_type": null, "chksum_sha256": null, "format": 1 }, { - "name": "roles/conjur_host_identity/tests/test_app_centos/Dockerfile", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "0de86cd21721bcf47192e1cb659d6edf4b20ac7ebf8ce1b667fc2dec14b4fbdf", - "format": 1 - }, - { - "name": "roles/conjur_host_identity/tests/test_app_ubuntu", + "name": "roles/conjur_host_identity/tests/test_cases/configure-conjur-identity", "ftype": "dir", "chksum_type": null, "chksum_sha256": null, "format": 1 }, { - "name": "roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "2f381951ae812a2521539c06206945f2105f02beef04ab55ae76c5cf7e86406c", - "format": 1 - }, - { - "name": "roles/conjur_host_identity/tests/inventory-v2.j2", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "2e1c0d5018358dbe5bce37280e9d8c8fd6fc9f0ff85f4b8fefbfa4aa04defb37", - "format": 1 - }, - { - "name": "roles/conjur_host_identity/tests/inventory-playbook.yml", + "name": "roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "af542c07e6677cb819d35eb71e56587d3b4d97721578bed0775df4100695c79b", + "chksum_sha256": "18dec0d8ca7c324adae8bcf96843531e568799a23237b93be089989a46baf0a2", "format": 1 }, { - "name": "roles/conjur_host_identity/tests/policy", + "name": "roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests", "ftype": "dir", "chksum_type": null, "chksum_sha256": null, "format": 1 }, { - "name": "roles/conjur_host_identity/tests/policy/root.yml", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "2cf74b90f4eabbb9a9be67afeb2cf63c35b447579cef5b70f6daf270509d4309", - "format": 1 - }, - { - "name": "roles/conjur_host_identity/tests/Dockerfile", + "name": "roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "d3e9a9f4bfff5c34b2078aa879faf017a494613a1ca5be5791ad4a8a08694c2e", - "format": 1 - }, - { - "name": "roles/conjur_host_identity/tests/test_cases", - "ftype": "dir", - "chksum_type": null, - "chksum_sha256": null, + "chksum_sha256": "2f668ca0bbd274a6b5f6b3894ee901a9240d68015153d78b4fd79308152de3a2", "format": 1 }, { - "name": "roles/conjur_host_identity/tests/test_cases/configure-conjur-identity", + "name": "roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity", "ftype": "dir", "chksum_type": null, "chksum_sha256": null, "format": 1 }, { - "name": "roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml", + "name": "roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "e5608c4f7fbc040647b99f2137e58df82807f8054fabbcc10bd4c830df64e80c", + "chksum_sha256": "7d1c3f284f2be73ce5f3f533fb67b0e26f5809704e11f74965d1a2de1e5bb608", "format": 1 }, { - "name": "roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests", + "name": "roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests", "ftype": "dir", "chksum_type": null, "chksum_sha256": null, "format": 1 }, { - "name": "roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py", + "name": "roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "b23eaacaae61ccdaf6d79e911606c8b964301cb2e1d661a1328171c1ea080bdf", + "chksum_sha256": "2390200888250358407b3ae321abb9fb0d4dbef50cf330438b00f3e207f938b4", "format": 1 }, { - "name": "roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity", + "name": "roles/conjur_host_identity/tests/test_cases/not-conjurized", "ftype": "dir", "chksum_type": null, "chksum_sha256": null, "format": 1 }, { - "name": "roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml", + "name": "roles/conjur_host_identity/tests/test_cases/not-conjurized/playbook.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "c1d3a10ce6d52166877a318bee957e9f394a87f29b5732652c9b2ea9f3d456b4", + "chksum_sha256": "1eaabc866dada7379694872a1aa3e1ccff58ba60c589c58c0db0173b1d8f9d68", "format": 1 }, { - "name": "roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests", + "name": "roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity", "ftype": "dir", "chksum_type": null, "chksum_sha256": null, "format": 1 }, { - "name": "roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py", + "name": "roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "9425b40cb335c7dc2d2d2cce0f9f1bfd64ce6c3833032b38522f8f709a157953", + "chksum_sha256": "b7b3002d1d9927f3aa012e8abba3164c3c822d0e6830ab9b463341e839bb82b6", "format": 1 }, { - "name": "roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity", + "name": "roles/conjur_host_identity/tests/test_cases/bad-ssl-config", "ftype": "dir", "chksum_type": null, "chksum_sha256": null, "format": 1 }, { - "name": "roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml", + "name": "roles/conjur_host_identity/tests/test_cases/bad-ssl-config/playbook.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "b6af952b247d510012d4d2ed2bd067f2f989345d391c28a83c0d865da10a2a2d", - "format": 1 - }, - { - "name": "roles/conjur_host_identity/tests/docker-compose.yml", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "dec4fc80511912594c6c7dd0b0d0721de13c66a0bfe4fbf92ba7bc9a5ff6cb85", + "chksum_sha256": "7d215e320462650efd9a1fa88f8fa769620377c9d8b1b0b1df0275ccf64bc241", "format": 1 }, { "name": "roles/conjur_host_identity/tests/test.sh", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "e6d2aadcf5611e12181425d176b67fbe95740d374565535ece1be9181b78aabe", + "chksum_sha256": "ca5f445a253831f7d22c2bb208e42307253086115644ca0edf11ae7c950f7861", "format": 1 }, { @@ -487,7 +382,7 @@ "name": "roles/conjur_host_identity/tests/.pytest_cache/v/cache/nodeids", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "49897170c9d77d5454d0f6550ba0c931b1dc295434317ac0ca3544c67dc53dfc", + "chksum_sha256": "a4a437fff99a0a7ac174c447d6f6cec9e288b4239e7cfe39087f6113680f8cef", "format": 1 }, { @@ -498,209 +393,6 @@ "format": 1 }, { - "name": "roles/conjur_host_identity/tests/inventory-playbook-v2.yml", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "6045114154ca1faa2de0fa327a5524d44a76354023bd461a5b0f69c889bf1fe7", - "format": 1 - }, - { - "name": "roles/conjur_host_identity/tests/Dockerfile_nginx", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "513be93943c1c05ff4ea2df90d9e439f41d51059ec4513ce0098f463f0c96822", - "format": 1 - }, - { - "name": "roles/conjur_host_identity/tests/proxy", - "ftype": "dir", - "chksum_type": null, - "chksum_sha256": null, - "format": 1 - }, - { - "name": "roles/conjur_host_identity/tests/proxy/ssl.conf", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "0a4a35d53f3dc60c2c4931e50136c580ed1eeb8850c93eea12e0965248990e41", - "format": 1 - }, - { - "name": "roles/conjur_host_identity/tests/proxy/default.conf", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "2bf362d9b43aac8f3271e92af5d180ab2e5e9621a91bb49d9819f458e89c8e74", - "format": 1 - }, - { - "name": "dev", - "ftype": "dir", - "chksum_type": null, - "chksum_sha256": null, - "format": 1 - }, - { - "name": "dev/ansible.cfg", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "a9af189b8c8d89c9abbde117964844485f11a1f39a571c4222054e28a289aac6", - "format": 1 - }, - { - "name": "dev/test_app_centos", - "ftype": "dir", - "chksum_type": null, - "chksum_sha256": null, - "format": 1 - }, - { - "name": "dev/test_app_centos/Dockerfile", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "0de86cd21721bcf47192e1cb659d6edf4b20ac7ebf8ce1b667fc2dec14b4fbdf", - "format": 1 - }, - { - "name": "dev/test_unit.sh", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "2d7fd0d7f339f326c47c3bf29fb371e6f90748de5904cce4ef93a5c2868b31b7", - "format": 1 - }, - { - "name": "dev/test_app_ubuntu", - "ftype": "dir", - "chksum_type": null, - "chksum_sha256": null, - "format": 1 - }, - { - "name": "dev/test_app_ubuntu/Dockerfile", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "a589a57581799c71a9a0179d20cafac119423bf476b1283ffe64dee0dbb1327d", - "format": 1 - }, - { - "name": "dev/start.sh", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "65c0f0415e06b601b8bce9f41b4ef1b50bfc5f6e88f24eb91ee1fe2cd9665bf3", - "format": 1 - }, - { - "name": "dev/policy", - "ftype": "dir", - "chksum_type": null, - "chksum_sha256": null, - "format": 1 - }, - { - "name": "dev/policy/root.yml", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "2cf74b90f4eabbb9a9be67afeb2cf63c35b447579cef5b70f6daf270509d4309", - "format": 1 - }, - { - "name": "dev/Dockerfile", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "04decc424cd79115cd13f014ed57bb9c053b97132cdb1983dce73d20dfb20e86", - "format": 1 - }, - { - "name": "dev/docker-compose.yml", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "ca35276332fda1a0029c08c4993856c65db0aac39b23f171c9cbed99fa1f7c48", - "format": 1 - }, - { - "name": "dev/playbooks", - "ftype": "dir", - "chksum_type": null, - "chksum_sha256": null, - "format": 1 - }, - { - "name": "dev/playbooks/inventory-setup", - "ftype": "dir", - "chksum_type": null, - "chksum_sha256": null, - "format": 1 - }, - { - "name": "dev/playbooks/inventory-setup/inventory.j2", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "f1474fb6e66c0fbcdd6129332de95feab1e1222f64f1be45325f4eac5101614f", - "format": 1 - }, - { - "name": "dev/playbooks/inventory-setup/inventory-v2.j2", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "2e1c0d5018358dbe5bce37280e9d8c8fd6fc9f0ff85f4b8fefbfa4aa04defb37", - "format": 1 - }, - { - "name": "dev/playbooks/inventory-setup/inventory-playbook.yml", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "5889c8007cb9273c2415a399b4099cc49ed12e41599409e79ee11183a66c6d33", - "format": 1 - }, - { - "name": "dev/playbooks/inventory-setup/inventory-playbook-v2.yml", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "4acbd2fe2d992b72af5085c1f74f1154b5843c679d723662529cd6f9b365ce5e", - "format": 1 - }, - { - "name": "dev/playbooks/conjur-identity-setup", - "ftype": "dir", - "chksum_type": null, - "chksum_sha256": null, - "format": 1 - }, - { - "name": "dev/playbooks/conjur-identity-setup/conjur_role_playbook.yml", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "bcd9272359c7694b8c02240ed1596f47d237b099bf00ee3b64d08295d0c7478c", - "format": 1 - }, - { - "name": "dev/Dockerfile_nginx", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "513be93943c1c05ff4ea2df90d9e439f41d51059ec4513ce0098f463f0c96822", - "format": 1 - }, - { - "name": "dev/proxy", - "ftype": "dir", - "chksum_type": null, - "chksum_sha256": null, - "format": 1 - }, - { - "name": "dev/proxy/ssl.conf", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "0a4a35d53f3dc60c2c4931e50136c580ed1eeb8850c93eea12e0965248990e41", - "format": 1 - }, - { - "name": "dev/proxy/default.conf", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "2bf362d9b43aac8f3271e92af5d180ab2e5e9621a91bb49d9819f458e89c8e74", - "format": 1 - }, - { "name": "CONTRIBUTING.md", "ftype": "file", "chksum_type": "sha256", @@ -711,7 +403,7 @@ "name": ".gitignore", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "b38eece6dfedd018ef0a4a5aafc02ec38b1fd2c26b6046876238b814b5ac6a13", + "chksum_sha256": "b87b7493010ee0eaff5a1e8b2b20a403e03e0a9970b282d28c70cc34679df409", "format": 1 }, { @@ -746,7 +438,14 @@ "name": "Jenkinsfile", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "86a001994fd11e82fb1065a0448e4aca1ce8f3bb4d92b86d3b91285c97bd98c7", + "chksum_sha256": "b064c627bfc189a0e5ba53ca39f939799a86a95848fd89f72629aaa15ab8f266", + "format": 1 + }, + { + "name": ".gitmodules", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6204ac468423a4b2a3796e91656026cb91670ce5ab56a95bc756f42418d3dc60", "format": 1 }, { @@ -760,7 +459,7 @@ "name": "meta/runtime.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "5d87483c5cc5fa8efe932acb8b6d203610070eaecf3eaf89244828331affdc59", + "chksum_sha256": "de1872da7735269d370a0ea862d4776d2910afc36ec88476f7d2785941027389", "format": 1 }, { @@ -795,7 +494,7 @@ "name": "tests/unit/plugins/lookup/test_conjur_variable.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "1094276de30412849f76efef2aa091a3b40f9491bb581a4190070ca33e65d7c1", + "chksum_sha256": "61fd56fd948d13be3d30094d2b6ccd2828585a2f851ea64448a8f59dfc5682fe", "format": 1 }, { @@ -809,7 +508,7 @@ "name": "tests/unit/Dockerfile", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "f3ddc9e66be63de38a509c3de747685d82f0ddf4d921260bcb9afe4a33c8f25b", + "chksum_sha256": "23af9c5f8d84dd955861addd32788179d9eb194eee1566537f2e68d24500d5d7", "format": 1 }, { @@ -830,42 +529,49 @@ "name": "tests/sanity/ignore-2.10.txt", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "ae307769453795ad4a44b902d7b12b4c8fbaf0e14860dde658cd78a0dc4ae851", + "chksum_sha256": "f045d340441215a5303e2854a50b88c7656ee4e603331cb50f42f99d0b8161bf", + "format": 1 + }, + { + "name": "tests/sanity/ignore-2.15.txt", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "5fb43913e33d45cc72021c443619154459a731ee3213afdc81f0af6e0caa157b", "format": 1 }, { "name": "tests/sanity/ignore-2.12.txt", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "afec9c66a2cb034dbdbde017b83c2396fbd5522ca70176fe3bdb7c9890fffcaa", + "chksum_sha256": "91fd6123db0c8a19145dd93733f8dfb3ea537ef9ddbc0f0568c2a8121ea023f3", "format": 1 }, { "name": "tests/sanity/ignore-2.9.txt", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "b08ae705c45bd09b8e38926a50ba7f41b099bcd7eb954b9275398932fb5ef3af", + "chksum_sha256": "3193867f74b8b551868226d231cd572d45f541838294893a32ef46193cdc031f", "format": 1 }, { "name": "tests/sanity/ignore-2.13.txt", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "afec9c66a2cb034dbdbde017b83c2396fbd5522ca70176fe3bdb7c9890fffcaa", + "chksum_sha256": "5fb43913e33d45cc72021c443619154459a731ee3213afdc81f0af6e0caa157b", "format": 1 }, { "name": "tests/sanity/ignore-2.14.txt", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "15187a140306a1008f16190fbd19869ae04780436f3c424de932fc9e727e6c8c", + "chksum_sha256": "5fb43913e33d45cc72021c443619154459a731ee3213afdc81f0af6e0caa157b", "format": 1 }, { "name": "tests/sanity/ignore-2.11.txt", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "f14e70571eaed048c38d12d5d3ece414d8bd8b21ab2036b26dc5515e6ebf0b17", + "chksum_sha256": "c81b4555220e56eb03ee55d1d12c2f38a6c4b27b0e6b798d29e71d19ac205c2c", "format": 1 }, { @@ -876,13 +582,6 @@ "format": 1 }, { - "name": "tests/conjur_variable/.dockerignore", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "1a0dc73ccd02fc377cf4cb1d99237e42335beeaf8c0bdb012dd4ecfb54790d57", - "format": 1 - }, - { "name": "tests/conjur_variable/junit", "ftype": "dir", "chksum_type": null, @@ -893,84 +592,63 @@ "name": "tests/conjur_variable/junit/retrieve-variable-with-spaces-secret", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "450814057d9ff23fe172d1ab4261370e8c49e93429dea0ec5a5e54a90402044b", + "chksum_sha256": "739441ec5ebe746549090a0c2c622c477bc7c675c8e227ff35c69a3d2e96158d", "format": 1 }, { "name": "tests/conjur_variable/junit/retrieve-variable-with-authn-token-bad-cert", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "22ee749d5bbcc57247124f120ff952c4b120a8fb31b383c57c8d237f9dce6756", + "chksum_sha256": "e39962d8d46d3ce0e86e15e5853168d8e825cadc62341dd199709dacd7e7b08c", "format": 1 }, { "name": "tests/conjur_variable/junit/retrieve-variable-bad-cert-path", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "8aaab3b0c4135a32feb6e27b25c0a56c07e210554e52c8b7d5b0ff96e96f382a", + "chksum_sha256": "c5cbf82d39043d5cd79c45b6c83b69c12f7949777e3e1b2b6356ee184c6c5c46", "format": 1 }, { "name": "tests/conjur_variable/junit/retrieve-variable-no-cert-provided", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "02fe519032146f888ee4917ab2e4e4634430e3228eb5e1b7e1b8d4a0cd1c72c9", + "chksum_sha256": "0c692b3d4d648d53411adb491a16b9fef7242338f14e3e0c4b3605e0c659d2d4", "format": 1 }, { "name": "tests/conjur_variable/junit/retrieve-variable", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "da21a70004df7d5ede5b6de8f22309be77a2a2e2d63edeb87a9f8c788d3f0055", + "chksum_sha256": "aeccf0044a93b226d471017be1d7a8a906661565e6f32abb6f9fb3f9443b3a9c", "format": 1 }, { "name": "tests/conjur_variable/junit/retrieve-variable-into-file", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "ff27dbeb102cd3c925f79f5783cacf6e461586af768c2cc6a051252d90eb8bd7", + "chksum_sha256": "311ba1466f21f2377778c95d8eea977faaed8df674cdf5fd6fd52fbd12a99dde", "format": 1 }, { "name": "tests/conjur_variable/junit/retrieve-variable-with-authn-token", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "2b78a9aeaaf0226879ccb95a40995425c212789dcd6ed8effb1e99e8442776ee", + "chksum_sha256": "30c648fa1e7599e0e098ed8afb4c1dffff299f7c697febc381941b5769640374", "format": 1 }, { "name": "tests/conjur_variable/junit/retrieve-variable-bad-certs", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "78f002c0d5330875c83f68fa51aed9ad489351031f146093f83576a7434d11bd", + "chksum_sha256": "315ac99b99c9ca992510859ce660641275f859caf504c2ee41d82d39198197aa", "format": 1 }, { "name": "tests/conjur_variable/junit/retrieve-variable-disable-verify-certs", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "cff63e56362085e36639c36c9e4d5cb8717051b4b8f201be203b10d6a6d4875b", - "format": 1 - }, - { - "name": "tests/conjur_variable/policy", - "ftype": "dir", - "chksum_type": null, - "chksum_sha256": null, - "format": 1 - }, - { - "name": "tests/conjur_variable/policy/root.yml", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "a14765439458912cff269b174d8d1630abbc8ff3ce634fb84ef3a3050d36e6dc", - "format": 1 - }, - { - "name": "tests/conjur_variable/Dockerfile", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "55f203234d81c41d08b6e13bca720243846b06ce1ab971da6b3535bcbef6623b", + "chksum_sha256": "d3b1c3e40859a1321db5f0928383f6b8b2fc1f1656176cb2ceb27f712829ef3c", "format": 1 }, { @@ -991,7 +669,7 @@ "name": "tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/env", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "e4e591758bdfdbe673f40afd9e81b4ccdd749a484d843b46f63e77d1e33c8108", + "chksum_sha256": "bf54c0c9c02929e148e92803bfe2e2daa791960688f6c2f8f4330241bec77068", "format": 1 }, { @@ -1012,7 +690,7 @@ "name": "tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "afd74fa0ebdb6d7cbb79e10760b644c33850a03daaf9b5960f0b6a7030c666c0", + "chksum_sha256": "8ed19681bbd132fe9faf61bafa8f1039de0e315ae62c78ba48ede77027d1bfd2", "format": 1 }, { @@ -1026,7 +704,7 @@ "name": "tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/env", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "4d4140d2408d4370136030335f326ae051bbff50998d45f7ec5db6b6249d1168", + "chksum_sha256": "6ae181c834a9e4cf77bba5edb73027d2f8c6dda9d671ae02201112db73e4c48a", "format": 1 }, { @@ -1054,7 +732,7 @@ "name": "tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "6f82d730f6f13a368ee69640beb3907fdddfb243e5b6e600c127b6154e7d67b5", + "chksum_sha256": "3ae37e4eb416be9992b6f796a1ca797b2fc8c7f3f76b9d19cf1db00c7c0edffc", "format": 1 }, { @@ -1089,7 +767,7 @@ "name": "tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "7aacd0b2b04e7b1850906a76dbda5df814c59a78f8b5290eed154cac9655ed68", + "chksum_sha256": "5f2cb44532e32a0e4c55aa765c53cf52728d8c1c512e0eb606a5460cfc06532b", "format": 1 }, { @@ -1117,7 +795,7 @@ "name": "tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "7aacd0b2b04e7b1850906a76dbda5df814c59a78f8b5290eed154cac9655ed68", + "chksum_sha256": "5f2cb44532e32a0e4c55aa765c53cf52728d8c1c512e0eb606a5460cfc06532b", "format": 1 }, { @@ -1131,7 +809,7 @@ "name": "tests/conjur_variable/test_cases/retrieve-variable/env", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "e4e591758bdfdbe673f40afd9e81b4ccdd749a484d843b46f63e77d1e33c8108", + "chksum_sha256": "bf54c0c9c02929e148e92803bfe2e2daa791960688f6c2f8f4330241bec77068", "format": 1 }, { @@ -1152,7 +830,7 @@ "name": "tests/conjur_variable/test_cases/retrieve-variable/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "af47f2a134c9a33e2682f66cefe03002704c71557350674d5b5a58963251f6e3", + "chksum_sha256": "dee229d35c099b379b2e11d1c502ca0158eb506c9065358b969213ccdb489693", "format": 1 }, { @@ -1166,7 +844,7 @@ "name": "tests/conjur_variable/test_cases/retrieve-variable-into-file/env", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "e4e591758bdfdbe673f40afd9e81b4ccdd749a484d843b46f63e77d1e33c8108", + "chksum_sha256": "bf54c0c9c02929e148e92803bfe2e2daa791960688f6c2f8f4330241bec77068", "format": 1 }, { @@ -1187,7 +865,7 @@ "name": "tests/conjur_variable/test_cases/retrieve-variable-into-file/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "8040a8b67b23b63706f3b4f79e6c080f26fbb1472906cab4a7146373b6dfd1b7", + "chksum_sha256": "6b2af7512b20c1bb2d6596049fba491205518fd40fb3ac4400cb3648e568b62a", "format": 1 }, { @@ -1201,7 +879,7 @@ "name": "tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/env", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "8fa8ee6b4fb30d49d52e64a5fb70167ac0bdc7d968f18fe53219e1db475fcff9", + "chksum_sha256": "0f79221a2dba5e7c47cf03aed09ac314d3a0185b73d98735c499d3bfabc01c26", "format": 1 }, { @@ -1222,7 +900,7 @@ "name": "tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "af47f2a134c9a33e2682f66cefe03002704c71557350674d5b5a58963251f6e3", + "chksum_sha256": "e6b50f356ee08724cd4535c1831566274c2b913fe9b24d85deb2c695a3c422a9", "format": 1 }, { @@ -1264,7 +942,7 @@ "name": "tests/conjur_variable/test_cases/retrieve-variable-bad-certs/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "7aacd0b2b04e7b1850906a76dbda5df814c59a78f8b5290eed154cac9655ed68", + "chksum_sha256": "5f2cb44532e32a0e4c55aa765c53cf52728d8c1c512e0eb606a5460cfc06532b", "format": 1 }, { @@ -1292,14 +970,7 @@ "name": "tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "af47f2a134c9a33e2682f66cefe03002704c71557350674d5b5a58963251f6e3", - "format": 1 - }, - { - "name": "tests/conjur_variable/docker-compose.yml", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "c433a8af1060d174e8c03e99fa26da51092a24c007e5486a83de9e507854df9c", + "chksum_sha256": "e6b50f356ee08724cd4535c1831566274c2b913fe9b24d85deb2c695a3c422a9", "format": 1 }, { @@ -1313,7 +984,7 @@ "name": "tests/conjur_variable/test.sh", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "40af14dc3993251c72b4a0d11075e999a1b8ef9076e41b15614e762e6dd94879", + "chksum_sha256": "a0e338fdee47ad4ca994120b6e97ee50c556391b2ca8f8a7cb0af14bb5fae2cc", "format": 1 }, { @@ -1362,7 +1033,7 @@ "name": "tests/conjur_variable/.pytest_cache/v/cache/nodeids", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "d58a2892e1f89b35c10fd58d24d7811dd7537e762c65d3b32decd33681206cee", + "chksum_sha256": "d6a49f2d4432db81b4a2d792008159f6cff2deffb9a47c45718eff2b23bc075e", "format": 1 }, { @@ -1373,34 +1044,6 @@ "format": 1 }, { - "name": "tests/conjur_variable/Dockerfile_nginx", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "53cbc9253079dd1a19afb896e3839d9bd8b812d9473d769438c44eb10e03858c", - "format": 1 - }, - { - "name": "tests/conjur_variable/proxy", - "ftype": "dir", - "chksum_type": null, - "chksum_sha256": null, - "format": 1 - }, - { - "name": "tests/conjur_variable/proxy/ssl.conf", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "11bd8688bb233d0d366f16673a9892bf14aea34aa0d2fe40811ad5ca5028b490", - "format": 1 - }, - { - "name": "tests/conjur_variable/proxy/default.conf", - "ftype": "file", - "chksum_type": "sha256", - "chksum_sha256": "ffa77f3f6db4da0916c4c666fc6e5582a3584dc302a4852048a0b84c889ab7ea", - "format": 1 - }, - { "name": "LICENSE", "ftype": "file", "chksum_type": "sha256", @@ -1411,7 +1054,7 @@ "name": "CHANGELOG.md", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "cfc80a8bef07ed8c3f72a7c27774095d8033d59077a165f688efae49fb8ada77", + "chksum_sha256": "7194fe5e661a279cedfd17870f63d1e6c6682b3c5cfc785780cc8e54bbf3f735", "format": 1 } ], diff --git a/ansible_collections/cyberark/conjur/Jenkinsfile b/ansible_collections/cyberark/conjur/Jenkinsfile index 01242da42..7710f5d21 100644 --- a/ansible_collections/cyberark/conjur/Jenkinsfile +++ b/ansible_collections/cyberark/conjur/Jenkinsfile @@ -8,11 +8,15 @@ pipeline { buildDiscarder(logRotator(numToKeepStr: '30')) } + triggers { + cron(getDailyCronString()) + } + stages { stage('Validate') { parallel { stage('Changelog') { - steps { sh './ci/parse-changelog.sh' } + steps { parseChangelog() } } } } @@ -32,43 +36,94 @@ pipeline { stage('Run integration tests with Conjur Open Source') { stages { - stage('Ansible v6 - latest') { - parallel { - stage('Testing conjur_variable lookup plugin') { + stage('Ansible v8 (core 2.15) - latest') { + stages { + stage('Deploy Conjur') { steps { - sh './ci/test.sh -d conjur_variable' - junit 'tests/conjur_variable/junit/*' + sh './dev/start.sh -v 8' } } + stage('Run tests') { + parallel { + stage('Testing conjur_variable lookup plugin') { + steps { + sh './ci/test.sh -d -t conjur_variable' + junit 'tests/conjur_variable/junit/*' + } + } - stage('Testing conjur_host_identity role') { - steps { - sh './ci/test.sh -d conjur_host_identity' - junit 'roles/conjur_host_identity/tests/junit/*' + stage('Testing conjur_host_identity role') { + steps { + sh './ci/test.sh -d -t conjur_host_identity' + junit 'roles/conjur_host_identity/tests/junit/*' + } + } } } } } - stage('Ansible v5') { + stage('Ansible v7 (core 2.14)') { when { anyOf { branch 'main' buildingTag() } } - parallel { - stage('Testing conjur_variable lookup plugin') { + stages { + stage('Deploy Conjur') { steps { - sh './ci/test.sh -v 5 -d conjur_variable' - junit 'tests/conjur_variable/junit/*' + sh './dev/start.sh -v 7' } } + stage('Run tests') { + parallel { + stage('Testing conjur_variable lookup plugin') { + steps { + sh './ci/test.sh -d -t conjur_variable' + junit 'tests/conjur_variable/junit/*' + } + } - stage('Testing conjur_host_identity role') { + stage('Testing conjur_host_identity role') { + steps { + sh './ci/test.sh -d -t conjur_host_identity' + junit 'roles/conjur_host_identity/tests/junit/*' + } + } + } + } + } + } + + stage('Ansible v6 (core 2.13)') { + when { + anyOf { + branch 'main' + buildingTag() + } + } + stages { + stage('Deploy Conjur') { steps { - sh './ci/test.sh -v 5 -d conjur_host_identity' - junit 'roles/conjur_host_identity/tests/junit/*' + sh './dev/start.sh -v 6' + } + } + stage('Run tests') { + parallel { + stage('Testing conjur_variable lookup plugin') { + steps { + sh './ci/test.sh -d -t conjur_variable' + junit 'tests/conjur_variable/junit/*' + } + } + + stage('Testing conjur_host_identity role') { + steps { + sh './ci/test.sh -d -t conjur_host_identity' + junit 'roles/conjur_host_identity/tests/junit/*' + } + } } } } @@ -78,17 +133,26 @@ pipeline { stage('Run integration tests with Conjur Enterprise') { stages { - stage("Testing conjur_variable lookup plugin") { + stage('Deploy Conjur Enterprise') { steps { - sh './ci/test.sh -e -d conjur_variable' - junit 'tests/conjur_variable/junit/*' + sh './dev/start.sh -e -v 8' } } + stage('Run tests') { + parallel { + stage("Testing conjur_variable lookup plugin") { + steps { + sh './ci/test.sh -d -t conjur_variable' + junit 'tests/conjur_variable/junit/*' + } + } - stage("Testing conjur_host_identity role") { - steps { - sh './ci/test.sh -e -d conjur_host_identity' - junit 'roles/conjur_host_identity/tests/junit/*' + stage("Testing conjur_host_identity role") { + steps { + sh './ci/test.sh -d -t conjur_host_identity' + junit 'roles/conjur_host_identity/tests/junit/*' + } + } } } } diff --git a/ansible_collections/cyberark/conjur/MANIFEST.json b/ansible_collections/cyberark/conjur/MANIFEST.json index e3ecbed80..94249cfd4 100644 --- a/ansible_collections/cyberark/conjur/MANIFEST.json +++ b/ansible_collections/cyberark/conjur/MANIFEST.json @@ -2,7 +2,7 @@ "collection_info": { "namespace": "cyberark", "name": "conjur", - "version": "1.2.0", + "version": "1.2.2", "authors": [ "CyberArk Business Development (@cyberark-bizdev)", "(@cyberark/community-and-integrations-team)" @@ -36,7 +36,7 @@ "name": "FILES.json", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "4c7843e25d53f8c2c8b96576286bfc6b138b4d24784289888c832f761992aadf", + "chksum_sha256": "5eef7fc8156f49fae3c3f275f146563380090cf88f9d722f421d15917eb8a0bb", "format": 1 }, "format": 1 diff --git a/ansible_collections/cyberark/conjur/README.md b/ansible_collections/cyberark/conjur/README.md index 7b9b35471..05bfd0d0e 100644 --- a/ansible_collections/cyberark/conjur/README.md +++ b/ansible_collections/cyberark/conjur/README.md @@ -41,7 +41,7 @@ detailed information on our certification levels, see - An instance of [CyberArk Conjur Open Source](https://www.conjur.org) v1.x+ or [CyberArk Conjur Enterprise](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Resources/_TopNav/cc_Home.htm) (formerly DAP) v10.x+ accessible from the target node -- Ansible >= 2.9 +- Ansible >= 2.13 ## Using ansible-conjur-collection with Conjur Open Source diff --git a/ansible_collections/cyberark/conjur/ci/build_release b/ansible_collections/cyberark/conjur/ci/build_release deleted file mode 100755 index 07baf8898..000000000 --- a/ansible_collections/cyberark/conjur/ci/build_release +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -TOP_LEVEL_DIR="$(cd "$(dirname "$BASH_SOURCE")"; pwd)/.." - -pushd "$TOP_LEVEL_DIR" >/dev/null - docker run --rm -t \ - -v "$TOP_LEVEL_DIR:/collection" \ - python:3 /bin/bash -c " - pip install ansible - ansible-galaxy collection build --force --output /collection/. /collection - " -popd >/dev/null diff --git a/ansible_collections/cyberark/conjur/ci/parse-changelog.sh b/ansible_collections/cyberark/conjur/ci/parse-changelog.sh deleted file mode 100755 index be7d8270e..000000000 --- a/ansible_collections/cyberark/conjur/ci/parse-changelog.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -ex - -docker run \ - --rm \ - --volume "${PWD}/CHANGELOG.md":/CHANGELOG.md \ - cyberark/parse-a-changelog
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/ci/publish_to_galaxy b/ansible_collections/cyberark/conjur/ci/publish_to_galaxy deleted file mode 100755 index 44a2aa16d..000000000 --- a/ansible_collections/cyberark/conjur/ci/publish_to_galaxy +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Strip the 'v' from the Tag Name -TAG=${TAG_NAME//"v"} - -TOP_LEVEL_DIR="$(cd "$(dirname "$BASH_SOURCE")"; pwd)/.." - -pushd "$TOP_LEVEL_DIR" >/dev/null - docker run --rm -t \ - -e GALAXY_API_KEY \ - -v "$TOP_LEVEL_DIR:/collection" \ - python:3 /bin/bash -c " - pip install ansible - ansible-galaxy collection publish --api-key \${GALAXY_API_KEY} /collection/cyberark-conjur-${TAG}.tar.gz - " -popd >/dev/null diff --git a/ansible_collections/cyberark/conjur/ci/test.sh b/ansible_collections/cyberark/conjur/ci/test.sh deleted file mode 100755 index 2a535d750..000000000 --- a/ansible_collections/cyberark/conjur/ci/test.sh +++ /dev/null @@ -1,107 +0,0 @@ -#!/bin/bash -ex - -# Test runner for Ansible Conjur Collection - -# Test subdirectors containing a `test.sh` file -test_directories=("conjur_variable") - -# Roles containing a test subdirectory -role_directories=("conjur_host_identity") - -# Target directory that can be manually set by passing a value to the `-d` flag -target="" - -# Flags to be applied to testing scripts -flags="" - -declare -x ANSIBLE_VERSION="${ANSIBLE_VERSION:-6}" - -# Print usage instructions -function help { - echo "Test runner for Ansible Conjur Collection" - - echo "-a Run all test files in default test directories" - echo "-v <ver> Run tests against the given Ansible major version" - echo "-d <arg> Run test file in given directory. Valid options are: ${test_directories[*]} all" - echo "-e Run tests against Conjur Enterprise. Default: Conjur Open Source" - echo " This option is currently only available when testing against the conjur_variable plugin" - echo "-h View help and available commands" - exit 1 -} - -# Run a `test.sh` file in a given subdirectory of the top-level `tests` directory -# Expected directory structure is "tests/<plugin>/test.sh" -function run_test { - pushd "${PWD}/tests/${1}" - echo "Running ${1} tests..." - ./test.sh "$flags" - popd -} - -# Run a `test.sh` file for a given role -# Expected directory structure is "roles/<role>/tests/test.sh" -function run_role_test { - pushd "${PWD}/roles/${1}/tests" - echo "Running ${1} tests..." - ./test.sh "$flags" - popd -} - -# Handles input to dictate wether all tests should be ran, or just one set -function handle_input { - if [[ -n ${target} ]]; then - for test_dir in "${test_directories[@]}"; do - if [[ ${target} == "${test_dir}" ]]; then - run_test ${target} - exit 0 - fi - done - for test_dir in "${role_directories[@]}"; do - if [[ ${target} == "${test_dir}" ]]; then - run_role_test ${target} - exit 0 - fi - done - echo "Error: unrecognized test directory given: ${target}" - echo "" - help - else - echo "Running all tests..." - for test_dir in "${test_directories[@]}"; do - run_test "${test_dir}" - done - for test_dir in "${role_directories[@]}"; do - run_role_test "${test_dir}" - done - exit 0 - fi -} - -# Exit if no input given -if [[ $# -eq 0 ]] ; then - echo "Error: No test directory or flag given" - echo "" - help -fi - -while getopts ad:ehv: option; do - case "$option" in - a) handle_input - ;; - d) target=${OPTARG} - handle_input - ;; - e) flags="-e" - ;; - h) help - ;; - v) ANSIBLE_VERSION="${OPTARG}" - ;; - * ) - echo "$1 is not a valid option" - help - exit 1 - ;; - esac -done - diff --git a/ansible_collections/cyberark/conjur/dev/Dockerfile b/ansible_collections/cyberark/conjur/dev/Dockerfile deleted file mode 100644 index f8ebcaccb..000000000 --- a/ansible_collections/cyberark/conjur/dev/Dockerfile +++ /dev/null @@ -1,38 +0,0 @@ -FROM ubuntu:20.04 - -ENV DEBIAN_FRONTEND=noninteractive - -WORKDIR /cyberark - -# install python 3 -RUN apt-get update && \ - apt-get install -y python3-pip && \ - pip3 install --upgrade pip - -# install ansible and its test tool -RUN pip3 install ansible pytest-testinfra - -# install docker installation requirements -RUN apt-get update && \ - apt-get install -y apt-transport-https \ - ca-certificates \ - curl \ - software-properties-common - -# install docker -RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - -RUN add-apt-repository \ - "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ - $(lsb_release -cs) \ - stable" - -RUN apt-get update && \ - apt-get -y install docker-ce - -# NOTE: Everything above is copied from REPO_ROOT/tests/conjur_variable/Dockerfile. It defines a -# standard container image for running ansible tests - -# install ruby -RUN apt-get update && apt-get install -y gcc build-essential -RUN apt-add-repository -y ppa:brightbox/ruby-ng && apt-get update && apt-get install -y ruby2.7 ruby2.7-dev -RUN gem install conjur-cli diff --git a/ansible_collections/cyberark/conjur/dev/Dockerfile_nginx b/ansible_collections/cyberark/conjur/dev/Dockerfile_nginx deleted file mode 100644 index d9f18c7bd..000000000 --- a/ansible_collections/cyberark/conjur/dev/Dockerfile_nginx +++ /dev/null @@ -1,16 +0,0 @@ -FROM nginx:1.13.3 - -RUN export DEBIAN_FRONTEND=noninteractive && \ - apt-get update && \ - apt-get install -y iputils-ping procps openssl && \ - rm -rf /var/lib/apt/lists/* - -WORKDIR /etc/nginx/ - -COPY proxy/ssl.conf /etc/ssl/openssl.cnf - -RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ - -config /etc/ssl/openssl.cnf -extensions v3_ca \ - -keyout cert.key -out cert.crt - -COPY proxy/default.conf /etc/nginx/conf.d/default.conf diff --git a/ansible_collections/cyberark/conjur/dev/ansible.cfg b/ansible_collections/cyberark/conjur/dev/ansible.cfg deleted file mode 100644 index 5b1d8246b..000000000 --- a/ansible_collections/cyberark/conjur/dev/ansible.cfg +++ /dev/null @@ -1,7 +0,0 @@ -[defaults] -host_key_checking = False -error_on_undefined_vars = True -timeout = 60 -inventory = inventory.tmp -roles_path = /cyberark -remote_tmp = /tmp diff --git a/ansible_collections/cyberark/conjur/dev/docker-compose.yml b/ansible_collections/cyberark/conjur/dev/docker-compose.yml deleted file mode 100644 index 8e1d2dd9f..000000000 --- a/ansible_collections/cyberark/conjur/dev/docker-compose.yml +++ /dev/null @@ -1,74 +0,0 @@ -version: '3' -services: - ansible: - build: - context: . - dockerfile: Dockerfile - command: /bin/sleep 1d - environment: - CONJUR_APPLIANCE_URL: http://conjur:3000 - CONJUR_ACCOUNT: cucumber - CONJUR_AUTHN_LOGIN: host/ansible/ansible-master - CONJUR_AUTHN_API_KEY: ${ANSIBLE_CONJUR_AUTHN_API_KEY} - CONJUR_CUSTOM_AUTHN_API_KEY: ${CUSTOM_CONJUR_AUTHN_API_KEY} - COMPOSE_PROJECT_NAME: ${COMPOSE_PROJECT_NAME} - # NOTE: Explicitly setting the ANSIBLE_CONFIG envvar avoids Ansible ignoring - # the configuration because it is in a world-writable working directory, - # see https://docs.ansible.com/ansible/latest/reference_appendices/config.html#avoiding-security-risks-with-ansible-cfg-in-the-current-directory. - ANSIBLE_CONFIG: ./ansible.cfg - volumes: - - ../roles/conjur_host_identity:/cyberark/cyberark.conjur.conjur-host-identity/ - - .:/cyberark/dev/ - - /var/run/docker.sock:/var/run/docker.sock - - pg: - image: postgres:9.3 - - conjur: - image: cyberark/conjur - command: server -a cucumber -p 3000 - environment: - CONJUR_APPLIANCE_URL: http://localhost:3000 - DATABASE_URL: postgres://postgres@pg/postgres - CONJUR_DATA_KEY: "W0BuL8iTr/7QvtjIluJbrb5LDAnmXzmcpxkqihO3dXA=" - networks: - - default - links: - - pg - - conjur_cli: - image: cyberark/conjur-cli:5-latest - entrypoint: [] - command: sleep infinity - environment: - CONJUR_APPLIANCE_URL: http://conjur:3000 - CONJUR_ACCOUNT: cucumber - CONJUR_AUTHN_LOGIN: admin - CONJUR_AUTHN_API_KEY: ${CLI_CONJUR_AUTHN_API_KEY} - volumes: - - ./policy:/policy - networks: - - default - links: - - conjur - - test_app_ubuntu: - build: ./test_app_ubuntu - entrypoint: sleep - command: infinity - - test_app_centos: - build: ./test_app_centos - entrypoint: sleep - command: infinity - - conjur-proxy-nginx: - build: - context: . - dockerfile: Dockerfile_nginx - entrypoint: nginx-debug -g 'daemon off;' - environment: - TERM: xterm - depends_on: - - conjur - - conjur_cli diff --git a/ansible_collections/cyberark/conjur/dev/playbooks/conjur-identity-setup/conjur_role_playbook.yml b/ansible_collections/cyberark/conjur/dev/playbooks/conjur-identity-setup/conjur_role_playbook.yml deleted file mode 100644 index 6972b50ed..000000000 --- a/ansible_collections/cyberark/conjur/dev/playbooks/conjur-identity-setup/conjur_role_playbook.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: Configuring conjur identity on remote hosts - hosts: testapp - roles: - - role: "cyberark.conjur.conjur-host-identity" - conjur_account: cucumber - conjur_appliance_url: "https://conjur-proxy-nginx" - conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}" - conjur_host_name: "conjur_{{ ansible_hostname }}" - conjur_ssl_certificate: "{{lookup('file', '../../conjur.pem')}}" - conjur_validate_certs: yes diff --git a/ansible_collections/cyberark/conjur/dev/playbooks/inventory-setup/inventory-playbook-v2.yml b/ansible_collections/cyberark/conjur/dev/playbooks/inventory-setup/inventory-playbook-v2.yml deleted file mode 100644 index 3bf92eaf8..000000000 --- a/ansible_collections/cyberark/conjur/dev/playbooks/inventory-setup/inventory-playbook-v2.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Compile inventory template locally - hosts: localhost - tasks: - - name: compile inventory template - template: src=inventory-v2.j2 dest=/cyberark/dev/inventory.tmp diff --git a/ansible_collections/cyberark/conjur/dev/playbooks/inventory-setup/inventory-playbook.yml b/ansible_collections/cyberark/conjur/dev/playbooks/inventory-setup/inventory-playbook.yml deleted file mode 100644 index e61ee8053..000000000 --- a/ansible_collections/cyberark/conjur/dev/playbooks/inventory-setup/inventory-playbook.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Compile inventory template locally - hosts: localhost - tasks: - - name: compile inventory template - template: src=inventory.j2 dest=/cyberark/dev/inventory.tmp diff --git a/ansible_collections/cyberark/conjur/dev/playbooks/inventory-setup/inventory-v2.j2 b/ansible_collections/cyberark/conjur/dev/playbooks/inventory-setup/inventory-v2.j2 deleted file mode 100644 index 4a004fb13..000000000 --- a/ansible_collections/cyberark/conjur/dev/playbooks/inventory-setup/inventory-v2.j2 +++ /dev/null @@ -1,6 +0,0 @@ -[testapp] -{{ lookup('env','COMPOSE_PROJECT_NAME') }}-test_app_ubuntu-[1:2] ansible_connection=docker -{{ lookup('env','COMPOSE_PROJECT_NAME') }}-test_app_centos-[1:2] ansible_connection=docker - -[ansible] -{{ lookup('env','COMPOSE_PROJECT_NAME') }}-ansible-1 ansible_connection=docker diff --git a/ansible_collections/cyberark/conjur/dev/playbooks/inventory-setup/inventory.j2 b/ansible_collections/cyberark/conjur/dev/playbooks/inventory-setup/inventory.j2 deleted file mode 100644 index 62d48ef82..000000000 --- a/ansible_collections/cyberark/conjur/dev/playbooks/inventory-setup/inventory.j2 +++ /dev/null @@ -1,6 +0,0 @@ -[testapp] -{{ lookup('env','COMPOSE_PROJECT_NAME') }}_test_app_ubuntu_[1:2] ansible_connection=docker -{{ lookup('env','COMPOSE_PROJECT_NAME') }}_test_app_centos_[1:2] ansible_connection=docker - -[ansible] -{{ lookup('env','COMPOSE_PROJECT_NAME') }}_ansible_1 ansible_connection=docker diff --git a/ansible_collections/cyberark/conjur/dev/policy/root.yml b/ansible_collections/cyberark/conjur/dev/policy/root.yml deleted file mode 100644 index 0309cf702..000000000 --- a/ansible_collections/cyberark/conjur/dev/policy/root.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- !policy - id: ansible - annotations: - description: Policy for Ansible master and remote hosts - body: - - - !host - id: ansible-master - annotations: - description: Host for running Ansible on remote targets - - - !layer &remote_hosts_layer - id: remote_hosts - annotations: - description: Layer for Ansible remote hosts - - - !host-factory - id: ansible-factory - annotations: - description: Factory to create new hosts for ansible - layer: [ *remote_hosts_layer ] - - - !variable - id: target-password - annotations: - description: Password needed by the Ansible remote machine - - - !permit - role: *remote_hosts_layer - privileges: [ execute ] - resources: [ !variable target-password ] diff --git a/ansible_collections/cyberark/conjur/dev/proxy/default.conf b/ansible_collections/cyberark/conjur/dev/proxy/default.conf deleted file mode 100644 index db2153a71..000000000 --- a/ansible_collections/cyberark/conjur/dev/proxy/default.conf +++ /dev/null @@ -1,33 +0,0 @@ -server { - listen 80; - return 301 https://conjur$request_uri; -} - -server { - listen 443; - server_name localhost; - ssl_certificate /etc/nginx/cert.crt; - ssl_certificate_key /etc/nginx/cert.key; - - ssl on; - ssl_session_cache builtin:1000 shared:SSL:10m; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; - ssl_prefer_server_ciphers on; - - access_log /var/log/nginx/access.log; - - location / { - proxy_pass http://conjur:3000; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - -} diff --git a/ansible_collections/cyberark/conjur/dev/proxy/ssl.conf b/ansible_collections/cyberark/conjur/dev/proxy/ssl.conf deleted file mode 100644 index e78716b27..000000000 --- a/ansible_collections/cyberark/conjur/dev/proxy/ssl.conf +++ /dev/null @@ -1,39 +0,0 @@ -[req] -default_bits = 2048 -prompt = no -default_md = sha256 -req_extensions = req_ext -distinguished_name = dn -x509_extensions = v3_ca # The extentions to add to the self signed cert -req_extensions = v3_req -x509_extensions = usr_cert - -[ dn ] -C=IL -ST=Israel -L=TLV -O=Onyx -OU=CyberArk -CN=conjur-proxy-nginx - -[ usr_cert ] -basicConstraints=CA:FALSE -nsCertType = client, server, email -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection -nsComment = "OpenSSL Generated Certificate" -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -[ v3_req ] -extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -[ v3_ca ] -subjectAltName = @alt_names - -[ alt_names ] -DNS.1 = localhost -DNS.2 = conjur-proxy-nginx -IP.1 = 127.0.0.1 diff --git a/ansible_collections/cyberark/conjur/dev/start.sh b/ansible_collections/cyberark/conjur/dev/start.sh deleted file mode 100755 index f9ba8b525..000000000 --- a/ansible_collections/cyberark/conjur/dev/start.sh +++ /dev/null @@ -1,113 +0,0 @@ -#!/bin/bash -set -ex - - -declare -x ANSIBLE_CONJUR_AUTHN_API_KEY='' -declare -x CLI_CONJUR_AUTHN_API_KEY='' -declare cli_cid='' -declare conjur_cid='' -declare ansible_cid='' -# normalises project name by filtering non alphanumeric characters and transforming to lowercase -declare -x COMPOSE_PROJECT_NAME - -COMPOSE_PROJECT_NAME=$(echo "${BUILD_TAG:-ansible-pluging-testing}-conjur-host-identity" | sed -e 's/[^[:alnum:]]//g' | tr '[:upper:]' '[:lower:]') -export COMPOSE_PROJECT_NAME - -# get conjur client auth api key -function api_key_for { - local role_id=$1 - if [ -n "$role_id" ] - then - docker exec "${conjur_cid}" rails r "print Credentials['${role_id}'].api_key" - else - echo ERROR: api_key_for called with no argument 1>&2 - exit 1 - fi -} - -function hf_token { - docker exec "${cli_cid}" bash -c 'conjur hostfactory tokens create --duration-days=5 ansible/ansible-factory | jq -r ".[0].token"' -} - -function setup_conjur { - echo "---- setting up conjur ----" - # run policy - docker exec "${cli_cid}" conjur policy load root /policy/root.yml - # set secret values - docker exec "${cli_cid}" bash -ec 'conjur variable values add ansible/target-password target_secret_password' -} - -function setup_conjur_identities { - echo "---scale up inventory nodes and setup the conjur identity there---" - teardown_and_setup - docker exec "${ansible_cid}" env HFTOKEN="$(hf_token)" bash -ec " - cd dev - ansible-playbook playbooks/conjur-identity-setup/conjur_role_playbook.yml" -} - - # Scale up inventory nodes -function teardown_and_setup { - docker-compose up -d --force-recreate --scale test_app_ubuntu=2 test_app_ubuntu - docker-compose up -d --force-recreate --scale test_app_centos=2 test_app_centos -} - -function wait_for_server { - # shellcheck disable=SC2016 - docker exec "${cli_cid}" bash -ec ' - for i in $( seq 20 ); do - curl -o /dev/null -fs -X OPTIONS ${CONJUR_APPLIANCE_URL} > /dev/null && echo "server is up" && break - echo "." - sleep 2 - done - ' -} - -function fetch_ssl_cert { - (docker-compose exec -T conjur-proxy-nginx cat cert.crt) > conjur.pem -} - -function generate_inventory { - # Use a different inventory file for docker-compose v1 and v2 or later - playbook_file="inventory-playbook-v2.yml" - compose_ver=$(docker-compose version --short) - if [[ $compose_ver == "1"* ]]; then - playbook_file="inventory-playbook.yml" - fi - - # uses .j2 template to generate inventory prepended with COMPOSE_PROJECT_NAME - docker-compose exec -T ansible bash -ec " - cd dev - ansible-playbook playbooks/inventory-setup/$playbook_file - " -} - -function clean { - echo 'Removing dev environment' - echo '---' - docker-compose down -v - rm -rf inventory.tmp -} - -function main() { - clean - docker-compose up -d --build - generate_inventory - - conjur_cid=$(docker-compose ps -q conjur) - cli_cid=$(docker-compose ps -q conjur_cli) - fetch_ssl_cert - wait_for_server - - CLI_CONJUR_AUTHN_API_KEY=$(api_key_for 'cucumber:user:admin') - docker-compose up -d conjur_cli - - cli_cid=$(docker-compose ps -q conjur_cli) - setup_conjur - - ANSIBLE_CONJUR_AUTHN_API_KEY=$(api_key_for 'cucumber:host:ansible/ansible-master') - docker-compose up -d ansible - - ansible_cid=$(docker-compose ps -q ansible) - setup_conjur_identities -} - main
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/dev/test_app_centos/Dockerfile b/ansible_collections/cyberark/conjur/dev/test_app_centos/Dockerfile deleted file mode 100644 index ee474e7bf..000000000 --- a/ansible_collections/cyberark/conjur/dev/test_app_centos/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM centos:7 - -# Install Python so Ansible can run against node -RUN yum update -y && yum install -y python3 diff --git a/ansible_collections/cyberark/conjur/dev/test_app_ubuntu/Dockerfile b/ansible_collections/cyberark/conjur/dev/test_app_ubuntu/Dockerfile deleted file mode 100644 index 1721241ba..000000000 --- a/ansible_collections/cyberark/conjur/dev/test_app_ubuntu/Dockerfile +++ /dev/null @@ -1,5 +0,0 @@ -FROM ubuntu:20.04 - -# Install Python so Ansible can run against node -RUN apt-get update -y && apt-get install -y python3-minimal - diff --git a/ansible_collections/cyberark/conjur/dev/test_unit.sh b/ansible_collections/cyberark/conjur/dev/test_unit.sh deleted file mode 100755 index 0a00da865..000000000 --- a/ansible_collections/cyberark/conjur/dev/test_unit.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -eu - -ansible_version="stable-2.10" -python_version="3.9" -gen_report="false" - -cd "$(dirname "$0")"/.. - -function print_usage() { - cat << EOF -Run unit tests for Conjur Variable Lookup plugin. - -./ansibletest.sh [options] - --a <version> Run tests against specified Ansible version (Default: stable-2.10) --p <version> Run tests against specified Python version (Default: 3.9) --r Generate test coverage report -EOF -} - -while getopts 'a:p:r' flag; do - case "${flag}" in - a) ansible_version="${OPTARG}" ;; - p) python_version="${OPTARG}" ;; - r) gen_report="true" ;; - *) print_usage - exit 1 ;; - esac -done - -test_cmd="ansible-test units -v --python $python_version" -if [[ "$gen_report" == "true" ]]; then - test_cmd="ansible-test coverage erase; - $test_cmd --coverage; - ansible-test coverage html --requirements --group-by command; - " -fi - -docker build \ - --build-arg PYTHON_VERSION="${python_version}" \ - --build-arg ANSIBLE_VERSION="${ansible_version}" \ - -t pytest-tools:latest \ - -f tests/unit/Dockerfile . -docker run --rm \ - -v "${PWD}/":/ansible_collections/cyberark/conjur/ \ - -w /ansible_collections/cyberark/conjur/tests/unit/ \ - pytest-tools:latest /bin/bash -c "$test_cmd" diff --git a/ansible_collections/cyberark/conjur/meta/runtime.yml b/ansible_collections/cyberark/conjur/meta/runtime.yml index 58bc85789..d39009e72 100644 --- a/ansible_collections/cyberark/conjur/meta/runtime.yml +++ b/ansible_collections/cyberark/conjur/meta/runtime.yml @@ -1,2 +1,2 @@ --- - requires_ansible: '>=2.9' + requires_ansible: '>=2.13' diff --git a/ansible_collections/cyberark/conjur/plugins/lookup/conjur_variable.py b/ansible_collections/cyberark/conjur/plugins/lookup/conjur_variable.py index 8b523c6c5..db3d209e4 100644 --- a/ansible_collections/cyberark/conjur/plugins/lookup/conjur_variable.py +++ b/ansible_collections/cyberark/conjur/plugins/lookup/conjur_variable.py @@ -92,7 +92,7 @@ from ansible.plugins.lookup import LookupBase from base64 import b64encode from netrc import netrc from os import environ -from time import time, sleep +from time import sleep from ansible.module_utils.six.moves.urllib.parse import quote from ansible.module_utils.urls import urllib_error from stat import S_IRUSR, S_IWUSR @@ -101,7 +101,6 @@ import yaml from ansible.module_utils.urls import open_url from ansible.utils.display import Display -import ssl display = Display() diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tasks/identity_check.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tasks/identity_check.yml index 8661daf70..2e9ab27ce 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tasks/identity_check.yml +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tasks/identity_check.yml @@ -9,12 +9,13 @@ conjurized: "{{ identity_file.stat.exists|bool }}" - name: Ensure all required variables are set - fail: msg="Variable '{{ item }}' is not set!" - when: item is undefined - with_items: - - "{{ conjur_account }}" - - "{{ conjur_appliance_url }}" - - "{{ conjur_host_name }}" + fail: + msg: Variable '{{ item }}' is not set! + when: vars[item] is undefined + loop: + - conjur_account + - conjur_appliance_url + - conjur_host_name - name: Set fact "ssl_configuration" set_fact: @@ -22,11 +23,12 @@ - block: - name: Ensure all required ssl variables are set - fail: msg="Variable '{{ item }}' is not set!" - when: item is undefined - with_items: - - "{{ conjur_ssl_certificate }}" - - "{{ conjur_validate_certs }}" + fail: + msg: Variable '{{ item }}' is not set! + when: vars[item] is undefined + loop: + - conjur_ssl_certificate + - conjur_validate_certs - name: Set fact "ssl file path" set_fact: @@ -46,8 +48,7 @@ - block: - name: Ensure "conjur_host_factory_token" is set (if node is not already conjurized) - fail: msg="Variable '{{ item }}' is not set!" - when: item is undefined - with_items: - - "{{ conjur_host_factory_token }}" + fail: + msg: Variable 'conjur_host_factory_token' is not set! + when: conjur_host_factory_token is undefined when: not conjurized diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.dockerignore b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.dockerignore deleted file mode 100644 index 5ed3ebd29..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.dockerignore +++ /dev/null @@ -1 +0,0 @@ -conjur-intro/
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.pytest_cache/v/cache/nodeids b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.pytest_cache/v/cache/nodeids index ffadcb1be..3bcaaa5b8 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.pytest_cache/v/cache/nodeids +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.pytest_cache/v/cache/nodeids @@ -1,22 +1,22 @@ [ - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]", - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]", - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]", - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]", - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]", - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]", - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]", - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_centos-1]", + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_centos-2]", + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_ubuntu-1]", + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_ubuntu-2]", + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://dev-test_app_centos-1]", + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://dev-test_app_centos-2]", + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://dev-test_app_ubuntu-1]", + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://dev-test_app_ubuntu-2]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_centos-1]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_centos-2]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_ubuntu-1]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_ubuntu-2]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://dev-test_app_centos-1]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://dev-test_app_centos-2]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://dev-test_app_ubuntu-1]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://dev-test_app_ubuntu-2]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://dev-test_app_centos-1]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://dev-test_app_centos-2]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://dev-test_app_ubuntu-1]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://dev-test_app_ubuntu-2]" ]
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile deleted file mode 100644 index 3985b12ad..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile +++ /dev/null @@ -1,39 +0,0 @@ -FROM ubuntu:20.04 - -ENV DEBIAN_FRONTEND=noninteractive - -WORKDIR /cyberark - -# install python 3 -RUN apt-get update && \ - apt-get install -y python3-pip && \ - pip3 install --upgrade pip - -ARG ANSIBLE_VERSION -# install ansible and its test tool -RUN pip3 install ansible==${ANSIBLE_VERSION}.* pytest-testinfra - -# install docker installation requirements -RUN apt-get update && \ - apt-get install -y apt-transport-https \ - ca-certificates \ - curl \ - software-properties-common - -# install docker -RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - -RUN add-apt-repository \ - "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ - $(lsb_release -cs) \ - stable" - -RUN apt-get update && \ - apt-get -y install docker-ce - -# NOTE: Everything above is copied from REPO_ROOT/tests/conjur_variable/Dockerfile. It defines a -# standard container image for running ansible tests - -# install ruby -RUN apt-get update && apt-get install -y gcc build-essential -RUN apt-add-repository -y ppa:brightbox/ruby-ng && apt-get update && apt-get install -y ruby2.7 ruby2.7-dev -RUN gem install conjur-cli
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile_nginx b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile_nginx deleted file mode 100644 index d9f18c7bd..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile_nginx +++ /dev/null @@ -1,16 +0,0 @@ -FROM nginx:1.13.3 - -RUN export DEBIAN_FRONTEND=noninteractive && \ - apt-get update && \ - apt-get install -y iputils-ping procps openssl && \ - rm -rf /var/lib/apt/lists/* - -WORKDIR /etc/nginx/ - -COPY proxy/ssl.conf /etc/ssl/openssl.cnf - -RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ - -config /etc/ssl/openssl.cnf -extensions v3_ca \ - -keyout cert.key -out cert.crt - -COPY proxy/default.conf /etc/nginx/conf.d/default.conf diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/ansible.cfg b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/ansible.cfg deleted file mode 100644 index 56026b775..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/ansible.cfg +++ /dev/null @@ -1,8 +0,0 @@ -[defaults] -display_skipped_hosts = False -host_key_checking = False -error_on_undefined_vars = True -timeout = 60 -inventory = inventory.tmp -roles_path = /cyberark -remote_tmp = /tmp diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/docker-compose.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/docker-compose.yml deleted file mode 100644 index 832655687..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/docker-compose.yml +++ /dev/null @@ -1,84 +0,0 @@ -version: '3' -services: - ansible: - build: - context: . - dockerfile: Dockerfile - args: - ANSIBLE_VERSION: ${ANSIBLE_VERSION} - command: /bin/sleep 1d - environment: - CONJUR_APPLIANCE_URL: ${CONJUR_APPLIANCE_URL} - CONJUR_ACCOUNT: ${CONJUR_ACCOUNT} - CONJUR_AUTHN_LOGIN: ${CONJUR_AUTHN_LOGIN} - CONJUR_AUTHN_API_KEY: ${ANSIBLE_CONJUR_AUTHN_API_KEY} - CONJUR_CUSTOM_AUTHN_API_KEY: ${CUSTOM_CONJUR_AUTHN_API_KEY} - COMPOSE_PROJECT_NAME: ${COMPOSE_PROJECT_NAME} - # NOTE: Explicitly setting the ANSIBLE_CONFIG envvar avoids Ansible ignoring - # the configuration because it is in a world-writable working directory, - # see https://docs.ansible.com/ansible/latest/reference_appendices/config.html#avoiding-security-risks-with-ansible-cfg-in-the-current-directory. - ANSIBLE_CONFIG: ./ansible.cfg - networks: - - "${DOCKER_NETWORK}" - volumes: - - ..:/cyberark/cyberark.conjur.conjur-host-identity/ - - .:/cyberark/tests/ - - /var/run/docker.sock:/var/run/docker.sock - pg: - image: postgres:9.3 - - conjur: - image: cyberark/conjur - command: server -a cucumber -p 3000 - environment: - CONJUR_APPLIANCE_URL: http://localhost:3000 - DATABASE_URL: postgres://postgres@pg/postgres - CONJUR_DATA_KEY: "W0BuL8iTr/7QvtjIluJbrb5LDAnmXzmcpxkqihO3dXA=" - networks: - - default - links: - - pg - - conjur_cli: - image: cyberark/conjur-cli:5-latest - entrypoint: [] - command: sleep infinity - environment: - CONJUR_APPLIANCE_URL: http://conjur:3000 - CONJUR_ACCOUNT: cucumber - CONJUR_AUTHN_LOGIN: admin - CONJUR_AUTHN_API_KEY: ${CLI_CONJUR_AUTHN_API_KEY} - volumes: - - ./policy:/policy - links: - - conjur - - test_app_ubuntu: - build: ./test_app_ubuntu - entrypoint: sleep - command: infinity - networks: - - "${DOCKER_NETWORK}" - - test_app_centos: - build: ./test_app_centos - entrypoint: sleep - command: infinity - networks: - - "${DOCKER_NETWORK}" - - conjur-proxy-nginx: - build: - context: . - dockerfile: Dockerfile_nginx - entrypoint: nginx-debug -g 'daemon off;' - environment: - TERM: xterm - depends_on: - - conjur - - conjur_cli - -networks: - dap_net: - name: dap_net - external: true diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook-v2.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook-v2.yml deleted file mode 100644 index d47081cbe..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook-v2.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Compile inventory template locally - hosts: localhost - tasks: - - name: compile inventory template - template: src=inventory-v2.j2 dest=/cyberark/tests/inventory.tmp diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook.yml deleted file mode 100644 index 91d44fcb8..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Compile inventory template locally - hosts: localhost - tasks: - - name: compile inventory template - template: src=inventory.j2 dest=/cyberark/tests/inventory.tmp diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-v2.j2 b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-v2.j2 deleted file mode 100644 index 4a004fb13..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-v2.j2 +++ /dev/null @@ -1,6 +0,0 @@ -[testapp] -{{ lookup('env','COMPOSE_PROJECT_NAME') }}-test_app_ubuntu-[1:2] ansible_connection=docker -{{ lookup('env','COMPOSE_PROJECT_NAME') }}-test_app_centos-[1:2] ansible_connection=docker - -[ansible] -{{ lookup('env','COMPOSE_PROJECT_NAME') }}-ansible-1 ansible_connection=docker diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory.j2 b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory.j2 deleted file mode 100644 index 62d48ef82..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory.j2 +++ /dev/null @@ -1,6 +0,0 @@ -[testapp] -{{ lookup('env','COMPOSE_PROJECT_NAME') }}_test_app_ubuntu_[1:2] ansible_connection=docker -{{ lookup('env','COMPOSE_PROJECT_NAME') }}_test_app_centos_[1:2] ansible_connection=docker - -[ansible] -{{ lookup('env','COMPOSE_PROJECT_NAME') }}_ansible_1 ansible_connection=docker diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/cleanup-conjur-identity b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/cleanup-conjur-identity index d1372eaea..d5cf77577 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/cleanup-conjur-identity +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/cleanup-conjur-identity @@ -1 +1 @@ -<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="8" time="4.102" timestamp="2022-09-09T15:12:54.260298" hostname="3ef34ba116db"><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.681" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.198" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.687" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.201" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.698" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.213" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.702" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.190" /></testsuite></testsuites>
\ No newline at end of file +<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="8" time="3.385" timestamp="2023-09-28T17:31:14.495645" hostname="3bd1d1ebca35"><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_centos-1]" time="0.554" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://dev-test_app_centos-1]" time="0.182" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_centos-2]" time="0.524" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://dev-test_app_centos-2]" time="0.169" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_ubuntu-1]" time="0.517" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://dev-test_app_ubuntu-1]" time="0.182" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_ubuntu-2]" time="0.551" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://dev-test_app_ubuntu-2]" time="0.178" /></testsuite></testsuites>
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/configure-conjur-identity b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/configure-conjur-identity index d982cbaa2..aec86fd9d 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/configure-conjur-identity +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/configure-conjur-identity @@ -1 +1 @@ -<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="12" time="5.511" timestamp="2022-09-09T15:14:31.194874" hostname="3ef34ba116db"><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.691" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.412" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.133" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.710" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.384" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.126" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.727" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.383" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.155" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.719" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.387" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.143" /></testsuite></testsuites>
\ No newline at end of file +<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="12" time="4.685" timestamp="2023-09-28T17:32:48.189759" hostname="3bd1d1ebca35"><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_centos-1]" time="0.551" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://dev-test_app_centos-1]" time="0.356" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://dev-test_app_centos-1]" time="0.130" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_centos-2]" time="0.524" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://dev-test_app_centos-2]" time="0.363" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://dev-test_app_centos-2]" time="0.134" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_ubuntu-1]" time="0.530" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://dev-test_app_ubuntu-1]" time="0.413" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://dev-test_app_ubuntu-1]" time="0.122" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_ubuntu-2]" time="0.536" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://dev-test_app_ubuntu-2]" time="0.358" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://dev-test_app_ubuntu-2]" time="0.139" /></testsuite></testsuites>
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/policy/root.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/policy/root.yml deleted file mode 100644 index 0309cf702..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/policy/root.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- !policy - id: ansible - annotations: - description: Policy for Ansible master and remote hosts - body: - - - !host - id: ansible-master - annotations: - description: Host for running Ansible on remote targets - - - !layer &remote_hosts_layer - id: remote_hosts - annotations: - description: Layer for Ansible remote hosts - - - !host-factory - id: ansible-factory - annotations: - description: Factory to create new hosts for ansible - layer: [ *remote_hosts_layer ] - - - !variable - id: target-password - annotations: - description: Password needed by the Ansible remote machine - - - !permit - role: *remote_hosts_layer - privileges: [ execute ] - resources: [ !variable target-password ] diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/default.conf b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/default.conf deleted file mode 100644 index db2153a71..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/default.conf +++ /dev/null @@ -1,33 +0,0 @@ -server { - listen 80; - return 301 https://conjur$request_uri; -} - -server { - listen 443; - server_name localhost; - ssl_certificate /etc/nginx/cert.crt; - ssl_certificate_key /etc/nginx/cert.key; - - ssl on; - ssl_session_cache builtin:1000 shared:SSL:10m; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; - ssl_prefer_server_ciphers on; - - access_log /var/log/nginx/access.log; - - location / { - proxy_pass http://conjur:3000; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - -} diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/ssl.conf b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/ssl.conf deleted file mode 100644 index e78716b27..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/ssl.conf +++ /dev/null @@ -1,39 +0,0 @@ -[req] -default_bits = 2048 -prompt = no -default_md = sha256 -req_extensions = req_ext -distinguished_name = dn -x509_extensions = v3_ca # The extentions to add to the self signed cert -req_extensions = v3_req -x509_extensions = usr_cert - -[ dn ] -C=IL -ST=Israel -L=TLV -O=Onyx -OU=CyberArk -CN=conjur-proxy-nginx - -[ usr_cert ] -basicConstraints=CA:FALSE -nsCertType = client, server, email -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection -nsComment = "OpenSSL Generated Certificate" -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -[ v3_req ] -extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -[ v3_ca ] -subjectAltName = @alt_names - -[ alt_names ] -DNS.1 = localhost -DNS.2 = conjur-proxy-nginx -IP.1 = 127.0.0.1 diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test.sh b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test.sh index 9a54cb8b9..1f7e28145 100755 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test.sh +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test.sh @@ -1,249 +1,37 @@ #!/bin/bash -eu - set -o pipefail - -# normalises project name by filtering non alphanumeric characters and transforming to lowercase -declare -x COMPOSE_PROJECT_NAME='' -declare -x ENTERPRISE_PROJECT='conjur-intro-host' -declare -x ANSIBLE_PROJECT='' - -declare -x ANSIBLE_CONJUR_AUTHN_API_KEY='' -declare -x CLI_CONJUR_AUTHN_API_KEY='' -declare -x DOCKER_NETWORK="default" -declare -x ANSIBLE_VERSION="${ANSIBLE_VERSION:-6}" - -declare cli_cid='' -declare ansible_cid='' -declare enterprise='false' -declare test_dir='' - - ANSIBLE_PROJECT=$(echo "${BUILD_TAG:-ansible-plugin-testing}-conjur-host-identity" | sed -e 's/[^[:alnum:]]//g' | tr '[:upper:]' '[:lower:]') - test_dir="$(pwd)" - -function clean { - echo 'Removing test environment' - echo '---' - - # Escape conjur-intro dir if Enterprise setup fails - cd "${test_dir}" - - if [[ -d conjur-intro ]]; then - pushd conjur-intro - COMPOSE_PROJECT_NAME="${ENTERPRISE_PROJECT}" - ./bin/dap --stop - popd - rm -rf conjur-intro - fi - - COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}" - docker-compose down -v - rm -rf inventory.tmp \ - conjur.pem -} -function finish { - rv=$? - clean || true - exit $rv -} -trap finish EXIT - -while getopts 'e' flag; do - case "${flag}" in - e) enterprise="true" ;; - *) exit 1 ;; - esac -done - -clean - -function setup_admin_api_key { - if [[ "$enterprise" == "true" ]]; then - docker exec "${cli_cid}" \ - conjur user rotate_api_key - else - docker-compose exec -T conjur \ - conjurctl role retrieve-key "${CONJUR_ACCOUNT}:user:admin" - fi -} - -function setup_ansible_api_key { - docker exec "${cli_cid}" \ - conjur host rotate_api_key --host ansible/ansible-master -} - -function hf_token { - docker exec "${cli_cid}" bash -c "conjur hostfactory tokens create --duration-days=5 ansible/ansible-factory | jq -r '.[0].token'" -} - -function setup_conjur_resources { - echo "---- setting up conjur ----" - policy_path="root.yml" - if [[ "${enterprise}" == "false" ]]; then - policy_path="/policy/${policy_path}" - fi - - docker exec "${cli_cid}" bash -ec " - conjur policy load root ${policy_path} - conjur variable values add ansible/target-password target_secret_password - " -} +source "$(git rev-parse --show-toplevel)/dev/util.sh" function run_test_cases { for test_case in test_cases/*; do - teardown_and_setup + teardown_and_setup_inventory run_test_case "$(basename -- "$test_case")" done } function run_test_case { + local test_case="$1" echo "---- testing ${test_case} ----" - local test_case=$1 - if [ -n "$test_case" ]; then - docker exec "${ansible_cid}" \ - env HFTOKEN="$(hf_token)" \ - env CONJUR_ACCOUNT="${CONJUR_ACCOUNT}" \ - env CONJUR_APPLIANCE_URL="${CONJUR_APPLIANCE_URL}" \ - bash -ec " - cd tests - ansible-playbook test_cases/${test_case}/playbook.yml - " - if [ -d "${test_dir}/test_cases/${test_case}/tests/" ]; then - docker exec "${ansible_cid}" bash -ec " - cd tests - py.test --junitxml=./junit/${test_case} --connection docker -v test_cases/${test_case}/tests/test_default.py - " - fi - else - echo ERROR: run_test called with no argument 1>&2 - exit 1 - fi -} - -function teardown_and_setup { - docker-compose up -d --force-recreate --scale test_app_ubuntu=2 test_app_ubuntu - docker-compose up -d --force-recreate --scale test_app_centos=2 test_app_centos -} - -function wait_for_server { - # shellcheck disable=SC2016 - docker exec "${cli_cid}" bash -ec ' - for i in $( seq 20 ); do - curl -o /dev/null -fs -X OPTIONS ${CONJUR_APPLIANCE_URL} > /dev/null && echo "server is up" && break - echo "." - sleep 2 - done - ' -} - -function fetch_ssl_cert { - echo "Fetching SSL certs" - service_id="conjur-proxy-nginx" - cert_path="cert.crt" - if [[ "${enterprise}" == "true" ]]; then - service_id="conjur-master.mycompany.local" - cert_path="/etc/ssl/certs/ca.pem" - fi - - (docker-compose exec -T "${service_id}" cat "${cert_path}") > conjur.pem -} -function generate_inventory { - # Use a different inventory file for docker-compose v1 and v2 or later - playbook_file="inventory-playbook-v2.yml" - compose_ver=$(docker-compose version --short) - if [[ $compose_ver == "1"* ]]; then - playbook_file="inventory-playbook.yml" + if [ -z "$test_case" ]; then + echo ERROR: run_test_case called with no argument 1>&2 + exit 1 fi - # uses .j2 template to generate inventory prepended with COMPOSE_PROJECT_NAME - docker-compose exec -T ansible bash -ec " - cd tests - ansible-playbook $playbook_file - " + docker exec -e HFTOKEN="$(hf_token)" \ + "$(ansible_cid)" bash -ec " + cd /cyberark/tests/conjur-host-identity - cat inventory.tmp -} - -function setup_conjur_open_source() { - docker-compose up -d --build - - cli_cid="$(docker-compose ps -q conjur_cli)" - - fetch_ssl_cert - wait_for_server - - echo "Recreating Conjur CLI with admin credentials" - CLI_CONJUR_AUTHN_API_KEY=$(setup_admin_api_key) - docker-compose up -d conjur_cli - cli_cid=$(docker-compose ps -q conjur_cli) - - setup_conjur_resources -} + # You can add -vvvvv here for debugging + ansible-playbook test_cases/$test_case/playbook.yml + " -function setup_conjur_enterprise() { - git clone --single-branch --branch main https://github.com/conjurdemos/conjur-intro.git - pushd ./conjur-intro - - echo "Provisioning Enterprise leader and follower" - ./bin/dap --provision-master - ./bin/dap --provision-follower - - cp ../policy/root.yml . - - # Run 'sleep infinity' in the CLI container, so the scripts - # have access to an alive and authenticated CLI until the script terminates - cli_cid="$(docker-compose run -d \ - -w /src/cli \ - --entrypoint sleep client infinity)" - - echo "Authenticate Conjur CLI container" - docker exec "${cli_cid}" \ - /bin/bash -c " - if [ ! -e /root/conjur-demo.pem ]; then - yes 'yes' | conjur init -u ${CONJUR_APPLIANCE_URL} -a ${CONJUR_ACCOUNT} - fi - conjur authn login -u admin -p MySecretP@ss1 - hostname -I - " - - fetch_ssl_cert - setup_conjur_resources - - echo "Relocate credential files" - mv conjur.pem ../. - popd -} - -function main() { - if [[ "${enterprise}" == "true" ]]; then - echo "Deploying Conjur Enterprise" - - export DOCKER_NETWORK="dap_net" - export CONJUR_APPLIANCE_URL="https://conjur-master.mycompany.local" - export CONJUR_ACCOUNT="demo" - COMPOSE_PROJECT_NAME="${ENTERPRISE_PROJECT}" - DOCKER_NETWORK="dap_net" - - setup_conjur_enterprise - else - echo "Deploying Conjur Open Source" - - export CONJUR_APPLIANCE_URL="https://conjur-proxy-nginx" - export CONJUR_ACCOUNT="cucumber" - COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}" - - setup_conjur_open_source + if [ -d "test_cases/${test_case}/tests/" ]; then + docker exec "$(ansible_cid)" bash -ec " + cd /cyberark/tests/conjur-host-identity + py.test --junitxml=./junit/${test_case} --connection docker -v test_cases/${test_case}/tests/test_default.py + " fi - - echo "Preparing Ansible for test run" - COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}" - ANSIBLE_CONJUR_AUTHN_API_KEY=$(setup_ansible_api_key) - docker-compose up -d ansible - ansible_cid=$(docker-compose ps -q ansible) - generate_inventory - - echo "Running tests" - run_test_cases } -main
\ No newline at end of file +run_test_cases diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_centos/Dockerfile b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_centos/Dockerfile deleted file mode 100644 index ee474e7bf..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_centos/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM centos:7 - -# Install Python so Ansible can run against node -RUN yum update -y && yum install -y python3 diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile deleted file mode 100644 index ce919aa57..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM ubuntu:20.04 - -# Install Python so Ansible can run against node -RUN apt-get update -y && apt-get install -y python3-minimal diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/bad-ssl-config/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/bad-ssl-config/playbook.yml new file mode 100644 index 000000000..2d1282c41 --- /dev/null +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/bad-ssl-config/playbook.yml @@ -0,0 +1,20 @@ +--- +- name: Configuring Conjur identity on remote hosts fails when missing required SSL config + hosts: testapp + tasks: + - name: Attempt to configure Conjur identity + block: + - import_role: + name: "cyberark.conjur.conjur-host-identity" + vars: + conjur_account: cucumber + conjur_appliance_url: "https://conjur-proxy-nginx" + conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}" + conjur_host_name: "conjur_{{ ansible_hostname }}" + # conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}" + conjur_validate_certs: yes + rescue: + - name: Confirm Role setup fails with message + assert: + that: ansible_failed_result.failed == true + fail_msg: "Variable 'conjur_ssl_certificate' is not set!" diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml index dfdbe2804..ec472992d 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml @@ -7,7 +7,7 @@ conjur_appliance_url: "{{lookup('env', 'CONJUR_APPLIANCE_URL')}}" conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}" conjur_host_name: "conjur_{{ ansible_hostname }}" - conjur_ssl_certificate: "{{lookup('file', '../../conjur.pem')}}" + conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}" conjur_validate_certs: yes - name: Revoke Conjur identity from remote hosts diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py index 9139ea87a..46fc8b8c2 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py @@ -4,7 +4,7 @@ __metaclass__ = type import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - '/cyberark/tests/inventory.tmp').get_hosts('testapp') + '/cyberark/dev/inventory.tmp').get_hosts('testapp') def test_hosts_file(host): diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml index 2f1ec4556..7309d21b6 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml @@ -7,5 +7,5 @@ conjur_appliance_url: "{{lookup('env', 'CONJUR_APPLIANCE_URL')}}" conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}" conjur_host_name: "conjur_{{ ansible_hostname }}" - conjur_ssl_certificate: "{{lookup('file', '../../conjur.pem')}}" + conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}" conjur_validate_certs: yes diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py index 80513230a..46b64566c 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py @@ -4,7 +4,7 @@ __metaclass__ = type import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - '/cyberark/tests/inventory.tmp').get_hosts('testapp') + '/cyberark/dev/inventory.tmp').get_hosts('testapp') def test_hosts_file(host): diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml index 2ae9ec144..96f31c7d0 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml @@ -11,12 +11,10 @@ # conjur_appliance_url: "https://conjur-proxy-nginx" conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}" conjur_host_name: "conjur_{{ ansible_hostname }}" - conjur_ssl_certificate: "{{lookup('file', '../../conjur.pem')}}" + conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}" conjur_validate_certs: yes rescue: - - name: Confirm Role setup fails + - name: Confirm Role setup fails with message assert: that: ansible_failed_result.failed == true - - name: Confirm error message - assert: - that: ansible_failed_result.msg == "'conjur_appliance_url' is undefined" + fail_msg: "Variable 'conjur_appliance_url' is not set!" diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/not-conjurized/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/not-conjurized/playbook.yml new file mode 100644 index 000000000..9175cfbbb --- /dev/null +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/not-conjurized/playbook.yml @@ -0,0 +1,28 @@ +--- +- name: Un-Conjurize remote hosts + hosts: testapp + tasks: + - name: Remove identity file + file: + path: /etc/conjur.identity + state: absent + +- name: Configuring Conjur identity on not-Conjurized hosts requires HF token + hosts: testapp + tasks: + - name: Attempt to configure Conjur identity + block: + - import_role: + name: "cyberark.conjur.conjur-host-identity" + vars: + conjur_account: "{{lookup('env', 'CONJUR_ACCOUNT')}}" + conjur_appliance_url: "{{lookup('env', 'CONJUR_APPLIANCE_URL')}}" + # conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}" + conjur_host_name: "conjur_{{ ansible_hostname }}" + conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}" + conjur_validate_certs: yes + rescue: + - name: Conjur Role setup fails with message + assert: + that: ansible_failed_result.failed == true + fail_msg: "Variable 'conjur_host_factory_token' is not set!" diff --git a/ansible_collections/cyberark/conjur/secrets.yml b/ansible_collections/cyberark/conjur/secrets.yml deleted file mode 100644 index 87c9771bf..000000000 --- a/ansible_collections/cyberark/conjur/secrets.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -GALAXY_API_KEY: !var ecosystems/ansible/galaxy/api-key diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/.dockerignore b/ansible_collections/cyberark/conjur/tests/conjur_variable/.dockerignore deleted file mode 100644 index 5ed3ebd29..000000000 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/.dockerignore +++ /dev/null @@ -1 +0,0 @@ -conjur-intro/
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/v/cache/nodeids b/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/v/cache/nodeids index c6b2f5e13..b70b3a229 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/v/cache/nodeids +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/.pytest_cache/v/cache/nodeids @@ -1,11 +1,11 @@ [ - "test_cases/retrieve-variable-bad-cert-path/tests/test_default.py::test_retrieval_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]", - "test_cases/retrieve-variable-bad-certs/tests/test_default.py::test_retrieval_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]", - "test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py::test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]", - "test_cases/retrieve-variable-into-file/tests/test_default.py::test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]", - "test_cases/retrieve-variable-no-cert-provided/tests/test_default.py::test_retrieval_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]", - "test_cases/retrieve-variable-with-authn-token-bad-cert/tests/test_default.py::test_retrieve_secret_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]", - "test_cases/retrieve-variable-with-authn-token/tests/test_default.py::test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]", - "test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py::test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]", - "test_cases/retrieve-variable/tests/test_default.py::test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" + "test_cases/retrieve-variable-bad-cert-path/tests/test_default.py::test_retrieval_failed[docker://dev-ansible-1]", + "test_cases/retrieve-variable-bad-certs/tests/test_default.py::test_retrieval_failed[docker://dev-ansible-1]", + "test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py::test_retrieved_secret[docker://dev-ansible-1]", + "test_cases/retrieve-variable-into-file/tests/test_default.py::test_retrieved_secret[docker://dev-ansible-1]", + "test_cases/retrieve-variable-no-cert-provided/tests/test_default.py::test_retrieval_failed[docker://dev-ansible-1]", + "test_cases/retrieve-variable-with-authn-token-bad-cert/tests/test_default.py::test_retrieve_secret_failed[docker://dev-ansible-1]", + "test_cases/retrieve-variable-with-authn-token/tests/test_default.py::test_retrieved_secret[docker://dev-ansible-1]", + "test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py::test_retrieved_secret[docker://dev-ansible-1]", + "test_cases/retrieve-variable/tests/test_default.py::test_retrieved_secret[docker://dev-ansible-1]" ]
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/Dockerfile b/ansible_collections/cyberark/conjur/tests/conjur_variable/Dockerfile deleted file mode 100644 index 293ccdca0..000000000 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/Dockerfile +++ /dev/null @@ -1,31 +0,0 @@ -FROM ubuntu:20.04 - -ENV DEBIAN_FRONTEND=noninteractive - -WORKDIR /cyberark - -# install python 3 -RUN apt-get update && \ - apt-get install -y python3-pip && \ - pip3 install --upgrade pip - -ARG ANSIBLE_VERSION -# install ansible and its test tool -RUN pip3 install ansible==${ANSIBLE_VERSION}.* pytest-testinfra - -# install docker installation requirements -RUN apt-get update && \ - apt-get install -y apt-transport-https \ - ca-certificates \ - curl \ - software-properties-common - -# install docker -RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - -RUN add-apt-repository \ - "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ - $(lsb_release -cs) \ - stable" - -RUN apt-get update && \ - apt-get -y install docker-ce diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/Dockerfile_nginx b/ansible_collections/cyberark/conjur/tests/conjur_variable/Dockerfile_nginx deleted file mode 100644 index 6f1e28107..000000000 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/Dockerfile_nginx +++ /dev/null @@ -1,17 +0,0 @@ -FROM nginx:1.13.3 - -RUN export DEBIAN_FRONTEND=noninteractive && \ - apt-get update && \ - apt-get install -y iputils-ping \ - procps \ - openssl && \ - rm -rf /var/lib/apt/lists/* - -WORKDIR /etc/nginx/ - -COPY proxy/ssl.conf /etc/ssl/openssl.cnf -COPY proxy/default.conf /etc/nginx/conf.d/default.conf - -RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ - -config /etc/ssl/openssl.cnf -extensions v3_ca \ - -keyout cert.key -out cert.crt diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/docker-compose.yml b/ansible_collections/cyberark/conjur/tests/conjur_variable/docker-compose.yml deleted file mode 100644 index 01294d94b..000000000 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/docker-compose.yml +++ /dev/null @@ -1,67 +0,0 @@ -version: '3' -services: - ansible: - image: ansiblecontainername - container_name: ${COMPOSE_PROJECT_NAME}-ansible - build: - context: . - dockerfile: Dockerfile - args: - ANSIBLE_VERSION: ${ANSIBLE_VERSION} - entrypoint: sleep - command: infinity - environment: - CONJUR_APPLIANCE_URL: ${CONJUR_APPLIANCE_URL} - CONJUR_ACCOUNT: ${CONJUR_ACCOUNT} - CONJUR_AUTHN_LOGIN: ${CONJUR_AUTHN_LOGIN} - CONJUR_AUTHN_API_KEY: ${ANSIBLE_MASTER_AUTHN_API_KEY} - COMPOSE_PROJECT_NAME: ${COMPOSE_PROJECT_NAME} - networks: - - "${DOCKER_NETWORK}" - volumes: - - ../../plugins:/root/.ansible/plugins - - ../..:/cyberark - - /var/run/docker.sock:/var/run/docker.sock - - pg: - image: postgres:9.4 - environment: - POSTGRES_HOST_AUTH_METHOD: password - POSTGRES_PASSWORD: StrongPass - - conjur: - image: cyberark/conjur - command: server -a cucumber -p 3000 - environment: - DATABASE_URL: postgres://postgres:StrongPass@pg/postgres - CONJUR_DATA_KEY: "W0BuL8iTr/7QvtjIluJbrb5LDAnmXzmcpxkqihO3dXA=" - depends_on: - - pg - - conjur_https: - hostname: conjur-https - build: - context: . - dockerfile: Dockerfile_nginx - entrypoint: nginx-debug -g 'daemon off;' - environment: - TERM: xterm - depends_on: - - conjur - - conjur_cli: - image: cyberark/conjur-cli:5 - entrypoint: sleep - command: infinity - environment: - CONJUR_APPLIANCE_URL: http://conjur:3000 - CONJUR_ACCOUNT: cucumber - CONJUR_AUTHN_LOGIN: admin - CONJUR_AUTHN_API_KEY: ${CONJUR_ADMIN_AUTHN_API_KEY} - volumes: - - ./policy:/policy - -networks: - dap_net: - name: dap_net - external: true diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable index 08c9ccb5e..bc362ea43 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable @@ -1 +1 @@ -<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.575" timestamp="2022-09-09T15:07:48.307449" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable.tests.test_default" name="test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.530" /></testsuite></testsuites>
\ No newline at end of file +<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.476" timestamp="2023-09-28T17:28:54.180417" hostname="3bd1d1ebca35"><testcase classname="test_cases.retrieve-variable.tests.test_default" name="test_retrieved_secret[docker://dev-ansible-1]" time="0.450" /></testsuite></testsuites>
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-cert-path b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-cert-path index 0ed22fad7..7d7b7b4a7 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-cert-path +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-cert-path @@ -1 +1 @@ -<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.458" timestamp="2022-09-09T15:07:51.763243" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-bad-cert-path.tests.test_default" name="test_retrieval_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.422" /></testsuite></testsuites>
\ No newline at end of file +<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.381" timestamp="2023-09-28T17:28:57.025234" hostname="3bd1d1ebca35"><testcase classname="test_cases.retrieve-variable-bad-cert-path.tests.test_default" name="test_retrieval_failed[docker://dev-ansible-1]" time="0.357" /></testsuite></testsuites>
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-certs b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-certs index 6b0b865c1..684fdb89d 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-certs +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-bad-certs @@ -1 +1 @@ -<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.459" timestamp="2022-09-09T15:07:55.122204" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-bad-certs.tests.test_default" name="test_retrieval_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.423" /></testsuite></testsuites>
\ No newline at end of file +<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.372" timestamp="2023-09-28T17:28:59.744035" hostname="3bd1d1ebca35"><testcase classname="test_cases.retrieve-variable-bad-certs.tests.test_default" name="test_retrieval_failed[docker://dev-ansible-1]" time="0.348" /></testsuite></testsuites>
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-disable-verify-certs b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-disable-verify-certs index 9f1fc6494..7cd98843b 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-disable-verify-certs +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-disable-verify-certs @@ -1 +1 @@ -<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.568" timestamp="2022-09-09T15:07:58.851346" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-disable-verify-certs.tests.test_default" name="test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.532" /></testsuite></testsuites>
\ No newline at end of file +<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.484" timestamp="2023-09-28T17:29:03.245129" hostname="3bd1d1ebca35"><testcase classname="test_cases.retrieve-variable-disable-verify-certs.tests.test_default" name="test_retrieved_secret[docker://dev-ansible-1]" time="0.458" /></testsuite></testsuites>
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-into-file b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-into-file index 5fcc68f80..c9082babb 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-into-file +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-into-file @@ -1 +1 @@ -<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.863" timestamp="2022-09-09T15:08:02.658511" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-into-file.tests.test_default" name="test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.828" /></testsuite></testsuites>
\ No newline at end of file +<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.721" timestamp="2023-09-28T17:29:06.557606" hostname="3bd1d1ebca35"><testcase classname="test_cases.retrieve-variable-into-file.tests.test_default" name="test_retrieved_secret[docker://dev-ansible-1]" time="0.695" /></testsuite></testsuites>
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-no-cert-provided b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-no-cert-provided index f1c9029a8..34fd1fa03 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-no-cert-provided +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-no-cert-provided @@ -1 +1 @@ -<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.464" timestamp="2022-09-09T15:08:06.406130" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-no-cert-provided.tests.test_default" name="test_retrieval_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.429" /></testsuite></testsuites>
\ No newline at end of file +<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.373" timestamp="2023-09-28T17:29:09.688977" hostname="3bd1d1ebca35"><testcase classname="test_cases.retrieve-variable-no-cert-provided.tests.test_default" name="test_retrieval_failed[docker://dev-ansible-1]" time="0.349" /></testsuite></testsuites>
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token index 407145017..c3f0e5978 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token @@ -1 +1 @@ -<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.551" timestamp="2022-09-09T15:08:10.115226" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-with-authn-token.tests.test_default" name="test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.516" /></testsuite></testsuites>
\ No newline at end of file +<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.585" timestamp="2023-09-28T17:29:12.796986" hostname="3bd1d1ebca35"><testcase classname="test_cases.retrieve-variable-with-authn-token.tests.test_default" name="test_retrieved_secret[docker://dev-ansible-1]" time="0.552" /></testsuite></testsuites>
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token-bad-cert b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token-bad-cert index 680f3913f..db2705ced 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token-bad-cert +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-authn-token-bad-cert @@ -1 +1 @@ -<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.460" timestamp="2022-09-09T15:08:13.541799" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-with-authn-token-bad-cert.tests.test_default" name="test_retrieve_secret_failed[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.425" /></testsuite></testsuites>
\ No newline at end of file +<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="1.129" timestamp="2023-09-28T17:29:16.832828" hostname="3bd1d1ebca35"><testcase classname="test_cases.retrieve-variable-with-authn-token-bad-cert.tests.test_default" name="test_retrieve_secret_failed[docker://dev-ansible-1]" time="1.046" /></testsuite></testsuites>
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-spaces-secret b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-spaces-secret index 65e72fecb..7747d9fd7 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-spaces-secret +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/junit/retrieve-variable-with-spaces-secret @@ -1 +1 @@ -<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.571" timestamp="2022-09-09T15:08:17.207877" hostname="96989ca8092d"><testcase classname="test_cases.retrieve-variable-with-spaces-secret.tests.test_default" name="test_retrieved_secret[docker://jenkinscyberarkansibleconjurcollectionv1201conjurvariable-ansible]" time="0.536" /></testsuite></testsuites>
\ No newline at end of file +<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="1" time="0.746" timestamp="2023-09-28T17:29:22.880901" hostname="3bd1d1ebca35"><testcase classname="test_cases.retrieve-variable-with-spaces-secret.tests.test_default" name="test_retrieved_secret[docker://dev-ansible-1]" time="0.695" /></testsuite></testsuites>
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/policy/root.yml b/ansible_collections/cyberark/conjur/tests/conjur_variable/policy/root.yml deleted file mode 100644 index dbaea73fa..000000000 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/policy/root.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- !policy - id: ansible - annotations: - description: Policy for Ansible master - body: - - - !host - id: ansible-master - annotations: - description: Host for running Ansible on remote targets - - - &variables - - !variable test-secret - - !variable test-secret-in-file - - !variable var with spaces - - - !permit - role: !host ansible-master - privileges: [ read, execute ] - resource: *variables diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/proxy/default.conf b/ansible_collections/cyberark/conjur/tests/conjur_variable/proxy/default.conf deleted file mode 100644 index 578b3c5f8..000000000 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/proxy/default.conf +++ /dev/null @@ -1,29 +0,0 @@ -server { - listen 80; - return 301 https://conjur$request_uri; -} - -server { - listen 443; - server_name localhost; - ssl_certificate /etc/nginx/cert.crt; - ssl_certificate_key /etc/nginx/cert.key; - - ssl on; - ssl_session_cache builtin:1000 shared:SSL:10m; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; - ssl_prefer_server_ciphers on; - - access_log /var/log/nginx/access.log; - - location / { - proxy_pass http://conjur:3000; - } - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - -} diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/proxy/ssl.conf b/ansible_collections/cyberark/conjur/tests/conjur_variable/proxy/ssl.conf deleted file mode 100644 index 1b11cd755..000000000 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/proxy/ssl.conf +++ /dev/null @@ -1,39 +0,0 @@ -[req] -default_bits = 2048 -prompt = no -default_md = sha256 -req_extensions = req_ext -distinguished_name = dn -x509_extensions = v3_ca # The extentions to add to the self signed cert -req_extensions = v3_req -x509_extensions = usr_cert - -[ dn ] -C=IL -ST=Israel -L=TLV -O=Onyx -OU=CyberArk -CN=conjur-https - -[ usr_cert ] -basicConstraints=CA:FALSE -nsCertType = client, server, email -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection -nsComment = "OpenSSL Generated Certificate" -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -[ v3_req ] -extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -[ v3_ca ] -subjectAltName = @alt_names - -[ alt_names ] -DNS.1 = localhost -DNS.2 = conjur-https -IP.1 = 127.0.0.1 diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test.sh b/ansible_collections/cyberark/conjur/tests/conjur_variable/test.sh index 464921b81..c82810054 100755 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test.sh +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test.sh @@ -1,164 +1,6 @@ -#!/bin/bash -eu - +#!/bin/bash -eux set -o pipefail - -# normalises project name by filtering non alphanumeric characters and transforming to lowercase -declare -x COMPOSE_PROJECT_NAME='' -declare -x ENTERPRISE_PROJECT='conjur-intro-variable' -declare -x ANSIBLE_PROJECT='' - -declare -x ANSIBLE_MASTER_AUTHN_API_KEY='' -declare -x CONJUR_ADMIN_AUTHN_API_KEY='' -declare -x DOCKER_NETWORK="default" -declare -x ANSIBLE_VERSION="${ANSIBLE_VERSION:-6}" - -ANSIBLE_PROJECT=$(echo "${BUILD_TAG:-ansible-plugin-testing}-conjur-variable" | sed -e 's/[^[:alnum:]]//g' | tr '[:upper:]' '[:lower:]') - -enterprise="false" -cli_cid="" -test_dir="$(pwd)" - -function cleanup { - echo 'Removing test environment' - echo '---' - - # Escape conjur-intro dir if Enterprise setup fails - cd "${test_dir}" - - if [[ -d conjur-intro ]]; then - pushd conjur-intro - COMPOSE_PROJECT_NAME="${ENTERPRISE_PROJECT}" - ./bin/dap --stop - popd - rm -rf conjur-intro - fi - - COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}" - docker-compose down -v - rm -f conjur.pem \ - access_token -} -trap cleanup EXIT - -while getopts 'e' flag; do - case "${flag}" in - e) enterprise="true" ;; - *) exit 1 ;; - esac -done - -cleanup - -function wait_for_conjur { - echo "Waiting for Conjur server to come up" - docker-compose exec -T conjur conjurctl wait -r 30 -p 3000 -} - -function fetch_ssl_certs { - echo "Fetching SSL certs" - service_id="conjur_https" - cert_path="cert.crt" - if [[ "${enterprise}" == "true" ]]; then - service_id="conjur-master.mycompany.local" - cert_path="/etc/ssl/certs/ca.pem" - fi - - (docker-compose exec -T "${service_id}" cat "${cert_path}") > conjur.pem -} - -function setup_conjur_resources { - echo "Configuring Conjur via CLI" - - policy_path="root.yml" - if [[ "${enterprise}" == "false" ]]; then - policy_path="/policy/${policy_path}" - fi - - docker exec "${cli_cid}" bash -c " - conjur policy load root ${policy_path} - conjur variable values add ansible/test-secret test_secret_password - conjur variable values add ansible/test-secret-in-file test_secret_in_file_password - conjur variable values add 'ansible/var with spaces' var_with_spaces_secret_password - " -} - -function setup_admin_api_key { - echo "Fetching admin API key" - if [[ "$enterprise" == "true" ]]; then - CONJUR_ADMIN_AUTHN_API_KEY="$(docker exec "${cli_cid}" conjur user rotate_api_key)" - else - CONJUR_ADMIN_AUTHN_API_KEY="$(docker-compose exec -T conjur conjurctl role retrieve-key "${CONJUR_ACCOUNT}":user:admin)" - fi -} - -function setup_ansible_api_key { - echo "Fetching Ansible master host credentials" - ANSIBLE_MASTER_AUTHN_API_KEY="$(docker exec "${cli_cid}" conjur host rotate_api_key --host ansible/ansible-master)" -} - -function setup_access_token { - echo "Get Access Token" - docker exec "${cli_cid}" bash -c " - export CONJUR_AUTHN_LOGIN=host/ansible/ansible-master - export CONJUR_AUTHN_API_KEY=\"$ANSIBLE_MASTER_AUTHN_API_KEY\" - conjur authn authenticate - " > access_token -} - -function setup_conjur_open_source() { - docker-compose up -d --build conjur \ - conjur_https - - wait_for_conjur - fetch_ssl_certs - setup_admin_api_key - - echo "Creating Conjur CLI with admin credentials" - docker-compose up -d conjur_cli - cli_cid="$(docker-compose ps -q conjur_cli)" - - setup_conjur_resources - setup_ansible_api_key - setup_access_token -} - -function setup_conjur_enterprise() { - git clone --single-branch --branch main https://github.com/conjurdemos/conjur-intro.git - pushd ./conjur-intro - - echo "Provisioning Enterprise leader and follower" - ./bin/dap --provision-master - ./bin/dap --provision-follower - - cp ../policy/root.yml . - - # Run 'sleep infinity' in the CLI container, so the scripts - # have access to an alive and authenticated CLI until the script terminates - cli_cid="$(docker-compose run -d \ - -w /src/cli \ - --entrypoint sleep client infinity)" - - echo "Authenticate Conjur CLI container" - docker exec "${cli_cid}" \ - /bin/bash -c " - if [ ! -e /root/conjur-demo.pem ]; then - yes 'yes' | conjur init -u ${CONJUR_APPLIANCE_URL} -a ${CONJUR_ACCOUNT} - fi - conjur authn login -u admin -p MySecretP@ss1 - hostname -I - " - - fetch_ssl_certs - setup_conjur_resources - setup_admin_api_key - setup_ansible_api_key - setup_access_token - - echo "Relocate credential files" - mv conjur.pem ../. - mv access_token ../. - popd -} +source "$(git rev-parse --show-toplevel)/dev/util.sh" function run_test_cases { for test_case in test_cases/*; do @@ -167,15 +9,15 @@ function run_test_cases { } function run_test_case { - local test_case=$1 + local test_case="$1" echo "---- testing ${test_case} ----" if [ -z "$test_case" ]; then - echo ERROR: run_test called with no argument 1>&2 + echo ERROR: run_test_case called with no argument 1>&2 exit 1 fi - docker-compose exec -T ansible bash -exc " + docker exec "$(ansible_cid)" bash -exc " cd tests/conjur_variable # If env vars were provided, load them @@ -183,7 +25,7 @@ function run_test_case { . ./test_cases/${test_case}/env fi - # You can add -vvvv here for debugging + # You can add -vvvvv here for debugging ansible-playbook 'test_cases/${test_case}/playbook.yml' py.test --junitxml='./junit/${test_case}' \ @@ -192,34 +34,4 @@ function run_test_case { " } -function main() { - if [[ "$enterprise" == "true" ]]; then - echo "Deploying Conjur Enterprise" - - export CONJUR_APPLIANCE_URL="https://conjur-master.mycompany.local" - export CONJUR_ACCOUNT="demo" - COMPOSE_PROJECT_NAME="${ENTERPRISE_PROJECT}" - DOCKER_NETWORK="dap_net" - - setup_conjur_enterprise - else - echo "Deploying Conjur Open Source" - - export CONJUR_APPLIANCE_URL="https://conjur-https" - export CONJUR_ACCOUNT="cucumber" - COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}" - - setup_conjur_open_source - fi - - COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}" - export CONJUR_AUTHN_LOGIN="host/ansible/ansible-master" - - echo "Preparing Ansible for test run" - docker-compose up -d --build ansible - - echo "Running tests" - run_test_cases -} - -main +run_test_cases diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/tests/test_default.py index a3f2bbdf3..e3923d3a1 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/tests/test_default.py +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/tests/test_default.py @@ -2,9 +2,8 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type import os -import testinfra.utils.ansible_runner -testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible'] +testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible-1'] def test_retrieval_failed(host): diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/tests/test_default.py index a3f2bbdf3..e3923d3a1 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/tests/test_default.py +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/tests/test_default.py @@ -2,9 +2,8 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type import os -import testinfra.utils.ansible_runner -testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible'] +testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible-1'] def test_retrieval_failed(host): diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py index a98ce29e9..33f7d38c0 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py @@ -2,9 +2,8 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type import os -import testinfra.utils.ansible_runner -testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible'] +testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible-1'] def test_retrieved_secret(host): diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/env b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/env index 2363951d1..5744dfaa7 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/env +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/env @@ -1 +1 @@ -export CONJUR_CERT_FILE=./conjur.pem +export CONJUR_CERT_FILE=/cyberark/dev/conjur.pem diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/tests/test_default.py index 5d05f950b..e277a4a43 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/tests/test_default.py +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-into-file/tests/test_default.py @@ -3,9 +3,8 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type import os -import testinfra.utils.ansible_runner -testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible'] +testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible-1'] def test_retrieved_secret(host): diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/tests/test_default.py index a3f2bbdf3..e3923d3a1 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/tests/test_default.py +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/tests/test_default.py @@ -2,9 +2,8 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type import os -import testinfra.utils.ansible_runner -testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible'] +testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible-1'] def test_retrieval_failed(host): diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/env b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/env index b93328faf..0984c7be8 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/env +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/env @@ -1,4 +1,4 @@ unset CONJUR_AUTHN_API_KEY unset CONJUR_AUTHN_LOGIN -export CONJUR_AUTHN_TOKEN_FILE=./access_token +export CONJUR_AUTHN_TOKEN_FILE=/cyberark/dev/access_token export CONJUR_CERT_FILE=./test_cases/retrieve-variable-with-authn-token-bad-cert/bad-cert.pem diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/tests/test_default.py index c87b160f4..912bce86b 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/tests/test_default.py +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token-bad-cert/tests/test_default.py @@ -2,9 +2,8 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type import os -import testinfra.utils.ansible_runner -testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible'] +testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible-1'] def test_retrieve_secret_failed(host): diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/env b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/env index f4e4155ea..913b0bee4 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/env +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/env @@ -1,4 +1,4 @@ -export CONJUR_CERT_FILE=./conjur.pem +export CONJUR_CERT_FILE=/cyberark/dev/conjur.pem unset CONJUR_AUTHN_API_KEY unset CONJUR_AUTHN_LOGIN -export CONJUR_AUTHN_TOKEN_FILE=./access_token +export CONJUR_AUTHN_TOKEN_FILE=/cyberark/dev/access_token diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/tests/test_default.py index a98ce29e9..33f7d38c0 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/tests/test_default.py +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/tests/test_default.py @@ -2,9 +2,8 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type import os -import testinfra.utils.ansible_runner -testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible'] +testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible-1'] def test_retrieved_secret(host): diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/env b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/env index 2363951d1..5744dfaa7 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/env +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/env @@ -1 +1 @@ -export CONJUR_CERT_FILE=./conjur.pem +export CONJUR_CERT_FILE=/cyberark/dev/conjur.pem diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py index 145cbb2eb..a5a97adad 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py @@ -2,9 +2,8 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type import os -import testinfra.utils.ansible_runner -testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible'] +testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible-1'] def test_retrieved_secret(host): diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/env b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/env index 2363951d1..5744dfaa7 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/env +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/env @@ -1 +1 @@ -export CONJUR_CERT_FILE=./conjur.pem +export CONJUR_CERT_FILE=/cyberark/dev/conjur.pem diff --git a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/tests/test_default.py b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/tests/test_default.py index a98ce29e9..4638695f6 100644 --- a/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/tests/test_default.py +++ b/ansible_collections/cyberark/conjur/tests/conjur_variable/test_cases/retrieve-variable/tests/test_default.py @@ -2,9 +2,9 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type import os -import testinfra.utils.ansible_runner -testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible'] + +testinfra_hosts = [os.environ['COMPOSE_PROJECT_NAME'] + '-ansible-1'] def test_retrieved_secret(host): diff --git a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.10.txt b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.10.txt index 92bf04480..a81ded000 100644 --- a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.10.txt +++ b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.10.txt @@ -3,7 +3,6 @@ Jenkinsfile shebang tests/conjur_variable/policy/root.yml yamllint:unparsable-with-libyaml roles/conjur_host_identity/tests/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by summon utility (in Jenkinsfile), not via Python ci/build_release shebang -ci/parse-changelog.sh shebang ci/publish_to_galaxy shebang ci/test.sh shebang secrets.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python diff --git a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.11.txt b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.11.txt index 6049963fb..b643480a2 100644 --- a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.11.txt +++ b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.11.txt @@ -3,7 +3,6 @@ dev/start.sh shebang tests/conjur_variable/policy/root.yml yamllint:unparsable-with-libyaml roles/conjur_host_identity/tests/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by summon utility (in Jenkinsfile), not via Python ci/build_release shebang -ci/parse-changelog.sh shebang ci/publish_to_galaxy shebang ci/test.sh shebang secrets.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python diff --git a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.12.txt b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.12.txt index 5d750b26c..6615526dc 100644 --- a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.12.txt +++ b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.12.txt @@ -3,7 +3,6 @@ dev/start.sh shebang tests/conjur_variable/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python roles/conjur_host_identity/tests/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python ci/build_release shebang -ci/parse-changelog.sh shebang ci/publish_to_galaxy shebang ci/test.sh shebang secrets.yml yamllint:unparsable-with-libyaml # File loaded by Summon utility (in Jenkinsfile), not via Python diff --git a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.13.txt b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.13.txt index 5d750b26c..e456a5ff7 100644 --- a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.13.txt +++ b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.13.txt @@ -1,10 +1,10 @@ -Jenkinsfile shebang -dev/start.sh shebang -tests/conjur_variable/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python -roles/conjur_host_identity/tests/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python ci/build_release shebang -ci/parse-changelog.sh shebang ci/publish_to_galaxy shebang ci/test.sh shebang -secrets.yml yamllint:unparsable-with-libyaml # File loaded by Summon utility (in Jenkinsfile), not via Python -dev/policy/root.yml yamllint:unparsable-with-libyaml
\ No newline at end of file +dev/policy/root.yml yamllint:unparsable-with-libyaml +dev/start.sh shebang +dev/stop.sh shebang +dev/util.sh shebang +Jenkinsfile shebang +plugins/lookup/conjur_variable.py validate-modules:version-added-must-be-major-or-minor +secrets.yml yamllint:unparsable-with-libyaml diff --git a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.14.txt b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.14.txt index 00a2d8432..e456a5ff7 100644 --- a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.14.txt +++ b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.14.txt @@ -1,11 +1,10 @@ -Jenkinsfile shebang -dev/start.sh shebang -tests/conjur_variable/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python -roles/conjur_host_identity/tests/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by Conjur server, not via Python ci/build_release shebang -ci/parse-changelog.sh shebang ci/publish_to_galaxy shebang ci/test.sh shebang -secrets.yml yamllint:unparsable-with-libyaml # File loaded by Summon utility (in Jenkinsfile), not via Python dev/policy/root.yml yamllint:unparsable-with-libyaml -plugins/lookup/conjur_variable.py validate-modules:version-added-must-be-major-or-minor # Lookup plugin added in v1.0.2
\ No newline at end of file +dev/start.sh shebang +dev/stop.sh shebang +dev/util.sh shebang +Jenkinsfile shebang +plugins/lookup/conjur_variable.py validate-modules:version-added-must-be-major-or-minor +secrets.yml yamllint:unparsable-with-libyaml diff --git a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.15.txt b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.15.txt new file mode 100644 index 000000000..e456a5ff7 --- /dev/null +++ b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.15.txt @@ -0,0 +1,10 @@ +ci/build_release shebang +ci/publish_to_galaxy shebang +ci/test.sh shebang +dev/policy/root.yml yamllint:unparsable-with-libyaml +dev/start.sh shebang +dev/stop.sh shebang +dev/util.sh shebang +Jenkinsfile shebang +plugins/lookup/conjur_variable.py validate-modules:version-added-must-be-major-or-minor +secrets.yml yamllint:unparsable-with-libyaml diff --git a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.9.txt b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.9.txt index 45c7c7e97..1ee255c73 100644 --- a/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.9.txt +++ b/ansible_collections/cyberark/conjur/tests/sanity/ignore-2.9.txt @@ -3,6 +3,5 @@ dev/start.sh shebang tests/conjur_variable/test.sh shebang roles/conjur_host_identity/tests/test.sh shebang ci/build_release shebang -ci/parse-changelog.sh shebang ci/publish_to_galaxy shebang ci/test.sh shebang
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/tests/unit/Dockerfile b/ansible_collections/cyberark/conjur/tests/unit/Dockerfile index 66e584669..677862d96 100644 --- a/ansible_collections/cyberark/conjur/tests/unit/Dockerfile +++ b/ansible_collections/cyberark/conjur/tests/unit/Dockerfile @@ -1,5 +1,8 @@ ARG PYTHON_VERSION -FROM python:${PYTHON_VERSION} +FROM python:${PYTHON_VERSION}-slim + +RUN apt-get update && \ + apt-get install -y git ARG ANSIBLE_VERSION RUN pip install https://github.com/ansible/ansible/archive/${ANSIBLE_VERSION}.tar.gz --disable-pip-version-check diff --git a/ansible_collections/cyberark/conjur/tests/unit/plugins/lookup/test_conjur_variable.py b/ansible_collections/cyberark/conjur/tests/unit/plugins/lookup/test_conjur_variable.py index 7a0db1e12..995adf2da 100644 --- a/ansible_collections/cyberark/conjur/tests/unit/plugins/lookup/test_conjur_variable.py +++ b/ansible_collections/cyberark/conjur/tests/unit/plugins/lookup/test_conjur_variable.py @@ -2,7 +2,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type from unittest import TestCase -from unittest.mock import call, MagicMock, patch +from unittest.mock import MagicMock, patch from ansible.errors import AnsibleError from ansible.plugins.loader import lookup_loader diff --git a/ansible_collections/cyberark/pas/.github/CODEOWNERS b/ansible_collections/cyberark/pas/.github/CODEOWNERS new file mode 100644 index 000000000..526ad4f77 --- /dev/null +++ b/ansible_collections/cyberark/pas/.github/CODEOWNERS @@ -0,0 +1 @@ +* @cyberark-bizdev @enunez-cyberark @infamousjoeg diff --git a/ansible_collections/cyberark/pas/.github/workflows/ci.yml b/ansible_collections/cyberark/pas/.github/workflows/ci.yml new file mode 100644 index 000000000..63a8445ce --- /dev/null +++ b/ansible_collections/cyberark/pas/.github/workflows/ci.yml @@ -0,0 +1,105 @@ +# README FIRST +# 1. If you don't have unit tests, remove that section. +# 2. If your collection depends on other collections ensure they are installed, +# add them to the "test-deps" input. +# 3. For the comprehensive list of the inputs supported by the +# ansible-community/ansible-test-gh-action GitHub Action, see +# https://github.com/marketplace/actions/ansible-test. +# 4. If you want to prevent merging PRs that do not pass all tests, +# make sure to add the "check" job to your repository branch +# protection once this workflow is added. +# It is also possible to tweak which jobs are allowed to fail. See +# https://github.com/marketplace/actions/alls-green#gotchas for more detail. +# 5. If you need help please ask in #ansible-community on the Libera.chat IRC +# network. + +name: CI +on: + # Run CI against all pushes (direct commits, also merged PRs), Pull Requests + push: + branches: + - main + - master + - stable-* + pull_request: + # Run CI once per day (at 06:00 UTC) + # This ensures that even if there haven't been commits that we are still + # testing against latest version of ansible-test for each ansible-core + # version + schedule: + - cron: '0 6 * * *' + +concurrency: + group: >- + ${{ github.workflow }}-${{ + github.event.pull_request.number || github.sha + }} + cancel-in-progress: true + +jobs: + +### +# Sanity tests (REQUIRED) +# +# https://docs.ansible.com/ansible/latest/dev_guide/testing_sanity.html + + sanity: + name: Sanity (Ⓐ${{ matrix.ansible }}) + strategy: + matrix: + ansible: + # It's important that Sanity is tested against all stable-X.Y branches + # Testing against `devel` may fail as new tests are added. + # An alternative to `devel` is the `milestone` branch with + # gets synchronized with `devel` every few weeks and therefore + # tends to be a more stable target. Be aware that it is not updated + # around creation of a new stable branch, this might cause a problem + # that two different versions of ansible-test use the same sanity test + # ignore.txt file. + - stable-2.9 # Only if your collection supports Ansible 2.9 + - stable-2.10 # Only if your collection supports ansible-base 2.10 + - stable-2.11 + - stable-2.12 + - stable-2.13 + - stable-2.14 + - devel + # - milestone + # Ansible-test on various stable branches does not yet work well with cgroups v2. + # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04 + # image for these stable branches. The list of branches where this is necessary will + # shrink over time, check out https://github.com/ansible-collections/news-for-maintainers/issues/28 + # for the latest list. + runs-on: >- + ${{ contains(fromJson( + '["stable-2.9", "stable-2.10", "stable-2.11"]' + ), matrix.ansible) && 'ubuntu-20.04' || 'ubuntu-latest' }} + steps: + # Run sanity tests inside a Docker container. + # The docker container has all the pinned dependencies that are + # required and all Python versions Ansible supports. + - name: Perform sanity testing + uses: ansible-community/ansible-test-gh-action@release/v1 + with: + ansible-core-version: ${{ matrix.ansible }} + testing-type: sanity + # OPTIONAL If your sanity tests require code + # from other collections, install them like this + # test-deps: >- + # ansible.netcommon + # ansible.utils + + check: # This job does nothing and is only used for the branch protection + # or multi-stage CI jobs, like making sure that all tests pass before + # a publishing job is started. + if: always() + + needs: + - sanity + + runs-on: ubuntu-latest + + steps: + - name: Decide whether the needed jobs succeeded or failed + uses: re-actors/alls-green@release/v1 + with: + jobs: ${{ toJSON(needs) }} diff --git a/ansible_collections/cyberark/pas/.gitignore b/ansible_collections/cyberark/pas/.gitignore new file mode 100644 index 000000000..022880add --- /dev/null +++ b/ansible_collections/cyberark/pas/.gitignore @@ -0,0 +1,6 @@ + +meta/.galaxy_install_info +docs/.DS_Store +.DS_Store +.vscode/settings.json +*.gz diff --git a/ansible_collections/cyberark/pas/FILES.json b/ansible_collections/cyberark/pas/FILES.json index bef13dac3..425f260d8 100644 --- a/ansible_collections/cyberark/pas/FILES.json +++ b/ansible_collections/cyberark/pas/FILES.json @@ -53,7 +53,7 @@ "name": "plugins/event_source/syslog.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "7f2476298fc3942811e865f00c8d8099981c7353c5156bb3a15c0c4d5304819e", + "chksum_sha256": "6fcd787713757103e26c7b405ba7d0a8cac62267173bb361ba96c45cd7d36d04", "format": 1 }, { @@ -81,7 +81,7 @@ "name": "plugins/modules/cyberark_credential.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "63a79fd9eeda9f571a4a4020bca8c5ea836431df433212c01995133bb713705c", + "chksum_sha256": "7fb4493a3b6a01513761b4e8a49d9f400f9884eb68ecaf462de2ad9019e853a0", "format": 1 }, { @@ -179,7 +179,7 @@ "name": "meta/runtime.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "db1dfe098d05c998eb62c32cf99d3b7bbf93afc0a1f0b4704b024eaa7c7b6848", + "chksum_sha256": "34e3eb51c33492147d1f5749dba329c58fd70741deb1a619443735edd02c80d7", "format": 1 }, { @@ -207,21 +207,21 @@ "name": "roles/aimprovider/tasks/uninstallAIMProvider.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "2a3dce24d9d2f05edbee3ad2ee14b733fdcfdc6494e2fb9550c5dd02fbe1f734", + "chksum_sha256": "c96752c68df71ed3acfae857472140e20ffb1ebafd1d4ebe49fc998edb785aca", "format": 1 }, { "name": "roles/aimprovider/tasks/installAIMProvider.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "f334faee54008e6101414771409a9aa7f98b62e4996269003dca84441d4f6db5", + "chksum_sha256": "6e2e988ba937edd41efb76bc8a106d39fc128c82dee5cc2f9f36597e93992089", "format": 1 }, { "name": "roles/aimprovider/tasks/main.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "224814783560fc317b2df277f2542273747f533abf493c891b03a0e496d8feab", + "chksum_sha256": "4d81e657505c4df85527613bd90db5598c6aa5e0a2596e39c2178da40c28e0ed", "format": 1 }, { @@ -347,7 +347,7 @@ "name": "docs/cyberark_credential.md", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "903afbe64bbbbd94f8c2571eee2890a9380c4ebc0d5e94184ba3111672a708bf", + "chksum_sha256": "a197fadb85283e60bb81e3b6858a1abb87fa9c1203fa7b1e0bdca1d485412ac4", "format": 1 }, { @@ -382,7 +382,7 @@ "name": "README.md", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "8f163f0bfa5d572f89fb02db1acf39330d9e5d56e5eb3a87500a9c6b07fc0291", + "chksum_sha256": "ba94349decedc0cae0649d1e63ee6c6907eb0476a4b6ae6945c1e1defe8b3a04", "format": 1 }, { @@ -442,6 +442,13 @@ "format": 1 }, { + "name": ".gitignore", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "dfc5692588b338148d1ae60d04cb5c2561f659e2efdb0a01813b5d1ef5605605", + "format": 1 + }, + { "name": "CONTRIBUTING.md", "ftype": "file", "chksum_type": "sha256", @@ -449,6 +456,34 @@ "format": 1 }, { + "name": ".github", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": ".github/CODEOWNERS", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "bddce55d10995835c4bca70664540737833e20d80d68025942d813b15ea878dd", + "format": 1 + }, + { + "name": ".github/workflows", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": ".github/workflows/ci.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e8f0b040ee81fe1e19ea5f2b6044ad01ed4ffcef1ed28eaaa3331bdb711f0bdd", + "format": 1 + }, + { "name": "custom-cred-types", "ftype": "dir", "chksum_type": null, diff --git a/ansible_collections/cyberark/pas/MANIFEST.json b/ansible_collections/cyberark/pas/MANIFEST.json index 73d64bb7a..6bc30d809 100644 --- a/ansible_collections/cyberark/pas/MANIFEST.json +++ b/ansible_collections/cyberark/pas/MANIFEST.json @@ -2,7 +2,7 @@ "collection_info": { "namespace": "cyberark", "name": "pas", - "version": "1.0.19", + "version": "1.0.25", "authors": [ "CyberArk Business Development (@cyberark-bizdev)", "Edward Nunez (@enunez-cyberark)", @@ -36,7 +36,7 @@ "name": "FILES.json", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "963cff01c982a389719c2948de6d0c8e18531926af68e1f238789385e49cec71", + "chksum_sha256": "153afed2909055a0fb7bba7c4a86b86e6593fd071decf92476ae880b3b60ec90", "format": 1 }, "format": 1 diff --git a/ansible_collections/cyberark/pas/README.md b/ansible_collections/cyberark/pas/README.md index 43842e7dc..401676e42 100644 --- a/ansible_collections/cyberark/pas/README.md +++ b/ansible_collections/cyberark/pas/README.md @@ -17,6 +17,7 @@ The following modules will allow CyberArk administrators to automate the followi #### Requirements +- Ansible Core 2.13.x or above - CyberArk Privileged Account Security Web Services SDK - CyberArk AAM Central Credential Provider (**Only required for cyberark_credential**) diff --git a/ansible_collections/cyberark/pas/docs/cyberark_credential.md b/ansible_collections/cyberark/pas/docs/cyberark_credential.md index 046d8b2a7..d589f145c 100644 --- a/ansible_collections/cyberark/pas/docs/cyberark_credential.md +++ b/ansible_collections/cyberark/pas/docs/cyberark_credential.md @@ -124,4 +124,14 @@ options: result: { api_base_url }"/AIMWebService/api/Accounts?AppId="{ app_id }"&Query="{ query }"&ConnectionTimeout="{ connection_timeout }"&QueryFormat="{ query_format }"&FailRequestOnPasswordChange="{ fail_request_on_password_change } +- name: credential retrieval custom path + cyberark_credential: + api_base_url: "http://10.10.0.1" + app_id: "TestID" + query: "Safe=test;UserName=admin" + path: AimWebServiceCustom + register: result + + result: + { api_base_url } { path } "?AppId="{ app_id }"&Query="{ query } ``` diff --git a/ansible_collections/cyberark/pas/meta/runtime.yml b/ansible_collections/cyberark/pas/meta/runtime.yml index 1b754c9c2..0ee1c6ed6 100644 --- a/ansible_collections/cyberark/pas/meta/runtime.yml +++ b/ansible_collections/cyberark/pas/meta/runtime.yml @@ -1,2 +1,2 @@ --- - requires_ansible: '>=2.9'
\ No newline at end of file + requires_ansible: '>=2.13.0'
\ No newline at end of file diff --git a/ansible_collections/cyberark/pas/plugins/event_source/syslog.py b/ansible_collections/cyberark/pas/plugins/event_source/syslog.py index 2fbe1916c..ff89ed413 100644 --- a/ansible_collections/cyberark/pas/plugins/event_source/syslog.py +++ b/ansible_collections/cyberark/pas/plugins/event_source/syslog.py @@ -1,7 +1,3 @@ -#!/usr/bin/python -# Copyright: (c) 2017, Ansible Project -# GNU General Public License v3.0+ -# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import (absolute_import, division, print_function) @@ -22,17 +18,17 @@ Arguments: import asyncio import json import logging -import socketserver from typing import Any, Dict import re + def parse(str_input): """ Parse a string in CEF format and return a dict with the header values and the extension data. """ - logger = logging.getLogger() + logger = logging.getLogger() # Create the empty dict we'll return later values = dict() @@ -53,11 +49,11 @@ def parse(str_input): spl = re.split(r'(?<!\\)\|', header) # If the input entry had any blanks in the required headers, that's wrong - # and we should return. Note we explicitly don't check the last item in the + # and we should return. Note we explicitly don't check the last item in the # split list becuase the header ends in a '|' which means the last item # will always be an empty string (it doesn't exist, but the delimiter does). if "" in spl[0:-1]: - logger.warning(f'Blank field(s) in CEF header. Is it valid CEF format?') + logger.warning("Blank field(s) in CEF header. Is it valid CEF format?") return None # Since these values are set by their position in the header, it's @@ -108,7 +104,7 @@ def parse(str_input): return None # Now we're done! - logger.debug('Returning values: ' + str(values)) + logger.debug("Returning values: %s", str(values)) return values @@ -116,37 +112,39 @@ class SyslogProtocol(asyncio.DatagramProtocol): def __init__(self, edaQueue): super().__init__() self.edaQueue = edaQueue + def connection_made(self, transport) -> "Used by asyncio": self.transport = transport - + def datagram_received(self, data, addr): - asyncio.get_event_loop().create_task(self.datagram_received_async( data, addr)) + asyncio.get_event_loop().create_task(self.datagram_received_async(data, addr)) async def datagram_received_async(self, indata, addr) -> "Main entrypoint for processing message": # Syslog event data received, and processed for EDA - logger = logging.getLogger() + logger = logging.getLogger() rcvdata = indata.decode() - logger.info(f"Received Syslog message: {rcvdata}") + logger.info("Received Syslog message: %s", rcvdata) data = parse(rcvdata) if data is None: # if not CEF, we will try JSON load of the text from first curly brace try: value = rcvdata[rcvdata.index("{"):len(rcvdata)] - #logger.info("value after encoding:%s", value1) + # logger.info("value after encoding:%s", value1) data = json.loads(value) - #logger.info("json:%s", data) + # logger.info("json:%s", data) except json.decoder.JSONDecodeError as jerror: logger.error(jerror) data = rcvdata except UnicodeError as e: logger.error(e) - + if data: - #logger.info("json data:%s", data) + # logger.info("json data:%s", data) queue = self.edaQueue await queue.put({"cyberark": data}) + async def main(queue: asyncio.Queue, args: Dict[str, Any]): logger = logging.getLogger() @@ -156,18 +154,18 @@ async def main(queue: asyncio.Queue, args: Dict[str, Any]): transport, protocol = await asyncio.get_running_loop().create_datagram_endpoint( lambda: SyslogProtocol(queue), local_addr=((host, port))) - logger.info(f"Starting cyberark.pas.syslog [Host={host}, port={port}]") + logger.info("Starting cyberark.pas.syslog [Host=%s, port=%s]", host, port) try: while True: await asyncio.sleep(3600) # Serve for 1 hour. finally: transport.close() - - + + if __name__ == "__main__": class MockQueue: async def put(self, event): - pass #print(event) + pass asyncio.run(main(MockQueue(), {})) diff --git a/ansible_collections/cyberark/pas/plugins/modules/cyberark_credential.py b/ansible_collections/cyberark/pas/plugins/modules/cyberark_credential.py index 128d03b32..3bbf8dbee 100644 --- a/ansible_collections/cyberark/pas/plugins/modules/cyberark_credential.py +++ b/ansible_collections/cyberark/pas/plugins/modules/cyberark_credential.py @@ -98,6 +98,12 @@ options: - Reason for requesting credential if required by policy; - It must be specified if the Policy managing the object - requires it. + path: + type: str + required: false + description: + - String override for the context path + """ EXAMPLES = """ @@ -225,17 +231,22 @@ def retrieve_credential(module): fail_request_on_password_change = module.params["fail_request_on_password_change"] client_cert = None client_key = None + path = "/AIMWebService/api/Accounts" if "client_cert" in module.params: client_cert = module.params["client_cert"] if "client_key" in module.params: client_key = module.params["client_key"] + if "path" in module.params: + path = module.params["path"] + end_point = ( - "/AIMWebService/api/Accounts?AppId=%s&Query=%s&" + "%s?AppId=%s&Query=%s&" "ConnectionTimeout=%s&QueryFormat=%s" "&FailRequestOnPasswordChange=%s" ) % ( + path, quote(app_id), quote(query), connection_timeout, diff --git a/ansible_collections/cyberark/pas/roles/aimprovider/tasks/installAIMProvider.yml b/ansible_collections/cyberark/pas/roles/aimprovider/tasks/installAIMProvider.yml index ea2217202..f95d9958c 100644 --- a/ansible_collections/cyberark/pas/roles/aimprovider/tasks/installAIMProvider.yml +++ b/ansible_collections/cyberark/pas/roles/aimprovider/tasks/installAIMProvider.yml @@ -12,12 +12,13 @@ (use_shared_logon_authentication|default(false) and password_object is not defined) -- debug: msg="Installation params => zip_file_name = {{zip_file_name}} folder_name={{folder_name}}" +- name: debug message + debug: msg="Installation params => zip_file_name = {{ zip_file_name }} folder_name={{ folder_name }}" - block: - name: Copy provider zip to target and unzip - unarchive: src="{{zip_file_name}}" dest=/tmp + unarchive: src="{{ zip_file_name }}" dest=/tmp - name: Rename aimparms and copy to var/tmp command: cp "/tmp/{{folder_name}}/aimparms.sample" /var/tmp/aimparms @@ -25,8 +26,8 @@ - name: Replace parameters" in /var/tmp/aimparms replace: dest: /var/tmp/aimparms - regexp: "{{item.regexp}}" - replace: "{{item.replace}}" + regexp: "{{ item.regexp }}" + replace: "{{ item.replace }}" with_items: - {regexp: '^AcceptCyberArkEULA=.*$', replace: 'AcceptCyberArkEULA=Yes'} - {regexp: '^LicensedProducts=.*$', replace: 'LicensedProducts=AIM'} @@ -36,7 +37,7 @@ - name: Change Vault.ini to the right address replace: - dest: "/tmp/{{folder_name}}/Vault.ini" + dest: "/tmp/{{ folder_name }}/Vault.ini" regexp: '^ADDRESS=.*$' replace: 'ADDRESS={{vault_address}}' @@ -45,15 +46,16 @@ path: "/tmp/{{folder_name}}/CreateCredFile" mode: 0755 - - find: - paths: "/tmp/{{folder_name}}" + - name: find rpm + find: + paths: "/tmp/{{ folder_name }}" patterns: "CARKaim-*.rpm" register: aimrpm # debug: msg="{{aimrpm.files[0].path}}" - name: Install Provider - package: name='{{aimrpm.files[0].path}}' state=present + package: name='{{ aimrpm.files[0].path }}' state=present - name: Verify status of service after installing Provider command: service aimprv status @@ -125,15 +127,15 @@ when: (command_result.rc != 0) - name: Set vault.ini Into Place - command: cp "/tmp/{{folder_name}}/Vault.ini" /etc/opt/CARKaim/vault/vault.ini + command: cp "/tmp/{{ folder_name }}/Vault.ini" /etc/opt/CARKaim/vault/vault.ini - name: Start Provider Service service: name=aimprv state=started when: (command_result.rc != 0) - - name: Remove /tmp/{{folder_name}} + - name: Remove /tmp/{{ folder_name }} file: - path: '/tmp/{{folder_name}}' + path: '/tmp/{{ folder_name }}' state: absent - name: Remove /var/tmp/aimparms @@ -143,10 +145,11 @@ rescue: - - name: Remove /tmp/{{folder_name}} + - name: Remove /tmp/{{ folder_name }} file: - path: '/tmp/{{folder_name}}' + path: '/tmp/{{ folder_name }}' state: absent - - fail: + - name: Failure to install + fail: msg: "AIM Credential Provider Installation failed!" diff --git a/ansible_collections/cyberark/pas/roles/aimprovider/tasks/main.yml b/ansible_collections/cyberark/pas/roles/aimprovider/tasks/main.yml index 9e65e1c61..18aff1960 100644 --- a/ansible_collections/cyberark/pas/roles/aimprovider/tasks/main.yml +++ b/ansible_collections/cyberark/pas/roles/aimprovider/tasks/main.yml @@ -15,10 +15,11 @@ args: warn: false -- debug: msg="status of service RC={{service_already_running.rc}}" +- name: debug message + debug: msg="status of service RC={{ service_already_running.rc }}" - import_tasks: installAIMProvider.yml when: (state == "present" and service_already_running.rc != 0) - import_tasks: uninstallAIMProvider.yml - when: (state == "absent" and service_already_running.rc == 0)
\ No newline at end of file + when: (state == "absent" and service_already_running.rc == 0) diff --git a/ansible_collections/cyberark/pas/roles/aimprovider/tasks/uninstallAIMProvider.yml b/ansible_collections/cyberark/pas/roles/aimprovider/tasks/uninstallAIMProvider.yml index 75c15f7e2..4b5947d22 100644 --- a/ansible_collections/cyberark/pas/roles/aimprovider/tasks/uninstallAIMProvider.yml +++ b/ansible_collections/cyberark/pas/roles/aimprovider/tasks/uninstallAIMProvider.yml @@ -58,4 +58,4 @@ rescue: - fail: - msg: "AIM Credential Provider Uninstall failed!"
\ No newline at end of file + msg: "AIM Credential Provider Uninstall failed!" |