summaryrefslogtreecommitdiffstats
path: root/ansible_collections/cyberark/conjur/roles
diff options
context:
space:
mode:
Diffstat (limited to 'ansible_collections/cyberark/conjur/roles')
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tasks/identity_check.yml31
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.dockerignore1
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.pytest_cache/v/cache/nodeids40
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile39
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile_nginx16
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/ansible.cfg8
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/docker-compose.yml84
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook-v2.yml6
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook.yml6
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-v2.j26
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory.j26
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/cleanup-conjur-identity2
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/configure-conjur-identity2
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/policy/root.yml32
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/default.conf33
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/ssl.conf39
-rwxr-xr-xansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test.sh248
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_centos/Dockerfile4
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile4
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/bad-ssl-config/playbook.yml20
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml2
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py2
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml2
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py2
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml8
-rw-r--r--ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/not-conjurized/playbook.yml28
26 files changed, 111 insertions, 560 deletions
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tasks/identity_check.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tasks/identity_check.yml
index 8661daf70..2e9ab27ce 100644
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tasks/identity_check.yml
+++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tasks/identity_check.yml
@@ -9,12 +9,13 @@
conjurized: "{{ identity_file.stat.exists|bool }}"
- name: Ensure all required variables are set
- fail: msg="Variable '{{ item }}' is not set!"
- when: item is undefined
- with_items:
- - "{{ conjur_account }}"
- - "{{ conjur_appliance_url }}"
- - "{{ conjur_host_name }}"
+ fail:
+ msg: Variable '{{ item }}' is not set!
+ when: vars[item] is undefined
+ loop:
+ - conjur_account
+ - conjur_appliance_url
+ - conjur_host_name
- name: Set fact "ssl_configuration"
set_fact:
@@ -22,11 +23,12 @@
- block:
- name: Ensure all required ssl variables are set
- fail: msg="Variable '{{ item }}' is not set!"
- when: item is undefined
- with_items:
- - "{{ conjur_ssl_certificate }}"
- - "{{ conjur_validate_certs }}"
+ fail:
+ msg: Variable '{{ item }}' is not set!
+ when: vars[item] is undefined
+ loop:
+ - conjur_ssl_certificate
+ - conjur_validate_certs
- name: Set fact "ssl file path"
set_fact:
@@ -46,8 +48,7 @@
- block:
- name: Ensure "conjur_host_factory_token" is set (if node is not already conjurized)
- fail: msg="Variable '{{ item }}' is not set!"
- when: item is undefined
- with_items:
- - "{{ conjur_host_factory_token }}"
+ fail:
+ msg: Variable 'conjur_host_factory_token' is not set!
+ when: conjur_host_factory_token is undefined
when: not conjurized
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.dockerignore b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.dockerignore
deleted file mode 100644
index 5ed3ebd29..000000000
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.dockerignore
+++ /dev/null
@@ -1 +0,0 @@
-conjur-intro/ \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.pytest_cache/v/cache/nodeids b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.pytest_cache/v/cache/nodeids
index ffadcb1be..3bcaaa5b8 100644
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.pytest_cache/v/cache/nodeids
+++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.pytest_cache/v/cache/nodeids
@@ -1,22 +1,22 @@
[
- "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]",
- "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]",
- "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]",
- "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]",
- "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]",
- "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]",
- "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]",
- "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]",
- "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]",
- "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]",
- "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]",
- "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]",
- "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]",
- "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]",
- "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]",
- "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]",
- "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]",
- "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]",
- "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]",
- "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]"
+ "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_centos-1]",
+ "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_centos-2]",
+ "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_ubuntu-1]",
+ "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_ubuntu-2]",
+ "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://dev-test_app_centos-1]",
+ "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://dev-test_app_centos-2]",
+ "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://dev-test_app_ubuntu-1]",
+ "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://dev-test_app_ubuntu-2]",
+ "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_centos-1]",
+ "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_centos-2]",
+ "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_ubuntu-1]",
+ "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_ubuntu-2]",
+ "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://dev-test_app_centos-1]",
+ "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://dev-test_app_centos-2]",
+ "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://dev-test_app_ubuntu-1]",
+ "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://dev-test_app_ubuntu-2]",
+ "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://dev-test_app_centos-1]",
+ "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://dev-test_app_centos-2]",
+ "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://dev-test_app_ubuntu-1]",
+ "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://dev-test_app_ubuntu-2]"
] \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile
deleted file mode 100644
index 3985b12ad..000000000
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile
+++ /dev/null
@@ -1,39 +0,0 @@
-FROM ubuntu:20.04
-
-ENV DEBIAN_FRONTEND=noninteractive
-
-WORKDIR /cyberark
-
-# install python 3
-RUN apt-get update && \
- apt-get install -y python3-pip && \
- pip3 install --upgrade pip
-
-ARG ANSIBLE_VERSION
-# install ansible and its test tool
-RUN pip3 install ansible==${ANSIBLE_VERSION}.* pytest-testinfra
-
-# install docker installation requirements
-RUN apt-get update && \
- apt-get install -y apt-transport-https \
- ca-certificates \
- curl \
- software-properties-common
-
-# install docker
-RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
-RUN add-apt-repository \
- "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
- $(lsb_release -cs) \
- stable"
-
-RUN apt-get update && \
- apt-get -y install docker-ce
-
-# NOTE: Everything above is copied from REPO_ROOT/tests/conjur_variable/Dockerfile. It defines a
-# standard container image for running ansible tests
-
-# install ruby
-RUN apt-get update && apt-get install -y gcc build-essential
-RUN apt-add-repository -y ppa:brightbox/ruby-ng && apt-get update && apt-get install -y ruby2.7 ruby2.7-dev
-RUN gem install conjur-cli \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile_nginx b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile_nginx
deleted file mode 100644
index d9f18c7bd..000000000
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile_nginx
+++ /dev/null
@@ -1,16 +0,0 @@
-FROM nginx:1.13.3
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
- apt-get update && \
- apt-get install -y iputils-ping procps openssl && \
- rm -rf /var/lib/apt/lists/*
-
-WORKDIR /etc/nginx/
-
-COPY proxy/ssl.conf /etc/ssl/openssl.cnf
-
-RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
- -config /etc/ssl/openssl.cnf -extensions v3_ca \
- -keyout cert.key -out cert.crt
-
-COPY proxy/default.conf /etc/nginx/conf.d/default.conf
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/ansible.cfg b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/ansible.cfg
deleted file mode 100644
index 56026b775..000000000
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/ansible.cfg
+++ /dev/null
@@ -1,8 +0,0 @@
-[defaults]
-display_skipped_hosts = False
-host_key_checking = False
-error_on_undefined_vars = True
-timeout = 60
-inventory = inventory.tmp
-roles_path = /cyberark
-remote_tmp = /tmp
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/docker-compose.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/docker-compose.yml
deleted file mode 100644
index 832655687..000000000
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/docker-compose.yml
+++ /dev/null
@@ -1,84 +0,0 @@
-version: '3'
-services:
- ansible:
- build:
- context: .
- dockerfile: Dockerfile
- args:
- ANSIBLE_VERSION: ${ANSIBLE_VERSION}
- command: /bin/sleep 1d
- environment:
- CONJUR_APPLIANCE_URL: ${CONJUR_APPLIANCE_URL}
- CONJUR_ACCOUNT: ${CONJUR_ACCOUNT}
- CONJUR_AUTHN_LOGIN: ${CONJUR_AUTHN_LOGIN}
- CONJUR_AUTHN_API_KEY: ${ANSIBLE_CONJUR_AUTHN_API_KEY}
- CONJUR_CUSTOM_AUTHN_API_KEY: ${CUSTOM_CONJUR_AUTHN_API_KEY}
- COMPOSE_PROJECT_NAME: ${COMPOSE_PROJECT_NAME}
- # NOTE: Explicitly setting the ANSIBLE_CONFIG envvar avoids Ansible ignoring
- # the configuration because it is in a world-writable working directory,
- # see https://docs.ansible.com/ansible/latest/reference_appendices/config.html#avoiding-security-risks-with-ansible-cfg-in-the-current-directory.
- ANSIBLE_CONFIG: ./ansible.cfg
- networks:
- - "${DOCKER_NETWORK}"
- volumes:
- - ..:/cyberark/cyberark.conjur.conjur-host-identity/
- - .:/cyberark/tests/
- - /var/run/docker.sock:/var/run/docker.sock
- pg:
- image: postgres:9.3
-
- conjur:
- image: cyberark/conjur
- command: server -a cucumber -p 3000
- environment:
- CONJUR_APPLIANCE_URL: http://localhost:3000
- DATABASE_URL: postgres://postgres@pg/postgres
- CONJUR_DATA_KEY: "W0BuL8iTr/7QvtjIluJbrb5LDAnmXzmcpxkqihO3dXA="
- networks:
- - default
- links:
- - pg
-
- conjur_cli:
- image: cyberark/conjur-cli:5-latest
- entrypoint: []
- command: sleep infinity
- environment:
- CONJUR_APPLIANCE_URL: http://conjur:3000
- CONJUR_ACCOUNT: cucumber
- CONJUR_AUTHN_LOGIN: admin
- CONJUR_AUTHN_API_KEY: ${CLI_CONJUR_AUTHN_API_KEY}
- volumes:
- - ./policy:/policy
- links:
- - conjur
-
- test_app_ubuntu:
- build: ./test_app_ubuntu
- entrypoint: sleep
- command: infinity
- networks:
- - "${DOCKER_NETWORK}"
-
- test_app_centos:
- build: ./test_app_centos
- entrypoint: sleep
- command: infinity
- networks:
- - "${DOCKER_NETWORK}"
-
- conjur-proxy-nginx:
- build:
- context: .
- dockerfile: Dockerfile_nginx
- entrypoint: nginx-debug -g 'daemon off;'
- environment:
- TERM: xterm
- depends_on:
- - conjur
- - conjur_cli
-
-networks:
- dap_net:
- name: dap_net
- external: true
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook-v2.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook-v2.yml
deleted file mode 100644
index d47081cbe..000000000
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook-v2.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Compile inventory template locally
- hosts: localhost
- tasks:
- - name: compile inventory template
- template: src=inventory-v2.j2 dest=/cyberark/tests/inventory.tmp
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook.yml
deleted file mode 100644
index 91d44fcb8..000000000
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Compile inventory template locally
- hosts: localhost
- tasks:
- - name: compile inventory template
- template: src=inventory.j2 dest=/cyberark/tests/inventory.tmp
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-v2.j2 b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-v2.j2
deleted file mode 100644
index 4a004fb13..000000000
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-v2.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-[testapp]
-{{ lookup('env','COMPOSE_PROJECT_NAME') }}-test_app_ubuntu-[1:2] ansible_connection=docker
-{{ lookup('env','COMPOSE_PROJECT_NAME') }}-test_app_centos-[1:2] ansible_connection=docker
-
-[ansible]
-{{ lookup('env','COMPOSE_PROJECT_NAME') }}-ansible-1 ansible_connection=docker
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory.j2 b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory.j2
deleted file mode 100644
index 62d48ef82..000000000
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-[testapp]
-{{ lookup('env','COMPOSE_PROJECT_NAME') }}_test_app_ubuntu_[1:2] ansible_connection=docker
-{{ lookup('env','COMPOSE_PROJECT_NAME') }}_test_app_centos_[1:2] ansible_connection=docker
-
-[ansible]
-{{ lookup('env','COMPOSE_PROJECT_NAME') }}_ansible_1 ansible_connection=docker
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/cleanup-conjur-identity b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/cleanup-conjur-identity
index d1372eaea..d5cf77577 100644
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/cleanup-conjur-identity
+++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/cleanup-conjur-identity
@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="8" time="4.102" timestamp="2022-09-09T15:12:54.260298" hostname="3ef34ba116db"><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.681" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.198" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.687" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.201" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.698" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.213" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.702" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.190" /></testsuite></testsuites> \ No newline at end of file
+<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="8" time="3.385" timestamp="2023-09-28T17:31:14.495645" hostname="3bd1d1ebca35"><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_centos-1]" time="0.554" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://dev-test_app_centos-1]" time="0.182" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_centos-2]" time="0.524" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://dev-test_app_centos-2]" time="0.169" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_ubuntu-1]" time="0.517" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://dev-test_app_ubuntu-1]" time="0.182" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_ubuntu-2]" time="0.551" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://dev-test_app_ubuntu-2]" time="0.178" /></testsuite></testsuites> \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/configure-conjur-identity b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/configure-conjur-identity
index d982cbaa2..aec86fd9d 100644
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/configure-conjur-identity
+++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/configure-conjur-identity
@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="12" time="5.511" timestamp="2022-09-09T15:14:31.194874" hostname="3ef34ba116db"><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.691" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.412" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.133" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.710" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.384" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.126" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.727" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.383" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.155" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.719" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.387" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.143" /></testsuite></testsuites> \ No newline at end of file
+<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="12" time="4.685" timestamp="2023-09-28T17:32:48.189759" hostname="3bd1d1ebca35"><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_centos-1]" time="0.551" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://dev-test_app_centos-1]" time="0.356" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://dev-test_app_centos-1]" time="0.130" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_centos-2]" time="0.524" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://dev-test_app_centos-2]" time="0.363" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://dev-test_app_centos-2]" time="0.134" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_ubuntu-1]" time="0.530" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://dev-test_app_ubuntu-1]" time="0.413" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://dev-test_app_ubuntu-1]" time="0.122" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_ubuntu-2]" time="0.536" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://dev-test_app_ubuntu-2]" time="0.358" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://dev-test_app_ubuntu-2]" time="0.139" /></testsuite></testsuites> \ No newline at end of file
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/policy/root.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/policy/root.yml
deleted file mode 100644
index 0309cf702..000000000
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/policy/root.yml
+++ /dev/null
@@ -1,32 +0,0 @@
----
-- !policy
- id: ansible
- annotations:
- description: Policy for Ansible master and remote hosts
- body:
-
- - !host
- id: ansible-master
- annotations:
- description: Host for running Ansible on remote targets
-
- - !layer &remote_hosts_layer
- id: remote_hosts
- annotations:
- description: Layer for Ansible remote hosts
-
- - !host-factory
- id: ansible-factory
- annotations:
- description: Factory to create new hosts for ansible
- layer: [ *remote_hosts_layer ]
-
- - !variable
- id: target-password
- annotations:
- description: Password needed by the Ansible remote machine
-
- - !permit
- role: *remote_hosts_layer
- privileges: [ execute ]
- resources: [ !variable target-password ]
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/default.conf b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/default.conf
deleted file mode 100644
index db2153a71..000000000
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/default.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-server {
- listen 80;
- return 301 https://conjur$request_uri;
-}
-
-server {
- listen 443;
- server_name localhost;
- ssl_certificate /etc/nginx/cert.crt;
- ssl_certificate_key /etc/nginx/cert.key;
-
- ssl on;
- ssl_session_cache builtin:1000 shared:SSL:10m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
- ssl_prefer_server_ciphers on;
-
- access_log /var/log/nginx/access.log;
-
- location / {
- proxy_pass http://conjur:3000;
- }
-
- #error_page 404 /404.html;
-
- # redirect server error pages to the static page /50x.html
- #
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root /usr/share/nginx/html;
- }
-
-}
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/ssl.conf b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/ssl.conf
deleted file mode 100644
index e78716b27..000000000
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/ssl.conf
+++ /dev/null
@@ -1,39 +0,0 @@
-[req]
-default_bits = 2048
-prompt = no
-default_md = sha256
-req_extensions = req_ext
-distinguished_name = dn
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-req_extensions = v3_req
-x509_extensions = usr_cert
-
-[ dn ]
-C=IL
-ST=Israel
-L=TLV
-O=Onyx
-OU=CyberArk
-CN=conjur-proxy-nginx
-
-[ usr_cert ]
-basicConstraints=CA:FALSE
-nsCertType = client, server, email
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection
-nsComment = "OpenSSL Generated Certificate"
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-[ v3_req ]
-extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-subjectAltName = @alt_names
-
-[ alt_names ]
-DNS.1 = localhost
-DNS.2 = conjur-proxy-nginx
-IP.1 = 127.0.0.1
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test.sh b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test.sh
index 9a54cb8b9..1f7e28145 100755
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test.sh
+++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test.sh
@@ -1,249 +1,37 @@
#!/bin/bash -eu
-
set -o pipefail
-
-# normalises project name by filtering non alphanumeric characters and transforming to lowercase
-declare -x COMPOSE_PROJECT_NAME=''
-declare -x ENTERPRISE_PROJECT='conjur-intro-host'
-declare -x ANSIBLE_PROJECT=''
-
-declare -x ANSIBLE_CONJUR_AUTHN_API_KEY=''
-declare -x CLI_CONJUR_AUTHN_API_KEY=''
-declare -x DOCKER_NETWORK="default"
-declare -x ANSIBLE_VERSION="${ANSIBLE_VERSION:-6}"
-
-declare cli_cid=''
-declare ansible_cid=''
-declare enterprise='false'
-declare test_dir=''
-
- ANSIBLE_PROJECT=$(echo "${BUILD_TAG:-ansible-plugin-testing}-conjur-host-identity" | sed -e 's/[^[:alnum:]]//g' | tr '[:upper:]' '[:lower:]')
- test_dir="$(pwd)"
-
-function clean {
- echo 'Removing test environment'
- echo '---'
-
- # Escape conjur-intro dir if Enterprise setup fails
- cd "${test_dir}"
-
- if [[ -d conjur-intro ]]; then
- pushd conjur-intro
- COMPOSE_PROJECT_NAME="${ENTERPRISE_PROJECT}"
- ./bin/dap --stop
- popd
- rm -rf conjur-intro
- fi
-
- COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}"
- docker-compose down -v
- rm -rf inventory.tmp \
- conjur.pem
-}
-function finish {
- rv=$?
- clean || true
- exit $rv
-}
-trap finish EXIT
-
-while getopts 'e' flag; do
- case "${flag}" in
- e) enterprise="true" ;;
- *) exit 1 ;;
- esac
-done
-
-clean
-
-function setup_admin_api_key {
- if [[ "$enterprise" == "true" ]]; then
- docker exec "${cli_cid}" \
- conjur user rotate_api_key
- else
- docker-compose exec -T conjur \
- conjurctl role retrieve-key "${CONJUR_ACCOUNT}:user:admin"
- fi
-}
-
-function setup_ansible_api_key {
- docker exec "${cli_cid}" \
- conjur host rotate_api_key --host ansible/ansible-master
-}
-
-function hf_token {
- docker exec "${cli_cid}" bash -c "conjur hostfactory tokens create --duration-days=5 ansible/ansible-factory | jq -r '.[0].token'"
-}
-
-function setup_conjur_resources {
- echo "---- setting up conjur ----"
- policy_path="root.yml"
- if [[ "${enterprise}" == "false" ]]; then
- policy_path="/policy/${policy_path}"
- fi
-
- docker exec "${cli_cid}" bash -ec "
- conjur policy load root ${policy_path}
- conjur variable values add ansible/target-password target_secret_password
- "
-}
+source "$(git rev-parse --show-toplevel)/dev/util.sh"
function run_test_cases {
for test_case in test_cases/*; do
- teardown_and_setup
+ teardown_and_setup_inventory
run_test_case "$(basename -- "$test_case")"
done
}
function run_test_case {
+ local test_case="$1"
echo "---- testing ${test_case} ----"
- local test_case=$1
- if [ -n "$test_case" ]; then
- docker exec "${ansible_cid}" \
- env HFTOKEN="$(hf_token)" \
- env CONJUR_ACCOUNT="${CONJUR_ACCOUNT}" \
- env CONJUR_APPLIANCE_URL="${CONJUR_APPLIANCE_URL}" \
- bash -ec "
- cd tests
- ansible-playbook test_cases/${test_case}/playbook.yml
- "
- if [ -d "${test_dir}/test_cases/${test_case}/tests/" ]; then
- docker exec "${ansible_cid}" bash -ec "
- cd tests
- py.test --junitxml=./junit/${test_case} --connection docker -v test_cases/${test_case}/tests/test_default.py
- "
- fi
- else
- echo ERROR: run_test called with no argument 1>&2
- exit 1
- fi
-}
-
-function teardown_and_setup {
- docker-compose up -d --force-recreate --scale test_app_ubuntu=2 test_app_ubuntu
- docker-compose up -d --force-recreate --scale test_app_centos=2 test_app_centos
-}
-
-function wait_for_server {
- # shellcheck disable=SC2016
- docker exec "${cli_cid}" bash -ec '
- for i in $( seq 20 ); do
- curl -o /dev/null -fs -X OPTIONS ${CONJUR_APPLIANCE_URL} > /dev/null && echo "server is up" && break
- echo "."
- sleep 2
- done
- '
-}
-
-function fetch_ssl_cert {
- echo "Fetching SSL certs"
- service_id="conjur-proxy-nginx"
- cert_path="cert.crt"
- if [[ "${enterprise}" == "true" ]]; then
- service_id="conjur-master.mycompany.local"
- cert_path="/etc/ssl/certs/ca.pem"
- fi
-
- (docker-compose exec -T "${service_id}" cat "${cert_path}") > conjur.pem
-}
-function generate_inventory {
- # Use a different inventory file for docker-compose v1 and v2 or later
- playbook_file="inventory-playbook-v2.yml"
- compose_ver=$(docker-compose version --short)
- if [[ $compose_ver == "1"* ]]; then
- playbook_file="inventory-playbook.yml"
+ if [ -z "$test_case" ]; then
+ echo ERROR: run_test_case called with no argument 1>&2
+ exit 1
fi
- # uses .j2 template to generate inventory prepended with COMPOSE_PROJECT_NAME
- docker-compose exec -T ansible bash -ec "
- cd tests
- ansible-playbook $playbook_file
- "
+ docker exec -e HFTOKEN="$(hf_token)" \
+ "$(ansible_cid)" bash -ec "
+ cd /cyberark/tests/conjur-host-identity
- cat inventory.tmp
-}
-
-function setup_conjur_open_source() {
- docker-compose up -d --build
-
- cli_cid="$(docker-compose ps -q conjur_cli)"
-
- fetch_ssl_cert
- wait_for_server
-
- echo "Recreating Conjur CLI with admin credentials"
- CLI_CONJUR_AUTHN_API_KEY=$(setup_admin_api_key)
- docker-compose up -d conjur_cli
- cli_cid=$(docker-compose ps -q conjur_cli)
-
- setup_conjur_resources
-}
+ # You can add -vvvvv here for debugging
+ ansible-playbook test_cases/$test_case/playbook.yml
+ "
-function setup_conjur_enterprise() {
- git clone --single-branch --branch main https://github.com/conjurdemos/conjur-intro.git
- pushd ./conjur-intro
-
- echo "Provisioning Enterprise leader and follower"
- ./bin/dap --provision-master
- ./bin/dap --provision-follower
-
- cp ../policy/root.yml .
-
- # Run 'sleep infinity' in the CLI container, so the scripts
- # have access to an alive and authenticated CLI until the script terminates
- cli_cid="$(docker-compose run -d \
- -w /src/cli \
- --entrypoint sleep client infinity)"
-
- echo "Authenticate Conjur CLI container"
- docker exec "${cli_cid}" \
- /bin/bash -c "
- if [ ! -e /root/conjur-demo.pem ]; then
- yes 'yes' | conjur init -u ${CONJUR_APPLIANCE_URL} -a ${CONJUR_ACCOUNT}
- fi
- conjur authn login -u admin -p MySecretP@ss1
- hostname -I
- "
-
- fetch_ssl_cert
- setup_conjur_resources
-
- echo "Relocate credential files"
- mv conjur.pem ../.
- popd
-}
-
-function main() {
- if [[ "${enterprise}" == "true" ]]; then
- echo "Deploying Conjur Enterprise"
-
- export DOCKER_NETWORK="dap_net"
- export CONJUR_APPLIANCE_URL="https://conjur-master.mycompany.local"
- export CONJUR_ACCOUNT="demo"
- COMPOSE_PROJECT_NAME="${ENTERPRISE_PROJECT}"
- DOCKER_NETWORK="dap_net"
-
- setup_conjur_enterprise
- else
- echo "Deploying Conjur Open Source"
-
- export CONJUR_APPLIANCE_URL="https://conjur-proxy-nginx"
- export CONJUR_ACCOUNT="cucumber"
- COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}"
-
- setup_conjur_open_source
+ if [ -d "test_cases/${test_case}/tests/" ]; then
+ docker exec "$(ansible_cid)" bash -ec "
+ cd /cyberark/tests/conjur-host-identity
+ py.test --junitxml=./junit/${test_case} --connection docker -v test_cases/${test_case}/tests/test_default.py
+ "
fi
-
- echo "Preparing Ansible for test run"
- COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}"
- ANSIBLE_CONJUR_AUTHN_API_KEY=$(setup_ansible_api_key)
- docker-compose up -d ansible
- ansible_cid=$(docker-compose ps -q ansible)
- generate_inventory
-
- echo "Running tests"
- run_test_cases
}
-main \ No newline at end of file
+run_test_cases
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_centos/Dockerfile b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_centos/Dockerfile
deleted file mode 100644
index ee474e7bf..000000000
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_centos/Dockerfile
+++ /dev/null
@@ -1,4 +0,0 @@
-FROM centos:7
-
-# Install Python so Ansible can run against node
-RUN yum update -y && yum install -y python3
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile
deleted file mode 100644
index ce919aa57..000000000
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile
+++ /dev/null
@@ -1,4 +0,0 @@
-FROM ubuntu:20.04
-
-# Install Python so Ansible can run against node
-RUN apt-get update -y && apt-get install -y python3-minimal
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/bad-ssl-config/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/bad-ssl-config/playbook.yml
new file mode 100644
index 000000000..2d1282c41
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/bad-ssl-config/playbook.yml
@@ -0,0 +1,20 @@
+---
+- name: Configuring Conjur identity on remote hosts fails when missing required SSL config
+ hosts: testapp
+ tasks:
+ - name: Attempt to configure Conjur identity
+ block:
+ - import_role:
+ name: "cyberark.conjur.conjur-host-identity"
+ vars:
+ conjur_account: cucumber
+ conjur_appliance_url: "https://conjur-proxy-nginx"
+ conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}"
+ conjur_host_name: "conjur_{{ ansible_hostname }}"
+ # conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}"
+ conjur_validate_certs: yes
+ rescue:
+ - name: Confirm Role setup fails with message
+ assert:
+ that: ansible_failed_result.failed == true
+ fail_msg: "Variable 'conjur_ssl_certificate' is not set!"
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml
index dfdbe2804..ec472992d 100644
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml
+++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml
@@ -7,7 +7,7 @@
conjur_appliance_url: "{{lookup('env', 'CONJUR_APPLIANCE_URL')}}"
conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}"
conjur_host_name: "conjur_{{ ansible_hostname }}"
- conjur_ssl_certificate: "{{lookup('file', '../../conjur.pem')}}"
+ conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}"
conjur_validate_certs: yes
- name: Revoke Conjur identity from remote hosts
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py
index 9139ea87a..46fc8b8c2 100644
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py
+++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py
@@ -4,7 +4,7 @@ __metaclass__ = type
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
- '/cyberark/tests/inventory.tmp').get_hosts('testapp')
+ '/cyberark/dev/inventory.tmp').get_hosts('testapp')
def test_hosts_file(host):
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml
index 2f1ec4556..7309d21b6 100644
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml
+++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml
@@ -7,5 +7,5 @@
conjur_appliance_url: "{{lookup('env', 'CONJUR_APPLIANCE_URL')}}"
conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}"
conjur_host_name: "conjur_{{ ansible_hostname }}"
- conjur_ssl_certificate: "{{lookup('file', '../../conjur.pem')}}"
+ conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}"
conjur_validate_certs: yes
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py
index 80513230a..46b64566c 100644
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py
+++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py
@@ -4,7 +4,7 @@ __metaclass__ = type
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
- '/cyberark/tests/inventory.tmp').get_hosts('testapp')
+ '/cyberark/dev/inventory.tmp').get_hosts('testapp')
def test_hosts_file(host):
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml
index 2ae9ec144..96f31c7d0 100644
--- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml
+++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml
@@ -11,12 +11,10 @@
# conjur_appliance_url: "https://conjur-proxy-nginx"
conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}"
conjur_host_name: "conjur_{{ ansible_hostname }}"
- conjur_ssl_certificate: "{{lookup('file', '../../conjur.pem')}}"
+ conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}"
conjur_validate_certs: yes
rescue:
- - name: Confirm Role setup fails
+ - name: Confirm Role setup fails with message
assert:
that: ansible_failed_result.failed == true
- - name: Confirm error message
- assert:
- that: ansible_failed_result.msg == "'conjur_appliance_url' is undefined"
+ fail_msg: "Variable 'conjur_appliance_url' is not set!"
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/not-conjurized/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/not-conjurized/playbook.yml
new file mode 100644
index 000000000..9175cfbbb
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/not-conjurized/playbook.yml
@@ -0,0 +1,28 @@
+---
+- name: Un-Conjurize remote hosts
+ hosts: testapp
+ tasks:
+ - name: Remove identity file
+ file:
+ path: /etc/conjur.identity
+ state: absent
+
+- name: Configuring Conjur identity on not-Conjurized hosts requires HF token
+ hosts: testapp
+ tasks:
+ - name: Attempt to configure Conjur identity
+ block:
+ - import_role:
+ name: "cyberark.conjur.conjur-host-identity"
+ vars:
+ conjur_account: "{{lookup('env', 'CONJUR_ACCOUNT')}}"
+ conjur_appliance_url: "{{lookup('env', 'CONJUR_APPLIANCE_URL')}}"
+ # conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}"
+ conjur_host_name: "conjur_{{ ansible_hostname }}"
+ conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}"
+ conjur_validate_certs: yes
+ rescue:
+ - name: Conjur Role setup fails with message
+ assert:
+ that: ansible_failed_result.failed == true
+ fail_msg: "Variable 'conjur_host_factory_token' is not set!"