diff options
Diffstat (limited to 'ansible_collections/cyberark/conjur/roles')
26 files changed, 111 insertions, 560 deletions
diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tasks/identity_check.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tasks/identity_check.yml index 8661daf70..2e9ab27ce 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tasks/identity_check.yml +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tasks/identity_check.yml @@ -9,12 +9,13 @@ conjurized: "{{ identity_file.stat.exists|bool }}" - name: Ensure all required variables are set - fail: msg="Variable '{{ item }}' is not set!" - when: item is undefined - with_items: - - "{{ conjur_account }}" - - "{{ conjur_appliance_url }}" - - "{{ conjur_host_name }}" + fail: + msg: Variable '{{ item }}' is not set! + when: vars[item] is undefined + loop: + - conjur_account + - conjur_appliance_url + - conjur_host_name - name: Set fact "ssl_configuration" set_fact: @@ -22,11 +23,12 @@ - block: - name: Ensure all required ssl variables are set - fail: msg="Variable '{{ item }}' is not set!" - when: item is undefined - with_items: - - "{{ conjur_ssl_certificate }}" - - "{{ conjur_validate_certs }}" + fail: + msg: Variable '{{ item }}' is not set! + when: vars[item] is undefined + loop: + - conjur_ssl_certificate + - conjur_validate_certs - name: Set fact "ssl file path" set_fact: @@ -46,8 +48,7 @@ - block: - name: Ensure "conjur_host_factory_token" is set (if node is not already conjurized) - fail: msg="Variable '{{ item }}' is not set!" - when: item is undefined - with_items: - - "{{ conjur_host_factory_token }}" + fail: + msg: Variable 'conjur_host_factory_token' is not set! + when: conjur_host_factory_token is undefined when: not conjurized diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.dockerignore b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.dockerignore deleted file mode 100644 index 5ed3ebd29..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.dockerignore +++ /dev/null @@ -1 +0,0 @@ -conjur-intro/
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.pytest_cache/v/cache/nodeids b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.pytest_cache/v/cache/nodeids index ffadcb1be..3bcaaa5b8 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.pytest_cache/v/cache/nodeids +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/.pytest_cache/v/cache/nodeids @@ -1,22 +1,22 @@ [ - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]", - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]", - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]", - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]", - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]", - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]", - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]", - "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]", - "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_centos-1]", + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_centos-2]", + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_ubuntu-1]", + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_ubuntu-2]", + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://dev-test_app_centos-1]", + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://dev-test_app_centos-2]", + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://dev-test_app_ubuntu-1]", + "test_cases/cleanup-conjur-identity/tests/test_default.py::test_is_not_conjurized[docker://dev-test_app_ubuntu-2]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_centos-1]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_centos-2]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_ubuntu-1]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_hosts_file[docker://dev-test_app_ubuntu-2]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://dev-test_app_centos-1]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://dev-test_app_centos-2]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://dev-test_app_ubuntu-1]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_is_conjurized[docker://dev-test_app_ubuntu-2]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://dev-test_app_centos-1]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://dev-test_app_centos-2]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://dev-test_app_ubuntu-1]", + "test_cases/configure-conjur-identity/tests/test_default.py::test_retrieve_secret_with_summon[docker://dev-test_app_ubuntu-2]" ]
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile deleted file mode 100644 index 3985b12ad..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile +++ /dev/null @@ -1,39 +0,0 @@ -FROM ubuntu:20.04 - -ENV DEBIAN_FRONTEND=noninteractive - -WORKDIR /cyberark - -# install python 3 -RUN apt-get update && \ - apt-get install -y python3-pip && \ - pip3 install --upgrade pip - -ARG ANSIBLE_VERSION -# install ansible and its test tool -RUN pip3 install ansible==${ANSIBLE_VERSION}.* pytest-testinfra - -# install docker installation requirements -RUN apt-get update && \ - apt-get install -y apt-transport-https \ - ca-certificates \ - curl \ - software-properties-common - -# install docker -RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - -RUN add-apt-repository \ - "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ - $(lsb_release -cs) \ - stable" - -RUN apt-get update && \ - apt-get -y install docker-ce - -# NOTE: Everything above is copied from REPO_ROOT/tests/conjur_variable/Dockerfile. It defines a -# standard container image for running ansible tests - -# install ruby -RUN apt-get update && apt-get install -y gcc build-essential -RUN apt-add-repository -y ppa:brightbox/ruby-ng && apt-get update && apt-get install -y ruby2.7 ruby2.7-dev -RUN gem install conjur-cli
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile_nginx b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile_nginx deleted file mode 100644 index d9f18c7bd..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/Dockerfile_nginx +++ /dev/null @@ -1,16 +0,0 @@ -FROM nginx:1.13.3 - -RUN export DEBIAN_FRONTEND=noninteractive && \ - apt-get update && \ - apt-get install -y iputils-ping procps openssl && \ - rm -rf /var/lib/apt/lists/* - -WORKDIR /etc/nginx/ - -COPY proxy/ssl.conf /etc/ssl/openssl.cnf - -RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ - -config /etc/ssl/openssl.cnf -extensions v3_ca \ - -keyout cert.key -out cert.crt - -COPY proxy/default.conf /etc/nginx/conf.d/default.conf diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/ansible.cfg b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/ansible.cfg deleted file mode 100644 index 56026b775..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/ansible.cfg +++ /dev/null @@ -1,8 +0,0 @@ -[defaults] -display_skipped_hosts = False -host_key_checking = False -error_on_undefined_vars = True -timeout = 60 -inventory = inventory.tmp -roles_path = /cyberark -remote_tmp = /tmp diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/docker-compose.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/docker-compose.yml deleted file mode 100644 index 832655687..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/docker-compose.yml +++ /dev/null @@ -1,84 +0,0 @@ -version: '3' -services: - ansible: - build: - context: . - dockerfile: Dockerfile - args: - ANSIBLE_VERSION: ${ANSIBLE_VERSION} - command: /bin/sleep 1d - environment: - CONJUR_APPLIANCE_URL: ${CONJUR_APPLIANCE_URL} - CONJUR_ACCOUNT: ${CONJUR_ACCOUNT} - CONJUR_AUTHN_LOGIN: ${CONJUR_AUTHN_LOGIN} - CONJUR_AUTHN_API_KEY: ${ANSIBLE_CONJUR_AUTHN_API_KEY} - CONJUR_CUSTOM_AUTHN_API_KEY: ${CUSTOM_CONJUR_AUTHN_API_KEY} - COMPOSE_PROJECT_NAME: ${COMPOSE_PROJECT_NAME} - # NOTE: Explicitly setting the ANSIBLE_CONFIG envvar avoids Ansible ignoring - # the configuration because it is in a world-writable working directory, - # see https://docs.ansible.com/ansible/latest/reference_appendices/config.html#avoiding-security-risks-with-ansible-cfg-in-the-current-directory. - ANSIBLE_CONFIG: ./ansible.cfg - networks: - - "${DOCKER_NETWORK}" - volumes: - - ..:/cyberark/cyberark.conjur.conjur-host-identity/ - - .:/cyberark/tests/ - - /var/run/docker.sock:/var/run/docker.sock - pg: - image: postgres:9.3 - - conjur: - image: cyberark/conjur - command: server -a cucumber -p 3000 - environment: - CONJUR_APPLIANCE_URL: http://localhost:3000 - DATABASE_URL: postgres://postgres@pg/postgres - CONJUR_DATA_KEY: "W0BuL8iTr/7QvtjIluJbrb5LDAnmXzmcpxkqihO3dXA=" - networks: - - default - links: - - pg - - conjur_cli: - image: cyberark/conjur-cli:5-latest - entrypoint: [] - command: sleep infinity - environment: - CONJUR_APPLIANCE_URL: http://conjur:3000 - CONJUR_ACCOUNT: cucumber - CONJUR_AUTHN_LOGIN: admin - CONJUR_AUTHN_API_KEY: ${CLI_CONJUR_AUTHN_API_KEY} - volumes: - - ./policy:/policy - links: - - conjur - - test_app_ubuntu: - build: ./test_app_ubuntu - entrypoint: sleep - command: infinity - networks: - - "${DOCKER_NETWORK}" - - test_app_centos: - build: ./test_app_centos - entrypoint: sleep - command: infinity - networks: - - "${DOCKER_NETWORK}" - - conjur-proxy-nginx: - build: - context: . - dockerfile: Dockerfile_nginx - entrypoint: nginx-debug -g 'daemon off;' - environment: - TERM: xterm - depends_on: - - conjur - - conjur_cli - -networks: - dap_net: - name: dap_net - external: true diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook-v2.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook-v2.yml deleted file mode 100644 index d47081cbe..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook-v2.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Compile inventory template locally - hosts: localhost - tasks: - - name: compile inventory template - template: src=inventory-v2.j2 dest=/cyberark/tests/inventory.tmp diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook.yml deleted file mode 100644 index 91d44fcb8..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-playbook.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Compile inventory template locally - hosts: localhost - tasks: - - name: compile inventory template - template: src=inventory.j2 dest=/cyberark/tests/inventory.tmp diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-v2.j2 b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-v2.j2 deleted file mode 100644 index 4a004fb13..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory-v2.j2 +++ /dev/null @@ -1,6 +0,0 @@ -[testapp] -{{ lookup('env','COMPOSE_PROJECT_NAME') }}-test_app_ubuntu-[1:2] ansible_connection=docker -{{ lookup('env','COMPOSE_PROJECT_NAME') }}-test_app_centos-[1:2] ansible_connection=docker - -[ansible] -{{ lookup('env','COMPOSE_PROJECT_NAME') }}-ansible-1 ansible_connection=docker diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory.j2 b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory.j2 deleted file mode 100644 index 62d48ef82..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/inventory.j2 +++ /dev/null @@ -1,6 +0,0 @@ -[testapp] -{{ lookup('env','COMPOSE_PROJECT_NAME') }}_test_app_ubuntu_[1:2] ansible_connection=docker -{{ lookup('env','COMPOSE_PROJECT_NAME') }}_test_app_centos_[1:2] ansible_connection=docker - -[ansible] -{{ lookup('env','COMPOSE_PROJECT_NAME') }}_ansible_1 ansible_connection=docker diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/cleanup-conjur-identity b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/cleanup-conjur-identity index d1372eaea..d5cf77577 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/cleanup-conjur-identity +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/cleanup-conjur-identity @@ -1 +1 @@ -<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="8" time="4.102" timestamp="2022-09-09T15:12:54.260298" hostname="3ef34ba116db"><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.681" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.198" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.687" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.201" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.698" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.213" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.702" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.190" /></testsuite></testsuites>
\ No newline at end of file +<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="8" time="3.385" timestamp="2023-09-28T17:31:14.495645" hostname="3bd1d1ebca35"><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_centos-1]" time="0.554" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://dev-test_app_centos-1]" time="0.182" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_centos-2]" time="0.524" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://dev-test_app_centos-2]" time="0.169" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_ubuntu-1]" time="0.517" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://dev-test_app_ubuntu-1]" time="0.182" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_ubuntu-2]" time="0.551" /><testcase classname="test_cases.cleanup-conjur-identity.tests.test_default" name="test_is_not_conjurized[docker://dev-test_app_ubuntu-2]" time="0.178" /></testsuite></testsuites>
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/configure-conjur-identity b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/configure-conjur-identity index d982cbaa2..aec86fd9d 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/configure-conjur-identity +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/junit/configure-conjur-identity @@ -1 +1 @@ -<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="12" time="5.511" timestamp="2022-09-09T15:14:31.194874" hostname="3ef34ba116db"><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.691" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.412" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_1]" time="0.133" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.710" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.384" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_centos_2]" time="0.126" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.727" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.383" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_1]" time="0.155" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.719" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.387" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://jenkinscyberarkansibleconjurcollectionv1201conjurhostidentity_test_app_ubuntu_2]" time="0.143" /></testsuite></testsuites>
\ No newline at end of file +<?xml version="1.0" encoding="utf-8"?><testsuites><testsuite name="pytest" errors="0" failures="0" skipped="0" tests="12" time="4.685" timestamp="2023-09-28T17:32:48.189759" hostname="3bd1d1ebca35"><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_centos-1]" time="0.551" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://dev-test_app_centos-1]" time="0.356" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://dev-test_app_centos-1]" time="0.130" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_centos-2]" time="0.524" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://dev-test_app_centos-2]" time="0.363" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://dev-test_app_centos-2]" time="0.134" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_ubuntu-1]" time="0.530" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://dev-test_app_ubuntu-1]" time="0.413" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://dev-test_app_ubuntu-1]" time="0.122" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_hosts_file[docker://dev-test_app_ubuntu-2]" time="0.536" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_is_conjurized[docker://dev-test_app_ubuntu-2]" time="0.358" /><testcase classname="test_cases.configure-conjur-identity.tests.test_default" name="test_retrieve_secret_with_summon[docker://dev-test_app_ubuntu-2]" time="0.139" /></testsuite></testsuites>
\ No newline at end of file diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/policy/root.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/policy/root.yml deleted file mode 100644 index 0309cf702..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/policy/root.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- !policy - id: ansible - annotations: - description: Policy for Ansible master and remote hosts - body: - - - !host - id: ansible-master - annotations: - description: Host for running Ansible on remote targets - - - !layer &remote_hosts_layer - id: remote_hosts - annotations: - description: Layer for Ansible remote hosts - - - !host-factory - id: ansible-factory - annotations: - description: Factory to create new hosts for ansible - layer: [ *remote_hosts_layer ] - - - !variable - id: target-password - annotations: - description: Password needed by the Ansible remote machine - - - !permit - role: *remote_hosts_layer - privileges: [ execute ] - resources: [ !variable target-password ] diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/default.conf b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/default.conf deleted file mode 100644 index db2153a71..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/default.conf +++ /dev/null @@ -1,33 +0,0 @@ -server { - listen 80; - return 301 https://conjur$request_uri; -} - -server { - listen 443; - server_name localhost; - ssl_certificate /etc/nginx/cert.crt; - ssl_certificate_key /etc/nginx/cert.key; - - ssl on; - ssl_session_cache builtin:1000 shared:SSL:10m; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; - ssl_prefer_server_ciphers on; - - access_log /var/log/nginx/access.log; - - location / { - proxy_pass http://conjur:3000; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - -} diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/ssl.conf b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/ssl.conf deleted file mode 100644 index e78716b27..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/proxy/ssl.conf +++ /dev/null @@ -1,39 +0,0 @@ -[req] -default_bits = 2048 -prompt = no -default_md = sha256 -req_extensions = req_ext -distinguished_name = dn -x509_extensions = v3_ca # The extentions to add to the self signed cert -req_extensions = v3_req -x509_extensions = usr_cert - -[ dn ] -C=IL -ST=Israel -L=TLV -O=Onyx -OU=CyberArk -CN=conjur-proxy-nginx - -[ usr_cert ] -basicConstraints=CA:FALSE -nsCertType = client, server, email -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection -nsComment = "OpenSSL Generated Certificate" -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -[ v3_req ] -extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -[ v3_ca ] -subjectAltName = @alt_names - -[ alt_names ] -DNS.1 = localhost -DNS.2 = conjur-proxy-nginx -IP.1 = 127.0.0.1 diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test.sh b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test.sh index 9a54cb8b9..1f7e28145 100755 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test.sh +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test.sh @@ -1,249 +1,37 @@ #!/bin/bash -eu - set -o pipefail - -# normalises project name by filtering non alphanumeric characters and transforming to lowercase -declare -x COMPOSE_PROJECT_NAME='' -declare -x ENTERPRISE_PROJECT='conjur-intro-host' -declare -x ANSIBLE_PROJECT='' - -declare -x ANSIBLE_CONJUR_AUTHN_API_KEY='' -declare -x CLI_CONJUR_AUTHN_API_KEY='' -declare -x DOCKER_NETWORK="default" -declare -x ANSIBLE_VERSION="${ANSIBLE_VERSION:-6}" - -declare cli_cid='' -declare ansible_cid='' -declare enterprise='false' -declare test_dir='' - - ANSIBLE_PROJECT=$(echo "${BUILD_TAG:-ansible-plugin-testing}-conjur-host-identity" | sed -e 's/[^[:alnum:]]//g' | tr '[:upper:]' '[:lower:]') - test_dir="$(pwd)" - -function clean { - echo 'Removing test environment' - echo '---' - - # Escape conjur-intro dir if Enterprise setup fails - cd "${test_dir}" - - if [[ -d conjur-intro ]]; then - pushd conjur-intro - COMPOSE_PROJECT_NAME="${ENTERPRISE_PROJECT}" - ./bin/dap --stop - popd - rm -rf conjur-intro - fi - - COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}" - docker-compose down -v - rm -rf inventory.tmp \ - conjur.pem -} -function finish { - rv=$? - clean || true - exit $rv -} -trap finish EXIT - -while getopts 'e' flag; do - case "${flag}" in - e) enterprise="true" ;; - *) exit 1 ;; - esac -done - -clean - -function setup_admin_api_key { - if [[ "$enterprise" == "true" ]]; then - docker exec "${cli_cid}" \ - conjur user rotate_api_key - else - docker-compose exec -T conjur \ - conjurctl role retrieve-key "${CONJUR_ACCOUNT}:user:admin" - fi -} - -function setup_ansible_api_key { - docker exec "${cli_cid}" \ - conjur host rotate_api_key --host ansible/ansible-master -} - -function hf_token { - docker exec "${cli_cid}" bash -c "conjur hostfactory tokens create --duration-days=5 ansible/ansible-factory | jq -r '.[0].token'" -} - -function setup_conjur_resources { - echo "---- setting up conjur ----" - policy_path="root.yml" - if [[ "${enterprise}" == "false" ]]; then - policy_path="/policy/${policy_path}" - fi - - docker exec "${cli_cid}" bash -ec " - conjur policy load root ${policy_path} - conjur variable values add ansible/target-password target_secret_password - " -} +source "$(git rev-parse --show-toplevel)/dev/util.sh" function run_test_cases { for test_case in test_cases/*; do - teardown_and_setup + teardown_and_setup_inventory run_test_case "$(basename -- "$test_case")" done } function run_test_case { + local test_case="$1" echo "---- testing ${test_case} ----" - local test_case=$1 - if [ -n "$test_case" ]; then - docker exec "${ansible_cid}" \ - env HFTOKEN="$(hf_token)" \ - env CONJUR_ACCOUNT="${CONJUR_ACCOUNT}" \ - env CONJUR_APPLIANCE_URL="${CONJUR_APPLIANCE_URL}" \ - bash -ec " - cd tests - ansible-playbook test_cases/${test_case}/playbook.yml - " - if [ -d "${test_dir}/test_cases/${test_case}/tests/" ]; then - docker exec "${ansible_cid}" bash -ec " - cd tests - py.test --junitxml=./junit/${test_case} --connection docker -v test_cases/${test_case}/tests/test_default.py - " - fi - else - echo ERROR: run_test called with no argument 1>&2 - exit 1 - fi -} - -function teardown_and_setup { - docker-compose up -d --force-recreate --scale test_app_ubuntu=2 test_app_ubuntu - docker-compose up -d --force-recreate --scale test_app_centos=2 test_app_centos -} - -function wait_for_server { - # shellcheck disable=SC2016 - docker exec "${cli_cid}" bash -ec ' - for i in $( seq 20 ); do - curl -o /dev/null -fs -X OPTIONS ${CONJUR_APPLIANCE_URL} > /dev/null && echo "server is up" && break - echo "." - sleep 2 - done - ' -} - -function fetch_ssl_cert { - echo "Fetching SSL certs" - service_id="conjur-proxy-nginx" - cert_path="cert.crt" - if [[ "${enterprise}" == "true" ]]; then - service_id="conjur-master.mycompany.local" - cert_path="/etc/ssl/certs/ca.pem" - fi - - (docker-compose exec -T "${service_id}" cat "${cert_path}") > conjur.pem -} -function generate_inventory { - # Use a different inventory file for docker-compose v1 and v2 or later - playbook_file="inventory-playbook-v2.yml" - compose_ver=$(docker-compose version --short) - if [[ $compose_ver == "1"* ]]; then - playbook_file="inventory-playbook.yml" + if [ -z "$test_case" ]; then + echo ERROR: run_test_case called with no argument 1>&2 + exit 1 fi - # uses .j2 template to generate inventory prepended with COMPOSE_PROJECT_NAME - docker-compose exec -T ansible bash -ec " - cd tests - ansible-playbook $playbook_file - " + docker exec -e HFTOKEN="$(hf_token)" \ + "$(ansible_cid)" bash -ec " + cd /cyberark/tests/conjur-host-identity - cat inventory.tmp -} - -function setup_conjur_open_source() { - docker-compose up -d --build - - cli_cid="$(docker-compose ps -q conjur_cli)" - - fetch_ssl_cert - wait_for_server - - echo "Recreating Conjur CLI with admin credentials" - CLI_CONJUR_AUTHN_API_KEY=$(setup_admin_api_key) - docker-compose up -d conjur_cli - cli_cid=$(docker-compose ps -q conjur_cli) - - setup_conjur_resources -} + # You can add -vvvvv here for debugging + ansible-playbook test_cases/$test_case/playbook.yml + " -function setup_conjur_enterprise() { - git clone --single-branch --branch main https://github.com/conjurdemos/conjur-intro.git - pushd ./conjur-intro - - echo "Provisioning Enterprise leader and follower" - ./bin/dap --provision-master - ./bin/dap --provision-follower - - cp ../policy/root.yml . - - # Run 'sleep infinity' in the CLI container, so the scripts - # have access to an alive and authenticated CLI until the script terminates - cli_cid="$(docker-compose run -d \ - -w /src/cli \ - --entrypoint sleep client infinity)" - - echo "Authenticate Conjur CLI container" - docker exec "${cli_cid}" \ - /bin/bash -c " - if [ ! -e /root/conjur-demo.pem ]; then - yes 'yes' | conjur init -u ${CONJUR_APPLIANCE_URL} -a ${CONJUR_ACCOUNT} - fi - conjur authn login -u admin -p MySecretP@ss1 - hostname -I - " - - fetch_ssl_cert - setup_conjur_resources - - echo "Relocate credential files" - mv conjur.pem ../. - popd -} - -function main() { - if [[ "${enterprise}" == "true" ]]; then - echo "Deploying Conjur Enterprise" - - export DOCKER_NETWORK="dap_net" - export CONJUR_APPLIANCE_URL="https://conjur-master.mycompany.local" - export CONJUR_ACCOUNT="demo" - COMPOSE_PROJECT_NAME="${ENTERPRISE_PROJECT}" - DOCKER_NETWORK="dap_net" - - setup_conjur_enterprise - else - echo "Deploying Conjur Open Source" - - export CONJUR_APPLIANCE_URL="https://conjur-proxy-nginx" - export CONJUR_ACCOUNT="cucumber" - COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}" - - setup_conjur_open_source + if [ -d "test_cases/${test_case}/tests/" ]; then + docker exec "$(ansible_cid)" bash -ec " + cd /cyberark/tests/conjur-host-identity + py.test --junitxml=./junit/${test_case} --connection docker -v test_cases/${test_case}/tests/test_default.py + " fi - - echo "Preparing Ansible for test run" - COMPOSE_PROJECT_NAME="${ANSIBLE_PROJECT}" - ANSIBLE_CONJUR_AUTHN_API_KEY=$(setup_ansible_api_key) - docker-compose up -d ansible - ansible_cid=$(docker-compose ps -q ansible) - generate_inventory - - echo "Running tests" - run_test_cases } -main
\ No newline at end of file +run_test_cases diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_centos/Dockerfile b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_centos/Dockerfile deleted file mode 100644 index ee474e7bf..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_centos/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM centos:7 - -# Install Python so Ansible can run against node -RUN yum update -y && yum install -y python3 diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile deleted file mode 100644 index ce919aa57..000000000 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM ubuntu:20.04 - -# Install Python so Ansible can run against node -RUN apt-get update -y && apt-get install -y python3-minimal diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/bad-ssl-config/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/bad-ssl-config/playbook.yml new file mode 100644 index 000000000..2d1282c41 --- /dev/null +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/bad-ssl-config/playbook.yml @@ -0,0 +1,20 @@ +--- +- name: Configuring Conjur identity on remote hosts fails when missing required SSL config + hosts: testapp + tasks: + - name: Attempt to configure Conjur identity + block: + - import_role: + name: "cyberark.conjur.conjur-host-identity" + vars: + conjur_account: cucumber + conjur_appliance_url: "https://conjur-proxy-nginx" + conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}" + conjur_host_name: "conjur_{{ ansible_hostname }}" + # conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}" + conjur_validate_certs: yes + rescue: + - name: Confirm Role setup fails with message + assert: + that: ansible_failed_result.failed == true + fail_msg: "Variable 'conjur_ssl_certificate' is not set!" diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml index dfdbe2804..ec472992d 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/playbook.yml @@ -7,7 +7,7 @@ conjur_appliance_url: "{{lookup('env', 'CONJUR_APPLIANCE_URL')}}" conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}" conjur_host_name: "conjur_{{ ansible_hostname }}" - conjur_ssl_certificate: "{{lookup('file', '../../conjur.pem')}}" + conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}" conjur_validate_certs: yes - name: Revoke Conjur identity from remote hosts diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py index 9139ea87a..46fc8b8c2 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/cleanup-conjur-identity/tests/test_default.py @@ -4,7 +4,7 @@ __metaclass__ = type import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - '/cyberark/tests/inventory.tmp').get_hosts('testapp') + '/cyberark/dev/inventory.tmp').get_hosts('testapp') def test_hosts_file(host): diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml index 2f1ec4556..7309d21b6 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml @@ -7,5 +7,5 @@ conjur_appliance_url: "{{lookup('env', 'CONJUR_APPLIANCE_URL')}}" conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}" conjur_host_name: "conjur_{{ ansible_hostname }}" - conjur_ssl_certificate: "{{lookup('file', '../../conjur.pem')}}" + conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}" conjur_validate_certs: yes diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py index 80513230a..46b64566c 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py @@ -4,7 +4,7 @@ __metaclass__ = type import testinfra.utils.ansible_runner testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - '/cyberark/tests/inventory.tmp').get_hosts('testapp') + '/cyberark/dev/inventory.tmp').get_hosts('testapp') def test_hosts_file(host): diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml index 2ae9ec144..96f31c7d0 100644 --- a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml @@ -11,12 +11,10 @@ # conjur_appliance_url: "https://conjur-proxy-nginx" conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}" conjur_host_name: "conjur_{{ ansible_hostname }}" - conjur_ssl_certificate: "{{lookup('file', '../../conjur.pem')}}" + conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}" conjur_validate_certs: yes rescue: - - name: Confirm Role setup fails + - name: Confirm Role setup fails with message assert: that: ansible_failed_result.failed == true - - name: Confirm error message - assert: - that: ansible_failed_result.msg == "'conjur_appliance_url' is undefined" + fail_msg: "Variable 'conjur_appliance_url' is not set!" diff --git a/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/not-conjurized/playbook.yml b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/not-conjurized/playbook.yml new file mode 100644 index 000000000..9175cfbbb --- /dev/null +++ b/ansible_collections/cyberark/conjur/roles/conjur_host_identity/tests/test_cases/not-conjurized/playbook.yml @@ -0,0 +1,28 @@ +--- +- name: Un-Conjurize remote hosts + hosts: testapp + tasks: + - name: Remove identity file + file: + path: /etc/conjur.identity + state: absent + +- name: Configuring Conjur identity on not-Conjurized hosts requires HF token + hosts: testapp + tasks: + - name: Attempt to configure Conjur identity + block: + - import_role: + name: "cyberark.conjur.conjur-host-identity" + vars: + conjur_account: "{{lookup('env', 'CONJUR_ACCOUNT')}}" + conjur_appliance_url: "{{lookup('env', 'CONJUR_APPLIANCE_URL')}}" + # conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}" + conjur_host_name: "conjur_{{ ansible_hostname }}" + conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}" + conjur_validate_certs: yes + rescue: + - name: Conjur Role setup fails with message + assert: + that: ansible_failed_result.failed == true + fail_msg: "Variable 'conjur_host_factory_token' is not set!" |