Bump ansible-lint from 4.3.7 to 5.0.4 in /.github/workflows/requirements (#70)

Author: dependabot[bot]

.ansible-lint

@@ -1,3 +1,4 @@
+---
 skip_list:
-- '106'
-- '204'
+  - '106'
+  - '204'

.github/workflows/requirements/requirements_molecule.txt

@@ -1,5 +1,5 @@
 ansible-base==2.10.7
-ansible-lint==4.3.7
+ansible-lint==5.0.4
 yamllint==1.26.0
 molecule[docker]==3.2.4
 docker==4.4.4

CHANGELOG.md

@@ -19,7 +19,7 @@ ENHANCEMENTS:
 *   Consolidate dependencies into a single tasks file.
 *   Remove requirement for `package_facts` module when using this role.
 *   Update Signatures repository URL.
-*   Update Ansible base to `2.10.7`, Molecule to `3.2.4`, yamllint to `1.26.0` and Docker Python SDK to `4.4.4`.
+*   Update Ansible base to `2.10.7`, Ansible Lint to `5.0.4`, Molecule to `3.2.4`, yamllint to `1.26.0` and Docker Python SDK to `4.4.4`.
 *   Specify GitHub actions Ubuntu release.
 *   Minor GitHub template tweaks, including the creation of a SECURITY doc.
 *   Only run GitHub actions Galaxy CI/CD workflow when a new release is published.

meta/main.yml

@@ -3,6 +3,7 @@ galaxy_info:
   author: Daniel Edgar
   description: Official Ansible role for NGINX App Protect
   role_name: nginx_app_protect
+  namespace: nginxinc
   company: F5 Networks, Inc.
 
   license: Apache License, Version 2.0

molecule/advanced/molecule.yml

@@ -1,4 +1,8 @@
 ---
+dependency:
+  name: galaxy
+  options:
+    role-file: molecule/advanced/requirements.yml
 driver:
   name: docker
 lint: |
@@ -74,3 +78,7 @@ provisioner:
     defaults:
       no_target_syslog: true
   log: false
+  playbooks:
+    prepare: prepare.yml
+    converge: converge.yml
+    verify: verify.yml

molecule/advanced/prepare.yml

@@ -19,12 +19,14 @@
 
 - name: Set up rsyslog server for verifying NAP syslog events
   hosts: nap
-  roles:
-    - role: robertdebock.rsyslog
-  vars:
-    rsyslog_receiver: true
-    rsyslog_remote_tcp: true
-    rsyslog_remote_port: 514
+  tasks:
+    - name: Set up rsyslog
+      include_role:
+        name: robertdebock.rsyslog
+      vars:
+        rsyslog_receiver: true
+        rsyslog_remote_tcp: true
+        rsyslog_remote_port: 514
 
 - name: Prepare workload for tests
   hosts: workload

molecule/default/molecule.yml

@@ -43,3 +43,7 @@ platforms:
     command: "/sbin/init"
 provisioner:
   name: ansible
+  playbooks:
+    prepare: prepare.yml
+    converge: converge.yml
+    verify: verify.yml

molecule/specific-version/converge.yml

@@ -1,8 +1,17 @@
 ---
 - name: Converge
   hosts: all
-  vars_files:
-    - scenario-vars.yml
+  vars:
+    specify_app_protect_signatures_version: true
+    specify_app_protect_threat_campaigns_version: true
+    app_protect_signature_version_matrix:
+      alpine: "=2021.01.20-r1"
+      debian: "=2019.07.16-1"
+      redhat: "-2019.07.16"
+    app_protect_threat_campaigns_version_matrix:
+      alpine: "=2021.01.03-r1"
+      debian: "=2020.08.20-1"
+      redhat: "-2020.08.20"
   tasks:
     - name: Set NGINX App Protect signature version fact
       set_fact:
@@ -17,3 +26,12 @@
     - name: Install NGINX App Protect
       include_role:
         name: ansible-role-nginx-app-protect
+      vars:
+        nginx_app_protect_license:
+          certificate: license/nginx-repo.crt
+          key: license/nginx-repo.key
+        nginx_app_protect_remove_license: false
+        nginx_app_protect_install_signatures: true
+        nginx_app_protect_install_threat_campaigns: true
+        nginx_app_protect_configure: false
+        nginx_app_protect_state: present

molecule/specific-version/molecule.yml

@@ -43,3 +43,7 @@ platforms:
     command: "/sbin/init"
 provisioner:
   name: ansible
+  playbooks:
+    prepare: prepare.yml
+    converge: converge.yml
+    verify: verify.yml

molecule/specific-version/scenario-vars.yml

@@ -1,8 +1,17 @@
 ---
 - name: Verify
   hosts: all
-  vars_files:
-    - scenario-vars.yml
+  vars:
+    specify_app_protect_signatures_version: true
+    specify_app_protect_threat_campaigns_version: true
+    app_protect_signature_version_matrix:
+      alpine: "=2021.01.20-r1"
+      debian: "=2019.07.16-1"
+      redhat: "-2019.07.16"
+    app_protect_threat_campaigns_version_matrix:
+      alpine: "=2021.01.03-r1"
+      debian: "=2020.08.20-1"
+      redhat: "-2020.08.20"
   tasks:
     - name: Check if NGINX Plus is installed
       package:
@@ -53,21 +62,6 @@
           package_facts:
             manager: auto
 
-        - name: Get installed NAP version
-          debug:
-            msg: "{{ ansible_distribution }} {{ ansible_distribution_version }} - App Protect version installed: {{ ansible_facts.packages['app-protect'] | map(attribute='version') | first }}"
-          when: nginx_app_protect_state != "absent"
-
-        - name: Get installed NAP signatures version
-          debug:
-            msg: "{{ ansible_distribution }} {{ ansible_distribution_version }} - Signatures version installed: {{ ansible_facts.packages['app-protect-attack-signatures'] | map(attribute='version') | first }}"
-          when: nginx_app_protect_install_signatures
-
-        - name: Get installed NAP threat campaigns version
-          debug:
-            msg: "{{ ansible_distribution }} {{ ansible_distribution_version }} Threat Campaigns version installed: {{ ansible_facts.packages['app-protect-threat-campaigns'] | map(attribute='version') | first }}"
-          when: nginx_app_protect_install_threat_campaigns
-
         - name: Verify installed NAP signatures version matches requested version
           assert:
             that: (ansible_facts.packages['app-protect-attack-signatures'] | map(attribute='version') | first) == (app_protect_signature_version_matrix[ansible_os_family | lower] | regex_replace('^-|=','') + (ansible_os_family | lower == 'debian') | ternary('~' ~ ansible_distribution_release, ''))