From 142037f50bc8c27dffab4d96a343fef0f97482e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Mar 2021 15:39:16 +0000 Subject: [PATCH 1/4] Bump ansible-lint from 4.3.7 to 5.0.4 in /.github/workflows/requirements Bumps [ansible-lint](https://github.com/ansible-community/ansible-lint) from 4.3.7 to 5.0.4. - [Release notes](https://github.com/ansible-community/ansible-lint/releases) - [Commits](https://github.com/ansible-community/ansible-lint/compare/v4.3.7...v5.0.4) Signed-off-by: dependabot[bot] --- .github/workflows/requirements/requirements_molecule.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/requirements/requirements_molecule.txt b/.github/workflows/requirements/requirements_molecule.txt index 0984b5d7..77632221 100644 --- a/.github/workflows/requirements/requirements_molecule.txt +++ b/.github/workflows/requirements/requirements_molecule.txt @@ -1,5 +1,5 @@ ansible-base==2.10.7 -ansible-lint==4.3.7 +ansible-lint==5.0.4 yamllint==1.26.0 molecule[docker]==3.2.4 docker==4.4.4 From 224712fd0d22eeb117d2ca21ecf9601582d767a4 Mon Sep 17 00:00:00 2001 From: alessfg Date: Tue, 23 Mar 2021 18:32:40 +0100 Subject: [PATCH 2/4] Refactor testing approach to support Ansible Lint 5.x --- .ansible-lint | 5 +++-- CHANGELOG.md | 2 +- meta/main.yml | 1 + molecule/advanced/molecule.yml | 4 ++++ molecule/advanced/prepare.yml | 14 +++++++------ molecule/specific-version/converge.yml | 22 +++++++++++++++++++-- molecule/specific-version/scenario-vars.yml | 22 --------------------- molecule/specific-version/verify.yml | 13 ++++++++++-- 8 files changed, 48 insertions(+), 35 deletions(-) delete mode 100644 molecule/specific-version/scenario-vars.yml diff --git a/.ansible-lint b/.ansible-lint index ec7eca8b..fa817687 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,3 +1,4 @@ +--- skip_list: -- '106' -- '204' + - '106' + - '204' diff --git a/CHANGELOG.md b/CHANGELOG.md index 5db2d9ea..f700bba6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,7 @@ ENHANCEMENTS: * Consolidate dependencies into a single tasks file. * Remove requirement for `package_facts` module when using this role. * Update Signatures repository URL. -* Update Ansible base to `2.10.7`, Molecule to `3.2.4`, yamllint to `1.26.0` and Docker Python SDK to `4.4.4`. +* Update Ansible base to `2.10.7`, Ansible Lint to `5.0.4`, Molecule to `3.2.4`, yamllint to `1.26.0` and Docker Python SDK to `4.4.4`. * Specify GitHub actions Ubuntu release. * Minor GitHub template tweaks, including the creation of a SECURITY doc. * Only run GitHub actions Galaxy CI/CD workflow when a new release is published. diff --git a/meta/main.yml b/meta/main.yml index 4e7da6c9..fb1c7769 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -3,6 +3,7 @@ galaxy_info: author: Daniel Edgar description: Official Ansible role for NGINX App Protect role_name: nginx_app_protect + namespace: nginxinc company: F5 Networks, Inc. license: Apache License, Version 2.0 diff --git a/molecule/advanced/molecule.yml b/molecule/advanced/molecule.yml index 6cc0b976..f41c746c 100644 --- a/molecule/advanced/molecule.yml +++ b/molecule/advanced/molecule.yml @@ -1,4 +1,8 @@ --- +dependency: + name: galaxy + options: + role-file: requirements.yml driver: name: docker lint: | diff --git a/molecule/advanced/prepare.yml b/molecule/advanced/prepare.yml index 394dfd4e..e0c2a100 100644 --- a/molecule/advanced/prepare.yml +++ b/molecule/advanced/prepare.yml @@ -19,12 +19,14 @@ - name: Set up rsyslog server for verifying NAP syslog events hosts: nap - roles: - - role: robertdebock.rsyslog - vars: - rsyslog_receiver: true - rsyslog_remote_tcp: true - rsyslog_remote_port: 514 + tasks: + - name: Set up rsyslog + include_role: + name: robertdebock.rsyslog + vars: + rsyslog_receiver: true + rsyslog_remote_tcp: true + rsyslog_remote_port: 514 - name: Prepare workload for tests hosts: workload diff --git a/molecule/specific-version/converge.yml b/molecule/specific-version/converge.yml index 0baf61df..4cbcc748 100644 --- a/molecule/specific-version/converge.yml +++ b/molecule/specific-version/converge.yml @@ -1,8 +1,17 @@ --- - name: Converge hosts: all - vars_files: - - scenario-vars.yml + vars: + specify_app_protect_signatures_version: true + specify_app_protect_threat_campaigns_version: true + app_protect_signature_version_matrix: + alpine: "=2021.01.20-r1" + debian: "=2019.07.16-1" + redhat: "-2019.07.16" + app_protect_threat_campaigns_version_matrix: + alpine: "=2021.01.03-r1" + debian: "=2020.08.20-1" + redhat: "-2020.08.20" tasks: - name: Set NGINX App Protect signature version fact set_fact: @@ -17,3 +26,12 @@ - name: Install NGINX App Protect include_role: name: ansible-role-nginx-app-protect + vars: + nginx_app_protect_license: + certificate: license/nginx-repo.crt + key: license/nginx-repo.key + nginx_app_protect_remove_license: false + nginx_app_protect_install_signatures: true + nginx_app_protect_install_threat_campaigns: true + nginx_app_protect_configure: false + nginx_app_protect_state: present diff --git a/molecule/specific-version/scenario-vars.yml b/molecule/specific-version/scenario-vars.yml deleted file mode 100644 index c4f626d9..00000000 --- a/molecule/specific-version/scenario-vars.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# ROLE SPECIFIC VARS -nginx_app_protect_license: - certificate: license/nginx-repo.crt - key: license/nginx-repo.key -nginx_app_protect_remove_license: false -nginx_app_protect_install_signatures: true -nginx_app_protect_install_threat_campaigns: true -nginx_app_protect_configure: false -nginx_app_protect_state: present - -# TEST SCENARIO VARS -specify_app_protect_signatures_version: true -specify_app_protect_threat_campaigns_version: true -app_protect_signature_version_matrix: - alpine: "=2021.01.20-r1" - debian: "=2019.07.16-1" - redhat: "-2019.07.16" -app_protect_threat_campaigns_version_matrix: - alpine: "=2021.01.03-r1" - debian: "=2020.08.20-1" - redhat: "-2020.08.20" diff --git a/molecule/specific-version/verify.yml b/molecule/specific-version/verify.yml index c0165c39..95d61db7 100644 --- a/molecule/specific-version/verify.yml +++ b/molecule/specific-version/verify.yml @@ -1,8 +1,17 @@ --- - name: Verify hosts: all - vars_files: - - scenario-vars.yml + vars: + specify_app_protect_signatures_version: true + specify_app_protect_threat_campaigns_version: true + app_protect_signature_version_matrix: + alpine: "=2021.01.20-r1" + debian: "=2019.07.16-1" + redhat: "-2019.07.16" + app_protect_threat_campaigns_version_matrix: + alpine: "=2021.01.03-r1" + debian: "=2020.08.20-1" + redhat: "-2020.08.20" tasks: - name: Check if NGINX Plus is installed package: From 47e2337d9f62ebd1d0156a4210983aa7cc467d83 Mon Sep 17 00:00:00 2001 From: alessfg Date: Tue, 23 Mar 2021 21:57:28 +0100 Subject: [PATCH 3/4] Change role-file path --- molecule/advanced/molecule.yml | 6 +++++- molecule/default/molecule.yml | 4 ++++ molecule/specific-version/molecule.yml | 4 ++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/molecule/advanced/molecule.yml b/molecule/advanced/molecule.yml index f41c746c..3764e3de 100644 --- a/molecule/advanced/molecule.yml +++ b/molecule/advanced/molecule.yml @@ -2,7 +2,7 @@ dependency: name: galaxy options: - role-file: requirements.yml + role-file: molecule/advanced/requirements.yml driver: name: docker lint: | @@ -78,3 +78,7 @@ provisioner: defaults: no_target_syslog: true log: false + playbooks: + prepare: prepare.yml + converge: converge.yml + verify: verify.yml diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index d3d32dea..7d251d61 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -43,3 +43,7 @@ platforms: command: "/sbin/init" provisioner: name: ansible + playbooks: + prepare: prepare.yml + converge: converge.yml + verify: verify.yml diff --git a/molecule/specific-version/molecule.yml b/molecule/specific-version/molecule.yml index d3d32dea..7d251d61 100644 --- a/molecule/specific-version/molecule.yml +++ b/molecule/specific-version/molecule.yml @@ -43,3 +43,7 @@ platforms: command: "/sbin/init" provisioner: name: ansible + playbooks: + prepare: prepare.yml + converge: converge.yml + verify: verify.yml From 5bfbe8472bf0b620efa934316c41e64be0185c36 Mon Sep 17 00:00:00 2001 From: alessfg Date: Wed, 24 Mar 2021 00:42:53 +0100 Subject: [PATCH 4/4] Remove debug tasks --- molecule/specific-version/verify.yml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/molecule/specific-version/verify.yml b/molecule/specific-version/verify.yml index 95d61db7..440b2aab 100644 --- a/molecule/specific-version/verify.yml +++ b/molecule/specific-version/verify.yml @@ -62,21 +62,6 @@ package_facts: manager: auto - - name: Get installed NAP version - debug: - msg: "{{ ansible_distribution }} {{ ansible_distribution_version }} - App Protect version installed: {{ ansible_facts.packages['app-protect'] | map(attribute='version') | first }}" - when: nginx_app_protect_state != "absent" - - - name: Get installed NAP signatures version - debug: - msg: "{{ ansible_distribution }} {{ ansible_distribution_version }} - Signatures version installed: {{ ansible_facts.packages['app-protect-attack-signatures'] | map(attribute='version') | first }}" - when: nginx_app_protect_install_signatures - - - name: Get installed NAP threat campaigns version - debug: - msg: "{{ ansible_distribution }} {{ ansible_distribution_version }} Threat Campaigns version installed: {{ ansible_facts.packages['app-protect-threat-campaigns'] | map(attribute='version') | first }}" - when: nginx_app_protect_install_threat_campaigns - - name: Verify installed NAP signatures version matches requested version assert: that: (ansible_facts.packages['app-protect-attack-signatures'] | map(attribute='version') | first) == (app_protect_signature_version_matrix[ansible_os_family | lower] | regex_replace('^-|=','') + (ansible_os_family | lower == 'debian') | ternary('~' ~ ansible_distribution_release, ''))