Create role subdirectory

Per Ansible Collection documentation,
the conjur_host_identity role
has been moved to a `role`
subdirectory. A `tests` subdirectory has been added
for this role, and all relevant tests moved there.

CHANGELOG.md

@@ -7,9 +7,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [Unreleased]
 
 ### Added
-- The Ansible [conjur-host-identity](https://galaxy.ansible.com/cyberark/conjur-host-identity) has  
-  been migrated to this collection, where it will be maintained moving forward. [cyberark/
-  conjur-host-identity#30](https://github.com/cyberark/ansible-conjur-host-identity/issues/30)
+- The [Conjur Ansible role](https://galaxy.ansible.com/cyberark/conjur-host-identity) has been
+  migrated to this collection, where it will be maintained moving forward.
+  [cyberark/ansible-conjur-host-identity#30](https://github.com/cyberark/ansible-conjur-host-identity/issues/30)
 
 ### Changed
 - [Added retries](https://github.com/cyberark/ansible-conjur-host-identity/pull/32) to tasks/  

CONTRIBUTING.md

@@ -27,9 +27,15 @@ of this plugin:
 
 ### Testing
 
-To run the tests:
+To run a specific set of tests:
 
 ```sh-session
 $ cd tests
-$ ./test.sh <conjur or conjur-host-identity>
+$ ./test.sh -d <role or plugin name>
 ```
+To run all tests:
+
+```sh-session
+$ cd tests
+$ ./test.sh -a
+```

Jenkinsfile

@@ -20,7 +20,7 @@ pipeline {
 
     stage('Run tests') {
       parallel {
-        stage("Test Ansible-Conjur-Collection") {
+        stage("Test conjur_lookup Plugin") {
           agent { label 'executor-v2-large' }
 
           steps {
@@ -29,10 +29,10 @@ pipeline {
           }
         }
 
-        stage("Test Ansible-Conjur-Host-Identity") {
+        stage("Test conjur_host_identity Role") {
           steps {
-            sh './ci/test.sh -d conjur-host-identity'
-            junit 'tests/conjur-host-identity/junit/*'
+            sh './ci/test.sh -d conjur_host_identity'
+            junit 'roles/conjur_host_identity/tests/junit/*'
           }
         }
       }

README.md

@@ -2,22 +2,22 @@
 
 # CyberArk Ansible Conjur Collection
 
-This collection contains plugins to be used for CyberArk Conjur & DAP (Dynamic Access Provider) hosted in [ansible galaxy](https://galaxy.ansible.com/cyberark/conjur).
+This collection contains components to be used with CyberArk Conjur & DAP (Dynamic Access Provider) hosted in [ansible galaxy](https://galaxy.ansible.com/cyberark/conjur).
 
 ## Table of Contents
 - [CyberArk Ansible Conjur Collection](#cyberark-ansible-conjur-collection)
   * [Requirements](#requirements)
-  * [conjur_variable Lookup Plugin](#conjur_variable-lookup-plugin)
+  * [Conjur Ansible Role](#conjur-ansible-role)
+    + [Usage](#usage)
     + [Role Variables](#role-variables)
     + [Dependencies](#dependencies)
     + [Example Playbook](#example-playbook)
-  * [Conjur Ansible Role](#conjur-ansible-role)
-    + [Usage](#usage)
+    + [Summon & Service Managers](#summon---service-managers)
+    + [Recommendations](#recommendations)
+  * [conjur_variable Lookup Plugin](#conjur_variable-lookup-plugin)
     + [Role Variables](#role-variables-1)
     + [Dependencies](#dependencies)
     + [Example Playbook](#example-playbook-1)
-    + [Summon & Service Managers](#summon---service-managers)
-    + [Recommendations](#recommendations)
   * [Contributing](#contributing)
   * [License](#license)
 
@@ -26,63 +26,36 @@ http://ecotrust-canada.github.io/markdown-toc/ -->
 
 ## Requirements
 
-- conjur_variable Lookup Plugin
-  - [CyberArk Conjur Open Source](https://www.conjur.org) v1.x+ or
-  - [CyberArk Dynamic Access Provider](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Resources/_TopNav/cc_Home.htm) v10.x+
-  - Ansible >= 2.9
-
-- Conjur Role
-  - A running Conjur service that is accessible from the target nodes.
-  - Ansible >= 2.3.0.0
+- An instance of [CyberArk Conjur Open Source](https://www.conjur.org) v1.x+ or 
+[CyberArk Dynamic Access Provider](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Resources/_TopNav/cc_Home.htm) 
+v10.x+ accessible from the target node
+- Ansible >= 2.9
 
 ## Installation 
 From terminal, run the following command:
 ```sh
 ansible-galaxy collection install cyberark.conjur
 ```
 
-## conjur_variable Lookup Plugin
-Fetch credentials from CyberArk Conjur using the controlling host's Conjur identity or environment variables.
-
-- The controlling host running Ansible has a Conjur identity. [More Information here](https://docs.conjur.org/latest/en/Content/Get%20Started/key_concepts/machine_identity.html) and here in [Conjur Ansible role project](https://github.com/cyberark/ansible-conjur-host-identity/)
-
-- Environment variables could be `CONJUR_ACCOUNT`, `CONJUR_APPLIANCE_URL`, `CONJUR_CERT_FILE`, `CONJUR_AUTHN_LOGIN`, `CONJUR_AUTHN_API_KEY`, `CONJUR_AUTHN_TOKEN_FILE`
-
-### Role Variables
-
-None.
-<br>
-
-### Example Playbook
-
-```yaml
----
-- hosts: localhost
-  tasks:
-  - name: Lookup variable in Conjur
-    debug:
-      msg: "{{ lookup('cyberark.conjur.conjur_variable', '/path/to/secret') }}"
-```
-
 ## Conjur Ansible Role
-This Ansible role provides the ability to grant Conjur machine identity to a host. Based on that identity, secrets can then be retrieved securely using the [Summon](https://github.com/cyberark/summon) tool (installed on hosts with identities created by this role).
+This Ansible role provides the ability to grant Conjur machine identity to a host. Based on that identity, secrets can then be retrieved securely using the [Conjur Lookup Plugin](#conjur_variable-lookup-plugin) or using the [Summon](https://github.com/cyberark/summon) tool (installed on hosts with identities created by this role).
 
 ### Usage
-The Conjur role provides a method to "Conjurize" or establish the Conjur identity of a remote node with Ansible. The node can then be granted least-privilege access to retrieve the secrets it needs in a secure manner.
+The Conjur role provides a method to establish the Conjur identity of a remote node with Ansible. The node can then be granted least-privilege access to retrieve the secrets it needs in a secure manner.
 
 ### Role Variables
 
-* `conjur_appliance_url` `*`: URL of the running Conjur service
-* `conjur_account` `*`: Conjur account name
-* `conjur_host_factory_token` `*`: [Host Factory](https://developer.conjur.net/reference/services/host_factory/) token for
+* `conjur_appliance_url` (_Optional)_: URL of the running Conjur service
+* `conjur_account` (_Optional)_: Conjur account name
+* `conjur_host_factory_token` (_Optional)_: [Host Factory](https://developer.conjur.net/reference/services/host_factory/) token for
 layer enrollment. This should be specified in the environment on the Ansible controlling host.
-* `conjur_host_name` `*`: Name of the host being conjurized.
+* `conjur_host_name` (_Optional)_: Name of the host to be created.
 * `conjur_ssl_certificate`: Public SSL certificate of the Conjur endpoint
 * `conjur_validate_certs`: Boolean value to indicate if the Conjur endpoint should validate certificates
 * `summon.version`: version of Summon to install. Default is `0.6.6`.
 * `summon_conjur.version`: version of Summon-Conjur provider to install. Default is `0.5.0`.
 
-The variables marked with `*` are required fields. The other variables are required for running with an HTTPS Conjur endpoint, but are not required if you run with an HTTP Conjur endpoint.
+The variables marked with _`(Optional)`_ are required fields. The other variables are required for running with an HTTPS Conjur endpoint, but are not required if you run with an HTTP Conjur endpoint.
 
 ### Dependencies
 
@@ -129,6 +102,42 @@ The above example uses Summon to retrieve the password stored in `staging/myapp/
 
 - Set the Ansible files to minimum permissions. Ansible uses the permissions of the user that runs it.
 
+## conjur_variable Lookup Plugin
+Fetch credentials from CyberArk Conjur using the controlling host's Conjur identity or environment 
+variables.
+
+The controlling host running Ansible must have a Conjur identity. More information can be found 
+[here](https://docs.conjur.org/latest/en/Content/Get%20Started/key_concepts/machine_identity.html) 
+and in the [Conjur Ansible role project](https://github.com/cyberark/ansible-conjur-host-identity/).
+
+### Environment variables
+
+The following environment variables will be used by the lookup plugin to authenticate
+with the Conjur host, if they are present on the system running the lookup plugin.
+
+- `CONJUR_ACCOUNT`
+- `CONJUR_APPLIANCE_URL`
+- `CONJUR_CERT_FILE`
+- `CONJUR_AUTHN_LOGIN`
+- `CONJUR_AUTHN_API_KEY`
+- `CONJUR_AUTHN_TOKEN_FILE`
+
+### Role Variables
+
+None.
+<br>
+
+### Example Playbook
+
+```yaml
+---
+- hosts: localhost
+  tasks:
+  - name: Lookup variable in Conjur
+    debug:
+      msg: "{{ lookup('cyberark.conjur.conjur_variable', '/path/to/secret') }}"
+```
+
 ## Contributing
 
 We welcome contributions of all kinds to this repository. For instructions on how to get started and descriptions of our development workflows, please see our [contributing

ci/test.sh

@@ -2,8 +2,11 @@
 
 # Test runner for Ansible Conjur Collection
 
-# Directories containing a `test.sh` file
-test_directories=("conjur" "conjur-host-identity")
+# Test subdirectors containing a `test.sh` file
+test_directories=("conjur")
+
+# Roles containing a test subdirectory
+role_directories=("conjur_host_identity")
 
 # Target directory that can be manually set by passing a value to the `-d` flag
 target=""
@@ -19,9 +22,19 @@ function help {
 }
 
 # Run a `test.sh` file in a given subdirectory of the top-level `tests` directory
+# Expected directory structure is "tests/<plugin>/test.sh"
 function run_test {
     pushd "${PWD}/tests/${1}"
-        echo "Running tests for ${1}..."
+        echo "Running ${1} tests..."
+        ./test.sh
+    popd
+}
+
+# Run a `test.sh` file for a given role
+# Expected directory structure is "roles/<role>/tests/test.sh"
+function run_role_test {
+    pushd "${PWD}/roles/${1}/tests"
+        echo "Running ${1} tests..."
         ./test.sh
     popd
 }
@@ -35,6 +48,12 @@ function handle_input {
                 exit 0
             fi
         done
+        for test_dir in "${role_directories[@]}"; do 
+            if [[ ${target} == "${test_dir}" ]]; then
+                run_role_test ${target}
+                exit 0
+            fi
+        done
         echo "Error: unrecognized test directory given: ${target}"
         echo ""
         help
@@ -43,6 +62,9 @@ function handle_input {
         for test_dir in "${test_directories[@]}"; do 
             run_test "${test_dir}"
         done
+        for test_dir in "${role_directories[@]}"; do 
+            run_role_test "${test_dir}"
+        done
         exit 0
     fi
 }

requirements.txt

@@ -1 +1 @@
-ansible>=2.5.15
+ansible>=2.9

defaults/main.yml → roles/conjur_host_identity/defaults/main.yml

@@ -1,6 +1,6 @@
 summon:
-  version: 0.6.6
+  version: 0.8.2
   os: linux-amd64
 summon_conjur:
-  version: 0.5.0
+  version: 0.5.3
   os: linux-amd64

meta/main.yml → roles/conjur_host_identity/meta/main.yml

@@ -6,13 +6,9 @@ galaxy_info:
   company: CyberArk
   license: Apache
   author:
-    - Dustin Collins (@dustinmm80)
-    - Oren Ben Meir (@orenbm)
-    - Jason Vanderhoof (@jvanderhoof)
-    - Kumbirai Tanekha (@doodlesbykumbi)
-    - Gary Moon (@garymoon)
+    - Cyberark Community and Integrations Team (@cyberark/community-and-integrations-team)
 
-  min_ansible_version: '2.3'
+  min_ansible_version: '2.9'
 
   platforms:
     - name: Ubuntu