From 4dd364a9509de321d4c4b91cfda88beafa32fd4b Mon Sep 17 00:00:00 2001 From: Bradley Boutcher Date: Wed, 16 Sep 2020 17:48:30 -0400 Subject: [PATCH] Create role subdirectory Per Ansible Collection documentation, the conjur_host_identity role has been moved to a `role` subdirectory. A `tests` subdirectory has been added for this role, and all relevant tests moved there. --- .gitleaks.toml | 109 ------------------ CHANGELOG.md | 6 +- CONTRIBUTING.md | 10 +- Jenkinsfile | 8 +- README.md | 97 +++++++++------- ci/test.sh | 28 ++++- requirements.txt | 2 +- .../conjur_host_identity/defaults}/main.yml | 4 +- .../conjur_host_identity/meta}/main.yml | 8 +- .../conjur_host_identity/meta}/runtime.yml | 0 .../conjur_host_identity/tasks}/identity.yml | 0 .../tasks}/identity_check.yml | 0 .../conjur_host_identity/tasks}/main.yml | 0 .../tasks}/summon-conjur.yml | 0 .../conjur_host_identity/tasks}/summon.yml | 0 .../templates}/conjur.conf.j2 | 0 .../templates}/conjur.identity.j2 | 0 .../conjur_host_identity/tests}/Dockerfile | 0 .../tests}/Dockerfile_nginx | 0 .../conjur_host_identity/tests}/ansible.cfg | 0 roles/conjur_host_identity/tests/conjur.pem | 21 ++++ .../tests}/docker-compose.yml | 4 +- .../tests}/inventory-playbook.yml | 0 .../conjur_host_identity/tests}/inventory.j2 | 0 .../tests}/policy/root.yml | 0 .../tests}/proxy/default.conf | 0 .../tests}/proxy/ssl.conf | 0 .../conjur_host_identity/tests}/test.sh | 0 .../tests}/test_app_centos/Dockerfile | 0 .../tests}/test_app_ubuntu/Dockerfile | 0 .../configure-conjur-identity/playbook.yml | 0 .../tests/test_default.py | 0 tests/sanity/ignore-2.10.txt | 4 +- tests/sanity/ignore-2.11.txt | 4 +- tests/sanity/ignore-2.9.txt | 2 +- 35 files changed, 126 insertions(+), 181 deletions(-) delete mode 100644 .gitleaks.toml rename {defaults => roles/conjur_host_identity/defaults}/main.yml (63%) rename {meta => roles/conjur_host_identity/meta}/main.yml (65%) rename {meta => roles/conjur_host_identity/meta}/runtime.yml (100%) rename {tasks => roles/conjur_host_identity/tasks}/identity.yml (100%) rename {tasks => roles/conjur_host_identity/tasks}/identity_check.yml (100%) rename {tasks => roles/conjur_host_identity/tasks}/main.yml (100%) rename {tasks => roles/conjur_host_identity/tasks}/summon-conjur.yml (100%) rename {tasks => roles/conjur_host_identity/tasks}/summon.yml (100%) rename {templates => roles/conjur_host_identity/templates}/conjur.conf.j2 (100%) rename {templates => roles/conjur_host_identity/templates}/conjur.identity.j2 (100%) rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/Dockerfile (100%) rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/Dockerfile_nginx (100%) rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/ansible.cfg (100%) create mode 100644 roles/conjur_host_identity/tests/conjur.pem rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/docker-compose.yml (93%) rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/inventory-playbook.yml (100%) rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/inventory.j2 (100%) rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/policy/root.yml (100%) rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/proxy/default.conf (100%) rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/proxy/ssl.conf (100%) rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/test.sh (100%) rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/test_app_centos/Dockerfile (100%) rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/test_app_ubuntu/Dockerfile (100%) rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/test_cases/configure-conjur-identity/playbook.yml (100%) rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/test_cases/configure-conjur-identity/tests/test_default.py (100%) diff --git a/.gitleaks.toml b/.gitleaks.toml deleted file mode 100644 index 8b9bae1ba..000000000 --- a/.gitleaks.toml +++ /dev/null @@ -1,109 +0,0 @@ -title = "ansible-conjur-collection gitleaks config" - -[[rules]] - description = "AWS Manager ID" - regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}''' - tags = ["key", "AWS"] -[[rules]] - description = "AWS Secret Key" - regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]''' - tags = ["key", "AWS"] -[[rules]] - description = "AWS MWS key" - regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}''' - tags = ["key", "AWS", "MWS"] -[[rules]] - description = "Facebook Secret Key" - regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]''' - tags = ["key", "Facebook"] -[[rules]] - description = "Facebook Client ID" - regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]''' - tags = ["key", "Facebook"] -[[rules]] - description = "Twitter Secret Key" - regex = '''(?i)twitter(.{0,20})?[0-9a-z]{35,44}''' - tags = ["key", "Twitter"] -[[rules]] - description = "Twitter Client ID" - regex = '''(?i)twitter(.{0,20})?[0-9a-z]{18,25}''' - tags = ["client", "Twitter"] -[[rules]] - description = "Github" - regex = '''(?i)github(.{0,20})?(?-i)[0-9a-zA-Z]{35,40}''' - tags = ["key", "Github"] -[[rules]] - description = "LinkedIn Client ID" - regex = '''(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}''' - tags = ["client", "LinkedIn"] -[[rules]] - description = "LinkedIn Secret Key" - regex = '''(?i)linkedin(.{0,20})?[0-9a-z]{16}''' - tags = ["secret", "LinkedIn"] -[[rules]] - description = "Slack" - regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?''' - tags = ["key", "Slack"] -[[rules]] - description = "Asymmetric Private Key" - regex = '''-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----''' - tags = ["key", "AsymmetricPrivateKey"] -[[rules]] - description = "Google API key" - regex = '''AIza[0-9A-Za-z\\-_]{35}''' - tags = ["key", "Google"] -[[rules]] - description = "Google (GCP) Service Account" - regex = '''"type": "service_account"''' - tags = ["key", "Google"] -[[rules]] - description = "Heroku API key" - regex = '''(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}''' - tags = ["key", "Heroku"] -[[rules]] - description = "MailChimp API key" - regex = '''(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}''' - tags = ["key", "Mailchimp"] -[[rules]] - description = "Mailgun API key" - regex = '''((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}''' - tags = ["key", "Mailgun"] -[[rules]] - description = "PayPal Braintree access token" - regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}''' - tags = ["key", "Paypal"] -[[rules]] - description = "Picatic API key" - regex = '''sk_live_[0-9a-z]{32}''' - tags = ["key", "Picatic"] -[[rules]] - description = "SendGrid API Key" - regex = '''SG\.[\w_]{16,32}\.[\w_]{16,64}''' - tags = ["key", "SendGrid"] -[[rules]] - description = "Slack Webhook" - regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}''' - tags = ["key", "slack"] -[[rules]] - description = "Stripe API key" - regex = '''(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}''' - tags = ["key", "Stripe"] -[[rules]] - description = "Square access token" - regex = '''sq0atp-[0-9A-Za-z\-_]{22}''' - tags = ["key", "square"] -[[rules]] - description = "Square OAuth secret" - regex = '''sq0csp-[0-9A-Za-z\\-_]{43}''' - tags = ["key", "square"] -[[rules]] - description = "Twilio API key" - regex = '''(?i)twilio(.{0,20})?SK[0-9a-f]{32}''' - tags = ["key", "twilio"] -[allowlist] - commits = ["0f04d2d2bbbbd6315b8b14cfcfa4c89b1cf2213e",] - description = "Allowlisted files" - files = ['''^\.?gitleaks.toml$''', - '''(.*?)(jpg|gif|doc|pdf|bin)$''', - '''(go.mod|go.sum)$''', - '''(.*/tests/.*)$ ''',] diff --git a/CHANGELOG.md b/CHANGELOG.md index f97ea4652..73fe900b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,9 +7,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] ### Added -- The Ansible [conjur-host-identity](https://galaxy.ansible.com/cyberark/conjur-host-identity) has - been migrated to this collection, where it will be maintained moving forward. [cyberark/ - conjur-host-identity#30](https://github.com/cyberark/ansible-conjur-host-identity/issues/30) +- The [Conjur Ansible role](https://galaxy.ansible.com/cyberark/conjur-host-identity) has been + migrated to this collection, where it will be maintained moving forward. + [cyberark/ansible-conjur-host-identity#30](https://github.com/cyberark/ansible-conjur-host-identity/issues/30) ### Changed - [Added retries](https://github.com/cyberark/ansible-conjur-host-identity/pull/32) to tasks/ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bf650ec47..ad11fac30 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -27,9 +27,15 @@ of this plugin: ### Testing -To run the tests: +To run a specific set of tests: ```sh-session $ cd tests -$ ./test.sh +$ ./test.sh -d ``` +To run all tests: + +```sh-session +$ cd tests +$ ./test.sh -a +``` \ No newline at end of file diff --git a/Jenkinsfile b/Jenkinsfile index 535dc5ba4..bd3de869b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -20,7 +20,7 @@ pipeline { stage('Run tests') { parallel { - stage("Test Ansible-Conjur-Collection") { + stage("Test conjur_lookup Plugin") { agent { label 'executor-v2-large' } steps { @@ -29,10 +29,10 @@ pipeline { } } - stage("Test Ansible-Conjur-Host-Identity") { + stage("Test conjur_host_identity Role") { steps { - sh './ci/test.sh -d conjur-host-identity' - junit 'tests/conjur-host-identity/junit/*' + sh './ci/test.sh -d conjur_host_identity' + junit 'roles/conjur_host_identity/tests/junit/*' } } } diff --git a/README.md b/README.md index 0075bc753..48490164e 100644 --- a/README.md +++ b/README.md @@ -2,22 +2,22 @@ # CyberArk Ansible Conjur Collection -This collection contains plugins to be used for CyberArk Conjur & DAP (Dynamic Access Provider) hosted in [ansible galaxy](https://galaxy.ansible.com/cyberark/conjur). +This collection contains components to be used with CyberArk Conjur & DAP (Dynamic Access Provider) hosted in [ansible galaxy](https://galaxy.ansible.com/cyberark/conjur). ## Table of Contents - [CyberArk Ansible Conjur Collection](#cyberark-ansible-conjur-collection) * [Requirements](#requirements) - * [conjur_variable Lookup Plugin](#conjur_variable-lookup-plugin) + * [Conjur Ansible Role](#conjur-ansible-role) + + [Usage](#usage) + [Role Variables](#role-variables) + [Dependencies](#dependencies) + [Example Playbook](#example-playbook) - * [Conjur Ansible Role](#conjur-ansible-role) - + [Usage](#usage) + + [Summon & Service Managers](#summon---service-managers) + + [Recommendations](#recommendations) + * [conjur_variable Lookup Plugin](#conjur_variable-lookup-plugin) + [Role Variables](#role-variables-1) + [Dependencies](#dependencies) + [Example Playbook](#example-playbook-1) - + [Summon & Service Managers](#summon---service-managers) - + [Recommendations](#recommendations) * [Contributing](#contributing) * [License](#license) @@ -26,14 +26,10 @@ http://ecotrust-canada.github.io/markdown-toc/ --> ## Requirements -- conjur_variable Lookup Plugin - - [CyberArk Conjur Open Source](https://www.conjur.org) v1.x+ or - - [CyberArk Dynamic Access Provider](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Resources/_TopNav/cc_Home.htm) v10.x+ - - Ansible >= 2.9 - -- Conjur Role - - A running Conjur service that is accessible from the target nodes. - - Ansible >= 2.3.0.0 +- An instance of [CyberArk Conjur Open Source](https://www.conjur.org) v1.x+ or +[CyberArk Dynamic Access Provider](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Resources/_TopNav/cc_Home.htm) +v10.x+ accessible from the target node +- Ansible >= 2.9 ## Installation From terminal, run the following command: @@ -41,48 +37,25 @@ From terminal, run the following command: ansible-galaxy collection install cyberark.conjur ``` -## conjur_variable Lookup Plugin -Fetch credentials from CyberArk Conjur using the controlling host's Conjur identity or environment variables. - -- The controlling host running Ansible has a Conjur identity. [More Information here](https://docs.conjur.org/latest/en/Content/Get%20Started/key_concepts/machine_identity.html) and here in [Conjur Ansible role project](https://github.com/cyberark/ansible-conjur-host-identity/) - -- Environment variables could be `CONJUR_ACCOUNT`, `CONJUR_APPLIANCE_URL`, `CONJUR_CERT_FILE`, `CONJUR_AUTHN_LOGIN`, `CONJUR_AUTHN_API_KEY`, `CONJUR_AUTHN_TOKEN_FILE` - -### Role Variables - -None. -
- -### Example Playbook - -```yaml ---- -- hosts: localhost - tasks: - - name: Lookup variable in Conjur - debug: - msg: "{{ lookup('cyberark.conjur.conjur_variable', '/path/to/secret') }}" -``` - ## Conjur Ansible Role -This Ansible role provides the ability to grant Conjur machine identity to a host. Based on that identity, secrets can then be retrieved securely using the [Summon](https://github.com/cyberark/summon) tool (installed on hosts with identities created by this role). +This Ansible role provides the ability to grant Conjur machine identity to a host. Based on that identity, secrets can then be retrieved securely using the [Conjur Lookup Plugin](#conjur_variable-lookup-plugin) or using the [Summon](https://github.com/cyberark/summon) tool (installed on hosts with identities created by this role). ### Usage -The Conjur role provides a method to "Conjurize" or establish the Conjur identity of a remote node with Ansible. The node can then be granted least-privilege access to retrieve the secrets it needs in a secure manner. +The Conjur role provides a method to establish the Conjur identity of a remote node with Ansible. The node can then be granted least-privilege access to retrieve the secrets it needs in a secure manner. ### Role Variables -* `conjur_appliance_url` `*`: URL of the running Conjur service -* `conjur_account` `*`: Conjur account name -* `conjur_host_factory_token` `*`: [Host Factory](https://developer.conjur.net/reference/services/host_factory/) token for +* `conjur_appliance_url` (_Optional)_: URL of the running Conjur service +* `conjur_account` (_Optional)_: Conjur account name +* `conjur_host_factory_token` (_Optional)_: [Host Factory](https://developer.conjur.net/reference/services/host_factory/) token for layer enrollment. This should be specified in the environment on the Ansible controlling host. -* `conjur_host_name` `*`: Name of the host being conjurized. +* `conjur_host_name` (_Optional)_: Name of the host to be created. * `conjur_ssl_certificate`: Public SSL certificate of the Conjur endpoint * `conjur_validate_certs`: Boolean value to indicate if the Conjur endpoint should validate certificates * `summon.version`: version of Summon to install. Default is `0.6.6`. * `summon_conjur.version`: version of Summon-Conjur provider to install. Default is `0.5.0`. -The variables marked with `*` are required fields. The other variables are required for running with an HTTPS Conjur endpoint, but are not required if you run with an HTTP Conjur endpoint. +The variables marked with _`(Optional)`_ are required fields. The other variables are required for running with an HTTPS Conjur endpoint, but are not required if you run with an HTTP Conjur endpoint. ### Dependencies @@ -129,6 +102,42 @@ The above example uses Summon to retrieve the password stored in `staging/myapp/ - Set the Ansible files to minimum permissions. Ansible uses the permissions of the user that runs it. +## conjur_variable Lookup Plugin +Fetch credentials from CyberArk Conjur using the controlling host's Conjur identity or environment +variables. + +The controlling host running Ansible must have a Conjur identity. More information can be found +[here](https://docs.conjur.org/latest/en/Content/Get%20Started/key_concepts/machine_identity.html) +and in the [Conjur Ansible role project](https://github.com/cyberark/ansible-conjur-host-identity/). + +### Environment variables + +The following environment variables will be used by the lookup plugin to authenticate +with the Conjur host, if they are present on the system running the lookup plugin. + +- `CONJUR_ACCOUNT` +- `CONJUR_APPLIANCE_URL` +- `CONJUR_CERT_FILE` +- `CONJUR_AUTHN_LOGIN` +- `CONJUR_AUTHN_API_KEY` +- `CONJUR_AUTHN_TOKEN_FILE` + +### Role Variables + +None. +
+ +### Example Playbook + +```yaml +--- +- hosts: localhost + tasks: + - name: Lookup variable in Conjur + debug: + msg: "{{ lookup('cyberark.conjur.conjur_variable', '/path/to/secret') }}" +``` + ## Contributing We welcome contributions of all kinds to this repository. For instructions on how to get started and descriptions of our development workflows, please see our [contributing diff --git a/ci/test.sh b/ci/test.sh index a9201916b..52db0c6ca 100755 --- a/ci/test.sh +++ b/ci/test.sh @@ -2,8 +2,11 @@ # Test runner for Ansible Conjur Collection -# Directories containing a `test.sh` file -test_directories=("conjur" "conjur-host-identity") +# Test subdirectors containing a `test.sh` file +test_directories=("conjur") + +# Roles containing a test subdirectory +role_directories=("conjur_host_identity") # Target directory that can be manually set by passing a value to the `-d` flag target="" @@ -19,9 +22,19 @@ function help { } # Run a `test.sh` file in a given subdirectory of the top-level `tests` directory +# Expected directory structure is "tests//test.sh" function run_test { pushd "${PWD}/tests/${1}" - echo "Running tests for ${1}..." + echo "Running ${1} tests..." + ./test.sh + popd +} + +# Run a `test.sh` file for a given role +# Expected directory structure is "roles//tests/test.sh" +function run_role_test { + pushd "${PWD}/roles/${1}/tests" + echo "Running ${1} tests..." ./test.sh popd } @@ -35,6 +48,12 @@ function handle_input { exit 0 fi done + for test_dir in "${role_directories[@]}"; do + if [[ ${target} == "${test_dir}" ]]; then + run_role_test ${target} + exit 0 + fi + done echo "Error: unrecognized test directory given: ${target}" echo "" help @@ -43,6 +62,9 @@ function handle_input { for test_dir in "${test_directories[@]}"; do run_test "${test_dir}" done + for test_dir in "${role_directories[@]}"; do + run_role_test "${test_dir}" + done exit 0 fi } diff --git a/requirements.txt b/requirements.txt index 1193e1989..40d19fd88 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1 @@ -ansible>=2.5.15 +ansible>=2.9 diff --git a/defaults/main.yml b/roles/conjur_host_identity/defaults/main.yml similarity index 63% rename from defaults/main.yml rename to roles/conjur_host_identity/defaults/main.yml index d0f732bf5..d04410d8b 100644 --- a/defaults/main.yml +++ b/roles/conjur_host_identity/defaults/main.yml @@ -1,6 +1,6 @@ summon: - version: 0.6.6 + version: 0.8.2 os: linux-amd64 summon_conjur: - version: 0.5.0 + version: 0.5.3 os: linux-amd64 diff --git a/meta/main.yml b/roles/conjur_host_identity/meta/main.yml similarity index 65% rename from meta/main.yml rename to roles/conjur_host_identity/meta/main.yml index f0b0d840e..1fc12ef18 100644 --- a/meta/main.yml +++ b/roles/conjur_host_identity/meta/main.yml @@ -6,13 +6,9 @@ galaxy_info: company: CyberArk license: Apache author: - - Dustin Collins (@dustinmm80) - - Oren Ben Meir (@orenbm) - - Jason Vanderhoof (@jvanderhoof) - - Kumbirai Tanekha (@doodlesbykumbi) - - Gary Moon (@garymoon) + - Cyberark Community and Integrations Team (@cyberark/community-and-integrations-team) - min_ansible_version: '2.3' + min_ansible_version: '2.9' platforms: - name: Ubuntu diff --git a/meta/runtime.yml b/roles/conjur_host_identity/meta/runtime.yml similarity index 100% rename from meta/runtime.yml rename to roles/conjur_host_identity/meta/runtime.yml diff --git a/tasks/identity.yml b/roles/conjur_host_identity/tasks/identity.yml similarity index 100% rename from tasks/identity.yml rename to roles/conjur_host_identity/tasks/identity.yml diff --git a/tasks/identity_check.yml b/roles/conjur_host_identity/tasks/identity_check.yml similarity index 100% rename from tasks/identity_check.yml rename to roles/conjur_host_identity/tasks/identity_check.yml diff --git a/tasks/main.yml b/roles/conjur_host_identity/tasks/main.yml similarity index 100% rename from tasks/main.yml rename to roles/conjur_host_identity/tasks/main.yml diff --git a/tasks/summon-conjur.yml b/roles/conjur_host_identity/tasks/summon-conjur.yml similarity index 100% rename from tasks/summon-conjur.yml rename to roles/conjur_host_identity/tasks/summon-conjur.yml diff --git a/tasks/summon.yml b/roles/conjur_host_identity/tasks/summon.yml similarity index 100% rename from tasks/summon.yml rename to roles/conjur_host_identity/tasks/summon.yml diff --git a/templates/conjur.conf.j2 b/roles/conjur_host_identity/templates/conjur.conf.j2 similarity index 100% rename from templates/conjur.conf.j2 rename to roles/conjur_host_identity/templates/conjur.conf.j2 diff --git a/templates/conjur.identity.j2 b/roles/conjur_host_identity/templates/conjur.identity.j2 similarity index 100% rename from templates/conjur.identity.j2 rename to roles/conjur_host_identity/templates/conjur.identity.j2 diff --git a/tests/conjur-host-identity/Dockerfile b/roles/conjur_host_identity/tests/Dockerfile similarity index 100% rename from tests/conjur-host-identity/Dockerfile rename to roles/conjur_host_identity/tests/Dockerfile diff --git a/tests/conjur-host-identity/Dockerfile_nginx b/roles/conjur_host_identity/tests/Dockerfile_nginx similarity index 100% rename from tests/conjur-host-identity/Dockerfile_nginx rename to roles/conjur_host_identity/tests/Dockerfile_nginx diff --git a/tests/conjur-host-identity/ansible.cfg b/roles/conjur_host_identity/tests/ansible.cfg similarity index 100% rename from tests/conjur-host-identity/ansible.cfg rename to roles/conjur_host_identity/tests/ansible.cfg diff --git a/roles/conjur_host_identity/tests/conjur.pem b/roles/conjur_host_identity/tests/conjur.pem new file mode 100644 index 000000000..979201cfb --- /dev/null +++ b/roles/conjur_host_identity/tests/conjur.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDizCCAnOgAwIBAgIJAIzfbS84IEf2MA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV +BAYTAklMMQ8wDQYDVQQIDAZJc3JhZWwxDDAKBgNVBAcMA1RMVjENMAsGA1UECgwE +T255eDERMA8GA1UECwwIQ3liZXJBcmsxGzAZBgNVBAMMEmNvbmp1ci1wcm94eS1u +Z2lueDAeFw0yMDA4MTgxNDA2NDNaFw0yMTA4MTgxNDA2NDNaMGsxCzAJBgNVBAYT +AklMMQ8wDQYDVQQIDAZJc3JhZWwxDDAKBgNVBAcMA1RMVjENMAsGA1UECgwET255 +eDERMA8GA1UECwwIQ3liZXJBcmsxGzAZBgNVBAMMEmNvbmp1ci1wcm94eS1uZ2lu +eDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANrnWSgW7zySUlKZb1a3 +0EaIuKImB2kP5Hl200t4icel5oi+PlrmNsh2y9MhsqsUGem/uaRksHRcco/vpmcV +nj8j+QH4xcVy6UVmd6EYYI2J5uRFIX+aFbo9CvWCGuFbPITIadyinaKgYMtUwhN1 +wPAvT5rSpFKlERBHthfVVhseGJQSdFKAdtgdu3Umu6VdrONKbTrSFePyxJYxa6sL +AxZHfTc/urJn+3r5ddDqhGP/daD8CES8QrZ4FsRDnlV1oell9UotLhIAdqJ81eUL +GmYSa/QWoOOLnyXfmyCICIWSI5Rit76OlB/e0n2LyBZz80rUOxyJGUjRmu56a4rt +x/MCAwEAAaMyMDAwLgYDVR0RBCcwJYIJbG9jYWxob3N0ghJjb25qdXItcHJveHkt +bmdpbniHBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAB/0oG8J0eXhX1SfmZltO95H +LiQAtOIyOJ6JwMQ3sosNEryCg3c8muJ7WlqenlApWt90qRZFDmKvZZQc4vwKrFPt +hJuJdJc/97+wrJzZiBQRBiH4n0IBOz94bZeHzkftYQp5ipQhChqwm7R6bvlumTF9 +L4V/sGbPNFW8z7fcy4sg9+yH34th62ZKZr9MusE4TsiUtJjHCFlvesYLZydsO6Ve +taA2XLd+JT2wOek+yVpdPmm7yA9yNVsWmjRQQoRz04ayCso4EMWI9iLXBQSCpaIK +jmCFXShJgNaPXE/f14QAR3ZHNvajIFty6Qdy9fCSZgUGaFYmHjGM7tXq7rIFTA0= +-----END CERTIFICATE----- diff --git a/tests/conjur-host-identity/docker-compose.yml b/roles/conjur_host_identity/tests/docker-compose.yml similarity index 93% rename from tests/conjur-host-identity/docker-compose.yml rename to roles/conjur_host_identity/tests/docker-compose.yml index eb1e98202..e23601193 100644 --- a/tests/conjur-host-identity/docker-compose.yml +++ b/roles/conjur_host_identity/tests/docker-compose.yml @@ -12,8 +12,8 @@ services: CONJUR_CUSTOM_AUTHN_API_KEY: ${CUSTOM_CONJUR_AUTHN_API_KEY} COMPOSE_PROJECT_NAME: ${COMPOSE_PROJECT_NAME} volumes: - - ../..:/conjurinc/cyberark.conjur-host-identity/ - - ../conjur-host-identity:/conjurinc/tests/ + - ..:/conjurinc/cyberark.conjur-host-identity/ + - .:/conjurinc/tests/ - /var/run/docker.sock:/var/run/docker.sock pg: image: postgres:9.3 diff --git a/tests/conjur-host-identity/inventory-playbook.yml b/roles/conjur_host_identity/tests/inventory-playbook.yml similarity index 100% rename from tests/conjur-host-identity/inventory-playbook.yml rename to roles/conjur_host_identity/tests/inventory-playbook.yml diff --git a/tests/conjur-host-identity/inventory.j2 b/roles/conjur_host_identity/tests/inventory.j2 similarity index 100% rename from tests/conjur-host-identity/inventory.j2 rename to roles/conjur_host_identity/tests/inventory.j2 diff --git a/tests/conjur-host-identity/policy/root.yml b/roles/conjur_host_identity/tests/policy/root.yml similarity index 100% rename from tests/conjur-host-identity/policy/root.yml rename to roles/conjur_host_identity/tests/policy/root.yml diff --git a/tests/conjur-host-identity/proxy/default.conf b/roles/conjur_host_identity/tests/proxy/default.conf similarity index 100% rename from tests/conjur-host-identity/proxy/default.conf rename to roles/conjur_host_identity/tests/proxy/default.conf diff --git a/tests/conjur-host-identity/proxy/ssl.conf b/roles/conjur_host_identity/tests/proxy/ssl.conf similarity index 100% rename from tests/conjur-host-identity/proxy/ssl.conf rename to roles/conjur_host_identity/tests/proxy/ssl.conf diff --git a/tests/conjur-host-identity/test.sh b/roles/conjur_host_identity/tests/test.sh similarity index 100% rename from tests/conjur-host-identity/test.sh rename to roles/conjur_host_identity/tests/test.sh diff --git a/tests/conjur-host-identity/test_app_centos/Dockerfile b/roles/conjur_host_identity/tests/test_app_centos/Dockerfile similarity index 100% rename from tests/conjur-host-identity/test_app_centos/Dockerfile rename to roles/conjur_host_identity/tests/test_app_centos/Dockerfile diff --git a/tests/conjur-host-identity/test_app_ubuntu/Dockerfile b/roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile similarity index 100% rename from tests/conjur-host-identity/test_app_ubuntu/Dockerfile rename to roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile diff --git a/tests/conjur-host-identity/test_cases/configure-conjur-identity/playbook.yml b/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml similarity index 100% rename from tests/conjur-host-identity/test_cases/configure-conjur-identity/playbook.yml rename to roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml diff --git a/tests/conjur-host-identity/test_cases/configure-conjur-identity/tests/test_default.py b/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py similarity index 100% rename from tests/conjur-host-identity/test_cases/configure-conjur-identity/tests/test_default.py rename to roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py diff --git a/tests/sanity/ignore-2.10.txt b/tests/sanity/ignore-2.10.txt index a28d2d6e3..1c39f3059 100644 --- a/tests/sanity/ignore-2.10.txt +++ b/tests/sanity/ignore-2.10.txt @@ -1,8 +1,8 @@ Jenkinsfile shebang tests/conjur/test.sh shebang -tests/conjur-host-identity/test.sh shebang tests/conjur/policy/root.yml yamllint:unparsable-with-libyaml -tests/conjur-host-identity/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by summon utility (in Jenkinsfile), not via Python +roles/conjur_host_identity/tests/test.sh shebang +roles/conjur_host_identity/tests/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by summon utility (in Jenkinsfile), not via Python ci/build_release shebang ci/parse-changelog.sh shebang ci/publish_to_galaxy shebang diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt index a28d2d6e3..1c39f3059 100644 --- a/tests/sanity/ignore-2.11.txt +++ b/tests/sanity/ignore-2.11.txt @@ -1,8 +1,8 @@ Jenkinsfile shebang tests/conjur/test.sh shebang -tests/conjur-host-identity/test.sh shebang tests/conjur/policy/root.yml yamllint:unparsable-with-libyaml -tests/conjur-host-identity/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by summon utility (in Jenkinsfile), not via Python +roles/conjur_host_identity/tests/test.sh shebang +roles/conjur_host_identity/tests/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by summon utility (in Jenkinsfile), not via Python ci/build_release shebang ci/parse-changelog.sh shebang ci/publish_to_galaxy shebang diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt index 52c574ab8..a62b85cc6 100644 --- a/tests/sanity/ignore-2.9.txt +++ b/tests/sanity/ignore-2.9.txt @@ -1,6 +1,6 @@ Jenkinsfile shebang tests/conjur/test.sh shebang -tests/conjur-host-identity/test.sh shebang +roles/conjur_host_identity/tests/test.sh shebang ci/build_release shebang ci/parse-changelog.sh shebang ci/publish_to_galaxy shebang