From f7bed15fe34554834111860809e6a7a4c5c5a6a1 Mon Sep 17 00:00:00 2001
From: Bradley Boutcher <btboutcher@icloud.com>
Date: Wed, 16 Sep 2020 17:48:30 -0400
Subject: [PATCH] Create role subdirectory

Per Ansible Collection documentation,
the conjur_host_identity role
has been moved to a `role`
subdirectory. A `tests` subdirectory has been added
for this role, and all relevant tests moved there.
---
 .gitleaks.toml                                | 109 -----------
 CHANGELOG.md                                  |  12 +-
 CONTRIBUTING.md                               |  10 +-
 Jenkinsfile                                   |  14 +-
 README.md                                     | 177 ++++++++++--------
 ci/parse-changelog.sh                         |  13 +-
 ci/test.sh                                    |  30 ++-
 requirements.txt                              |   2 +-
 .../conjur_host_identity/defaults}/main.yml   |   4 +-
 .../conjur_host_identity/meta}/main.yml       |   8 +-
 .../conjur_host_identity/tasks}/identity.yml  |   0
 .../tasks}/identity_check.yml                 |   0
 .../conjur_host_identity/tasks}/main.yml      |   0
 .../tasks}/summon-conjur.yml                  |   0
 .../conjur_host_identity/tasks}/summon.yml    |   0
 .../templates}/conjur.conf.j2                 |   0
 .../templates}/conjur.identity.j2             |   0
 .../conjur_host_identity/tests}/Dockerfile    |   0
 .../tests}/Dockerfile_nginx                   |   0
 .../conjur_host_identity/tests}/ansible.cfg   |   0
 roles/conjur_host_identity/tests/conjur.pem   |  21 +++
 .../tests}/docker-compose.yml                 |   4 +-
 .../tests}/inventory-playbook.yml             |   0
 .../conjur_host_identity/tests}/inventory.j2  |   0
 .../tests}/policy/root.yml                    |   0
 .../tests}/proxy/default.conf                 |   0
 .../tests}/proxy/ssl.conf                     |   0
 .../conjur_host_identity/tests}/test.sh       |   0
 .../tests}/test_app_centos/Dockerfile         |   0
 .../tests}/test_app_ubuntu/Dockerfile         |   0
 .../configure-conjur-identity/playbook.yml    |   0
 .../tests/test_default.py                     |   0
 tests/{conjur => conjur_variable}/Dockerfile  |   0
 .../Dockerfile_nginx                          |   0
 .../docker-compose.yml                        |   0
 .../policy/root.yml                           |   0
 .../proxy/default.conf                        |   0
 .../proxy/ssl.conf                            |   0
 tests/{conjur => conjur_variable}/pytest.ini  |   0
 tests/{conjur => conjur_variable}/test.sh     |   4 +-
 .../retrieve-variable-bad-cert-path/env       |   0
 .../playbook.yml                              |   0
 .../tests/test_default.py                     |   0
 .../retrieve-variable-bad-certs/bad-cert.pem  |   0
 .../retrieve-variable-bad-certs/env           |   0
 .../retrieve-variable-bad-certs/playbook.yml  |   0
 .../tests/test_default.py                     |   0
 .../playbook.yml                              |   0
 .../tests/test_default.py                     |   0
 .../playbook.yml                              |   0
 .../tests/test_default.py                     |   0
 .../retrieve-variable-with-authn-token/env    |   0
 .../playbook.yml                              |   0
 .../tests/test_default.py                     |   0
 .../retrieve-variable-with-spaces-secret/env  |   0
 .../playbook.yml                              |   0
 .../tests/test_default.py                     |   0
 .../test_cases/retrieve-variable/env          |   0
 .../test_cases/retrieve-variable/playbook.yml |   0
 .../retrieve-variable/tests/test_default.py   |   0
 tests/sanity/ignore-2.10.txt                  |   8 +-
 tests/sanity/ignore-2.11.txt                  |   8 +-
 tests/sanity/ignore-2.9.txt                   |   4 +-
 63 files changed, 194 insertions(+), 234 deletions(-)
 delete mode 100644 .gitleaks.toml
 rename {defaults => roles/conjur_host_identity/defaults}/main.yml (63%)
 rename {meta => roles/conjur_host_identity/meta}/main.yml (65%)
 rename {tasks => roles/conjur_host_identity/tasks}/identity.yml (100%)
 rename {tasks => roles/conjur_host_identity/tasks}/identity_check.yml (100%)
 rename {tasks => roles/conjur_host_identity/tasks}/main.yml (100%)
 rename {tasks => roles/conjur_host_identity/tasks}/summon-conjur.yml (100%)
 rename {tasks => roles/conjur_host_identity/tasks}/summon.yml (100%)
 rename {templates => roles/conjur_host_identity/templates}/conjur.conf.j2 (100%)
 rename {templates => roles/conjur_host_identity/templates}/conjur.identity.j2 (100%)
 rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/Dockerfile (100%)
 rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/Dockerfile_nginx (100%)
 rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/ansible.cfg (100%)
 create mode 100644 roles/conjur_host_identity/tests/conjur.pem
 rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/docker-compose.yml (93%)
 rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/inventory-playbook.yml (100%)
 rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/inventory.j2 (100%)
 rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/policy/root.yml (100%)
 rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/proxy/default.conf (100%)
 rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/proxy/ssl.conf (100%)
 rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/test.sh (100%)
 rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/test_app_centos/Dockerfile (100%)
 rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/test_app_ubuntu/Dockerfile (100%)
 rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/test_cases/configure-conjur-identity/playbook.yml (100%)
 rename {tests/conjur-host-identity => roles/conjur_host_identity/tests}/test_cases/configure-conjur-identity/tests/test_default.py (100%)
 rename tests/{conjur => conjur_variable}/Dockerfile (100%)
 rename tests/{conjur => conjur_variable}/Dockerfile_nginx (100%)
 rename tests/{conjur => conjur_variable}/docker-compose.yml (100%)
 rename tests/{conjur => conjur_variable}/policy/root.yml (100%)
 rename tests/{conjur => conjur_variable}/proxy/default.conf (100%)
 rename tests/{conjur => conjur_variable}/proxy/ssl.conf (100%)
 rename tests/{conjur => conjur_variable}/pytest.ini (100%)
 rename tests/{conjur => conjur_variable}/test.sh (97%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-bad-cert-path/env (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-bad-cert-path/playbook.yml (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-bad-cert-path/tests/test_default.py (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-bad-certs/bad-cert.pem (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-bad-certs/env (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-bad-certs/playbook.yml (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-bad-certs/tests/test_default.py (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-disable-verify-certs/playbook.yml (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-no-cert-provided/playbook.yml (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-no-cert-provided/tests/test_default.py (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-with-authn-token/env (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-with-authn-token/playbook.yml (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-with-authn-token/tests/test_default.py (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-with-spaces-secret/env (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-with-spaces-secret/playbook.yml (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable/env (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable/playbook.yml (100%)
 rename tests/{conjur => conjur_variable}/test_cases/retrieve-variable/tests/test_default.py (100%)

diff --git a/.gitleaks.toml b/.gitleaks.toml
deleted file mode 100644
index 8b9bae1ba..000000000
--- a/.gitleaks.toml
+++ /dev/null
@@ -1,109 +0,0 @@
-title = "ansible-conjur-collection gitleaks config"
-
-[[rules]]
-    description = "AWS Manager ID"
-    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
-    tags = ["key", "AWS"]
-[[rules]]
-    description = "AWS Secret Key"
-    regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
-    tags = ["key", "AWS"]
-[[rules]]
-    description = "AWS MWS key"
-    regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
-    tags = ["key", "AWS", "MWS"]
-[[rules]]
-    description = "Facebook Secret Key"
-    regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
-    tags = ["key", "Facebook"]
-[[rules]]
-    description = "Facebook Client ID"
-    regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
-    tags = ["key", "Facebook"]
-[[rules]]
-    description = "Twitter Secret Key"
-    regex = '''(?i)twitter(.{0,20})?[0-9a-z]{35,44}'''
-    tags = ["key", "Twitter"]
-[[rules]]
-    description = "Twitter Client ID"
-    regex = '''(?i)twitter(.{0,20})?[0-9a-z]{18,25}'''
-    tags = ["client", "Twitter"]
-[[rules]]
-    description = "Github"
-    regex = '''(?i)github(.{0,20})?(?-i)[0-9a-zA-Z]{35,40}'''
-    tags = ["key", "Github"]
-[[rules]]
-    description = "LinkedIn Client ID"
-    regex = '''(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}'''
-    tags = ["client", "LinkedIn"]
-[[rules]]
-    description = "LinkedIn Secret Key"
-    regex = '''(?i)linkedin(.{0,20})?[0-9a-z]{16}'''
-    tags = ["secret", "LinkedIn"]
-[[rules]]
-    description = "Slack"
-    regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
-    tags = ["key", "Slack"]
-[[rules]]
-    description = "Asymmetric Private Key"
-    regex = '''-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----'''
-    tags = ["key", "AsymmetricPrivateKey"]
-[[rules]]
-    description = "Google API key"
-    regex = '''AIza[0-9A-Za-z\\-_]{35}'''
-    tags = ["key", "Google"]
-[[rules]]
-    description = "Google (GCP) Service Account"
-    regex = '''"type": "service_account"'''
-    tags = ["key", "Google"]
-[[rules]]
-    description = "Heroku API key"
-    regex = '''(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
-    tags = ["key", "Heroku"]
-[[rules]]
-    description = "MailChimp API key"
-    regex = '''(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}'''
-    tags = ["key", "Mailchimp"]
-[[rules]]
-    description = "Mailgun API key"
-    regex = '''((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}'''
-    tags = ["key", "Mailgun"]
-[[rules]]
-    description = "PayPal Braintree access token"
-    regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
-    tags = ["key", "Paypal"]
-[[rules]]
-    description = "Picatic API key"
-    regex = '''sk_live_[0-9a-z]{32}'''
-    tags = ["key", "Picatic"]
-[[rules]]
-    description = "SendGrid API Key"
-    regex = '''SG\.[\w_]{16,32}\.[\w_]{16,64}'''
-    tags = ["key", "SendGrid"]
-[[rules]]
-    description = "Slack Webhook"
-    regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
-    tags = ["key", "slack"]
-[[rules]]
-    description = "Stripe API key"
-    regex = '''(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}'''
-    tags = ["key", "Stripe"]
-[[rules]]
-    description = "Square access token"
-    regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
-    tags = ["key", "square"]
-[[rules]]
-    description = "Square OAuth secret"
-    regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
-    tags = ["key", "square"]
-[[rules]]
-    description = "Twilio API key"
-    regex = '''(?i)twilio(.{0,20})?SK[0-9a-f]{32}'''
-    tags = ["key", "twilio"]
-[allowlist]
-    commits = ["0f04d2d2bbbbd6315b8b14cfcfa4c89b1cf2213e",]
-    description = "Allowlisted files"
-    files = ['''^\.?gitleaks.toml$''',
-    '''(.*?)(jpg|gif|doc|pdf|bin)$''',
-    '''(go.mod|go.sum)$''',
-    '''(.*/tests/.*)$ ''',]
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f97ea4652..8704fec66 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,15 +7,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [Unreleased]
 
 ### Added
-- The Ansible [conjur-host-identity](https://galaxy.ansible.com/cyberark/conjur-host-identity) has  
-  been migrated to this collection, where it will be maintained moving forward. [cyberark/
-  conjur-host-identity#30](https://github.com/cyberark/ansible-conjur-host-identity/issues/30)
-
-### Changed
-- [Added retries](https://github.com/cyberark/ansible-conjur-host-identity/pull/32) to tasks/  
-  identity/Request identity from Conjur.
+- The [Conjur Ansible role](https://galaxy.ansible.com/cyberark/conjur-host-identity) has been
+  migrated to this collection, where it will be maintained moving forward.
+  [cyberark/ansible-conjur-host-identity#30](https://github.com/cyberark/ansible-conjur-host-identity/issues/30)
+- Added retries to tasks/identity/Request identity from Conjur.
   This will increase the reliability of host factory requests without introducing any extra delay 
   if the first request succeeds.
+  [cyberark/ansible-conjur-host-identity#32](https://github.com/cyberark/ansible-conjur-host-identity/pull/32)
 
 ## [1.0.7] - 2020-08-20
 
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index bf650ec47..ad11fac30 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -27,9 +27,15 @@ of this plugin:
 
 ### Testing
 
-To run the tests:
+To run a specific set of tests:
 
 ```sh-session
 $ cd tests
-$ ./test.sh <conjur or conjur-host-identity>
+$ ./test.sh -d <role or plugin name>
 ```
+To run all tests:
+
+```sh-session
+$ cd tests
+$ ./test.sh -a
+```
\ No newline at end of file
diff --git a/Jenkinsfile b/Jenkinsfile
index 535dc5ba4..f63138de2 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -20,19 +20,17 @@ pipeline {
 
     stage('Run tests') {
       parallel {
-        stage("Test Ansible-Conjur-Collection") {
-          agent { label 'executor-v2-large' }
-
+        stage("Test conjur_lookup Plugin") {
           steps {
-            sh './ci/test.sh -d conjur'
-            junit 'tests/conjur/junit/*'
+            sh './ci/test.sh -d conjur_variable'
+            junit 'tests/conjur_variable/junit/*'
           }
         }
 
-        stage("Test Ansible-Conjur-Host-Identity") {
+        stage("Test conjur_host_identity Role") {
           steps {
-            sh './ci/test.sh -d conjur-host-identity'
-            junit 'tests/conjur-host-identity/junit/*'
+            sh './ci/test.sh -d conjur_host_identity'
+            junit 'roles/conjur_host_identity/tests/junit/*'
           }
         }
       }
diff --git a/README.md b/README.md
index 0075bc753..4c9fcf978 100644
--- a/README.md
+++ b/README.md
@@ -2,38 +2,36 @@
 
 # CyberArk Ansible Conjur Collection
 
-This collection contains plugins to be used for CyberArk Conjur & DAP (Dynamic Access Provider) hosted in [ansible galaxy](https://galaxy.ansible.com/cyberark/conjur).
+This collection contains components to be used with CyberArk Conjur & DAP (Dynamic Access Provider)
+hosted in [Ansible Galaxy](https://galaxy.ansible.com/cyberark/conjur).
 
 ## Table of Contents
-- [CyberArk Ansible Conjur Collection](#cyberark-ansible-conjur-collection)
-  * [Requirements](#requirements)
-  * [conjur_variable Lookup Plugin](#conjur_variable-lookup-plugin)
-    + [Role Variables](#role-variables)
-    + [Dependencies](#dependencies)
-    + [Example Playbook](#example-playbook)
-  * [Conjur Ansible Role](#conjur-ansible-role)
-    + [Usage](#usage)
-    + [Role Variables](#role-variables-1)
-    + [Dependencies](#dependencies)
-    + [Example Playbook](#example-playbook-1)
-    + [Summon & Service Managers](#summon---service-managers)
-    + [Recommendations](#recommendations)
-  * [Contributing](#contributing)
-  * [License](#license)
+
+* [Requirements](#requirements)
+* [Installation](#installation)
+* [Conjur Ansible Role](#conjur-ansible-role)
+  + [Usage](#usage)
+  + [Role Variables](#role-variables)
+  + [Example Playbook](#example-playbook)
+  + [Summon & Service Managers](#summon---service-managers)
+  + [Recommendations](#recommendations)
+* [Conjur Ansible Lookup Plugin](#conjur-ansible-lookup-plugin)
+  + [Environment variables](#environment-variables)
+  + [Role Variables](#role-variables-1)
+  + [Example Playbook](#example-playbook-1)
+* [Contributing](#contributing)
+* [License](#license)
 
 <!-- Table of contents generated with markdown-toc
 http://ecotrust-canada.github.io/markdown-toc/ -->
 
 ## Requirements
 
-- conjur_variable Lookup Plugin
-  - [CyberArk Conjur Open Source](https://www.conjur.org) v1.x+ or
-  - [CyberArk Dynamic Access Provider](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Resources/_TopNav/cc_Home.htm) v10.x+
-  - Ansible >= 2.9
-
-- Conjur Role
-  - A running Conjur service that is accessible from the target nodes.
-  - Ansible >= 2.3.0.0
+- An instance of [CyberArk Conjur Open Source](https://www.conjur.org) v1.x+ or [CyberArk Dynamic
+  Access
+  Provider](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Resources/_TopNav/cc_Home.htm)
+  v10.x+ accessible from the target node
+- Ansible >= 2.9
 
 ## Installation 
 From terminal, run the following command:
@@ -41,53 +39,33 @@ From terminal, run the following command:
 ansible-galaxy collection install cyberark.conjur
 ```
 
-## conjur_variable Lookup Plugin
-Fetch credentials from CyberArk Conjur using the controlling host's Conjur identity or environment variables.
-
-- The controlling host running Ansible has a Conjur identity. [More Information here](https://docs.conjur.org/latest/en/Content/Get%20Started/key_concepts/machine_identity.html) and here in [Conjur Ansible role project](https://github.com/cyberark/ansible-conjur-host-identity/)
-
-- Environment variables could be `CONJUR_ACCOUNT`, `CONJUR_APPLIANCE_URL`, `CONJUR_CERT_FILE`, `CONJUR_AUTHN_LOGIN`, `CONJUR_AUTHN_API_KEY`, `CONJUR_AUTHN_TOKEN_FILE`
-
-### Role Variables
-
-None.
-<br>
-
-### Example Playbook
-
-```yaml
----
-- hosts: localhost
-  tasks:
-  - name: Lookup variable in Conjur
-    debug:
-      msg: "{{ lookup('cyberark.conjur.conjur_variable', '/path/to/secret') }}"
-```
-
 ## Conjur Ansible Role
-This Ansible role provides the ability to grant Conjur machine identity to a host. Based on that identity, secrets can then be retrieved securely using the [Summon](https://github.com/cyberark/summon) tool (installed on hosts with identities created by this role).
+This Ansible role provides the ability to grant Conjur machine identity to a host. Based on that
+identity, secrets can then be retrieved securely using the [Conjur Lookup
+Plugin](#conjur_variable-lookup-plugin) or using the [Summon](https://github.com/cyberark/summon)
+tool (installed on hosts with identities created by this role).
 
 ### Usage
-The Conjur role provides a method to "Conjurize" or establish the Conjur identity of a remote node with Ansible. The node can then be granted least-privilege access to retrieve the secrets it needs in a secure manner.
+The Conjur role provides a method to establish the Conjur identity of a remote node with Ansible.
+The node can then be granted least-privilege access to retrieve the secrets it needs in a secure
+manner.
 
 ### Role Variables
 
-* `conjur_appliance_url` `*`: URL of the running Conjur service
-* `conjur_account` `*`: Conjur account name
-* `conjur_host_factory_token` `*`: [Host Factory](https://developer.conjur.net/reference/services/host_factory/) token for
-layer enrollment. This should be specified in the environment on the Ansible controlling host.
-* `conjur_host_name` `*`: Name of the host being conjurized.
+* `conjur_appliance_url` (_Optional)_: URL of the running Conjur service
+* `conjur_account` (_Optional)_: Conjur account name
+* `conjur_host_factory_token` (_Optional)_: [Host
+  Factory](https://developer.conjur.net/reference/services/host_factory/) token for layer
+  enrollment. This should be specified in the environment on the Ansible controlling host.
+* `conjur_host_name` (_Optional)_: Name of the host to be created.
 * `conjur_ssl_certificate`: Public SSL certificate of the Conjur endpoint
-* `conjur_validate_certs`: Boolean value to indicate if the Conjur endpoint should validate certificates
-* `summon.version`: version of Summon to install. Default is `0.6.6`.
-* `summon_conjur.version`: version of Summon-Conjur provider to install. Default is `0.5.0`.
-
-The variables marked with `*` are required fields. The other variables are required for running with an HTTPS Conjur endpoint, but are not required if you run with an HTTP Conjur endpoint.
+* `conjur_validate_certs`: Boolean value to indicate if the Conjur endpoint should validate
+  certificates
+* `summon.version`: version of Summon to install. Default is `0.8.2`.
+* `summon_conjur.version`: version of Summon-Conjur provider to install. Default is `0.5.3`.
 
-### Dependencies
-
-None.
-<br/>
+The variables marked with _`(Optional)`_ are required fields. All other variables are required for
+running with an HTTPS Conjur endpoint.
 
 ### Example Playbook
 
@@ -103,11 +81,13 @@ Configure a remote node with a Conjur identity and Summon:
 ```
 
 This example:
-- Registers the host with Conjur, adding it into the layer specific to the provided host factory token.
+- Registers the host `{insert whatever the hostname is}` with Conjur, adding it into the Conjur 
+policy layer defined for the provided host factory token.
 - Installs Summon with the Summon Conjur provider for secret retrieval from Conjur.
 
 ### Summon & Service Managers
-With Summon installed, using Conjur with a Service Manager (like SystemD) becomes a snap.  Here's a simple example of a SystemD file connecting to Conjur:
+With Summon installed, using Conjur with a Service Manager (like SystemD) becomes a snap.  Here's a
+simple example of a SystemD file connecting to Conjur:
 ```ini
 [Unit]
 Description=DemoApp
@@ -118,24 +98,75 @@ User=DemoUser
 #Environment=CONJUR_MAJOR_VERSION=4
 ExecStart=/usr/local/bin/summon --yaml 'DB_PASSWORD: !var staging/demoapp/database/password' /usr/local/bin/myapp
 ```
-> Note:
-When connecting to Conjur 4 (Conjur Enterprise), Summon requires the environment variable `CONJUR_MAJOR_VERSION` set to `4`. You can provide it by uncommenting the relevant line above.
+> Note: When connecting to Conjur 4 (Conjur Enterprise), Summon requires the environment variable
+`CONJUR_MAJOR_VERSION` set to `4`. You can provide it by uncommenting the relevant line above.
 
-The above example uses Summon to retrieve the password stored in `staging/myapp/database/password`, set it to an environment variable `DB_PASSWORD`, and provide it to the demo application process. Using Summon, the secret is kept off disk. If the service is restarted, Summon retrieves the password as the application is started.
+The above example uses Summon to retrieve the password stored in `staging/myapp/database/password`,
+set it to an environment variable `DB_PASSWORD`, and provide it to the demo application process.
+Using Summon, the secret is kept off disk. If the service is restarted, Summon retrieves the
+password as the application is started.
 
 ### Recommendations
 
-- Add `no_log: true` to each play that uses sensitive data, otherwise that data can be printed to the logs.
+- Add `no_log: true` to each play that uses sensitive data, otherwise that data can be printed to
+  the logs.
 
-- Set the Ansible files to minimum permissions. Ansible uses the permissions of the user that runs it.
+- Set the Ansible files to minimum permissions. Ansible uses the permissions of the user that runs
+  it.
+
+## Conjur Ansible Lookup Plugin
+Fetch credentials from CyberArk Conjur using the controlling host's Conjur identity or environment
+variables.
+
+he controlling host running Ansible must have a Conjur identity, provided for example by the 
+[Conjur Ansible role](#conjur-ansible-role).
+### Environment variables
+
+The following environment variables will be used by the lookup plugin to authenticate with the
+Conjur host, if they are present on the system running the lookup plugin.
+
+- `CONJUR_ACCOUNT` : The Conjur account name
+- `CONJUR_APPLIANCE_URL` : URL of the running Conjur service
+- `CONJUR_CERT_FILE` : Path to the Conjur certificate file
+- `CONJUR_AUTHN_LOGIN` : A valid Conjur host username
+- `CONJUR_AUTHN_API_KEY` : The api key that corresponds to the Conjur host username
+- `CONJUR_AUTHN_TOKEN_FILE` : Path to a file containing a valid Conjur auth token
+
+### Role Variables
+
+None.
+
+### Example Playbook
+
+```yaml
+---
+- hosts: localhost
+  tasks:
+  - name: Lookup variable in Conjur
+    debug:
+      msg: "{{ lookup('cyberark.conjur.conjur_variable', '/path/to/secret') }}"
+```
 
 ## Contributing
 
-We welcome contributions of all kinds to this repository. For instructions on how to get started and descriptions of our development workflows, please see our [contributing
-guide][contrib].
+We welcome contributions of all kinds to this repository. For instructions on how to get started and
+descriptions of our development workflows, please see our [contributing guide][contrib].
 
 [contrib]: https://github.com/cyberark/ansible-conjur-collection/blob/master/CONTRIBUTING.md
 
 ## License
 
-This repository is licensed under Apache License 2.0 - see [`LICENSE`](LICENSE) for more details.
+Copyright (c) 2020 CyberArk Software Ltd. All rights reserved.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+For the full license text see [`LICENSE`](LICENSE).
diff --git a/ci/parse-changelog.sh b/ci/parse-changelog.sh
index 0fd7f528b..be7d8270e 100755
--- a/ci/parse-changelog.sh
+++ b/ci/parse-changelog.sh
@@ -1,11 +1,6 @@
 #!/bin/bash -ex
 
-cd "$(dirname "$0")"
-
-docker run --rm \
-  -v "$PWD/..:/work" \
-  -w "/work" \
-  ruby:2.5 bash -ec "
-    gem install -N parse_a_changelog
-    parse ./CHANGELOG.md
-  "
+docker run \
+  --rm \
+  --volume "${PWD}/CHANGELOG.md":/CHANGELOG.md \
+  cyberark/parse-a-changelog
\ No newline at end of file
diff --git a/ci/test.sh b/ci/test.sh
index a9201916b..ccbaf9029 100755
--- a/ci/test.sh
+++ b/ci/test.sh
@@ -2,8 +2,11 @@
 
 # Test runner for Ansible Conjur Collection
 
-# Directories containing a `test.sh` file
-test_directories=("conjur" "conjur-host-identity")
+# Test subdirectors containing a `test.sh` file
+test_directories=("conjur_variable")
+
+# Roles containing a test subdirectory
+role_directories=("conjur_host_identity")
 
 # Target directory that can be manually set by passing a value to the `-d` flag
 target=""
@@ -19,9 +22,21 @@ function help {
 }
 
 # Run a `test.sh` file in a given subdirectory of the top-level `tests` directory
+# Expected directory structure is "tests/<plugin>/test.sh"
 function run_test {
     pushd "${PWD}/tests/${1}"
-        echo "Running tests for ${1}..."
+        export COMPOSE_PROJECT_NAME=${1}
+        echo "Running ${1} tests..."
+        ./test.sh
+    popd
+}
+
+# Run a `test.sh` file for a given role
+# Expected directory structure is "roles/<role>/tests/test.sh"
+function run_role_test {
+    pushd "${PWD}/roles/${1}/tests"
+        export COMPOSE_PROJECT_NAME=${1}
+        echo "Running ${1} tests..."
         ./test.sh
     popd
 }
@@ -35,6 +50,12 @@ function handle_input {
                 exit 0
             fi
         done
+        for test_dir in "${role_directories[@]}"; do 
+            if [[ ${target} == "${test_dir}" ]]; then
+                run_role_test ${target}
+                exit 0
+            fi
+        done
         echo "Error: unrecognized test directory given: ${target}"
         echo ""
         help
@@ -43,6 +64,9 @@ function handle_input {
         for test_dir in "${test_directories[@]}"; do 
             run_test "${test_dir}"
         done
+        for test_dir in "${role_directories[@]}"; do 
+            run_role_test "${test_dir}"
+        done
         exit 0
     fi
 }
diff --git a/requirements.txt b/requirements.txt
index 1193e1989..40d19fd88 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1 @@
-ansible>=2.5.15
+ansible>=2.9
diff --git a/defaults/main.yml b/roles/conjur_host_identity/defaults/main.yml
similarity index 63%
rename from defaults/main.yml
rename to roles/conjur_host_identity/defaults/main.yml
index d0f732bf5..d04410d8b 100644
--- a/defaults/main.yml
+++ b/roles/conjur_host_identity/defaults/main.yml
@@ -1,6 +1,6 @@
 summon:
-  version: 0.6.6
+  version: 0.8.2
   os: linux-amd64
 summon_conjur:
-  version: 0.5.0
+  version: 0.5.3
   os: linux-amd64
diff --git a/meta/main.yml b/roles/conjur_host_identity/meta/main.yml
similarity index 65%
rename from meta/main.yml
rename to roles/conjur_host_identity/meta/main.yml
index f0b0d840e..1fc12ef18 100644
--- a/meta/main.yml
+++ b/roles/conjur_host_identity/meta/main.yml
@@ -6,13 +6,9 @@ galaxy_info:
   company: CyberArk
   license: Apache
   author:
-    - Dustin Collins (@dustinmm80)
-    - Oren Ben Meir (@orenbm)
-    - Jason Vanderhoof (@jvanderhoof)
-    - Kumbirai Tanekha (@doodlesbykumbi)
-    - Gary Moon (@garymoon)
+    - Cyberark Community and Integrations Team (@cyberark/community-and-integrations-team)
 
-  min_ansible_version: '2.3'
+  min_ansible_version: '2.9'
 
   platforms:
     - name: Ubuntu
diff --git a/tasks/identity.yml b/roles/conjur_host_identity/tasks/identity.yml
similarity index 100%
rename from tasks/identity.yml
rename to roles/conjur_host_identity/tasks/identity.yml
diff --git a/tasks/identity_check.yml b/roles/conjur_host_identity/tasks/identity_check.yml
similarity index 100%
rename from tasks/identity_check.yml
rename to roles/conjur_host_identity/tasks/identity_check.yml
diff --git a/tasks/main.yml b/roles/conjur_host_identity/tasks/main.yml
similarity index 100%
rename from tasks/main.yml
rename to roles/conjur_host_identity/tasks/main.yml
diff --git a/tasks/summon-conjur.yml b/roles/conjur_host_identity/tasks/summon-conjur.yml
similarity index 100%
rename from tasks/summon-conjur.yml
rename to roles/conjur_host_identity/tasks/summon-conjur.yml
diff --git a/tasks/summon.yml b/roles/conjur_host_identity/tasks/summon.yml
similarity index 100%
rename from tasks/summon.yml
rename to roles/conjur_host_identity/tasks/summon.yml
diff --git a/templates/conjur.conf.j2 b/roles/conjur_host_identity/templates/conjur.conf.j2
similarity index 100%
rename from templates/conjur.conf.j2
rename to roles/conjur_host_identity/templates/conjur.conf.j2
diff --git a/templates/conjur.identity.j2 b/roles/conjur_host_identity/templates/conjur.identity.j2
similarity index 100%
rename from templates/conjur.identity.j2
rename to roles/conjur_host_identity/templates/conjur.identity.j2
diff --git a/tests/conjur-host-identity/Dockerfile b/roles/conjur_host_identity/tests/Dockerfile
similarity index 100%
rename from tests/conjur-host-identity/Dockerfile
rename to roles/conjur_host_identity/tests/Dockerfile
diff --git a/tests/conjur-host-identity/Dockerfile_nginx b/roles/conjur_host_identity/tests/Dockerfile_nginx
similarity index 100%
rename from tests/conjur-host-identity/Dockerfile_nginx
rename to roles/conjur_host_identity/tests/Dockerfile_nginx
diff --git a/tests/conjur-host-identity/ansible.cfg b/roles/conjur_host_identity/tests/ansible.cfg
similarity index 100%
rename from tests/conjur-host-identity/ansible.cfg
rename to roles/conjur_host_identity/tests/ansible.cfg
diff --git a/roles/conjur_host_identity/tests/conjur.pem b/roles/conjur_host_identity/tests/conjur.pem
new file mode 100644
index 000000000..979201cfb
--- /dev/null
+++ b/roles/conjur_host_identity/tests/conjur.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDizCCAnOgAwIBAgIJAIzfbS84IEf2MA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV
+BAYTAklMMQ8wDQYDVQQIDAZJc3JhZWwxDDAKBgNVBAcMA1RMVjENMAsGA1UECgwE
+T255eDERMA8GA1UECwwIQ3liZXJBcmsxGzAZBgNVBAMMEmNvbmp1ci1wcm94eS1u
+Z2lueDAeFw0yMDA4MTgxNDA2NDNaFw0yMTA4MTgxNDA2NDNaMGsxCzAJBgNVBAYT
+AklMMQ8wDQYDVQQIDAZJc3JhZWwxDDAKBgNVBAcMA1RMVjENMAsGA1UECgwET255
+eDERMA8GA1UECwwIQ3liZXJBcmsxGzAZBgNVBAMMEmNvbmp1ci1wcm94eS1uZ2lu
+eDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANrnWSgW7zySUlKZb1a3
+0EaIuKImB2kP5Hl200t4icel5oi+PlrmNsh2y9MhsqsUGem/uaRksHRcco/vpmcV
+nj8j+QH4xcVy6UVmd6EYYI2J5uRFIX+aFbo9CvWCGuFbPITIadyinaKgYMtUwhN1
+wPAvT5rSpFKlERBHthfVVhseGJQSdFKAdtgdu3Umu6VdrONKbTrSFePyxJYxa6sL
+AxZHfTc/urJn+3r5ddDqhGP/daD8CES8QrZ4FsRDnlV1oell9UotLhIAdqJ81eUL
+GmYSa/QWoOOLnyXfmyCICIWSI5Rit76OlB/e0n2LyBZz80rUOxyJGUjRmu56a4rt
+x/MCAwEAAaMyMDAwLgYDVR0RBCcwJYIJbG9jYWxob3N0ghJjb25qdXItcHJveHkt
+bmdpbniHBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAB/0oG8J0eXhX1SfmZltO95H
+LiQAtOIyOJ6JwMQ3sosNEryCg3c8muJ7WlqenlApWt90qRZFDmKvZZQc4vwKrFPt
+hJuJdJc/97+wrJzZiBQRBiH4n0IBOz94bZeHzkftYQp5ipQhChqwm7R6bvlumTF9
+L4V/sGbPNFW8z7fcy4sg9+yH34th62ZKZr9MusE4TsiUtJjHCFlvesYLZydsO6Ve
+taA2XLd+JT2wOek+yVpdPmm7yA9yNVsWmjRQQoRz04ayCso4EMWI9iLXBQSCpaIK
+jmCFXShJgNaPXE/f14QAR3ZHNvajIFty6Qdy9fCSZgUGaFYmHjGM7tXq7rIFTA0=
+-----END CERTIFICATE-----
diff --git a/tests/conjur-host-identity/docker-compose.yml b/roles/conjur_host_identity/tests/docker-compose.yml
similarity index 93%
rename from tests/conjur-host-identity/docker-compose.yml
rename to roles/conjur_host_identity/tests/docker-compose.yml
index eb1e98202..e23601193 100644
--- a/tests/conjur-host-identity/docker-compose.yml
+++ b/roles/conjur_host_identity/tests/docker-compose.yml
@@ -12,8 +12,8 @@ services:
       CONJUR_CUSTOM_AUTHN_API_KEY: ${CUSTOM_CONJUR_AUTHN_API_KEY}
       COMPOSE_PROJECT_NAME: ${COMPOSE_PROJECT_NAME}
     volumes:
-      - ../..:/conjurinc/cyberark.conjur-host-identity/
-      - ../conjur-host-identity:/conjurinc/tests/
+      - ..:/conjurinc/cyberark.conjur-host-identity/
+      - .:/conjurinc/tests/
       - /var/run/docker.sock:/var/run/docker.sock
   pg:
     image: postgres:9.3
diff --git a/tests/conjur-host-identity/inventory-playbook.yml b/roles/conjur_host_identity/tests/inventory-playbook.yml
similarity index 100%
rename from tests/conjur-host-identity/inventory-playbook.yml
rename to roles/conjur_host_identity/tests/inventory-playbook.yml
diff --git a/tests/conjur-host-identity/inventory.j2 b/roles/conjur_host_identity/tests/inventory.j2
similarity index 100%
rename from tests/conjur-host-identity/inventory.j2
rename to roles/conjur_host_identity/tests/inventory.j2
diff --git a/tests/conjur-host-identity/policy/root.yml b/roles/conjur_host_identity/tests/policy/root.yml
similarity index 100%
rename from tests/conjur-host-identity/policy/root.yml
rename to roles/conjur_host_identity/tests/policy/root.yml
diff --git a/tests/conjur-host-identity/proxy/default.conf b/roles/conjur_host_identity/tests/proxy/default.conf
similarity index 100%
rename from tests/conjur-host-identity/proxy/default.conf
rename to roles/conjur_host_identity/tests/proxy/default.conf
diff --git a/tests/conjur-host-identity/proxy/ssl.conf b/roles/conjur_host_identity/tests/proxy/ssl.conf
similarity index 100%
rename from tests/conjur-host-identity/proxy/ssl.conf
rename to roles/conjur_host_identity/tests/proxy/ssl.conf
diff --git a/tests/conjur-host-identity/test.sh b/roles/conjur_host_identity/tests/test.sh
similarity index 100%
rename from tests/conjur-host-identity/test.sh
rename to roles/conjur_host_identity/tests/test.sh
diff --git a/tests/conjur-host-identity/test_app_centos/Dockerfile b/roles/conjur_host_identity/tests/test_app_centos/Dockerfile
similarity index 100%
rename from tests/conjur-host-identity/test_app_centos/Dockerfile
rename to roles/conjur_host_identity/tests/test_app_centos/Dockerfile
diff --git a/tests/conjur-host-identity/test_app_ubuntu/Dockerfile b/roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile
similarity index 100%
rename from tests/conjur-host-identity/test_app_ubuntu/Dockerfile
rename to roles/conjur_host_identity/tests/test_app_ubuntu/Dockerfile
diff --git a/tests/conjur-host-identity/test_cases/configure-conjur-identity/playbook.yml b/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml
similarity index 100%
rename from tests/conjur-host-identity/test_cases/configure-conjur-identity/playbook.yml
rename to roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml
diff --git a/tests/conjur-host-identity/test_cases/configure-conjur-identity/tests/test_default.py b/roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py
similarity index 100%
rename from tests/conjur-host-identity/test_cases/configure-conjur-identity/tests/test_default.py
rename to roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/tests/test_default.py
diff --git a/tests/conjur/Dockerfile b/tests/conjur_variable/Dockerfile
similarity index 100%
rename from tests/conjur/Dockerfile
rename to tests/conjur_variable/Dockerfile
diff --git a/tests/conjur/Dockerfile_nginx b/tests/conjur_variable/Dockerfile_nginx
similarity index 100%
rename from tests/conjur/Dockerfile_nginx
rename to tests/conjur_variable/Dockerfile_nginx
diff --git a/tests/conjur/docker-compose.yml b/tests/conjur_variable/docker-compose.yml
similarity index 100%
rename from tests/conjur/docker-compose.yml
rename to tests/conjur_variable/docker-compose.yml
diff --git a/tests/conjur/policy/root.yml b/tests/conjur_variable/policy/root.yml
similarity index 100%
rename from tests/conjur/policy/root.yml
rename to tests/conjur_variable/policy/root.yml
diff --git a/tests/conjur/proxy/default.conf b/tests/conjur_variable/proxy/default.conf
similarity index 100%
rename from tests/conjur/proxy/default.conf
rename to tests/conjur_variable/proxy/default.conf
diff --git a/tests/conjur/proxy/ssl.conf b/tests/conjur_variable/proxy/ssl.conf
similarity index 100%
rename from tests/conjur/proxy/ssl.conf
rename to tests/conjur_variable/proxy/ssl.conf
diff --git a/tests/conjur/pytest.ini b/tests/conjur_variable/pytest.ini
similarity index 100%
rename from tests/conjur/pytest.ini
rename to tests/conjur_variable/pytest.ini
diff --git a/tests/conjur/test.sh b/tests/conjur_variable/test.sh
similarity index 97%
rename from tests/conjur/test.sh
rename to tests/conjur_variable/test.sh
index 03ce7baca..fe2b3d5bf 100755
--- a/tests/conjur/test.sh
+++ b/tests/conjur_variable/test.sh
@@ -23,7 +23,7 @@ declare -x ANSIBLE_CONJUR_CERT_FILE=''
 function main() {
   docker-compose up -d --build conjur \
                                conjur_https \
-                               conjur_cli
+                               conjur_cli \
 
   echo "Waiting for Conjur server to come up"
   wait_for_conjur
@@ -95,7 +95,7 @@ function run_test_case {
   fi
 
   docker-compose exec -T ansible bash -exc "
-    cd tests/conjur
+    cd tests/conjur_variable
 
     # If env vars were provided, load them
     if [ -e 'test_cases/${test_case}/env' ]; then
diff --git a/tests/conjur/test_cases/retrieve-variable-bad-cert-path/env b/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/env
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-bad-cert-path/env
rename to tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/env
diff --git a/tests/conjur/test_cases/retrieve-variable-bad-cert-path/playbook.yml b/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/playbook.yml
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-bad-cert-path/playbook.yml
rename to tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/playbook.yml
diff --git a/tests/conjur/test_cases/retrieve-variable-bad-cert-path/tests/test_default.py b/tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/tests/test_default.py
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-bad-cert-path/tests/test_default.py
rename to tests/conjur_variable/test_cases/retrieve-variable-bad-cert-path/tests/test_default.py
diff --git a/tests/conjur/test_cases/retrieve-variable-bad-certs/bad-cert.pem b/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/bad-cert.pem
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-bad-certs/bad-cert.pem
rename to tests/conjur_variable/test_cases/retrieve-variable-bad-certs/bad-cert.pem
diff --git a/tests/conjur/test_cases/retrieve-variable-bad-certs/env b/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/env
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-bad-certs/env
rename to tests/conjur_variable/test_cases/retrieve-variable-bad-certs/env
diff --git a/tests/conjur/test_cases/retrieve-variable-bad-certs/playbook.yml b/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/playbook.yml
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-bad-certs/playbook.yml
rename to tests/conjur_variable/test_cases/retrieve-variable-bad-certs/playbook.yml
diff --git a/tests/conjur/test_cases/retrieve-variable-bad-certs/tests/test_default.py b/tests/conjur_variable/test_cases/retrieve-variable-bad-certs/tests/test_default.py
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-bad-certs/tests/test_default.py
rename to tests/conjur_variable/test_cases/retrieve-variable-bad-certs/tests/test_default.py
diff --git a/tests/conjur/test_cases/retrieve-variable-disable-verify-certs/playbook.yml b/tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/playbook.yml
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-disable-verify-certs/playbook.yml
rename to tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/playbook.yml
diff --git a/tests/conjur/test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py b/tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py
rename to tests/conjur_variable/test_cases/retrieve-variable-disable-verify-certs/tests/test_default.py
diff --git a/tests/conjur/test_cases/retrieve-variable-no-cert-provided/playbook.yml b/tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/playbook.yml
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-no-cert-provided/playbook.yml
rename to tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/playbook.yml
diff --git a/tests/conjur/test_cases/retrieve-variable-no-cert-provided/tests/test_default.py b/tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/tests/test_default.py
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-no-cert-provided/tests/test_default.py
rename to tests/conjur_variable/test_cases/retrieve-variable-no-cert-provided/tests/test_default.py
diff --git a/tests/conjur/test_cases/retrieve-variable-with-authn-token/env b/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/env
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-with-authn-token/env
rename to tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/env
diff --git a/tests/conjur/test_cases/retrieve-variable-with-authn-token/playbook.yml b/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/playbook.yml
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-with-authn-token/playbook.yml
rename to tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/playbook.yml
diff --git a/tests/conjur/test_cases/retrieve-variable-with-authn-token/tests/test_default.py b/tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/tests/test_default.py
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-with-authn-token/tests/test_default.py
rename to tests/conjur_variable/test_cases/retrieve-variable-with-authn-token/tests/test_default.py
diff --git a/tests/conjur/test_cases/retrieve-variable-with-spaces-secret/env b/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/env
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-with-spaces-secret/env
rename to tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/env
diff --git a/tests/conjur/test_cases/retrieve-variable-with-spaces-secret/playbook.yml b/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/playbook.yml
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-with-spaces-secret/playbook.yml
rename to tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/playbook.yml
diff --git a/tests/conjur/test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py b/tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py
rename to tests/conjur_variable/test_cases/retrieve-variable-with-spaces-secret/tests/test_default.py
diff --git a/tests/conjur/test_cases/retrieve-variable/env b/tests/conjur_variable/test_cases/retrieve-variable/env
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable/env
rename to tests/conjur_variable/test_cases/retrieve-variable/env
diff --git a/tests/conjur/test_cases/retrieve-variable/playbook.yml b/tests/conjur_variable/test_cases/retrieve-variable/playbook.yml
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable/playbook.yml
rename to tests/conjur_variable/test_cases/retrieve-variable/playbook.yml
diff --git a/tests/conjur/test_cases/retrieve-variable/tests/test_default.py b/tests/conjur_variable/test_cases/retrieve-variable/tests/test_default.py
similarity index 100%
rename from tests/conjur/test_cases/retrieve-variable/tests/test_default.py
rename to tests/conjur_variable/test_cases/retrieve-variable/tests/test_default.py
diff --git a/tests/sanity/ignore-2.10.txt b/tests/sanity/ignore-2.10.txt
index a28d2d6e3..d93b42a34 100644
--- a/tests/sanity/ignore-2.10.txt
+++ b/tests/sanity/ignore-2.10.txt
@@ -1,8 +1,8 @@
 Jenkinsfile shebang
-tests/conjur/test.sh shebang
-tests/conjur-host-identity/test.sh shebang
-tests/conjur/policy/root.yml yamllint:unparsable-with-libyaml
-tests/conjur-host-identity/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by summon utility (in Jenkinsfile), not via Python
+tests/conjur_variable/test.sh shebang
+tests/conjur_variable/policy/root.yml yamllint:unparsable-with-libyaml
+roles/conjur_host_identity/tests/test.sh shebang
+roles/conjur_host_identity/tests/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by summon utility (in Jenkinsfile), not via Python
 ci/build_release shebang
 ci/parse-changelog.sh shebang
 ci/publish_to_galaxy shebang
diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt
index a28d2d6e3..d93b42a34 100644
--- a/tests/sanity/ignore-2.11.txt
+++ b/tests/sanity/ignore-2.11.txt
@@ -1,8 +1,8 @@
 Jenkinsfile shebang
-tests/conjur/test.sh shebang
-tests/conjur-host-identity/test.sh shebang
-tests/conjur/policy/root.yml yamllint:unparsable-with-libyaml
-tests/conjur-host-identity/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by summon utility (in Jenkinsfile), not via Python
+tests/conjur_variable/test.sh shebang
+tests/conjur_variable/policy/root.yml yamllint:unparsable-with-libyaml
+roles/conjur_host_identity/tests/test.sh shebang
+roles/conjur_host_identity/tests/policy/root.yml yamllint:unparsable-with-libyaml # File loaded by summon utility (in Jenkinsfile), not via Python
 ci/build_release shebang
 ci/parse-changelog.sh shebang
 ci/publish_to_galaxy shebang
diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt
index 52c574ab8..85dc87809 100644
--- a/tests/sanity/ignore-2.9.txt
+++ b/tests/sanity/ignore-2.9.txt
@@ -1,6 +1,6 @@
 Jenkinsfile shebang
-tests/conjur/test.sh shebang
-tests/conjur-host-identity/test.sh shebang
+tests/conjur_variable/test.sh shebang
+roles/conjur_host_identity/tests/test.sh shebang
 ci/build_release shebang
 ci/parse-changelog.sh shebang
 ci/publish_to_galaxy shebang