Merge pull request #18 from alessfg/parity-tweaks

Add molecule tests

Author: aknot242

.ansible-lint

@@ -0,0 +1,2 @@
+skip_list:
+- '106'

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,28 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To reproduce**
+Steps to reproduce the behavior:
+1. Deploy NGINX Config role using playbook.yml
+2. View output/logs/configuration on '...'
+3. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Your environment:**
+-   Version of the NGINX Config Role or specific commit
+-   Version of Ansible
+-   Target deployment platform
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/pull_request_template.md

@@ -0,0 +1,10 @@
+### Proposed changes
+Describe the use case and detail of the change. If this PR addresses an issue on GitHub, make sure to include a link to that issue using one of the [supported keywords](https://docs.github.com/en/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue) here in this description (not in the title of the PR).
+
+### Checklist
+Before creating a PR, run through this checklist and mark each as complete.
+
+-   [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-role-nginx-app-protect/blob/main/CONTRIBUTING.md) document
+-   [ ] I have added Molecule tests that prove my fix is effective or that my feature works
+-   [ ] I have checked that all Molecule tests pass after adding my changes
+-   [ ] I have updated any relevant documentation (`defaults/main/*.yml`, `README.md` and `CHANGELOG.md`)

.gitignore

@@ -36,6 +36,3 @@ default.pem
 
 # Scratch Directory
 scratch/
-
-# nginx keys
-sample-playbook/license/nginx-repo.*

.travis.yml

@@ -1,29 +1,23 @@
 ---
 language: python
-python: "2.7"
-
-# Use the new container infrastructure
-sudo: false
-
-# Install ansible
-addons:
-  apt:
-    packages:
-    - python-pip
-
+services: docker
+jobs:
+  include:
+    - name: "Lint role"
+      env:
+        scenario: default
+before_install:
+  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+  - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+  - sudo apt-get update
+  - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
 install:
-  # Install ansible
-  - pip install ansible
-
-  # Check ansible version
-  - ansible --version
-
-  # Create ansible.cfg with correct roles_path
-  - printf '[defaults]\nroles_path=../' >ansible.cfg
-
+  - pip install ansible==2.9.13
+  - pip install ansible-lint==4.3.4
+  - pip install yamllint==1.24.2
+  - pip install molecule==3.0.8
+  - pip install docker==4.3.1
 script:
-  # Basic role syntax check
-  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
-
+  - travis_wait 50 molecule lint -s $scenario
 notifications:
-  webhooks: https://galaxy.ansible.com/api/v1/notifications/
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

.yamllint

@@ -1,5 +1,4 @@
 ---
-# Based on ansible-lint config
 extends: default
 
 rules:
@@ -9,25 +8,6 @@ rules:
   brackets:
     max-spaces-inside: 1
     level: error
-  colons:
-    max-spaces-after: -1
-    level: error
-  commas:
-    max-spaces-after: -1
-    level: error
-  comments: disable
   comments-indentation: disable
-  document-start: disable
-  empty-lines:
-    max: 3
-    level: error
-  hyphens:
-    level: error
-  indentation: disable
-  key-duplicates: enable
   line-length: disable
-  new-line-at-end-of-file: disable
-  new-lines:
-    type: unix
-  trailing-spaces: disable
   truthy: disable

README.md

@@ -3,8 +3,8 @@
 NGINX App Protect Ansible Role
 ==============================
 
-<!-- [![Ansible Galaxy](https://img.shields.io/badge/galaxy-nginxinc.nginx-5bbdbf.svg)](https://galaxy.ansible.com/nginxinc/nginx) -->
-<!-- [![Build Status](https://travis-ci.org/nginxinc/ansible-role-nginx-app-protect.svg?branch=master)](https://travis-ci.org/nginxinc/ansible-role-nginx-app-protect) -->
+[![Ansible Galaxy](https://img.shields.io/badge/galaxy-nginxinc.nginx-5bbdbf.svg)](https://galaxy.ansible.com/nginxinc/nginx_app_protect)
+[![Build Status](https://travis-ci.org/nginxinc/ansible-role-nginx-app-protect.svg?branch=main)](https://travis-ci.org/nginxinc/ansible-role-nginx-app-protect)
 
 This role installs and configures NGINX App Protect (WAF) for NGINX Plus on your target host.
 
@@ -41,144 +41,116 @@ The NGINX App Protect Ansible role supports all platforms supported by [NGINX Pl
 
 ```yaml
 CentOS:
-  versions:
-    - 7.4
-    - 7.5
-    - 7.6
-    - 7.7
-    - 7.8
+  - 7.4+
 RHEL:
-  versions:
-    - 7.4
-    - 7.5
-    - 7.6
-    - 7.7
-    - 7.8
+  - 7.4+
 Debian:
-  versions:
-    - 9.0
-    - 9.1
-    - 9.2
-    - 9.3
-    - 9.4
-    - 9.5
-    - 9.6
-    - 9.7
-    - 9.8
-    - 9.9
-    - 9.10
-    - 9.11
-    - 9.12
-    - 9.13
+  - 9
 Ubuntu:
-  versions:
-    - 18.04
+  - 18.04
 ```
 
 Role Variables
 --------------
 
-This role has multiple variables. The descriptions and defaults for all these variables can be found in the **[defaults/main.yml](./defaults/main.yml)`**.
-
+This role has multiple variables. The descriptions and defaults for all these variables can be found in the **[defaults/main.yml](https://github.com/nginxinc/ansible-role-nginx-app-protect/blob/main/defaults/main.yml)**.
 
 Dependencies
 ------------
 
-- Since this role uses the [package_facts](https://docs.ansible.com/ansible/latest/modules/package_facts_module.html) module, on debian-based systems the `python-apt` package must be installed on targeted hosts.
+-   Since this role uses the [package_facts](https://docs.ansible.com/ansible/latest/modules/package_facts_module.html) module, on debian-based systems the `python-apt` package must be installed on targeted hosts.
 
-- If NGINX+ is *not* already installed on the system, this role will install the version of NGINX+ that is dependent on the version of NGINX App Protect set with the `app_protect_version` variable. If none is specified, the latest version of NGINX+ and NGINX App Protect will be installed.
+-   If NGINX Plus is *not* already installed on the system, this role will install the version of NGINX Plus that is dependent on the version of NGINX App Protect set with the `nginx_app_protect_version` variable. If none is specified, the latest version of NGINX Plus and NGINX App Protect will be installed.
 
-- When using the `app_protect_version` variable, a specific version of NGINX+ must already be installed on the target system.
+-   When using the `nginx_app_protect_version` variable, a specific version of NGINX Plus must already be installed on the target system.
 
 Example Playbook
 ----------------
 
-
 This is a sample playbook file for using the role to install NGINX App Protect on NGINX Plus and configure it using basic settings to all `wafs` inventory hosts.
 
 A copy of this is in the sample-playbook directory in this repo.
 
 First create a file for all the variables as `nginx-app-protect-vars.yml`
+
 ```yaml
 ---
-
-    # Specify whether you want to maintain your version of NGINX App Protect, upgrade to the latest version, or remove NGINX App Protect.
-    # Can be used with `app_protect_version` to achieve fine grained control on which version of NGINX App Protect is installed/used on each playbook execution.
-    # Using 'present' will install the latest version (or 'app_protect_version') of NGINX App Protect on a fresh install.
-    # Using 'latest' will upgrade NGINX App Protect to the latest version (that matches your 'app_protect_version') of NGINX App Protect on every playbook execution.
-    # Using 'absent' will remove NGINX App Protect from your system.
-    # Default is present.
-    app_protect_state: present
-
-    # OPTIONAL: Installs a specific version of NGINX App Protect
-    app_protect_version: 22
-
-    # The installation of NGINX App Protect includes a base signature set, which may be out of date. 
-    # This option installs the latest NGINX App Protect signatures.
-    app_protect_install_signatures: true
-
-    # The installation of NGINX App Protect can include a page of frequently-updated, high-accuracy signatures called Threat Campaigns.
-    # This option installs the latest NGINX App Protect Threat Campaigns signatures.
-    app_protect_install_threat_campaigns: true
-
-    # Creates basic configuration files and enables NGINX App Protect on the target host
-    app_protect_configure: true
-
-    # Removes the license (certificate and key) for the NGINX App Protect repositories on the target host(s) when playbook run is complete.
-    app_protect_delete_license: true
-
-    # If you have a RHEL subscription, NGINX App Protect's dependencies will use subscription repos.
-    # Otherwise, it will source packages from CentOS' repositories.
-    app_protect_use_rhel_subscription_repos: false
-
-    # For use with the app_protect_configure option to determine if the default security policy will be written to the target host
-    # Used when `app_protect_configure: true`.
-    app_protect_security_policy_template_enable: true
-
-    # Default app protect enforcement mode. Values can be `blocking` or `transparent`. 
-    # Used when `app_protect_configure: true` and `app_protect_security_policy_template_enable: true`.
-    security_policy_enforcement_mode: blocking
-
-    # For use with the app_protect_configure option to determine if the default log policy will be written to the target host.
-    # Used when `app_protect_configure: true`.
-    app_protect_log_policy_template_enable: true
-
-    # Which violation types to log. Possible values: all, illegal, blocked
-    # Used when `app_protect_configure: true` and `app_protect_log_policy_template_enable: true`.
-    log_policy_filter_request_type: all
-
-    # For use with the app_protect_configure option to determine if the sample nginx.conf will be written to the target host. 
-    # Since this can be dangerous, this value is default to false in the role defaults.
-    # Used when `app_protect_configure: true`.
-    nginx_conf_template_enable: true
-
-    # For use with the app_protect_configure option to determine the syslog target to be injected 
-    # into the default log policy that will be written to the target host. 
-    # Used when `nginx_conf_template_enable: true`.
-    log_policy_syslog_target: 10.1.1.8:5144
-
-    # DEPRECATED: A proxy pass workload used in the sample nginx.conf for demo purposes.
-    # Will be removed from this role in the future. 
-    # Used when `nginx_conf_template_enable: true`.
-    nginx_demo_workload: http://10.1.10.105:8080
-
-    # The location of the certificate and key to be used when downloading the packages onto the host
-    nginx_license: 
-      certificate: "{{playbook_dir}}/license/nginx-repo.crt"
-      key: "{{playbook_dir}}/license/nginx-repo.key"
-
+# Specify whether you want to maintain your version of NGINX App Protect, upgrade to the latest version, or remove NGINX App Protect.
+# Can be used with `nginx_app_protect_version` to achieve fine grained control on which version of NGINX App Protect is installed/used on each playbook execution.
+# Using 'present' will install the latest version (or 'nginx_app_protect_version') of NGINX App Protect on a fresh install.
+# Using 'latest' will upgrade NGINX App Protect to the latest version (that matches your 'nginx_app_protect_version') of NGINX App Protect on every playbook execution.
+# Using 'absent' will remove NGINX App Protect from your system.
+# Default is present.
+nginx_app_protect_state: present
+
+# OPTIONAL: Installs a specific version of NGINX App Protect
+nginx_app_protect_version: 22
+
+# The installation of NGINX App Protect includes a base signature set, which may be out of date.
+# This option installs the latest NGINX App Protect signatures.
+nginx_app_protect_install_signatures: true
+
+# The installation of NGINX App Protect can include a page of frequently-updated, high-accuracy signatures called Threat Campaigns.
+# This option installs the latest NGINX App Protect Threat Campaigns signatures.
+nginx_app_protect_install_threat_campaigns: true
+
+# Creates basic configuration files and enables NGINX App Protect on the target host
+nginx_app_protect_configure: true
+
+# Removes the license (certificate and key) for the NGINX App Protect repositories on the target host(s) when playbook run is complete.
+nginx_app_protect_delete_license: true
+
+# If you have a RHEL subscription, NGINX App Protect's dependencies will use subscription repos.
+# Otherwise, it will source packages from CentOS' repositories.
+nginx_app_protect_use_rhel_subscription_repos: false
+
+# For use with the nginx_app_protect_configure option to determine if the default security policy will be written to the target host
+# Used when `nginx_app_protect_configure: true`.
+nginx_app_protect_security_policy_template_enable: true
+
+# Default app protect enforcement mode. Values can be `blocking` or `transparent`.
+# Used when `nginx_app_protect_configure: true` and `nginx_app_protect_security_policy_template_enable: true`.
+nginx_app_protect_security_policy_enforcement_mode: blocking
+
+# For use with the nginx_app_protect_configure option to determine if the default log policy will be written to the target host.
+# Used when `nginx_app_protect_configure: true`.
+nginx_app_protect_log_policy_template_enable: true
+
+# Which violation types to log. Possible values: all, illegal, blocked
+# Used when `nginx_app_protect_configure: true` and `nginx_app_protect_log_policy_template_enable: true`.
+nginx_app_protect_log_policy_filter_request_type: all
+
+# For use with the nginx_app_protect_configure option to determine if the sample nginx.conf will be written to the target host.
+# Since this can be dangerous, this value is default to false in the role defaults.
+# Used when `nginx_app_protect_configure: true`.
+nginx_app_protect_conf_template_enable: true
+
+# For use with the nginx_app_protect_configure option to determine the syslog target to be injected
+# into the default log policy that will be written to the target host.
+# Used when `nginx_app_protect_conf_template_enable: true`.
+nginx_app_protect_log_policy_syslog_target: 10.1.1.8:5144
+
+# DEPRECATED: A proxy pass workload used in the sample nginx.conf for demo purposes.
+# Will be removed from this role in the future.
+# Used when `nginx_app_protect_conf_template_enable: true`.
+nginx_app_protect_demo_workload: http://10.1.10.105:8080
+
+# The location of the certificate and key to be used when downloading the packages onto the host.
+nginx_app_protect_license:
+  certificate: "{{ playbook_dir }}/license/nginx-repo.crt"
+  key: "{{ playbook_dir }}/license/nginx-repo.crt"
 ```
 
 This is a sample playbook file for deploying the Ansible Galaxy NGINX App Protect role in a localhost and installing NGINX App Protect on NGINX Plus.
 
 ```yaml
 ---
 - hosts: wafs
-  remote_user: centos  
+  remote_user: centos
   pre_tasks:
   - name: load the vars
-    include_vars: 
-      file: "{{playbook_dir}}/nginx-app-protect-vars.yml"
+    include_vars:
+      file: "{{ playbook_dir }}/nginx-app-protect-vars.yml"
   roles:
     - nginxinc.nginx_app_protect
 ```
@@ -196,7 +168,7 @@ You can find an Ansible collection of roles to help you install and configure NG
 License
 -------
 
-[Apache License, Version 2.0](LICENSE)
+[Apache License, Version 2.0](https://github.com/nginxinc/ansible-role-nginx-app-protect/blob/master/LICENSE)
 
 Author Information
 ------------------