Ensure molecule verifier passes

alessfg · alessfg · commit 1cee39245936 · 2020-09-09T20:35:03.000+02:00
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -1,24 +1,24 @@
 ---
 - name: Converge
   hosts: all
-  vars:
-    nginx_app_protect_enable: true
-    nginx_app_protect_install_signatures: true
-    nginx_app_protect_install_threat_campaigns: true
-    nginx_app_protect_configure: true
-    nginx_app_protect_security_policy_template_enable: true
-    nginx_app_protect_security_policy_enforcement_mode: blocking
-    nginx_app_protect_log_policy_template_enable: true
-    nginx_app_protect_log_policy_filter_request_type: all
-    nginx_app_protect_conf_template_enable: true
-    nginx_app_protect_log_policy_syslog_target: 10.1.10.105:5144
-    nginx_app_protect_demo_workload_protocol: http://
-    nginx_app_protect_demo_workload_host: 10.1.10.105:8080
-    nginx_app_protect_license:
-      certificate: "license/nginx-repo.crt"
-      key: "license/nginx-repo.key"
-
   tasks:
-    - name: "Include ansible-role-nginx-app-protect"
+    - name: Install NGINX App Protect
       include_role:
-        name: "ansible-role-nginx-app-protect"
+        name: ansible-role-nginx-app-protect
+      vars:
+        nginx_app_protect_enable: true
+        nginx_app_protect_install_signatures: true
+        nginx_app_protect_install_threat_campaigns: true
+        nginx_app_protect_configure: true
+        nginx_app_protect_security_policy_template_enable: true
+        nginx_app_protect_security_policy_enforcement_mode: blocking
+        nginx_app_protect_log_policy_template_enable: true
+        nginx_app_protect_log_policy_filter_request_type: all
+        nginx_app_protect_conf_template_enable: true
+        nginx_app_protect_log_policy_syslog_target: 10.1.10.105:5144
+        nginx_app_protect_demo_workload_protocol: http://
+        nginx_app_protect_demo_workload_host: 10.1.10.105:8080
+        nginx_app_protect_license:
+          certificate: "license/nginx-repo.crt"
+          key: "license/nginx-repo.key"
+        nginx_app_protect_delete_license: false
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
@@ -17,8 +17,3 @@
       check_mode: yes
       register: service
       failed_when: (service is changed) or (service is failed)
-
-    - name: Verify NGINX is up and running
-      uri:
-        url: http://localhost
-        status_code: 200
diff --git a/tasks/config/configure-app-protect.yml b/tasks/config/configure-app-protect.yml
@@ -59,7 +59,7 @@
 
 - name: Reload NGINX
   debug:
-    msg: "trigger nginx reload if needed"
+    msg: Trigger nginx reload if needed
   notify: (Handler) Restart NGINX
   when: nginx_app_protect_security_policy_template_enable | bool
         or nginx_app_protect_log_policy_template_enable | bool
diff --git a/tasks/install/install-app-protect.yml b/tasks/install/install-app-protect.yml
@@ -45,4 +45,4 @@
   package:
     name: "app-protect{{ nginx_app_protect_version | default('') }}"
     state: "{{ nginx_app_protect_state }}"
-  notify: (Handler) Restart NGINX
+  notify: (Handler) Start NGINX
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -58,15 +58,18 @@
         - nginx_app_protect_state != "absent"
           or nginx_app_protect_install_signatures | bool
           or nginx_app_protect_install_threat_campaigns | bool
+      tags: nginx_app_protect_setup_license
 
     - name: Install NGINX App Protect
       include_tasks: "{{ role_path }}/tasks/install/install-app-protect.yml"
+      tags: nginx_app_protect_install_app_protect
 
     - name: Install NGINX App Protect signatures and threat campaigns
       include_tasks: "{{ role_path }}/tasks/install/install-signatures-threat-campaigns.yml"
       when:
         - nginx_app_protect_install_signatures | bool
         - nginx_app_protect_install_threat_campaigns | bool
+      tags: nginx_app_protect_install_signatures_threats
 
     - name: Remove NGINX App Protect license
       include_tasks: "{{ role_path }}/tasks/install/delete-license.yml"
@@ -76,14 +79,17 @@
     - name: Configure NGINX App Protect
       include_tasks: "{{ role_path }}/tasks/config/configure-app-protect.yml"
       when: nginx_app_protect_configure | bool
+      tags: nginx_app_protect_configure
   when: nginx_app_protect_state != "absent"
 
 - name: Remove NGINX App Protect
   block:
     - name: Remove NGINX App Protect package
       include_tasks: "{{ role_path }}/tasks/install/install-app-protect.yml"
+      tags: nginx_app_protect_remove
 
     - name: Disable NGINX App Protect config
       include_tasks: "{{ role_path }}/tasks/config/configure-app-protect.yml"
       when: nginx_app_protect_configure | bool
+      tags: nginx_app_protect_remove_config
   when: nginx_app_protect_state == "absent"
diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2
@@ -1,8 +1,8 @@
+load_module modules/ngx_http_app_protect_module.so;
+
 user nginx;
 worker_processes 1;
 
-load_module modules/ngx_http_app_protect_module.so;
-
 error_log /var/log/nginx/error.log debug;
 
 events {
@@ -35,4 +35,4 @@ http {
             proxy_pass {{ nginx_app_protect_demo_workload_protocol }}backend_hosts$request_uri;
         }
     }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,8 @@`
	`1`	`+load_module modules/ngx_http_app_protect_module.so;`
	`2`	`+`
`1`	`3`	`user nginx;`
`2`	`4`	`worker_processes 1;`
`3`	`5`
`4`		`-load_module modules/ngx_http_app_protect_module.so;`
`5`		`-`
`6`	`6`	`error_log /var/log/nginx/error.log debug;`
`7`	`7`
`8`	`8`	`events {`
`@@ -35,4 +35,4 @@ http {`
`35`	`35`	`proxy_pass {{ nginx_app_protect_demo_workload_protocol }}backend_hosts$request_uri;`
`36`	`36`	`}`
`37`	`37`	`}`
`38`		`-}`
	`38`	`+}`