Remove nginx_app_protect_configure parameter (#167)

alessfg · web-flow · commit 428dffd114f3 · 2022-02-23T16:07:31.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@ BREAKING CHANGES:
 * Rename `nginx_app_protect_<waf/dos>_state` parameter to `nginx_app_protect_<waf/dos>_setup` parameters.
 * Rename multiple `nginx_app_protect_*` parameters and tags to `nginx_app_protect_waf_*` to aid in disambiguation.
 * Cleanup remaining Alpine Linux tasks.
+* Remove `nginx_app_protect_configure` parameter since it has limited functionality given the `nginx_app_protect_*_policy_file_enable` parameters.
 
 ENHANCEMENTS:
 
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -99,9 +99,6 @@ nginx_app_protect_start: true
 nginx_app_protect_service_modify: true
 nginx_app_protect_timeout: 180
 
-# Creates basic configuration files and enables NGINX App Protect WAF on the target host
-nginx_app_protect_configure: false
-
 # Copy local NGINX App Protect security policy to host
 nginx_app_protect_security_policy_file_enable: false
 nginx_app_protect_security_policy_file:
diff --git a/molecule/advanced/converge.yml b/molecule/advanced/converge.yml
@@ -12,5 +12,4 @@
         nginx_app_protect_remove_license: false
         nginx_app_protect_install_signatures: true
         nginx_app_protect_install_threat_campaigns: true
-        nginx_app_protect_configure: true
         nginx_app_protect_timeout: 180
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -3,28 +3,25 @@
   include_tasks: "{{ role_path }}/tasks/common/prerequisites/validate-supported-os.yml"
   when: nginx_app_protect_waf_state != "absent" or nginx_app_protect_dos_state != "absent"
 
-- name: Check for conflicting WAF config variables
-  block:
-    - name: Fail if variables for 'nginx_app_protect_security_policy_file_enable' are not defined
-      assert:
-        that:
-          - "{{ item }} is defined"
-          - "{{ item }} | length > 0"
-      loop:
-        - nginx_app_protect_security_policy_file.0.src
-        - nginx_app_protect_security_policy_file.0.dest
-      when: nginx_app_protect_security_policy_file_enable | bool
+- name: Fail if variables for 'nginx_app_protect_security_policy_file_enable' are not defined
+  assert:
+    that:
+      - "{{ item }} is defined"
+      - "{{ item }} | length > 0"
+  loop:
+    - nginx_app_protect_security_policy_file.0.src
+    - nginx_app_protect_security_policy_file.0.dest
+  when: nginx_app_protect_security_policy_file_enable | bool
 
-    - name: Fail if variables for 'nginx_app_protect_log_policy_file_enable' are not defined
-      assert:
-        that:
-          - "{{ item }} is defined"
-          - "{{ item }} | length > 0"
-      loop:
-        - nginx_app_protect_log_policy_file.0.src
-        - nginx_app_protect_log_policy_file.0.dest
-      when: nginx_app_protect_log_policy_file_enable | bool
-  when: nginx_app_protect_configure | bool
+- name: Fail if variables for 'nginx_app_protect_log_policy_file_enable' are not defined
+  assert:
+    that:
+      - "{{ item }} is defined"
+      - "{{ item }} | length > 0"
+  loop:
+    - nginx_app_protect_log_policy_file.0.src
+    - nginx_app_protect_log_policy_file.0.dest
+  when: nginx_app_protect_log_policy_file_enable | bool
 
 - name: Install prerequisites
   include_tasks: "{{ role_path }}/tasks/common/prerequisites/install-dependencies.yml"
@@ -63,5 +60,6 @@
 
 - name: Configure NGINX App Protect
   include_tasks: "{{ role_path }}/tasks/common/config/configure-app-protect.yml"
-  when: nginx_app_protect_configure | bool
+  when: nginx_app_protect_security_policy_file_enable | bool
+        or nginx_app_protect_log_policy_file_enable | bool
   tags: nginx_app_protect_configure
