majic-ansible-roles Changeset

Changeset - f073c9637d47

Parent rev.

Child rev.

[Not reviewed]

2 5 2

Branko Majic (branko) - 4 years ago 2020-07-26 23:38:37
branko@majic.rs

MAR-162: Make the https_tls_certificate and https_tls_key parameters mandatory in php_website role:

- Dropped the defaults from php_server role.
- Updated group variables in role tests.
- Changed the key/certificate file extensions to be more descriptive.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameters.

7 files changed with 9 insertions and 10 deletions:

docs/rolereference.rst

docs/usage.rst

roles/php_website/defaults/main.yml

roles/php_website/molecule/default/playbook.yml

roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.cert.pem

rename

roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.key.pem

rename

roles/php_website/molecule/default/tests/test_parameters_mandatory.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1569,11 +1569,11 @@ Parameters @@
   succession, until the first match, or until it runs out of matches, when a
   client requests an URI pointing to directory.
-**https_tls_certificate** (string, optional, ``{{ lookup('file', tls_certificate_dir + '/' + fqdn + '_https.pem') }}``)
+**https_tls_certificate** (string, mandatory)
   X.509 certificate used for TLS for HTTPS service. The file will be stored in
   directory ``/etc/ssl/certs/`` under name ``{{ fqdn }}_https.pem``.
-**https_tls_key** (string, optional, ``{{ lookup('file', tls_private_key_dir + '/' + fqdn + '_https.key') }}``)
+**https_tls_key** (string, optional, mandatory)
   Private key used for TLS for HTTPS service. The file will be stored in
   directory ``/etc/ssl/private/`` under name ``{{ fqdn }}_https.key``.

docs/usage.rst

➞

Show inline comments

         - role: php_website
           # Our virtual host will for PHP website will respond to this name.
           fqdn: tbg.example.com
           # TLS key and certificate to use for the virtual host.
           https_tls_certificate: "{{ lookup('file', 'tls/tbg.example.com_https.pem') }}"
           https_tls_key: "{{ lookup('file', 'tls/tbg.example.com_https.key') }}"
           # Some additional packages are required in order to deploy and use TBG.
           packages:
             - php-gd

roles/php_website/defaults/main.yml

➞

Show inline comments

@@ @@ -8,8 +8,6 @@ packages: [] @@
 php_file_regex: \.php$
 php_rewrite_urls: []
 rewrites: []
 https_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + fqdn + '_https.pem') }}"
 https_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + fqdn + '_https.key') }}"
 additional_fpm_config: {}
 website_mail_recipients: "root"
 environment_indicator: null

roles/php_website/molecule/default/playbook.yml

➞

Show inline comments

@@ @@ -11,13 +11,11 @@ @@
     default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/php-website_https.cert.pem') }}"
     default_https_tls_key: "{{ lookup('file', 'tests/data/x509/php-website_https.key.pem') }}"
     # Common parameters (general, not role).
     tls_certificate_dir: tests/data/x509/
     tls_private_key_dir: tests/data/x509/
   roles:
     - role: php_website
       fqdn: parameters-mandatory
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-mandatory_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-mandatory_https.key.pem') }}"
     - role: php_website
       additional_fpm_config:

roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.cert.pem

➞

Show inline comments

file renamed from roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.pem to roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.cert.pem

roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.key.pem

➞

Show inline comments

file renamed from roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.key to roles/php_website/molecule/default/tests/data/x509/parameters-mandatory_https.key.pem

roles/php_website/molecule/default/tests/test_parameters_mandatory.py

➞

Show inline comments

@@ @@ -160,14 +160,14 @@ def test_nginx_tls_files(host): @@
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o640
         assert tls_file.content_string == open("tests/data/x509/parameters-mandatory_https.key", "r").read().rstrip()
+        assert tls_file.content_string == open("tests/data/x509/parameters-mandatory_https.key.pem", "r").read().rstrip()
         tls_file = host.file('/etc/ssl/certs/parameters-mandatory_https.pem')
         assert tls_file.is_file
         assert tls_file.user == 'root'
         assert tls_file.group == 'root'
         assert tls_file.mode == 0o644
         assert tls_file.content_string == open("tests/data/x509/parameters-mandatory_https.pem", "r").read().rstrip()
+        assert tls_file.content_string == open("tests/data/x509/parameters-mandatory_https.cert.pem", "r").read().rstrip()
 def test_certificate_validity_check_configuration(host):

0 comments (0 inline, 0 general)