majic-ansible-roles Changeset

Changeset - f428e318d2ca

Parent rev.

Child rev.

[Not reviewed]

2 5 2

Branko Majic (branko) - 4 years ago 2020-07-27 00:30:32
branko@majic.rs

MAR-162: Make the https_tls_certificate and https_tls_key parameters mandatory in wsgi_website role:

- Dropped the defaults from wsgi_server role.
- Updated group variables in role tests.
- Changed the key/certificate file extensions to be more descriptive.
- Updated role reference documentation.
- Updated usage instructions to include the mandatory parameters.

7 files changed with 10 insertions and 11 deletions:

docs/rolereference.rst

docs/usage.rst

roles/wsgi_website/defaults/main.yml

roles/wsgi_website/molecule/default/playbook.yml

roles/wsgi_website/molecule/default/tests/data/x509/parameters-mandatory_https.cert.pem

rename

roles/wsgi_website/molecule/default/tests/data/x509/parameters-mandatory_https.key.pem

rename

roles/wsgi_website/molecule/default/tests/test_default.py

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -1814,11 +1814,11 @@ Parameters @@
   Version of Gunicorn to deploy in virtual environment for running the WSGI
   application. Default version is tested with the test site.
-**https_tls_certificate** (string, optional, ``{{ lookup('file', tls_certificate_dir + '/' + fqdn + '_https.pem') }}``)
+**https_tls_certificate** (string, mandatory)
   X.509 certificate used for TLS for HTTPS service. The file will be stored in
   directory ``/etc/ssl/certs/`` under name ``{{ fqdn }}_https.pem``.
-**https_tls_key** (string, optional, ``{{ lookup('file', tls_private_key_dir + '/' + fqdn + '_https.key') }}``)
+**https_tls_key** (string, mandatory)
   Private key used for TLS for HTTPS service. The file will be stored in
   directory ``/etc/ssl/private/`` under name ``{{ fqdn }}_https.key``.

docs/usage.rst

➞

Show inline comments

@@ @@ -1727,6 +1727,9 @@ on the safe side: @@
       dependencies:
         - role: wsgi_website
           fqdn: wiki.example.com
           # TLS key and certificate to use for the virtual host.
           https_tls_certificate: "{{ lookup('file', 'tls/wiki.example.com_https.pem') }}"
           https_tls_key: "{{ lookup('file', 'tls/wiki.example.com_https.key') }}"
           # In many cases you need to have some development packages available
           # in order to build Python packages installed via pip
           packages:

roles/wsgi_website/defaults/main.yml

➞

Show inline comments

@@ @@ -8,8 +8,6 @@ static_locations: [] @@
 use_paste: false
 virtualenv_packages: []
 environment_variables: {}
 https_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + fqdn + '_https.pem') }}"
 https_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + fqdn + '_https.key') }}"
 gunicorn_version: "19.9.0"
 futures_version: "3.2.0"
 website_mail_recipients: "root"

roles/wsgi_website/molecule/default/playbook.yml

➞

Show inline comments

@@ @@ -11,17 +11,17 @@ @@
     default_https_tls_certificate: "{{ lookup('file', 'tests/data/x509/wsgi-website_https.cert.pem') }}"
     default_https_tls_key: "{{ lookup('file', 'tests/data/x509/wsgi-website_https.key.pem') }}"
     # Common parameters (general, not role).
     tls_certificate_dir: tests/data/x509/
     tls_private_key_dir: tests/data/x509/
   roles:
     - role: wsgi_website
       fqdn: parameters-mandatory
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-mandatory_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-mandatory_https.key.pem') }}"
       wsgi_application: testapp:application
     - role: wsgi_website
       fqdn: parameters-optional.local
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional.local_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional.local_https.key.pem') }}"
       additional_nginx_config:
         - comment: Custom missing page.
           value: error_page 404 /my/own/error/page;
@@ @@ -35,8 +35,6 @@ @@
         MY_ENV_VAR: "My environment variable"
       futures_version: 3.1.0
       gunicorn_version: 19.7.0
       https_tls_certificate: "{{ lookup('file', 'tests/data/x509/parameters-optional.local_https.cert.pem') }}"
       https_tls_key: "{{ lookup('file', 'tests/data/x509/parameters-optional.local_https.key.pem') }}"
       packages:
         - "libmariadbclient-dev-compat"
         - global

roles/wsgi_website/molecule/default/tests/data/x509/parameters-mandatory_https.cert.pem

➞

Show inline comments

file renamed from roles/wsgi_website/molecule/default/tests/data/x509/parameters-mandatory_https.pem to roles/wsgi_website/molecule/default/tests/data/x509/parameters-mandatory_https.cert.pem

roles/wsgi_website/molecule/default/tests/data/x509/parameters-mandatory_https.key.pem

➞

Show inline comments

file renamed from roles/wsgi_website/molecule/default/tests/data/x509/parameters-mandatory_https.key to roles/wsgi_website/molecule/default/tests/data/x509/parameters-mandatory_https.key.pem

roles/wsgi_website/molecule/default/tests/test_default.py

➞

Show inline comments

 @pytest.mark.parametrize("private_key_path, certificate_path, expected_private_key, expected_certificate", [
     ('/etc/ssl/private/parameters-mandatory_https.key', '/etc/ssl/certs/parameters-mandatory_https.pem',
      'tests/data/x509/parameters-mandatory_https.key', 'tests/data/x509/parameters-mandatory_https.pem'),
+     'tests/data/x509/parameters-mandatory_https.key.pem', 'tests/data/x509/parameters-mandatory_https.cert.pem'),
     ('/etc/ssl/private/parameters-optional.local_https.key', '/etc/ssl/certs/parameters-optional.local_https.pem',
      'tests/data/x509/parameters-optional.local_https.key.pem', 'tests/data/x509/parameters-optional.local_https.cert.pem'),
     ('/etc/ssl/private/parameters-paste-req_https.key', '/etc/ssl/certs/parameters-paste-req_https.pem',

0 comments (0 inline, 0 general)