redhat-cop · djdanielsson · Nov 11, 2024 · Nov 11, 2024
@@ -29,7 +29,7 @@ If you feel like getting your hands dirty, feel free to make the change yourself
 1. Fork the repo on Github, and then clone it locally.
 2. Create a branch named appropriately for the change you are going to make.
 3. Make your code change.
-4. If you are creating a new role, please add a test for it in our [testing](https://github.com/redhat-cop/aap_configuration_extended/blob/devel/tests/) by adding a new role entry and adding the appropriate yaml file with test data in the controller_configs directory.
+4. If you are creating a new role, please add a test for it in our [testing directory.](https://github.com/redhat-cop/aap_configuration_extended/blob/devel/tests/) by adding a new role entry and adding the appropriate yaml file with test data in the controller_configs directory.
 5. Add a changelog fragment in `changelogs/fragments` as per <https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs>
 6. Push your code change up to your forked repo.
 7. Open a Pull Request to merge your changes to this repo. The comment box will be filled in automatically via a template.

@@ -2,7 +2,7 @@
 namespace: {{ collection_namespace }}
 name: {{ collection_name }}
 version: {{ collection_version }}
-description: A collection of roles to manage Ansible Controller
+description: A collection of roles to extend functionality of aap_configuration collection
 readme: README.md
 authors:
     - Andrew Huffman
@@ -11,7 +11,10 @@ authors:
     - Tom Page @Tompage1994
     - Sean Sullivan @sean-m-sullivan
     - David Danielsson @djdanielsson
-repository: {{ collection_repo }}
+    - Ivan Aragonés
+    - Silvio Perez
+    - Adonis García
+repository: {{ collection_repo }}/
 issues: {{ collection_repo }}/issues
 build_ignore:
     - galaxy.yml.j2

@@ -24,6 +24,6 @@ jobs:
       collection_namespace: infra
       collection_name: aap_configuration_extended
       collection_version: 1.0.0
-      collection_repo: https://github.com/redhat-cop/aap_configuration_extended/
+      collection_repo: https://github.com/redhat-cop/aap_configuration_extended
       collection_dependencies: awx.awx ansible.hub infra.aap_configuration
 ...
@@ -11,6 +11,9 @@ authors:
     - Tom Page @Tompage1994
     - Sean Sullivan @sean-m-sullivan
     - David Danielsson @djdanielsson
+    - Ivan Aragonés
+    - Silvio Perez
+    - Adonis García
 repository: https://github.com/redhat-cop/aap_configuration_extended/
 issues: https://github.com/redhat-cop/aap_configuration_extended/issues
 build_ignore:

@@ -13,5 +13,5 @@
 
     - name: Call dispatch role
       ansible.builtin.include_role:
-        name: infra.aap_configuration.dispatch
+        name: infra.aap_configuration_extended.dispatch
 ...
@@ -34,7 +34,8 @@
 - name: Update rules violation regarding credentials encryption
   ansible.builtin.set_fact:
     rules_violations_msgs: "{{ (rules_violations_msgs + [msg]) }}"
-    rules_violations_data: "{{ rules_violations_data +
+    rules_violations_data: |-
+      {{ rules_violations_data +
         [{
           'rule_id': rule_id,
           'rule_index': rule_index,
@@ -45,7 +46,7 @@
           'object_name': __cred_name,
           'msg': msg
         }]
-      }}"
+      }}
   vars:
     msg: "Rule {{ rule_id }} | credentials | {{ __cred_org }} | {{ __cred_name }} | The credential sensitive field '{{ unencrypted_cred[1] }}' is not encrypted"
     __cred_name: "{{ unencrypted_cred[0]['name'] }}"

@@ -5,15 +5,16 @@
 
 - name: Extract objects with regex issue - {{ object_type }}
   ansible.builtin.set_fact:
-    __regex_issue: "{{ __regex_issue + ([{'field_regex':field_regex.key, 'regex_value':field_regex.value, 'object_type':object_type}] | product(lookup('vars', __object_var_names[object_type]) | selectattr(field_regex.key, 'defined') | rejectattr(field_regex.key, 'regex', field_regex.value))) }}"
+    __regex_issue: "{{ __regex_issue + ([{'field_regex': field_regex.key, 'regex_value': field_regex.value, 'object_type': object_type}] | product(lookup('vars', __object_var_names[object_type]) | selectattr(field_regex.key, 'defined') | rejectattr(field_regex.key, 'regex', field_regex.value))) }}"
   loop: "{{ rule['fields_regex'] | dict2items }}"
   loop_control:
     loop_var: field_regex
 
 - name: Update violation msgs with regex issue - {{ object_type }}
   ansible.builtin.set_fact:
-    rules_violations_msgs: "{{ rules_violations_msgs +  [msg] }}"
-    rules_violations_data: "{{ rules_violations_data +
+    rules_violations_msgs: "{{ rules_violations_msgs + [msg] }}"
+    rules_violations_data: |-
+      {{ rules_violations_data +
         [{
           'rule_id': rule_id,
           'rule_index': rule_index,
@@ -24,7 +25,7 @@
           'object_name': __object_name,
           'msg': msg
         }]
-      }}"
+      }}
   vars:
     msg: "Rule {{ rule_id }} | {{ __object_type }} | {{ __object_scope }} | {{ __object_name }} | The value of the field {{ __field }} ({{ __value }}) do not respect the regex ({{ __regex }})"
     __object_type: "{{ item[0]['object_type'] }}"

@@ -17,7 +17,8 @@
     - name: Update violations if ungrouped hosts found
       ansible.builtin.set_fact:
         rules_violations_msgs: "{{ rules_violations_msgs + [msg] }}"
-        rules_violations_data: "{{ rules_violations_data +
+        rules_violations_data: |-
+          {{ rules_violations_data +
             [{
               'rule_id': rule_id,
               'rule_index': rule_index,
@@ -28,7 +29,7 @@
               'object_name': '__multiple_objects__',
               'msg': msg
             }]
-          }}"
+          }}
       vars:
         msg: "Rule {{ rule_id }} | hosts | global | {{ __ungrouped_hosts_names }} | Found {{ __ungrouped_hosts | length }} ungrouped hosts"
         __ungrouped_hosts_names: "{{ (__ungrouped_hosts[:3] | join(',') + '...') if (__ungrouped_hosts | length) > 3 else (__ungrouped_hosts | join(',')) }}"

@@ -2,7 +2,8 @@
 - name: Check if inventory hosts count is inferior to maximum allowed
   ansible.builtin.set_fact:
     rules_violations_msgs: "{{ rules_violations_msgs + [msg] }}"
-    rules_violations_data: "{{ rules_violations_data +
+    rules_violations_data: |-
+      {{ rules_violations_data +
         [{
           'rule_id': rule_id,
           'rule_index': rule_index,
@@ -13,7 +14,7 @@
           'object_name': __inventory_name,
           'msg': msg
         }]
-      }}"
+      }}
   vars:
     msg: "Rule {{ rule_id }} | inventories | {{ __inventory_org }} | {{ __inventory_name }} | Inventory has more hosts ({{ __hosts_in_inventory }}) than allowed ({{ rule['max_hosts_per_inventory'] }})"
     __hosts_in_inventory: "{{ controller_hosts | selectattr('inventory', 'equalto', inventory['name']) | length }}"

@@ -7,22 +7,23 @@
 
 - name: Extract objects with mandatory defined but empty (None) fields - {{ object_type }}
   ansible.builtin.set_fact:
-    __defined_none: "{{ __defined_none + [{'mandatory_field':mandatory_field, 'object_type': object_type}] | product(lookup('vars', __object_var_names[object_type]) | selectattr(mandatory_field, 'defined') | selectattr(mandatory_field, 'equalto', None)) }}"
+    __defined_none: "{{ __defined_none + [{'mandatory_field': mandatory_field, 'object_type': object_type}] | product(lookup('vars', __object_var_names[object_type]) | selectattr(mandatory_field, 'defined') | selectattr(mandatory_field, 'equalto', None)) }}"
   loop: "{{ rule['mandatory_fields'] }}"
   loop_control:
     loop_var: mandatory_field
 
 - name: Extract objects with mandatory defined but contains empty string - {{ object_type }}
   ansible.builtin.set_fact:
-    __defined_empty: "{{ __defined_empty + [{'mandatory_field':mandatory_field, 'object_type': object_type}] | product(lookup('vars', __object_var_names[object_type]) | selectattr(mandatory_field, 'defined') | selectattr(mandatory_field, 'equalto', '')) }}"
+    __defined_empty: "{{ __defined_empty + [{'mandatory_field': mandatory_field, 'object_type': object_type}] | product(lookup('vars', __object_var_names[object_type]) | selectattr(mandatory_field, 'defined') | selectattr(mandatory_field, 'equalto', '')) }}"
   loop: "{{ rule['mandatory_fields'] }}"
   loop_control:
     loop_var: mandatory_field
 
 - name: Update violation msgs with mandatory defined but empty fields - {{ object_type }}
   ansible.builtin.set_fact:
     rules_violations_msgs: "{{ rules_violations_msgs + [msg] }}"
-    rules_violations_data: "{{ rules_violations_data +
+    rules_violations_data: |-
+      {{ rules_violations_data +
         [{
           'rule_id': rule_id,
           'rule_index': rule_index,
@@ -33,7 +34,7 @@
           'object_name': __object_name,
           'msg': msg
         }]
-      }}"
+      }}
   vars:
     msg: "Rule {{ rule_id }} | {{ __object_type }} | {{ __object_scope }} | {{ __object_name }} | The mandatory field '{{ __field }}' is empty"
     __field: "{{ item[0]['mandatory_field'] }}"
@@ -45,15 +46,16 @@
 
 - name: Extract objects with undefined mandatory fields - {{ object_type }}
   ansible.builtin.set_fact:
-    __undefined: "{{ __undefined + [{'mandatory_field':mandatory_field, 'object_type': object_type}] | product(lookup('vars', __object_var_names[object_type]) | selectattr(mandatory_field, 'undefined')) }}"
+    __undefined: "{{ __undefined + [{'mandatory_field': mandatory_field, 'object_type': object_type}] | product(lookup('vars', __object_var_names[object_type]) | selectattr(mandatory_field, 'undefined')) }}"
   loop: "{{ rule['mandatory_fields'] }}"
   loop_control:
     loop_var: mandatory_field
 
 - name: Update violation msgs with mandatory undefined fields - {{ object_type }}
   ansible.builtin.set_fact:
     rules_violations_msgs: "{{ rules_violations_msgs + [msg] }}"
-    rules_violations_data: "{{ rules_violations_data +
+    rules_violations_data: |-
+      {{ rules_violations_data +
         [{
           'rule_id': rule_id,
           'rule_index': rule_index,
@@ -64,7 +66,7 @@
           'object_name': __object_name,
           'msg': msg
         }]
-      }}"
+      }}
   vars:
     msg: "Rule {{ rule_id }} | {{ __object_type }} | {{ __object_scope }} | {{ __object_name }} | The mandatory field '{{ __field }}' is not defined"
     __field: "{{ item[0]['mandatory_field'] }}"

@@ -2,7 +2,8 @@
 - name: Global objects minimum count check
   ansible.builtin.set_fact:
     rules_violations_msgs: "{{ rules_violations_msgs + [msg] }}"
-    rules_violations_data: "{{ rules_violations_data +
+    rules_violations_data: |-
+      {{ rules_violations_data +
         [{
           'rule_id': rule_id,
           'rule_index': rule_index,
@@ -12,7 +13,7 @@
           'object_organization': '__organizationless__',
           'msg': msg
         }]
-      }}"
+      }}
   vars:
     msg: "Rule {{ rule_id }} | {{ object_type }} | global | Global {{ object_type }} count ({{ lookup('vars', __object_var_names[object_type]) | length }}) is inferior to the minimum allowed ({{ rule['minimum_defined_globally'] }})"
   when: rule['minimum_defined_globally'] is defined
@@ -21,7 +22,8 @@
 - name: Per organization objects minimum count check
   ansible.builtin.set_fact:
     rules_violations_msgs: "{{ rules_violations_msgs + [msg] }}"
-    rules_violations_data: "{{ rules_violations_data +
+    rules_violations_data: |-
+      {{ rules_violations_data +
         [{
           'rule_id': rule_id,
           'rule_index': rule_index,
@@ -31,7 +33,7 @@
           'object_organization': org,
           'msg': msg
         }]
-      }}"
+      }}
   vars:
     msg: "Rule {{ rule_id }} | {{ object_type }} | {{ org }} | Organization {{ org }} {{ object_type }} count ({{ __object_count }}) is inferior to the minimum allowed ({{ __org_minimum }})"
     __object_count: "{{ lookup('vars', __object_var_names[object_type]) | selectattr('organization', 'defined') | selectattr('organization', 'equalto', org) | unique | length }}"
@@ -47,7 +49,8 @@
 - name: Objects count maximum check
   ansible.builtin.set_fact:
     rules_violations_msgs: "{{ rules_violations_msgs + [msg] }}"
-    rules_violations_data: "{{ rules_violations_data +
+    rules_violations_data: |-
+      {{ rules_violations_data +
         [{
           'rule_id': rule_id,
           'rule_index': rule_index,
@@ -57,7 +60,7 @@
           'object_organization': '__organizationless__',
           'msg': msg
         }]
-      }}"
+      }}
   vars:
     msg: "Rule {{ rule_id }} | {{ object_type }} | global | Global {{ object_type }} count ({{ lookup('vars', __object_var_names[object_type]) | length }}) is superior to the maximum allowed ({{ rule['maximum_defined_globally'] }})"
   when: rule['maximum_defined_globally'] is defined
@@ -66,7 +69,8 @@
 - name: Per organization objects maximum count check
   ansible.builtin.set_fact:
     rules_violations_msgs: "{{ rules_violations_msgs + [msg] }}"
-    rules_violations_data: "{{ rules_violations_data +
+    rules_violations_data: |-
+      {{ rules_violations_data +
         [{
           'rule_id': rule_id,
           'rule_index': rule_index,
@@ -76,7 +80,7 @@
           'object_organization': org,
           'msg': msg
         }]
-      }}"
+      }}
   vars:
     msg: "Rule {{ rule_id }} | {{ object_type }} | {{ org }} | Organization {{ org }} {{ object_type }} count  ({{ __object_count }}) is superior to the maximum allowed ({{ __org_maximum }})"
     __object_count: "{{ lookup('vars', __object_var_names[object_type]) | selectattr('organization', 'defined') | selectattr('organization', 'equalto', org) | unique | length }}"

@@ -2,7 +2,8 @@
 - name: Check organizations max_hosts when defined
   ansible.builtin.set_fact:
     rules_violations_msgs: "{{ rules_violations_msgs + [msg] }}"
-    rules_violations_data: "{{ rules_violations_data +
+    rules_violations_data: |-
+      {{ rules_violations_data +
         [{
           'rule_id': rule_id,
           'rule_index': rule_index,
@@ -13,7 +14,7 @@
           'object_name': org['name'],
           'msg': msg
         }]
-      }}"
+      }}
   vars:
     msg: "Rule {{ rule_id }} | organizations | global | {{ org['name'] }} | max_hosts ({{ org['max_hosts'] }}) is superior to {{ rule['max_hosts_per_organization'] }}"
   when: org['name'] not in (rule['exceptions']['organizations'] | default([]))
@@ -24,7 +25,8 @@
 - name: Check organizations undefined or unset max_hosts
   ansible.builtin.set_fact:
     rules_violations_msgs: "{{ rules_violations_msgs + [msg] }}"
-    rules_violations_data: "{{ rules_violations_data +
+    rules_violations_data: |-
+      {{ rules_violations_data +
         [{
           'rule_id': rule_id,
           'rule_index': rule_index,
@@ -35,7 +37,7 @@
           'object_name': org['name'],
           'msg': msg
         }]
-      }}"
+      }}
   vars:
     msg: "Rule {{ rule_id }} | organizations | global | {{ org['name'] }} | max_hosts is not set"
   when: org['name'] not in (rule['exceptions']['organizations'] | default([]))
@@ -47,7 +49,8 @@
 - name: Check if organizations default EE is in allowed list
   ansible.builtin.set_fact:
     rules_violations_msgs: "{{ rules_violations_msgs + [msg] }}"
-    rules_violations_data: "{{ rules_violations_data +
+    rules_violations_data: |-
+      {{ rules_violations_data +
         [{
           'rule_id': rule_id,
           'rule_index': rule_index,
@@ -58,7 +61,7 @@
           'object_name': org['name'],
           'msg': msg
         }]
-      }}"
+      }}
   vars:
     msg: "Rule {{ rule_id }} | organizations | global | {{ org['name'] }} | The EE ({{ org['default_environment'] }}) is not allowed."
   when: org['name'] not in (rule['exceptions']['organizations'] | default([]))
@@ -69,7 +72,8 @@
 - name: Check if organizations default EE is in forbidden list
   ansible.builtin.set_fact:
     rules_violations_msgs: "{{ rules_violations_msgs + [msg] }}"
-    rules_violations_data: "{{ rules_violations_data +
+    rules_violations_data: |-
+      {{ rules_violations_data +
         [{
           'rule_id': rule_id,
           'rule_index': rule_index,
@@ -80,7 +84,7 @@
           'object_name': org['name'],
           'msg': msg
         }]
-      }}"
+      }}
   vars:
     msg: "Rule {{ rule_id }} | organizations | global | {{ org['name'] }} | The EE ({{ org['default_environment'] }}) is forbidden."
   when: org['name'] not in (rule['exceptions']['organizations'] | default([]))