From 992d6afc30c783ebfa06f870008242174e14acda Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Fri, 18 Apr 2025 20:25:41 +0100 Subject: [PATCH 1/8] feat: bump `ansible-modules-hashivault` Use `c22434d887f0b8a5ac3ebda710664a027291e71c` which corresponds to the latest release `5.3.0`. --- .github/workflows/lint-collection.yml | 2 +- .github/workflows/pull_request.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-collection.yml b/.github/workflows/lint-collection.yml index 8c790fd..d071d00 100644 --- a/.github/workflows/lint-collection.yml +++ b/.github/workflows/lint-collection.yml @@ -6,4 +6,4 @@ jobs: lint: uses: stackhpc/.github/.github/workflows/lint-collection.yml@main with: - lint_pip_dependencies: git+https://github.com/stackhpc/ansible-modules-hashivault@stackhpc + lint_pip_dependencies: git+https://github.com/stackhpc/ansible-modules-hashivault@c22434d887f0b8a5ac3ebda710664a027291e71c diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 0e84c73..7e3e03c 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -23,7 +23,7 @@ jobs: run: | pipx uninstall ansible-core python3 -m pip install --upgrade pip - python3 -m pip install ansible-core==${{ matrix.ansible }}.* docker git+https://github.com/stackhpc/ansible-modules-hashivault@stackhpc + python3 -m pip install ansible-core==${{ matrix.ansible }}.* docker git+https://github.com/stackhpc/ansible-modules-hashivault@c22434d887f0b8a5ac3ebda710664a027291e71c # yamllint disable-line rule:line-length ansible-galaxy collection build ansible-galaxy collection install *.tar.gz From 31ba5900376a000de2441e1e59ac3ef6e158beef Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Wed, 11 Dec 2024 21:18:20 +0000 Subject: [PATCH 2/8] feat: add ansible `2.15` and `2.18` to test matrix and remove `2.12` Ansible `2.12` has been removed from the test matrix and replaced with `2.15` and `2.18`. Also the `ansible-modules-hashivault` has been updated. --- .github/workflows/lint-collection.yml | 2 +- .github/workflows/pull_request.yml | 27 +++++++++++++++++++-------- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/.github/workflows/lint-collection.yml b/.github/workflows/lint-collection.yml index 8c790fd..d071d00 100644 --- a/.github/workflows/lint-collection.yml +++ b/.github/workflows/lint-collection.yml @@ -6,4 +6,4 @@ jobs: lint: uses: stackhpc/.github/.github/workflows/lint-collection.yml@main with: - lint_pip_dependencies: git+https://github.com/stackhpc/ansible-modules-hashivault@stackhpc + lint_pip_dependencies: git+https://github.com/stackhpc/ansible-modules-hashivault@c22434d887f0b8a5ac3ebda710664a027291e71c diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 0e84c73..1c65a62 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -13,21 +13,32 @@ jobs: strategy: fail-fast: false matrix: - ansible: - - "2.12" + ansible_version: + - "2.15" + - "2.18" + python_version: + - "3.9" + - "3.11" + exclude: + - python_version: "3.9" + ansible_version: "2.18" steps: - # Checks-out the repository under $GITHUB_WORKSPACE, so it's accessible to the job - - uses: actions/checkout@v3 + - name: Github Checkout ๐Ÿ›Ž + uses: actions/checkout@v4 - - name: Install dependencies + - name: Setup Python ${{ matrix.python_version }} ๐Ÿ + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python_version }} + + - name: Install dependencies ๐Ÿ“ฆ run: | pipx uninstall ansible-core python3 -m pip install --upgrade pip - python3 -m pip install ansible-core==${{ matrix.ansible }}.* docker git+https://github.com/stackhpc/ansible-modules-hashivault@stackhpc + python3 -m pip install ansible-core==${{ matrix.ansible_version }}.* docker git+https://github.com/stackhpc/ansible-modules-hashivault@c22434d887f0b8a5ac3ebda710664a027291e71c # yamllint disable-line rule:line-length ansible-galaxy collection build ansible-galaxy collection install *.tar.gz - # TODO: Use ansible-test to run these. - - name: Running integration tests + - name: Run integration tests ๐Ÿงช run: | ansible-playbook -i tests/inventory -v tests/*.yml -e ansible_python_interpreter=$(which python3) From 1d3800c0f07431218e0ce2961fe4a2d5fe798995 Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Fri, 18 Apr 2025 22:49:47 +0100 Subject: [PATCH 3/8] fix: use correct `matrix` property --- .github/workflows/pull_request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index feb1f4c..1c65a62 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -35,7 +35,7 @@ jobs: run: | pipx uninstall ansible-core python3 -m pip install --upgrade pip - python3 -m pip install ansible-core==${{ matrix.ansible }}.* docker git+https://github.com/stackhpc/ansible-modules-hashivault@c22434d887f0b8a5ac3ebda710664a027291e71c # yamllint disable-line rule:line-length + python3 -m pip install ansible-core==${{ matrix.ansible_version }}.* docker git+https://github.com/stackhpc/ansible-modules-hashivault@c22434d887f0b8a5ac3ebda710664a027291e71c # yamllint disable-line rule:line-length ansible-galaxy collection build ansible-galaxy collection install *.tar.gz From b82f64dfb3811b4fb7560b6ed78ff44f634a947c Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Fri, 18 Apr 2025 22:59:39 +0100 Subject: [PATCH 4/8] feat: install `community.general` Due to error `Invalid callback for stdout specified: yaml` when running the playbooks `community.general` has been installed as a dependency for testing. --- .github/workflows/lint-collection.yml | 2 +- .github/workflows/pull_request.yml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-collection.yml b/.github/workflows/lint-collection.yml index d071d00..2816870 100644 --- a/.github/workflows/lint-collection.yml +++ b/.github/workflows/lint-collection.yml @@ -6,4 +6,4 @@ jobs: lint: uses: stackhpc/.github/.github/workflows/lint-collection.yml@main with: - lint_pip_dependencies: git+https://github.com/stackhpc/ansible-modules-hashivault@c22434d887f0b8a5ac3ebda710664a027291e71c + lint_pip_dependencies: git+https://github.com/stackhpc/ansible-modules-hashivault@main diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 1c65a62..5547514 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -35,9 +35,10 @@ jobs: run: | pipx uninstall ansible-core python3 -m pip install --upgrade pip - python3 -m pip install ansible-core==${{ matrix.ansible_version }}.* docker git+https://github.com/stackhpc/ansible-modules-hashivault@c22434d887f0b8a5ac3ebda710664a027291e71c # yamllint disable-line rule:line-length + python3 -m pip install ansible-core==${{ matrix.ansible_version }}.* docker git+https://github.com/stackhpc/ansible-modules-hashivault@main ansible-galaxy collection build ansible-galaxy collection install *.tar.gz + ansible-galaxy collection install community.general - name: Run integration tests ๐Ÿงช run: | From 3ecc8f612d10d929b3a01176e446319ce154fac3 Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Tue, 22 Apr 2025 10:37:31 +0100 Subject: [PATCH 5/8] feat: use `TerryHowe/ansible-modules-hashivault` --- .github/workflows/lint-collection.yml | 2 +- .github/workflows/pull_request.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-collection.yml b/.github/workflows/lint-collection.yml index 2816870..1b3a2cc 100644 --- a/.github/workflows/lint-collection.yml +++ b/.github/workflows/lint-collection.yml @@ -6,4 +6,4 @@ jobs: lint: uses: stackhpc/.github/.github/workflows/lint-collection.yml@main with: - lint_pip_dependencies: git+https://github.com/stackhpc/ansible-modules-hashivault@main + lint_pip_dependencies: git+https://github.com/TerryHowe/ansible-modules-hashivault@5.3.0 diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 5547514..5cdfb15 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -35,7 +35,7 @@ jobs: run: | pipx uninstall ansible-core python3 -m pip install --upgrade pip - python3 -m pip install ansible-core==${{ matrix.ansible_version }}.* docker git+https://github.com/stackhpc/ansible-modules-hashivault@main + python3 -m pip install ansible-core==${{ matrix.ansible_version }}.* docker git+https://github.com/TerryHowe/ansible-modules-hashivault@5.3.0 ansible-galaxy collection build ansible-galaxy collection install *.tar.gz ansible-galaxy collection install community.general From 6f2c1749a74a93bbc748b7ccd4358192c52ea094 Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Wed, 23 Apr 2025 15:13:44 +0100 Subject: [PATCH 6/8] feat: pin to `SHA` for `hashivault` module --- .github/workflows/lint-collection.yml | 2 +- .github/workflows/pull_request.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-collection.yml b/.github/workflows/lint-collection.yml index 1b3a2cc..67671d1 100644 --- a/.github/workflows/lint-collection.yml +++ b/.github/workflows/lint-collection.yml @@ -6,4 +6,4 @@ jobs: lint: uses: stackhpc/.github/.github/workflows/lint-collection.yml@main with: - lint_pip_dependencies: git+https://github.com/TerryHowe/ansible-modules-hashivault@5.3.0 + lint_pip_dependencies: git+https://github.com/TerryHowe/ansible-modules-hashivault@c22434d887f0b8a5ac3ebda710664a027291e71c diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 5cdfb15..828c517 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -35,7 +35,7 @@ jobs: run: | pipx uninstall ansible-core python3 -m pip install --upgrade pip - python3 -m pip install ansible-core==${{ matrix.ansible_version }}.* docker git+https://github.com/TerryHowe/ansible-modules-hashivault@5.3.0 + python3 -m pip install ansible-core==${{ matrix.ansible_version }}.* docker git+https://github.com/TerryHowe/ansible-modules-hashivault@c22434d887f0b8a5ac3ebda710664a027291e71c ansible-galaxy collection build ansible-galaxy collection install *.tar.gz ansible-galaxy collection install community.general From 9b62d9b8bba4b82eed2994d35c344ff4ade3093c Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Wed, 23 Apr 2025 15:29:48 +0100 Subject: [PATCH 7/8] fix: add `yaml[line-length]` as warning --- .ansible-lint | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.ansible-lint b/.ansible-lint index 42f1bae..73f5de1 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -6,3 +6,5 @@ skip_list: - fqcn[action-core] - fqcn[action] - meta-no-info +warn_list: + - yaml[line-length] From 9352dadd893870696f2d82fee90e5e4a86d5be61 Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Wed, 23 Apr 2025 15:45:23 +0100 Subject: [PATCH 8/8] fix: resolve issues with `ansible-lint` --- roles/vault/tasks/consul.yml | 4 ++-- roles/vault_pki/tasks/intermediate.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/vault/tasks/consul.yml b/roles/vault/tasks/consul.yml index c7efaba..04c82ba 100644 --- a/roles/vault/tasks/consul.yml +++ b/roles/vault/tasks/consul.yml @@ -14,14 +14,14 @@ CONSUL_CLIENT_INTERFACE: "{{ consul_bind_interface }}" command: > consul agent - -bind "{{ hostvars[inventory_hostname].ansible_facts[consul_bind_interface | replace('-','_')].ipv4.address }}" + -bind "{{ hostvars[inventory_hostname].ansible_facts[consul_bind_interface | replace('-', '_')].ipv4.address }}" -data-dir /consul/data -server -http-port "{{ consul_bind_port }}" -bootstrap-expect "{{ ansible_play_hosts | length }}" {% for host in ansible_play_hosts %} {% if host != inventory_hostname %} - -retry-join "{{ hostvars[host].ansible_facts[consul_bind_interface | replace('-','_')].ipv4.address }}" + -retry-join "{{ hostvars[host].ansible_facts[consul_bind_interface | replace('-', '_')].ipv4.address }}" {% endif %} {% endfor %} become: true diff --git a/roles/vault_pki/tasks/intermediate.yml b/roles/vault_pki/tasks/intermediate.yml index f0954f1..dfc15fc 100644 --- a/roles/vault_pki/tasks/intermediate.yml +++ b/roles/vault_pki/tasks/intermediate.yml @@ -89,7 +89,7 @@ {{ intermediate_ca_csr_signed.data.certificate }} {{ intermediate_ca_csr_signed.data.issuing_ca }} {{ intermediate_ca_csr.data.private_key }} - dest: "{{ vault_pki_certificates_directory }}/{{ vault_pki_intermediate_ca_name |replace(' ', '-') }}.pem" + dest: "{{ vault_pki_certificates_directory }}/{{ vault_pki_intermediate_ca_name | replace(' ', '-') }}.pem" mode: "0600" delegate_to: "{{ vault_pki_write_certificates_host }}" when: