Role: fix error message wrapping

roles/conjur_host_identity/tasks/identity_check.yml

@@ -9,24 +9,26 @@
  conjurized: "{{ identity_file.stat.exists|bool }}"
 
 - name: Ensure all required variables are set
- fail: msg="Variable '{{ item }}' is not set!"
- when: item is undefined
- with_items:
- - "{{ conjur_account }}"
- - "{{ conjur_appliance_url }}"
- - "{{ conjur_host_name }}"
+ fail:
+ msg: Variable '{{ item }}' is not set!
+ when: vars[item] is undefined
+ loop:
+ - conjur_account
+ - conjur_appliance_url
+ - conjur_host_name
 
 - name: Set fact "ssl_configuration"
  set_fact:
  ssl_configuration: "{{ 'https' in conjur_appliance_url }}"
 
 - block:
  - name: Ensure all required ssl variables are set
- fail: msg="Variable '{{ item }}' is not set!"
- when: item is undefined
- with_items:
- - "{{ conjur_ssl_certificate }}"
- - "{{ conjur_validate_certs }}"
+ fail:
+ msg: Variable '{{ item }}' is not set!
+ when: vars[item] is undefined
+ loop:
+ - conjur_ssl_certificate
+ - conjur_validate_certs
 
  - name: Set fact "ssl file path"
  set_fact:
@@ -46,8 +48,7 @@
 
 - block:
  - name: Ensure "conjur_host_factory_token" is set (if node is not already conjurized)
- fail: msg="Variable '{{ item }}' is not set!"
- when: item is undefined
- with_items:
- - "{{ conjur_host_factory_token }}"
+ fail:
+ msg: Variable 'conjur_host_factory_token' is not set!
+ when: conjur_host_factory_token is undefined
  when: not conjurized

roles/conjur_host_identity/tests/test_cases/bad-ssl-config/playbook.yml

@@ -0,0 +1,20 @@
+---
+- name: Configuring Conjur identity on remote hosts fails when missing required SSL config
+ hosts: testapp
+ tasks:
+ - name: Attempt to configure Conjur identity
+ block:
+ - import_role:
+ name: "cyberark.conjur.conjur-host-identity"
+ vars:
+ conjur_account: cucumber
+ conjur_appliance_url: "https://conjur-proxy-nginx"
+ conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}"
+ conjur_host_name: "conjur_{{ ansible_hostname }}"
+ # conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}"
+ conjur_validate_certs: yes
+ rescue:
+ - name: Confirm Role setup fails with message
+ assert:
+ that: ansible_failed_result.failed == true
+ fail_msg: "Variable 'conjur_ssl_certificate' is not set!"

roles/conjur_host_identity/tests/test_cases/misconfig-conjur-identity/playbook.yml

@@ -14,9 +14,7 @@
  conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}"
  conjur_validate_certs: yes
  rescue:
- - name: Confirm Role setup fails
+ - name: Confirm Role setup fails with message
  assert:
  that: ansible_failed_result.failed == true
- - name: Confirm error message
- assert:
- that: ansible_failed_result.msg == "'conjur_appliance_url' is undefined. 'conjur_appliance_url' is undefined"
+ fail_msg: "Variable 'conjur_appliance_url' is not set!"

roles/conjur_host_identity/tests/test_cases/not-conjurized/playbook.yml

@@ -0,0 +1,28 @@
+---
+- name: Un-Conjurize remote hosts
+ hosts: testapp
+ tasks:
+ - name: Remove identity file
+ file:
+ path: /etc/conjur.identity
+ state: absent
+
+- name: Configuring Conjur identity on not-Conjurized hosts requires HF token
+ hosts: testapp
+ tasks:
+ - name: Attempt to configure Conjur identity
+ block:
+ - import_role:
+ name: "cyberark.conjur.conjur-host-identity"
+ vars:
+ conjur_account: "{{lookup('env', 'CONJUR_ACCOUNT')}}"
+ conjur_appliance_url: "{{lookup('env', 'CONJUR_APPLIANCE_URL')}}"
+ # conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}"
+ conjur_host_name: "conjur_{{ ansible_hostname }}"
+ conjur_ssl_certificate: "{{lookup('file', '/cyberark/dev/conjur.pem')}}"
+ conjur_validate_certs: yes
+ rescue:
+ - name: Conjur Role setup fails with message
+ assert:
+ that: ansible_failed_result.failed == true
+ fail_msg: "Variable 'conjur_host_factory_token' is not set!"