Merge pull request #54 from cyberark/bump-version-1.1.0

Bump version 1.1.0

.gitignore

@@ -23,3 +23,4 @@ vendor/
 .cache
 *.retry
 *.tmp
+conjur.pem

CHANGELOG.md

@@ -6,11 +6,21 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## [1.1.0] - 2020-12-29
+
 ### Added
 - The [Conjur Ansible role](https://galaxy.ansible.com/cyberark/conjur-host-identity) has been
   migrated to this collection, where it will be maintained moving forward.
+  At current, the role in the collection is aligned with the v0.3.2 release of
+  the standalone role.
   [cyberark/ansible-conjur-host-identity#30](https://github.com/cyberark/ansible-conjur-host-identity/issues/30)
-- Add `as_file` boolean option to store the secret as a temporary file and returns its path.
+- Add `as_file` boolean option to the lookup plugin which stores the secret as
+  a temporary file and returns its path. This enables users to use the
+  `ansible_ssh_private_key_file` parameter to define an SSH private key using a
+  variable stored in Conjur; previously, users couldn't set this parameter via
+  a direct call to the lookup plugin because the parameter does not accept
+  inline SSH keys, and the lookup plugin could only return a string.
+  [cyberark/ansible-conjur-collection#52](https://github.com/cyberark/ansible-conjur-collection/issues/52),
   [Cyberark Commons post #1070](https://discuss.cyberarkcommons.org/t/conjur-ansible-lookup-plugin-and-ssh-key-file/1070) 
 
 ## [1.0.7] - 2020-08-20
@@ -49,7 +59,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Migrated code from Ansible conjur_variable lookup plugin
 - Added support to configure the use of the plugin via environment variables
 
-[Unreleased]: https://github.com/cyberark/ansible-conjur-collection/compare/v1.0.7...HEAD
+[Unreleased]: https://github.com/cyberark/ansible-conjur-collection/compare/v1.1.0...HEAD
+[1.1.0]: https://github.com/cyberark/ansible-conjur-collection/compare/v1.0.7...v1.1.0
 [1.0.7]: https://github.com/cyberark/ansible-conjur-collection/compare/v1.0.6...v1.0.7
 [1.0.6]: https://github.com/cyberark/ansible-conjur-collection/compare/v1.0.5...v1.0.6
 [1.0.5]: https://github.com/cyberark/ansible-conjur-collection/compare/v1.0.3...v1.0.5

CONTRIBUTING.md

@@ -20,7 +20,7 @@ of this plugin:
     - Build the release package with `./ci/build_release`
     - Attach package to Github Release
 
-### Testing
+## Testing
 
 To run a specific set of tests:
 
@@ -33,4 +33,4 @@ To run all tests:
 ```sh-session
 $ cd tests
 $ ./test.sh -a
-```
+```

Jenkinsfile

@@ -20,14 +20,14 @@ pipeline {
 
     stage('Run tests') {
       parallel {
-        stage("Test conjur_lookup Plugin") {
+        stage("Test conjur_variable lookup plugin") {
           steps {
             sh './ci/test.sh -d conjur_variable'
             junit 'tests/conjur_variable/junit/*'
           }
         }
 
-        stage("Test conjur_host_identity Role") {
+        stage("Test conjur_host_identity role") {
           steps {
             sh './ci/test.sh -d conjur_host_identity'
             junit 'roles/conjur_host_identity/tests/junit/*'

README.md

@@ -35,6 +35,17 @@ http://ecotrust-canada.github.io/markdown-toc/ -->
   v10.x+ accessible from the target node
 - Ansible >= 2.9
 
+## Using ansible-conjur-collection with Conjur OSS
+
+Are you using this project with [Conjur OSS](https://github.com/cyberark/conjur)? Then we
+**strongly** recommend choosing the version of this project to use from the latest [Conjur OSS
+suite release](https://docs.conjur.org/Latest/en/Content/Overview/Conjur-OSS-Suite-Overview.html).
+Conjur maintainers perform additional testing on the suite release versions to ensure
+compatibility. When possible, upgrade your Conjur version to match the
+[latest suite release](https://docs.conjur.org/Latest/en/Content/ReleaseNotes/ConjurOSS-suite-RN.htm);
+when using integrations, choose the latest suite release that matches your Conjur version. For any
+questions, please contact us on [Discourse](https://discuss.cyberarkcommons.org/c/conjur/5).
+
 ## Installation 
 
 From terminal, run the following command:
@@ -44,10 +55,6 @@ ansible-galaxy collection install cyberark.conjur
 
 ## Conjur Ansible Role
 
-**NOTE**: This role is currently not available in releases installed through Ansible Galaxy, but
-will be added in the next release. Follow [issue
-#30](https://github.com/cyberark/ansible-conjur-collection/issues/35) for updates.
-
 This Ansible role provides the ability to grant Conjur machine identity to a host. Based on that
 identity, secrets can then be retrieved securely using the [Conjur Lookup
 Plugin](#conjur-ansible-lookup-plugin) or using the [Summon](https://github.com/cyberark/summon)
@@ -83,10 +90,12 @@ Configure a remote node with a Conjur identity and Summon:
 - hosts: servers
   roles:
     - role: cyberark.conjur.conjur-host-identity
-      conjur_appliance_url: 'https://conjur.myorg.com/api',
+      conjur_appliance_url: 'https://conjur.myorg.com',
       conjur_account: 'myorg',
-      conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}",
-      conjur_host_name: "{{inventory_hostname}}"
+      conjur_host_factory_token: "{{ lookup('env', 'HFTOKEN') }}",
+      conjur_host_name: "{{ inventory_hostname }}"
+      conjur_ssl_certificate: "{{ lookup('file', '/path/to/conjur.pem') }}"
+      conjur_validate_certs: yes
 ```
 
 This example:
@@ -183,9 +192,11 @@ descriptions of our development workflows, please see our [contributing guide][c
 
 ## License
 
-Copyright (c) 2020 CyberArk Software Ltd. All rights reserved. Licensed under the Apache License,
-Version 2.0 (the "License"); you may not use this file except in compliance with the License. You
-may obtain a copy of the License at
+Copyright (c) 2020 CyberArk Software Ltd. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License. You may obtain a copy of the
+License at
 
    http://www.apache.org/licenses/LICENSE-2.0
 

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: "cyberark"
 name: "conjur"
-version: "1.0.7"
+version: "1.1.0"
 readme: README.md
 authors:
     - CyberArk Business Development (@cyberark-bizdev)

roles/conjur_host_identity/tests/Dockerfile

@@ -7,7 +7,7 @@ RUN apt-get update && apt-get install -y \
     software-properties-common \
     python3-pip
 
-RUN pip3 install pytest testinfra ansible && mkdir -p /conjurinc/
+RUN pip3 install pytest pytest-testinfra ansible && mkdir -p /conjurinc/
 
 RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
 RUN add-apt-repository \

roles/conjur_host_identity/tests/docker-compose.yml

@@ -12,7 +12,7 @@ services:
       CONJUR_CUSTOM_AUTHN_API_KEY: ${CUSTOM_CONJUR_AUTHN_API_KEY}
       COMPOSE_PROJECT_NAME: ${COMPOSE_PROJECT_NAME}
     volumes:
-      - ..:/conjurinc/cyberark.conjur-host-identity/
+      - ..:/conjurinc/cyberark.conjur.conjur-host-identity/
       - .:/conjurinc/tests/
       - /var/run/docker.sock:/var/run/docker.sock
   pg:

roles/conjur_host_identity/tests/test_cases/configure-conjur-identity/playbook.yml

@@ -2,7 +2,7 @@
 - name: Configuring conjur identity on remote hosts
   hosts: testapp
   roles:
-    - role: cyberark.conjur-host-identity
+    - role: cyberark.conjur.conjur-host-identity
       conjur_account: cucumber
       conjur_appliance_url: "https://conjur-proxy-nginx"
       conjur_host_factory_token: "{{lookup('env', 'HFTOKEN')}}"

tests/conjur_variable/Dockerfile

@@ -14,7 +14,7 @@ RUN apt-get update && \
     pip3 install --upgrade pip==9.0.3
 
 # install ansible and its test tool
-RUN pip3 install ansible testinfra
+RUN pip3 install ansible pytest-testinfra
 
 # install docker installation requirements
 RUN apt-get update && \