diff --git a/cleanup/cleanup.yaml b/cleanup/cleanup.yaml new file mode 100644 index 0000000..d821c05 --- /dev/null +++ b/cleanup/cleanup.yaml @@ -0,0 +1,110 @@ +--- + +- name: Reset the RHACS demo + hosts: localhost + gather_facts: no + vars: + ansible_connection: local + acs_api: https://{{ central_hostname }}/v1 + validate_certs: no + central_admin_password: "{{ lookup('env', 'ROX_ADMIN_PASSWORD' )}}" + central_hostname: "{{ lookup('env', 'ROX_CENTRAL_ENDPOINT' )}}" + jira_password: "{{ lookup('env', 'JIRA_PASSWORD' )}}" + tasks: + - assert: + that: + - central_admin_password|length > 0 + msg: > + Please pass your RHACS Admin Password in the 'central_admin_password' extra var + or in the ROX_ADMIN_PASSWORD environment variable. + + - assert: + that: + - central_hostname|length > 0 + msg: > + Please pass your RHACS Central hostname in the 'central_hostname' + extra var or in the ROX_CENTRAL_ENDPOINT environment variable. + + - assert: + that: + - jira_password|length > 0 + msg: > + Please pass your Jira Password in the 'jira_password' + extra var or in the JIRA_PASSWORD environment variable. + + - name: Check if jmespath is available locally + debug: msg={{ dummy|json_query('@') }} + register: check_jmespath + ignore_errors: yes + vars: + dummy: Hello World + + - name: Ensure JMESPath is installed + assert: + that: + - 'check_jmespath is success' + msg: > + The JMESPath library is required by this playbook. + Please install the JMESPath library with 'pip install jmespath'. + + - name: Find notifiers + uri: + url: '{{ acs_api }}/notifiers' + validate_certs: '{{ validate_certs }}' + url_username: admin + url_password: '{{ central_admin_password }}' + force_basic_auth: yes + register: find_notifier_response + changed_when: false + + - name: Read system time + setup: + gather_subset: + - min + + - set_fact: + notifier: '{{ patched_notifier | combine({ "name": "Jira-" ~ ansible_date_time.epoch, "id": "" }) }}' + notifiers: '{{ find_notifier_response.json|json_query(query) }}' + vars: + patched_notifier: '{% if first_notifier.jira.update({"password": jira_password}) %}{% endif %}{{first_notifier}}' + first_notifier: '{{ find_notifier_response.json|json_query(query)|first }}' + query: > + notifiers[?type == `jira`] + + - name: Make a copy of the Jira notifier + uri: + url: '{{ acs_api }}/notifiers' + method: POST + status_code: "200" + validate_certs: '{{ validate_certs }}' + url_username: admin + url_password: '{{ central_admin_password }}' + body: '{{ notifier }}' + body_format: json + force_basic_auth: yes + register: create_notifier_response + changed_when: create_notifier_response.status == 200 + vars: + notifier: '{{ notifiers | first | }}' + + - name: Delete all Jira notifiers + uri: + url: '{{ acs_api }}/notifiers/{{ item.id }}' + method: DELETE + status_code: "200,404" + validate_certs: '{{ validate_certs }}' + url_username: admin + url_password: '{{ central_admin_password }}' + force_basic_auth: yes + register: delete_notifier_response + changed_when: delete_notifier_response.status == 200 + with_items: '{{ notifiers }}' + loop_control: + label: '{{ item.name }}' + + - name: Create the Policy template + template: + src: '{{ playbook_dir }}/../policy/log4shell.json.template' + dest: '{{ playbook_dir }}/../policy/log4shell.json' + vars: + notifier_id: '{{ create_notifier_response.json.id }}'