diff --git a/defaults/main.yml b/defaults/main.yml index d27647e..2fb8153 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -17,6 +17,13 @@ threescale_cicd_application_plans: state: hidden name: Ansible Test Plan +# Controls when to log sensitive information. Can be set to false for +# production environments. +# +# By default, log sensitive information only when Ansible is called with +# A verbosity level of at least one "-v". +threescale_cicd_nolog: '{{ ansible_verbosity|default(0) == 0 }}' + # A folder where to download dependencies, when required threescale_cicd_local_bin_path: '{{ playbook_dir }}/bin' diff --git a/tasks/api-calls/create_activedoc.yml b/tasks/api-calls/create_activedoc.yml index b88f277..73d040a 100644 --- a/tasks/api-calls/create_activedoc.yml +++ b/tasks/api-calls/create_activedoc.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_create_activedoc_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Create the ActiveDocs uri: @@ -13,6 +14,7 @@ status_code: 201 register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 201' + no_log: '{{ threescale_cicd_nolog }}' - set_fact: threescale_cicd_existing_activedocs: '{{ threescale_cicd_existing_activedocs|union([ threescale_cicd_tmpresponse.json.api_doc.system_name ]) }}' diff --git a/tasks/api-calls/create_application.yml b/tasks/api-calls/create_application.yml index d584c98..e906647 100644 --- a/tasks/api-calls/create_application.yml +++ b/tasks/api-calls/create_application.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_create_application_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Create the application uri: @@ -13,6 +14,7 @@ status_code: 201 register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 201' + no_log: '{{ threescale_cicd_nolog }}' - set_fact: threescale_cicd_default_application_details: '{{ threescale_cicd_tmpresponse.json.application }}' diff --git a/tasks/api-calls/create_application_plan.yml b/tasks/api-calls/create_application_plan.yml index 791e41b..0222baf 100644 --- a/tasks/api-calls/create_application_plan.yml +++ b/tasks/api-calls/create_application_plan.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_create_application_plan_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Create the application plan uri: @@ -13,6 +14,7 @@ status_code: 201 register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 201' + no_log: '{{ threescale_cicd_nolog }}' - set_fact: threescale_cicd_existing_application_plans: '{{ threescale_cicd_existing_application_plans|union([ threescale_cicd_application_plan.system_name ]) }}' diff --git a/tasks/api-calls/create_mapping_rule.yml b/tasks/api-calls/create_mapping_rule.yml index 13c32e3..28daeaa 100644 --- a/tasks/api-calls/create_mapping_rule.yml +++ b/tasks/api-calls/create_mapping_rule.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_create_mapping_rule_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Create the mapping rule uri: @@ -13,6 +14,7 @@ status_code: 201 register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 201' + no_log: '{{ threescale_cicd_nolog }}' - name: Wait for a couple seconds pause: diff --git a/tasks/api-calls/create_method.yml b/tasks/api-calls/create_method.yml index db4285b..5ae20b8 100644 --- a/tasks/api-calls/create_method.yml +++ b/tasks/api-calls/create_method.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_create_method_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Create the method uri: @@ -13,6 +14,7 @@ status_code: 201 register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 201' + no_log: '{{ threescale_cicd_nolog }}' - set_fact: threescale_cicd_existing_metrics: '{{ threescale_cicd_existing_metrics|union([ threescale_cicd_api_operation.key ]) }}' diff --git a/tasks/api-calls/create_service.yml b/tasks/api-calls/create_service.yml index 33f2ca7..aca8b23 100644 --- a/tasks/api-calls/create_service.yml +++ b/tasks/api-calls/create_service.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_create_service_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Create the service uri: @@ -13,6 +14,7 @@ status_code: 201 register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 201' + no_log: '{{ threescale_cicd_nolog }}' - set_fact: threescale_cicd_existing_services: '{{ threescale_cicd_existing_services|union([ threescale_cicd_tmpresponse.json.service.system_name ]) }}' diff --git a/tasks/api-calls/delete_mapping_rule.yml b/tasks/api-calls/delete_mapping_rule.yml index efbe168..3183c95 100644 --- a/tasks/api-calls/delete_mapping_rule.yml +++ b/tasks/api-calls/delete_mapping_rule.yml @@ -8,6 +8,7 @@ status_code: 200,404 register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 200' + no_log: '{{ threescale_cicd_nolog }}' - name: Wait for a couple seconds pause: diff --git a/tasks/api-calls/delete_metric.yml b/tasks/api-calls/delete_metric.yml index fe7898a..4b4b943 100644 --- a/tasks/api-calls/delete_metric.yml +++ b/tasks/api-calls/delete_metric.yml @@ -11,6 +11,7 @@ status_code: 200,404 register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 200' + no_log: '{{ threescale_cicd_nolog }}' - name: Wait for a couple seconds pause: diff --git a/tasks/api-calls/find_application.yml b/tasks/api-calls/find_application.yml index 6ed39e6..c139bf3 100644 --- a/tasks/api-calls/find_application.yml +++ b/tasks/api-calls/find_application.yml @@ -7,6 +7,7 @@ method: GET status_code: 200,404 register: threescale_cicd_tmpresponse + no_log: '{{ threescale_cicd_nolog }}' - set_fact: threescale_cicd_default_application_id: '{{ threescale_cicd_tmpresponse.json.application.id }}' diff --git a/tasks/api-calls/find_first_account.yml b/tasks/api-calls/find_first_account.yml index 5726d05..696b2c1 100644 --- a/tasks/api-calls/find_first_account.yml +++ b/tasks/api-calls/find_first_account.yml @@ -5,6 +5,7 @@ url: https://{{ inventory_hostname }}/admin/api/accounts.json?access_token={{ threescale_cicd_access_token|urlencode }}&state=approved&page=1&per_page=1 validate_certs: no register: threescale_cicd_tmpresponse + no_log: '{{ threescale_cicd_nolog }}' - set_fact: threescale_cicd_default_account_id: '{{ threescale_cicd_tmpresponse.json.accounts[0].account.id }}' diff --git a/tasks/api-calls/get_proxy_version.yml b/tasks/api-calls/get_proxy_version.yml index 88bbc6e..3ca9c5b 100644 --- a/tasks/api-calls/get_proxy_version.yml +++ b/tasks/api-calls/get_proxy_version.yml @@ -5,6 +5,7 @@ url: 'https://{{ inventory_hostname }}/admin/api/services/{{ threescale_cicd_api_service_id }}/proxy/configs/{{ threescale_cicd_staging_environment_name }}/latest.json?access_token={{ threescale_cicd_access_token|urlencode }}' validate_certs: no register: threescale_cicd_tmpresponse + no_log: '{{ threescale_cicd_nolog }}' - set_fact: threescale_cicd_staging_proxy_version: '{{ threescale_cicd_tmpresponse.json.proxy_config.version }}' @@ -15,6 +16,7 @@ validate_certs: no status_code: 200,404 register: threescale_cicd_tmpresponse + no_log: '{{ threescale_cicd_nolog }}' - set_fact: threescale_cicd_production_proxy_version: '{{ threescale_cicd_tmpresponse.json.proxy_config.version if threescale_cicd_tmpresponse.status == 200 else ''NONE'' }}' diff --git a/tasks/api-calls/keycloak/authenticate.yml b/tasks/api-calls/keycloak/authenticate.yml index e9b3995..9db1049 100644 --- a/tasks/api-calls/keycloak/authenticate.yml +++ b/tasks/api-calls/keycloak/authenticate.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_authenticate_to_keycloak_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Authenticate to RH-SSO uri: @@ -16,7 +17,9 @@ delay: '{{ threescale_cicd_delay }}' # temporary fix for https://github.com/ansible/ansible/issues/28078 until: 'threescale_cicd_tmpresponse is success' - + no_log: '{{ threescale_cicd_nolog }}' + - name: Extract the access_token set_fact: threescale_cicd_keycloak_access_token: '{{ threescale_cicd_tmpresponse.json |json_query("access_token") }}' + no_log: '{{ threescale_cicd_nolog }}' diff --git a/tasks/api-calls/keycloak/patch_client.yml b/tasks/api-calls/keycloak/patch_client.yml index 003ba17..4968078 100644 --- a/tasks/api-calls/keycloak/patch_client.yml +++ b/tasks/api-calls/keycloak/patch_client.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_patch_keycloak_client_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Patch the client in RH-SSO to support the "client_credentials" and "password" grant_type. uri: @@ -17,6 +18,7 @@ Content-Type: 'application/json' register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 200' + no_log: '{{ threescale_cicd_nolog }}' - name: Wait for a couple seconds pause: diff --git a/tasks/api-calls/keycloak/wait_for_client.yml b/tasks/api-calls/keycloak/wait_for_client.yml index e6d764e..1c95203 100644 --- a/tasks/api-calls/keycloak/wait_for_client.yml +++ b/tasks/api-calls/keycloak/wait_for_client.yml @@ -12,6 +12,7 @@ retries: '{{ threescale_cicd_retries }}' delay: '{{ threescale_cicd_delay }}' until: 'threescale_cicd_tmpresponse is success and threescale_cicd_tmpresponse.json|length > 0' + no_log: '{{ threescale_cicd_nolog }}' - set_fact: threescale_cicd_default_application_sso_id: '{{ threescale_cicd_tmpresponse.json[0].id }}' diff --git a/tasks/api-calls/promote_proxy.yml b/tasks/api-calls/promote_proxy.yml index e3b0b8d..73ba44c 100644 --- a/tasks/api-calls/promote_proxy.yml +++ b/tasks/api-calls/promote_proxy.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_promote_proxy_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Promote to production uri: @@ -13,6 +14,7 @@ method: POST register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 201' + no_log: '{{ threescale_cicd_nolog }}' - name: Wait for a couple seconds pause: diff --git a/tasks/api-calls/update_activedoc.yml b/tasks/api-calls/update_activedoc.yml index 0cbfd17..e2bfb0f 100644 --- a/tasks/api-calls/update_activedoc.yml +++ b/tasks/api-calls/update_activedoc.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_update_activedoc_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Update the ActiveDocs uri: @@ -13,6 +14,7 @@ status_code: 200 register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 200' + no_log: '{{ threescale_cicd_nolog }}' - name: Wait for a couple seconds pause: diff --git a/tasks/api-calls/update_application.yml b/tasks/api-calls/update_application.yml index 8bd9901..b1bfe1a 100644 --- a/tasks/api-calls/update_application.yml +++ b/tasks/api-calls/update_application.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_update_application_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Update the application uri: @@ -12,6 +13,7 @@ body: '{{ threescale_cicd_update_application_payload }}' status_code: 200 register: threescale_cicd_tmpresponse + no_log: '{{ threescale_cicd_nolog }}' - set_fact: threescale_cicd_default_application_details: '{{ threescale_cicd_tmpresponse.json.application }}' diff --git a/tasks/api-calls/update_application_plan.yml b/tasks/api-calls/update_application_plan.yml index e6f8e81..3b80e7e 100644 --- a/tasks/api-calls/update_application_plan.yml +++ b/tasks/api-calls/update_application_plan.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_update_application_plan_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Update the application plan uri: @@ -13,6 +14,7 @@ status_code: 200 register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 200' + no_log: '{{ threescale_cicd_nolog }}' - name: Wait for a couple seconds pause: diff --git a/tasks/api-calls/update_mapping_rule.yml b/tasks/api-calls/update_mapping_rule.yml index 483d27e..f8ab30a 100644 --- a/tasks/api-calls/update_mapping_rule.yml +++ b/tasks/api-calls/update_mapping_rule.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_update_mapping_rule_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Update the mapping rule uri: @@ -15,6 +16,7 @@ changed_when: 'threescale_cicd_tmpresponse.status == 200' vars: threescale_cicd_mapping_rule_id: '{{ threescale_cicd_existing_mapping_rules[threescale_cicd_mapping_rule] }}' + no_log: '{{ threescale_cicd_nolog }}' - name: Wait for a couple seconds pause: diff --git a/tasks/api-calls/update_method.yml b/tasks/api-calls/update_method.yml index 5247b02..c37cca3 100644 --- a/tasks/api-calls/update_method.yml +++ b/tasks/api-calls/update_method.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_update_method_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Update the method uri: @@ -12,6 +13,7 @@ body: '{{ threescale_cicd_update_method_payload }}' register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 200' + no_log: '{{ threescale_cicd_nolog }}' - name: Wait for a couple seconds pause: diff --git a/tasks/api-calls/update_policies.yml b/tasks/api-calls/update_policies.yml index cc5fb76..d882e6a 100644 --- a/tasks/api-calls/update_policies.yml +++ b/tasks/api-calls/update_policies.yml @@ -7,6 +7,7 @@ - debug: var: threescale_cicd_update_policies_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Update the policies chain uri: @@ -17,6 +18,7 @@ status_code: 200 register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 200' + no_log: '{{ threescale_cicd_nolog }}' - name: Wait for a couple seconds pause: diff --git a/tasks/api-calls/update_proxy.yml b/tasks/api-calls/update_proxy.yml index a5a09bf..de24b2e 100644 --- a/tasks/api-calls/update_proxy.yml +++ b/tasks/api-calls/update_proxy.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_update_proxy_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Update the proxy definition uri: @@ -12,6 +13,7 @@ body: '{{ threescale_cicd_update_proxy_payload }}' register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 200' + no_log: '{{ threescale_cicd_nolog }}' - name: Extract the staging and production gateway endpoint from the proxy definition set_fact: diff --git a/tasks/api-calls/update_service.yml b/tasks/api-calls/update_service.yml index 98c6909..7355398 100644 --- a/tasks/api-calls/update_service.yml +++ b/tasks/api-calls/update_service.yml @@ -3,6 +3,7 @@ - debug: var: threescale_cicd_update_service_payload verbosity: 1 + no_log: '{{ threescale_cicd_nolog }}' - name: Update the service uri: @@ -13,6 +14,7 @@ status_code: 200 register: threescale_cicd_tmpresponse changed_when: 'threescale_cicd_tmpresponse.status == 200' + no_log: '{{ threescale_cicd_nolog }}' - name: Wait for a couple seconds pause: diff --git a/tests/setup/delete-travis-logs.yml b/tests/setup/delete-travis-logs.yml new file mode 100644 index 0000000..967308c --- /dev/null +++ b/tests/setup/delete-travis-logs.yml @@ -0,0 +1,56 @@ +--- + +- name: Delete the Travis logs of a build + hosts: localhost + gather_facts: no + vars: + ansible_connection: local + travis_repo: nmasse-itix/threescale-cicd + travis_api: https://api.travis-ci.org + tasks: + - assert: + that: + - travis_token is defined + msg: > + Please pass your Travis Token in the 'travis_token' extra var + + - assert: + that: + - travis_build is defined + msg: > + Please pass Travis build number in the 'travis_build' extra var + + - name: Find Build + uri: + url: '{{ travis_api }}/repos/{{ travis_repo }}/builds?number={{ travis_build }}' + headers: + Authorization: "token {{ travis_token }}" + register: find_build_response + changed_when: false + + - name: Get Build + uri: + url: '{{ travis_api }}/repos/{{ travis_repo }}/builds/{{ travis_build_id }}' + headers: + Authorization: "token {{ travis_token }}" + register: get_build_response + changed_when: false + vars: + travis_build_id: '{{ find_build_response.json|json_query(''[0].id'') }}' + + - name: Delete logs + uri: + url: '{{ travis_api }}/jobs/{{ item }}/log' + headers: + Authorization: "token {{ travis_token }}" + body_format: form-urlencoded + body: + reason: "Logs removed because it contains sensitive data" + method: PATCH + status_code: "200,409" + register: delete_logs_response + changed_when: delete_logs_response.status == 200 + with_items: '{{ travis_jobs }}' + vars: + travis_jobs: '{{ get_build_response.json|json_query(''@.matrix[].id'') }}' +