ansible-lint

ansible-lint update

Author: baszoetekouw

.ansible-lint

@@ -0,0 +1,3 @@
+---
+profile: "production"
+offline: false

environments/template/group_vars/template.yml

@@ -28,7 +28,6 @@ relp_remote:
 
 php_display_errors: 1
 
-attribute_aggregation_gui_version: "3.0.6"
 attribute_aggregation_server_version: "3.0.6"
 oidc_playground_client_version: "3.0.0"
 oidc_playground_server_version: "3.0.0"

provision.yml

@@ -115,7 +115,7 @@
     - { role: teams,      tags: ["teams"] }
     - { role: pdp,        tags: ["pdp"] }
     - { role: voot,       tags: ["voot"] }
-    - { role: attribute-aggregation, tags: ["aa", "attribute-aggregation"] }
+    - { role: attribute_aggregation, tags: ["aa", "attribute-aggregation"] }
     - { role: oidc-playground, tags: ["oidc-playground"] }
     - { role: myconext,    tags: ["myconext"] }
     - { role: manage,    tags: ["manage"] }

roles/attribute-aggregation/templates/apachelink.conf.j2

@@ -1,4 +1,4 @@
-- name: restart attribute-aggregationserver
+- name: "Restart attribute-aggregationserver"
   community.docker.docker_container:
     name: aaserver
     state: started

…/attribute-aggregation/defaults/main.yml …/attribute_aggregation/defaults/main.ymlroles/attribute-aggregation/defaults/main.yml renamed to roles/attribute_aggregation/defaults/main.yml roles/attribute-aggregation/defaults/main.yml renamed to roles/attribute_aggregation/defaults/main.yml

@@ -37,17 +37,17 @@
 - name: Add the MariaDB docker network to the list of networks when MariaDB runs in Docker
   ansible.builtin.set_fact:
     aa_docker_networks:
-      - name: loadbalancer
-      - name: openconext_mariadb
-  when: mariadb_in_docker | default(false) | bool
+      - name: "loadbalancer"
+      - name: "openconext_mariadb"
+  when: "mariadb_in_docker | default(false) | bool"
 
 - name: Create and start the server container
   community.docker.docker_container:
-    name: aaserver
-    image: ghcr.io/openconext/openconext-attribute-aggregation/aa-server:{{ attribute_aggregation_server_version }}
+    name: "aaserver"
+    image: "ghcr.io/openconext/openconext-attribute-aggregation/aa-server:{{ attribute_aggregation_server_version }}"
     pull: true
     restart_policy: "always"
-    state: started
+    state: "started"
     networks: "{{ aa_docker_networks }}"
     mounts:
       - source: "/opt/openconext/attribute-aggregation/serverapplication.yml"
@@ -68,7 +68,7 @@
         type: "bind"
     command: "-Xmx128m --spring.config.location=./"
     etc_hosts:
-      host.docker.internal: host-gateway
+      host.docker.internal: "host-gateway"
     labels:
       traefik.http.routers.aaserver.rule: "Host(`aa.{{ base_domain }}`)"
       traefik.http.routers.aaserver.tls: "true"
@@ -83,20 +83,20 @@
           "--spider",
           "http://localhost:8080/internal/health",
         ]
-      interval: 10s
-      timeout: 10s
+      interval: "10s"
+      timeout: "10s"
       retries: 3
       start_period: "10s"
   notify: "Restart attribute-aggregationserver"
   register: "aa_servercontainer"
 
 - name: Create the gui link container
   community.docker.docker_container:
-    name: aalink
-    image: ghcr.io/openconext/openconext-basecontainers/apache2-shibboleth:latest
+    name: "aalink"
+    image: "ghcr.io/openconext/openconext-basecontainers/apache2-shibboleth:latest"
     pull: true
     restart_policy: "always"
-    state: started
+    state: "started"
     networks: "{{ aa_docker_networks }}"
     mounts:
       - source: "/opt/openconext/attribute-aggregation/apachelink.conf"
@@ -112,18 +112,18 @@
         read_only: true
         type: "bind"
     etc_hosts:
-      host.docker.internal: host-gateway
+      host.docker.internal: "host-gateway"
     labels:
       traefik.http.routers.aalink.rule: "Host(`link.{{ base_domain }}`)"
       traefik.http.routers.aalink.tls: "true"
       traefik.enable: "true"
     healthcheck:
       test: ["CMD", "curl", "--fail", "http://localhost/internal/health"]
-      interval: 10s
-      timeout: 10s
+      interval: "10s"
+      timeout: "10s"
       retries: 3
-      start_period: 10s
-    hostname: attribute-link
+      start_period: "10s"
+    hostname: "attribute-link"
     env:
       HTTPD_CSP: "{{ httpd_csp.lenient_with_static_img }}"
       HTTPD_SERVERNAME: "link.{{ base_domain }}"

…/attribute-aggregation/handlers/main.yml …/attribute_aggregation/handlers/main.ymlroles/attribute-aggregation/handlers/main.yml renamed to roles/attribute_aggregation/handlers/main.yml roles/attribute-aggregation/handlers/main.yml renamed to roles/attribute_aggregation/handlers/main.yml

@@ -11,14 +11,29 @@ RewriteRule (.*) /index.html [L]
 Redirect /orcid https://link.{{ base_domain }}/aa/api/client/information.html
 ProxyPass /Shibboleth.sso !
 
-ProxyPass /redirect http://aaserver:8080/redirect
+ProxyPass /redirect http://aaserver:8080/aa/api/redirect
 ProxyPass /internal/health http://aaserver:8080/internal/health
 ProxyPass /internal/info http://aaserver:8080/internal/info
 
-ProxyPass /aa/api http://aaserver:8080
-ProxyPassReverse /aa/api http://aaserver:8080
-ProxyPassReverse /aa/api/client http://aaserver:8080/client
+ProxyPass /aa/api http://aaserver:8080/aa/api
+ProxyPassReverse /aa/api http://aaserver:8080/aa/api
+ProxyPassReverse /aa/api/client http://aaserver:8080/aa/api/client
 
 Header always set X-Frame-Options "DENY"
 Header always set Referrer-Policy "strict-origin-when-cross-origin"
 Header always set X-Content-Type-Options "nosniff"
+
+<Location />
+  AuthType shibboleth
+  ShibUseHeaders On
+  ShibRequireSession On
+  Require valid-user
+</Location>
+
+<Location ~ "/internal/(health|info)">
+  Require all granted
+</Location>
+
+<Location ~ "/aa/api/internal/">
+  Require all denied
+</Location>