From a0bc20bb08292f0d532f52378b8af4f585c94427 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 14:00:52 -0400 Subject: [PATCH 01/34] Add Go hooks to support go code for our projects --- .pre-commit-config.yaml | 56 +++++++++++++++++++++++++++++++++-------- 1 file changed, 45 insertions(+), 11 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0dabeb6..65c676b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -31,17 +31,17 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.33.0 + rev: v0.34.0 hooks: - id: markdownlint args: - --config=.mdl_config.yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.0-alpha.6 + rev: v3.0.0-alpha.9-for-vscode hooks: - id: prettier - repo: https://github.com/adrienverge/yamllint - rev: v1.30.0 + rev: v1.31.0 hooks: - id: yamllint args: @@ -49,17 +49,51 @@ repos: # GitHub Actions hooks - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.22.0 + rev: 0.23.0 hooks: - id: check-github-actions - id: check-github-workflows # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v3.2.1 + rev: v3.3.1 hooks: - id: validate_manifest + # Go hooks + - repo: https://github.com/TekWizely/pre-commit-golang + rev: v1.0.0-rc.1 + hooks: + # Style Checkers + - id: go-lint + - id: go-critic + # Go Build + - id: go-build-mod + - id: go-build-pkg + - id: go-build-repo-mod + - id: go-build-repo-pkg + + # Go Mod Tidy + - id: go-mod-tidy + - id: go-mod-tidy-repo + + # Go Test + - id: go-test-mod + - id: go-test-pkg + - id: go-test-repo-mod + - id: go-test-repo-pkg + + # Go Vet + - id: go-vet + - id: go-vet-mod + - id: go-vet-pkg + - id: go-vet-repo-mod + - id: go-vet-repo-pkg + # GoSec + - id: go-sec-mod + - id: go-sec-pkg + - id: go-sec-repo-mod + - id: go-sec-repo-pkg # Shell script hooks - repo: https://github.com/cisagov/pre-commit-shfmt rev: v0.0.2 @@ -88,7 +122,7 @@ repos: args: - --config=.bandit.yml - repo: https://github.com/psf/black - rev: 23.1.0 + rev: 23.3.0 hooks: - id: black - repo: https://github.com/PyCQA/flake8 @@ -102,31 +136,31 @@ repos: hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.1.1 + rev: v1.2.0 hooks: - id: mypy - repo: https://github.com/asottile/pyupgrade - rev: v3.3.1 + rev: v3.3.2 hooks: - id: pyupgrade # Ansible hooks - repo: https://github.com/ansible-community/ansible-lint - rev: v5.4.0 + rev: v6.15.0 hooks: - id: ansible-lint # files: molecule/default/playbook.yml # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.77.1 + rev: v1.78.0 hooks: - id: terraform_fmt - id: terraform_validate # Docker hooks - repo: https://github.com/IamTheFij/docker-pre-commit - rev: v2.1.1 + rev: v3.0.1 hooks: - id: docker-compose-check From 3628e5fa20d334723ca4733a873110b52b07b406 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 14:08:25 -0400 Subject: [PATCH 02/34] Add Staticcheck --- .pre-commit-config.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 65c676b..b04a130 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -67,6 +67,11 @@ repos: # Style Checkers - id: go-lint - id: go-critic + # StaticCheck + - id: go-staticcheck-mod + - id: go-staticcheck-pkg + - id: go-staticcheck-repo-mod + - id: go-staticcheck-repo-pkg # Go Build - id: go-build-mod - id: go-build-pkg From 668724f0a5fc2742a5fd9ce7de16753664876d02 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:07:08 -0400 Subject: [PATCH 03/34] Fix indentation Co-authored-by: Shane Frasier --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b04a130..10d005e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -64,7 +64,7 @@ repos: - repo: https://github.com/TekWizely/pre-commit-golang rev: v1.0.0-rc.1 hooks: - # Style Checkers + # Style Checkers - id: go-lint - id: go-critic # StaticCheck From 3d422b8493f09867ce17b2254ba25678a9759d03 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:07:17 -0400 Subject: [PATCH 04/34] Fix indentation Co-authored-by: Shane Frasier --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 10d005e..20e57fa 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -67,7 +67,7 @@ repos: # Style Checkers - id: go-lint - id: go-critic - # StaticCheck + # StaticCheck - id: go-staticcheck-mod - id: go-staticcheck-pkg - id: go-staticcheck-repo-mod From 5571f4756c1499d29da617b6f53afe8bfaebcf8d Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:07:25 -0400 Subject: [PATCH 05/34] Fix indentation Co-authored-by: Shane Frasier --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 20e57fa..9d698a8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -72,7 +72,7 @@ repos: - id: go-staticcheck-pkg - id: go-staticcheck-repo-mod - id: go-staticcheck-repo-pkg - # Go Build + # Go Build - id: go-build-mod - id: go-build-pkg - id: go-build-repo-mod From 4fd9501f753e1789261307b9e3829dd19dd3d42f Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:07:44 -0400 Subject: [PATCH 06/34] Fix formatting Co-authored-by: Shane Frasier --- .pre-commit-config.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9d698a8..4946d17 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -77,7 +77,6 @@ repos: - id: go-build-pkg - id: go-build-repo-mod - id: go-build-repo-pkg - # Go Mod Tidy - id: go-mod-tidy - id: go-mod-tidy-repo From 412101aff6363f06a9155fa21679637d5d5ca7dd Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:08:16 -0400 Subject: [PATCH 07/34] Fix formatting Co-authored-by: Shane Frasier --- .pre-commit-config.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4946d17..837d28b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -86,7 +86,6 @@ repos: - id: go-test-pkg - id: go-test-repo-mod - id: go-test-repo-pkg - # Go Vet - id: go-vet - id: go-vet-mod From a346fb5a789040104624eb0b193460463a8d811a Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:10:19 -0400 Subject: [PATCH 08/34] Fix formatting Co-authored-by: Shane Frasier --- .pre-commit-config.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 837d28b..9ac7fd1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -80,7 +80,6 @@ repos: # Go Mod Tidy - id: go-mod-tidy - id: go-mod-tidy-repo - # Go Test - id: go-test-mod - id: go-test-pkg From c47038b51d4b537b9bd64b0299c1b99ca0b6e455 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:19:50 -0400 Subject: [PATCH 09/34] Revert updated versions for existing hooks --- .pre-commit-config.yaml | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9ac7fd1..d14f75a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -31,17 +31,17 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.34.0 + rev: v0.33.0 hooks: - id: markdownlint args: - --config=.mdl_config.yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.0-alpha.9-for-vscode + rev: v3.0.0-alpha.6 hooks: - id: prettier - repo: https://github.com/adrienverge/yamllint - rev: v1.31.0 + rev: v1.30.0 hooks: - id: yamllint args: @@ -49,14 +49,14 @@ repos: # GitHub Actions hooks - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.23.0 + rev: 0.22.0 hooks: - id: check-github-actions - id: check-github-workflows # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v3.3.1 + rev: v3.2.1 hooks: - id: validate_manifest @@ -96,6 +96,7 @@ repos: - id: go-sec-pkg - id: go-sec-repo-mod - id: go-sec-repo-pkg + # Shell script hooks - repo: https://github.com/cisagov/pre-commit-shfmt rev: v0.0.2 @@ -124,7 +125,7 @@ repos: args: - --config=.bandit.yml - repo: https://github.com/psf/black - rev: 23.3.0 + rev: 23.1.0 hooks: - id: black - repo: https://github.com/PyCQA/flake8 @@ -138,31 +139,31 @@ repos: hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.2.0 + rev: v1.1.1 hooks: - id: mypy - repo: https://github.com/asottile/pyupgrade - rev: v3.3.2 + rev: v3.3.1 hooks: - id: pyupgrade # Ansible hooks - repo: https://github.com/ansible-community/ansible-lint - rev: v6.15.0 + rev: v5.4.0 hooks: - id: ansible-lint # files: molecule/default/playbook.yml # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.78.0 + rev: v1.77.1 hooks: - id: terraform_fmt - id: terraform_validate # Docker hooks - repo: https://github.com/IamTheFij/docker-pre-commit - rev: v3.0.1 + rev: v2.1.1 hooks: - id: docker-compose-check @@ -171,4 +172,4 @@ repos: rev: v0.0.2 hooks: - id: packer_validate - - id: packer_fmt + - id: packer_fmt \ No newline at end of file From eb52678f773e6f05857b6880b34b9f8afdb71dc5 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 16:30:11 -0400 Subject: [PATCH 10/34] Fix formatting --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d14f75a..6e8143b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -172,4 +172,4 @@ repos: rev: v0.0.2 hooks: - id: packer_validate - - id: packer_fmt \ No newline at end of file + - id: packer_fmt From f8179f1aa31be65b2c363fd86badd6bf7883a033 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Fri, 5 May 2023 17:16:19 -0400 Subject: [PATCH 11/34] Remove extra hook ids --- .pre-commit-config.yaml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6e8143b..0810309 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -69,33 +69,16 @@ repos: - id: go-critic # StaticCheck - id: go-staticcheck-mod - - id: go-staticcheck-pkg - - id: go-staticcheck-repo-mod - - id: go-staticcheck-repo-pkg # Go Build - id: go-build-mod - - id: go-build-pkg - - id: go-build-repo-mod - - id: go-build-repo-pkg # Go Mod Tidy - id: go-mod-tidy - - id: go-mod-tidy-repo # Go Test - id: go-test-mod - - id: go-test-pkg - - id: go-test-repo-mod - - id: go-test-repo-pkg # Go Vet - id: go-vet - - id: go-vet-mod - - id: go-vet-pkg - - id: go-vet-repo-mod - - id: go-vet-repo-pkg # GoSec - id: go-sec-mod - - id: go-sec-pkg - - id: go-sec-repo-mod - - id: go-sec-repo-pkg # Shell script hooks - repo: https://github.com/cisagov/pre-commit-shfmt From 42820e2e7d1fb492be77faa313de934f1c472cd2 Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Mon, 8 May 2023 09:41:46 -0400 Subject: [PATCH 12/34] Replace hooks with repo based option when available --- .pre-commit-config.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0810309..3a798f0 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -68,17 +68,17 @@ repos: - id: go-lint - id: go-critic # StaticCheck - - id: go-staticcheck-mod + - id: go-staticcheck-repo-mod # Go Build - - id: go-build-mod + - id: go-build-repo-mod # Go Mod Tidy - - id: go-mod-tidy + - id: go-mod-tidy-repo # Go Test - - id: go-test-mod + - id: go-test-repo-mod # Go Vet - - id: go-vet + - id: go-vet-repo-mod # GoSec - - id: go-sec-mod + - id: go-sec-repo-mod # Shell script hooks - repo: https://github.com/cisagov/pre-commit-shfmt From 7f372e63ac7875b3fb8d25dd094f7b9183e6e42e Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 7 Jun 2023 11:11:13 -0400 Subject: [PATCH 13/34] Remove the go-lint hook from the pre-commit configuration The golang/lint tool was archived on May 9th, 2021 and based on golang/go#38968 no future work is planned. Coupled with the fact that it is not available from brew we are removing this hook as local development may be hindered by trying to satisfy running this hook. Co-authored-by: Shane Frasier Co-authored-by: dav3r --- .pre-commit-config.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3a798f0..4f826b1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -65,7 +65,6 @@ repos: rev: v1.0.0-rc.1 hooks: # Style Checkers - - id: go-lint - id: go-critic # StaticCheck - id: go-staticcheck-repo-mod From b8231113bac671a5d9f026fc519e9d3088eda935 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 31 May 2023 12:45:10 -0400 Subject: [PATCH 14/34] Update pre-commit hook versions This is done automatically with the `pre-commit autoupdate` command. --- .pre-commit-config.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0dabeb6..724b3e6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -31,17 +31,17 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.33.0 + rev: v0.34.0 hooks: - id: markdownlint args: - --config=.mdl_config.yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.0-alpha.6 + rev: v3.0.0-alpha.9-for-vscode hooks: - id: prettier - repo: https://github.com/adrienverge/yamllint - rev: v1.30.0 + rev: v1.32.0 hooks: - id: yamllint args: @@ -49,14 +49,14 @@ repos: # GitHub Actions hooks - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.22.0 + rev: 0.23.1 hooks: - id: check-github-actions - id: check-github-workflows # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v3.2.1 + rev: v3.3.2 hooks: - id: validate_manifest @@ -88,7 +88,7 @@ repos: args: - --config=.bandit.yml - repo: https://github.com/psf/black - rev: 23.1.0 + rev: 23.3.0 hooks: - id: black - repo: https://github.com/PyCQA/flake8 @@ -102,31 +102,31 @@ repos: hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.1.1 + rev: v1.3.0 hooks: - id: mypy - repo: https://github.com/asottile/pyupgrade - rev: v3.3.1 + rev: v3.4.0 hooks: - id: pyupgrade # Ansible hooks - repo: https://github.com/ansible-community/ansible-lint - rev: v5.4.0 + rev: v6.17.0 hooks: - id: ansible-lint # files: molecule/default/playbook.yml # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.77.1 + rev: v1.80.0 hooks: - id: terraform_fmt - id: terraform_validate # Docker hooks - repo: https://github.com/IamTheFij/docker-pre-commit - rev: v2.1.1 + rev: v3.0.1 hooks: - id: docker-compose-check From b770fc687a7a954d5e0cc12ae264fcda62a3355a Mon Sep 17 00:00:00 2001 From: Jason Odoom Date: Wed, 31 May 2023 12:29:10 -0400 Subject: [PATCH 15/34] Add apostrophe to Qapla --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index f526cdb..436d163 100755 --- a/setup-env +++ b/setup-env @@ -186,5 +186,5 @@ else: END_OF_LINE )" -# Qapla +# Qapla' echo "Success!" From 24a0008be136a946c2d742542ddb78dceb128073 Mon Sep 17 00:00:00 2001 From: arcsector <26469747+arcsector@users.noreply.github.com> Date: Wed, 17 May 2023 16:01:54 -0700 Subject: [PATCH 16/34] detecting virtualenv installation successfully --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index 436d163..129102f 100755 --- a/setup-env +++ b/setup-env @@ -65,7 +65,7 @@ done eval set -- "$PARAMS" # Check to see if pyenv is installed -if [ -z "$(command -v pyenv)" ] || [ -z "$(command -v pyenv-virtualenv)" ]; then +if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ] ; }; then echo "pyenv and pyenv-virtualenv are required." if [[ "$OSTYPE" == "darwin"* ]]; then cat << 'END_OF_LINE' From f01965a1e56c2a6743eec95e9daa724037e7699d Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Fri, 19 May 2023 11:46:28 -0400 Subject: [PATCH 17/34] Whitespace change to make shfmt linter happy --- setup-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup-env b/setup-env index 129102f..77926bf 100755 --- a/setup-env +++ b/setup-env @@ -65,7 +65,7 @@ done eval set -- "$PARAMS" # Check to see if pyenv is installed -if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ] ; }; then +if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ]; }; then echo "pyenv and pyenv-virtualenv are required." if [[ "$OSTYPE" == "darwin"* ]]; then cat << 'END_OF_LINE' From 43d588fe56c9522535bc341a4664569be798c6c4 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Tue, 25 Apr 2023 09:17:14 -0400 Subject: [PATCH 18/34] Fix two broken links Resolves cisagov/skeleton-generic#131. --- .ansible-lint | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 0e80b05..4ffc0ef 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,10 +1,9 @@ --- -# See https://ansible-lint.readthedocs.io/en/latest/configuring.html -# for a list of the configuration elements that can exist in this -# file. +# See https://ansible-lint.readthedocs.io/configuring/ for a list of +# the configuration elements that can exist in this file. enable_list: # Useful checks that one must opt-into. See here for more details: - # https://ansible-lint.readthedocs.io/en/latest/rules.html + # https://ansible-lint.readthedocs.io/rules/ - fcqn-builtins - no-log-password - no-same-owner From e0982552895542bd267696744548aeba18fee2d5 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 31 May 2023 13:39:14 -0400 Subject: [PATCH 19/34] Disable caching for the setup-go Action The cache key used relies on the existence of a go.sum file. Since we have no expectation for Go source code, including that file, and since we already include the Go cache in our job caching, we can safely disable caching in the Action. --- .github/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bdd8c98..4351bd2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -29,6 +29,9 @@ jobs: - id: setup-go uses: actions/setup-go@v4 with: + # There is no expectation for actual Go code so we disable caching as + # it relies on the existence of a go.sum file. + cache: false go-version: "1.19" - name: Lookup Go cache directory id: go-cache From edf133832040ef12c407b0772c40f18f64076eb8 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 31 May 2023 13:41:03 -0400 Subject: [PATCH 20/34] Bump Go from 1.19 to 1.20 Bump the version of Go used in our GitHub Actions configuration to the latest stable Go release. --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4351bd2..c992e8e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,7 +32,7 @@ jobs: # There is no expectation for actual Go code so we disable caching as # it relies on the existence of a go.sum file. cache: false - go-version: "1.19" + go-version: "1.20" - name: Lookup Go cache directory id: go-cache run: | From f64356dfe5b31c8989c8ef1703a0e73edcc80b29 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Fri, 9 Jun 2023 15:10:45 -0400 Subject: [PATCH 21/34] Use the FQCN for `become_method` plugins Use the fully-qualified collection name when declaring the plugin that will be used with the `become_method` argument. --- src/aws.yml | 2 +- src/base.yml | 2 +- src/example.yml | 2 +- src/python.yml | 2 +- src/upgrade.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/aws.yml b/src/aws.yml index 49f433a..70c10c0 100644 --- a/src/aws.yml +++ b/src/aws.yml @@ -2,7 +2,7 @@ - hosts: all name: AWS-specific roles become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Install Amazon EFS utilities ansible.builtin.include_role: diff --git a/src/base.yml b/src/base.yml index e6d5386..560796c 100644 --- a/src/base.yml +++ b/src/base.yml @@ -2,7 +2,7 @@ - hosts: all name: Setup base image become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Install and configure automated security updates ansible.builtin.include_role: diff --git a/src/example.yml b/src/example.yml index 38e9e14..d1ddfa6 100644 --- a/src/example.yml +++ b/src/example.yml @@ -2,7 +2,7 @@ - hosts: all name: Project-specific roles become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: # The cisagov/ansible-role-example Ansible role is just a no-op, # but we include it here as an example/placeholder. diff --git a/src/python.yml b/src/python.yml index a1980ae..c98ef2a 100644 --- a/src/python.yml +++ b/src/python.yml @@ -2,7 +2,7 @@ - hosts: all name: Install pip3/python3 and remove pip2/python2 become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: # If pip were to be installed first, then the OS _could_ pull # different Python packages than what would be installed via the diff --git a/src/upgrade.yml b/src/upgrade.yml index 744c01e..417992f 100644 --- a/src/upgrade.yml +++ b/src/upgrade.yml @@ -2,7 +2,7 @@ - hosts: all name: Upgrade base image become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Upgrade all packages ansible.builtin.include_role: From 388442c8263c3196b8a1493a5b358104945a8db3 Mon Sep 17 00:00:00 2001 From: Jeremy Morrow Date: Wed, 5 Jul 2023 13:39:37 -0400 Subject: [PATCH 22/34] Reorder task directives to name/vars/block --- src/cobalt_strike.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/cobalt_strike.yml b/src/cobalt_strike.yml index e5b763c..c981d31 100644 --- a/src/cobalt_strike.yml +++ b/src/cobalt_strike.yml @@ -28,6 +28,12 @@ name: - python3-boto3 - name: Install some Cobalt Strike addons + vars: + # Group ownership for the Cobalt Strike addons + # + # Note that this means that the vnc.yml playbook _must_ run + # before this one, so that the wheel group has been created. + group: wheel block: # This tool requires a JRE, but we have already installed one # above @@ -80,9 +86,3 @@ install_dir: /tools/SourcePoint unarchive_extra_opts: - --strip-components=1 - vars: - # Group ownership for the Cobalt Strike addons - # - # Note that this means that the vnc.yml playbook _must_ run - # before this one, so that the wheel group has been created. - group: wheel From a49a6bd67880ad4251bf088ce28904221babf2ca Mon Sep 17 00:00:00 2001 From: Jeremy Morrow Date: Wed, 5 Jul 2023 13:51:44 -0400 Subject: [PATCH 23/34] Use FQCN for ansible.builtin modules --- src/cloud_init.yml | 2 +- src/cobalt_strike.yml | 2 +- src/ufw.yml | 2 +- src/vnc.yml | 2 +- src/xfce.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/cloud_init.yml b/src/cloud_init.yml index d3aa2f5..462be5b 100644 --- a/src/cloud_init.yml +++ b/src/cloud_init.yml @@ -5,7 +5,7 @@ - hosts: all name: Enable all cloud-init services become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Enable all cloud-init services ansible.builtin.service: diff --git a/src/cobalt_strike.yml b/src/cobalt_strike.yml index c981d31..0c2def3 100644 --- a/src/cobalt_strike.yml +++ b/src/cobalt_strike.yml @@ -2,7 +2,7 @@ - hosts: all name: Install Cobalt Strike become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Install OpenJDK ansible.builtin.include_role: diff --git a/src/ufw.yml b/src/ufw.yml index 0b9baa7..9bf70b5 100644 --- a/src/ufw.yml +++ b/src/ufw.yml @@ -2,7 +2,7 @@ - hosts: all name: Install and configure UFW become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Install UFW ansible.builtin.include_role: diff --git a/src/vnc.yml b/src/vnc.yml index 03f2b6c..94ee76b 100644 --- a/src/vnc.yml +++ b/src/vnc.yml @@ -2,7 +2,7 @@ - hosts: all name: Install VNC and configure VNC user become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Install VNC ansible.builtin.include_role: diff --git a/src/xfce.yml b/src/xfce.yml index c00a240..4bf7fcb 100644 --- a/src/xfce.yml +++ b/src/xfce.yml @@ -2,7 +2,7 @@ - hosts: all name: Install Xfce become: yes - become_method: sudo + become_method: ansible.builtin.sudo tasks: - name: Install Xfce for the COOL ansible.builtin.include_role: From b267fc120805ca10b56801b65ef24bfce27cd509 Mon Sep 17 00:00:00 2001 From: Jeremy Morrow Date: Wed, 5 Jul 2023 13:56:53 -0400 Subject: [PATCH 24/34] Update variable names to match role convention --- src/aws.yml | 2 +- src/cobalt_strike.yml | 40 ++++++++++++++++++++-------------------- src/vnc.yml | 20 ++++++++++---------- src/xfce.yml | 2 +- 4 files changed, 32 insertions(+), 32 deletions(-) diff --git a/src/aws.yml b/src/aws.yml index a355e38..6cdcde5 100644 --- a/src/aws.yml +++ b/src/aws.yml @@ -11,7 +11,7 @@ # Note that we use the same GID for the efs_users group on all # instances. This helps us avoid UID/GID collisions with # files written to the EFS share. - efs_users_gid: 2048 + amazon_efs_utils_efs_users_gid: 2048 - name: Install Amazon SSM Agent ansible.builtin.include_role: name: amazon_ssm_agent diff --git a/src/cobalt_strike.yml b/src/cobalt_strike.yml index 0c2def3..64c82a6 100644 --- a/src/cobalt_strike.yml +++ b/src/cobalt_strike.yml @@ -11,7 +11,7 @@ ansible.builtin.include_role: name: cobalt_strike vars: - bucket_name: "{{ build_bucket }}" + cobalt_strike_bucket_name: "{{ build_bucket }}" - name: Install ServerSetup script ansible.builtin.include_role: name: server_setup @@ -41,48 +41,48 @@ ansible.builtin.include_role: name: assessment_tool vars: - archive_src: "https://github.com/FortyNorthSecurity/C2concealer/\ + assessment_tool_archive_src: "https://github.com/FortyNorthSecurity/C2concealer/\ tarball/master" - install_dir: /tools/C2concealer - pip_extra_args: "--editable" - pip_packages: + assessment_tool_install_dir: /tools/C2concealer + assessment_tool_pip_extra_args: "--editable" + assessment_tool_pip_packages: - . - unarchive_extra_opts: + assessment_tool_unarchive_extra_opts: - --strip-components=1 - name: Install CobaltStrike-Toolkit ansible.builtin.include_role: name: assessment_tool vars: - archive_src: "https://github.com/killswitch-GUI/\ + assessment_tool_archive_src: "https://github.com/killswitch-GUI/\ CobaltStrike-Toolkit/tarball/master" - install_dir: /tools/CobaltStrike-Toolkit - powershell: yes - unarchive_extra_opts: + assessment_tool_install_dir: /tools/CobaltStrike-Toolkit + assessment_tool_powershell: yes + assessment_tool_unarchive_extra_opts: - --strip-components=1 - name: Install Malleable-C2-Profiles ansible.builtin.include_role: name: assessment_tool vars: - archive_src: "https://github.com/rsmudge/Malleable-C2-Profiles/\ + assessment_tool_archive_src: "https://github.com/rsmudge/Malleable-C2-Profiles/\ tarball/master" - install_dir: /tools/Malleable-C2-Profiles - unarchive_extra_opts: + assessment_tool_install_dir: /tools/Malleable-C2-Profiles + assessment_tool_unarchive_extra_opts: - --strip-components=1 - name: Install Malleable-C2-Randomizer ansible.builtin.include_role: name: assessment_tool vars: - archive_src: "https://github.com/bluscreenofjeff/\ + assessment_tool_archive_src: "https://github.com/bluscreenofjeff/\ Malleable-C2-Randomizer/tarball/master" - install_dir: /tools/Malleable-C2-Randomizer - unarchive_extra_opts: + assessment_tool_install_dir: /tools/Malleable-C2-Randomizer + assessment_tool_unarchive_extra_opts: - --strip-components=1 - name: Install SourcePoint ansible.builtin.include_role: name: assessment_tool vars: - archive_src: https://github.com/Tylous/SourcePoint/tarball/main - go: yes - install_dir: /tools/SourcePoint - unarchive_extra_opts: + assessment_tool_archive_src: https://github.com/Tylous/SourcePoint/tarball/main + assessment_tool_go: yes + assessment_tool_install_dir: /tools/SourcePoint + assessment_tool_unarchive_extra_opts: - --strip-components=1 diff --git a/src/vnc.yml b/src/vnc.yml index 94ee76b..f5f6878 100644 --- a/src/vnc.yml +++ b/src/vnc.yml @@ -9,10 +9,10 @@ name: vnc vars: # The user information and ssh keys for the VNC user - password: "{{ lookup('aws_ssm', '/vnc/password') }}" - private_ssh_key: "{{ lookup('aws_ssm', '/vnc/ssh/ed25519_private_key') }}" - public_ssh_key: "{{ lookup('aws_ssm', '/vnc/ssh/ed25519_public_key') }}" - user_groups: + vnc_password: "{{ lookup('aws_ssm', '/vnc/password') }}" + vnc_private_ssh_key: "{{ lookup('aws_ssm', '/vnc/ssh/ed25519_private_key') }}" + vnc_public_ssh_key: "{{ lookup('aws_ssm', '/vnc/ssh/ed25519_public_key') }}" + vnc_user_groups: # Note that this means that the aws.yml playbook _must_ run # before this one, so that the efs_users group has been # created. @@ -20,7 +20,7 @@ # Note that we use the same UID for the VNC and Samba guest # users on all instances. This helps us avoid UID/GID # collisions with files written to the EFS share. - user_uid: 2048 + vnc_user_uid: 2048 - name: Add VNC user to wheel group block: - name: Ensure wheel group exists @@ -37,21 +37,21 @@ append: yes groups: - wheel - name: "{{ username }}" + name: "{{ vnc_username }}" # These environment variables were asked for in # cisagov/cool-system#212 - name: Add PCA-specific environment variables ansible.builtin.lineinfile: create: yes - group: "{{ username }}" + group: "{{ vnc_username }}" line: "{{ item }}" mode: 0644 - owner: "{{ username }}" - path: /home/{{ username }}/.bashrc + owner: "{{ vnc_username }}" + path: /home/{{ vnc_username }}/.bashrc loop: - export EFS_SHARE=/share - export PCA_OPS_PATH=${EFS_SHARE}/PCA - export PCA_DEV_PATH=${EFS_SHARE}/private vars: # The username for the VNC user - username: "{{ lookup('aws_ssm', '/vnc/username') }}" + vnc_username: "{{ lookup('aws_ssm', '/vnc/username') }}" diff --git a/src/xfce.yml b/src/xfce.yml index 4bf7fcb..fdcbe98 100644 --- a/src/xfce.yml +++ b/src/xfce.yml @@ -10,5 +10,5 @@ vars: # The users for whom a symlink to the COOL file share should # be created - usernames: + xfce_cool_usernames: - "{{ lookup('aws_ssm', '/vnc/username') }}" From 00e3709b61177571743ddaa34f3f736c1cfc3e4d Mon Sep 17 00:00:00 2001 From: Jeremy Morrow Date: Wed, 5 Jul 2023 14:01:35 -0400 Subject: [PATCH 25/34] Move location of line split due to increased variable name length --- src/cobalt_strike.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/cobalt_strike.yml b/src/cobalt_strike.yml index 64c82a6..39c9e6b 100644 --- a/src/cobalt_strike.yml +++ b/src/cobalt_strike.yml @@ -41,8 +41,8 @@ ansible.builtin.include_role: name: assessment_tool vars: - assessment_tool_archive_src: "https://github.com/FortyNorthSecurity/C2concealer/\ - tarball/master" + assessment_tool_archive_src: "https://github.com/FortyNorthSecurity/\ + C2concealer/tarball/master" assessment_tool_install_dir: /tools/C2concealer assessment_tool_pip_extra_args: "--editable" assessment_tool_pip_packages: @@ -63,8 +63,8 @@ ansible.builtin.include_role: name: assessment_tool vars: - assessment_tool_archive_src: "https://github.com/rsmudge/Malleable-C2-Profiles/\ - tarball/master" + assessment_tool_archive_src: "https://github.com/rsmudge/ + Malleable-C2-Profiles/tarball/master" assessment_tool_install_dir: /tools/Malleable-C2-Profiles assessment_tool_unarchive_extra_opts: - --strip-components=1 From 4a5928fc5c3984fda830aeed6d3a08de90622a6d Mon Sep 17 00:00:00 2001 From: Jeremy Morrow Date: Wed, 5 Jul 2023 14:02:51 -0400 Subject: [PATCH 26/34] Bump version from 0.3.6 to 0.3.7 --- src/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.txt b/src/version.txt index d7b30e1..8879c6c 100644 --- a/src/version.txt +++ b/src/version.txt @@ -1 +1 @@ -__version__ = "0.3.6" +__version__ = "0.3.7" From 7df8a44ecec0719f6315c90c4d50751166bc8f1f Mon Sep 17 00:00:00 2001 From: Jeremy Morrow Date: Wed, 5 Jul 2023 14:03:06 -0400 Subject: [PATCH 27/34] Bump version from 0.3.7 to 0.3.7-rc.1 --- src/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.txt b/src/version.txt index 8879c6c..16d8fc0 100644 --- a/src/version.txt +++ b/src/version.txt @@ -1 +1 @@ -__version__ = "0.3.7" +__version__ = "0.3.7-rc.1" From e5f3e5be473fb6bb7d72c05df81f4b56987df288 Mon Sep 17 00:00:00 2001 From: Jeremy Morrow Date: Wed, 5 Jul 2023 14:13:27 -0400 Subject: [PATCH 28/34] Add collection to requirements file --- src/requirements.yml | 87 +++++++++++++++++++++++--------------------- 1 file changed, 45 insertions(+), 42 deletions(-) diff --git a/src/requirements.yml b/src/requirements.yml index 15bd36b..41da810 100644 --- a/src/requirements.yml +++ b/src/requirements.yml @@ -1,43 +1,46 @@ --- -- name: amazon_efs_utils - src: https://github.com/cisagov/ansible-role-amazon-efs-utils -- name: amazon_ssm_agent - src: https://github.com/cisagov/ansible-role-amazon-ssm-agent -- name: assessment_tool - src: https://github.com/cisagov/ansible-role-assessment-tool -- name: automated_security_updates - src: https://github.com/cisagov/ansible-role-automated-security-updates -- name: banner - src: https://github.com/cisagov/ansible-role-banner -- name: chrony_aws - src: https://github.com/cisagov/ansible-role-chrony-aws -- name: clamav - src: https://github.com/cisagov/ansible-role-clamav -- name: cloudwatch_agent - src: https://github.com/cisagov/ansible-role-cloudwatch-agent -- name: cobalt_strike - src: https://github.com/cisagov/ansible-role-cobalt-strike -- name: htop - src: https://github.com/cisagov/ansible-role-htop -- name: nvme - src: https://github.com/cisagov/ansible-role-nvme -- name: openjdk - src: https://github.com/cisagov/ansible-role-openjdk -- name: persist_journald - src: https://github.com/cisagov/ansible-role-persist-journald -- name: pip - src: https://github.com/cisagov/ansible-role-pip -- name: python - src: https://github.com/cisagov/ansible-role-python -- name: remove_python2 - src: https://github.com/cisagov/ansible-role-remove-python2 -- name: server_setup - src: https://github.com/cisagov/ansible-role-server-setup -- name: ufw - src: https://github.com/cisagov/ansible-role-ufw -- name: upgrade - src: https://github.com/cisagov/ansible-role-upgrade -- name: vnc - src: https://github.com/cisagov/ansible-role-vnc-server -- name: xfce_cool - src: https://github.com/cisagov/ansible-role-xfce-cool +collections: + - community.general +roles: + - name: amazon_efs_utils + src: https://github.com/cisagov/ansible-role-amazon-efs-utils + - name: amazon_ssm_agent + src: https://github.com/cisagov/ansible-role-amazon-ssm-agent + - name: assessment_tool + src: https://github.com/cisagov/ansible-role-assessment-tool + - name: automated_security_updates + src: https://github.com/cisagov/ansible-role-automated-security-updates + - name: banner + src: https://github.com/cisagov/ansible-role-banner + - name: chrony_aws + src: https://github.com/cisagov/ansible-role-chrony-aws + - name: clamav + src: https://github.com/cisagov/ansible-role-clamav + - name: cloudwatch_agent + src: https://github.com/cisagov/ansible-role-cloudwatch-agent + - name: cobalt_strike + src: https://github.com/cisagov/ansible-role-cobalt-strike + - name: htop + src: https://github.com/cisagov/ansible-role-htop + - name: nvme + src: https://github.com/cisagov/ansible-role-nvme + - name: openjdk + src: https://github.com/cisagov/ansible-role-openjdk + - name: persist_journald + src: https://github.com/cisagov/ansible-role-persist-journald + - name: pip + src: https://github.com/cisagov/ansible-role-pip + - name: python + src: https://github.com/cisagov/ansible-role-python + - name: remove_python2 + src: https://github.com/cisagov/ansible-role-remove-python2 + - name: server_setup + src: https://github.com/cisagov/ansible-role-server-setup + - name: ufw + src: https://github.com/cisagov/ansible-role-ufw + - name: upgrade + src: https://github.com/cisagov/ansible-role-upgrade + - name: vnc + src: https://github.com/cisagov/ansible-role-vnc-server + - name: xfce_cool + src: https://github.com/cisagov/ansible-role-xfce-cool From c977bed86372a1e08617478d50991128ff1c280e Mon Sep 17 00:00:00 2001 From: Jeremy Morrow Date: Wed, 5 Jul 2023 14:13:49 -0400 Subject: [PATCH 29/34] Bump version from 0.3.7-rc.1 to 0.3.7-rc.2 --- src/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.txt b/src/version.txt index 16d8fc0..41eda4f 100644 --- a/src/version.txt +++ b/src/version.txt @@ -1 +1 @@ -__version__ = "0.3.7-rc.1" +__version__ = "0.3.7-rc.2" From f2da66ca9babad046ed1a327049c6075e00aed31 Mon Sep 17 00:00:00 2001 From: Jeremy Morrow Date: Wed, 5 Jul 2023 14:40:52 -0400 Subject: [PATCH 30/34] Restore deleted line continuation character --- src/cobalt_strike.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cobalt_strike.yml b/src/cobalt_strike.yml index 39c9e6b..06c24c3 100644 --- a/src/cobalt_strike.yml +++ b/src/cobalt_strike.yml @@ -63,7 +63,7 @@ ansible.builtin.include_role: name: assessment_tool vars: - assessment_tool_archive_src: "https://github.com/rsmudge/ + assessment_tool_archive_src: "https://github.com/rsmudge/\ Malleable-C2-Profiles/tarball/master" assessment_tool_install_dir: /tools/Malleable-C2-Profiles assessment_tool_unarchive_extra_opts: From 70d8a719bdddce08ccf2ec7a38b3b1c983a54eeb Mon Sep 17 00:00:00 2001 From: Jeremy Morrow Date: Wed, 5 Jul 2023 14:41:30 -0400 Subject: [PATCH 31/34] Bump version from 0.3.7-rc.2 to 0.3.7-rc.3 --- src/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.txt b/src/version.txt index 41eda4f..3145a06 100644 --- a/src/version.txt +++ b/src/version.txt @@ -1 +1 @@ -__version__ = "0.3.7-rc.2" +__version__ = "0.3.7-rc.3" From 8b8e215fcdc8e2936158a33aa2e7c6c3208df8a9 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Thu, 6 Jul 2023 15:23:25 -0400 Subject: [PATCH 32/34] Use correct role name for cisagov/ansible-role-vnc-server Also prepend role variables with the correct role name. --- src/requirements.yml | 2 +- src/vnc.yml | 24 +++++++++++++----------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/src/requirements.yml b/src/requirements.yml index 41da810..4267fd0 100644 --- a/src/requirements.yml +++ b/src/requirements.yml @@ -40,7 +40,7 @@ roles: src: https://github.com/cisagov/ansible-role-ufw - name: upgrade src: https://github.com/cisagov/ansible-role-upgrade - - name: vnc + - name: vnc_server src: https://github.com/cisagov/ansible-role-vnc-server - name: xfce_cool src: https://github.com/cisagov/ansible-role-xfce-cool diff --git a/src/vnc.yml b/src/vnc.yml index f5f6878..8622657 100644 --- a/src/vnc.yml +++ b/src/vnc.yml @@ -6,13 +6,15 @@ tasks: - name: Install VNC ansible.builtin.include_role: - name: vnc + name: vnc_server vars: # The user information and ssh keys for the VNC user - vnc_password: "{{ lookup('aws_ssm', '/vnc/password') }}" - vnc_private_ssh_key: "{{ lookup('aws_ssm', '/vnc/ssh/ed25519_private_key') }}" - vnc_public_ssh_key: "{{ lookup('aws_ssm', '/vnc/ssh/ed25519_public_key') }}" - vnc_user_groups: + vnc_server_password: "{{ lookup('aws_ssm', '/vnc/password') }}" + vnc_server_private_ssh_key: |- + {{ lookup('aws_ssm', '/vnc/ssh/ed25519_private_key') }} + vnc_server_public_ssh_key: |- + {{ lookup('aws_ssm', '/vnc/ssh/ed25519_public_key') }} + vnc_server_user_groups: # Note that this means that the aws.yml playbook _must_ run # before this one, so that the efs_users group has been # created. @@ -20,7 +22,7 @@ # Note that we use the same UID for the VNC and Samba guest # users on all instances. This helps us avoid UID/GID # collisions with files written to the EFS share. - vnc_user_uid: 2048 + vnc_server_user_uid: 2048 - name: Add VNC user to wheel group block: - name: Ensure wheel group exists @@ -37,21 +39,21 @@ append: yes groups: - wheel - name: "{{ vnc_username }}" + name: "{{ vnc_server_username }}" # These environment variables were asked for in # cisagov/cool-system#212 - name: Add PCA-specific environment variables ansible.builtin.lineinfile: create: yes - group: "{{ vnc_username }}" + group: "{{ vnc_server_username }}" line: "{{ item }}" mode: 0644 - owner: "{{ vnc_username }}" - path: /home/{{ vnc_username }}/.bashrc + owner: "{{ vnc_server_username }}" + path: /home/{{ vnc_server_username }}/.bashrc loop: - export EFS_SHARE=/share - export PCA_OPS_PATH=${EFS_SHARE}/PCA - export PCA_DEV_PATH=${EFS_SHARE}/private vars: # The username for the VNC user - vnc_username: "{{ lookup('aws_ssm', '/vnc/username') }}" + vnc_server_username: "{{ lookup('aws_ssm', '/vnc/username') }}" From a6e1e8a87fd9ef668c976e97533e7c9faf561411 Mon Sep 17 00:00:00 2001 From: Jeremy Frasier Date: Thu, 6 Jul 2023 15:23:54 -0400 Subject: [PATCH 33/34] Bump version from 0.3.7-rc.3 to 0.3.7-rc.4 --- src/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.txt b/src/version.txt index 3145a06..e2a3ed5 100644 --- a/src/version.txt +++ b/src/version.txt @@ -1 +1 @@ -__version__ = "0.3.7-rc.3" +__version__ = "0.3.7-rc.4" From 38c77654c2ee548d59b5471bfdee6be8c66d94f7 Mon Sep 17 00:00:00 2001 From: Jeremy Morrow Date: Mon, 10 Jul 2023 10:41:47 -0400 Subject: [PATCH 34/34] Finalize version from 0.3.7-rc.4 to 0.3.7 --- src/version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.txt b/src/version.txt index e2a3ed5..8879c6c 100644 --- a/src/version.txt +++ b/src/version.txt @@ -1 +1 @@ -__version__ = "0.3.7-rc.4" +__version__ = "0.3.7"