🌟 introduce proxy configuration (#31)

Signed-off-by: Patrick Münch <[email protected]>

README.md

@@ -61,9 +61,10 @@ This playbook demonstrates how to use the Mondoo Package role to install `cnquer
 In addition we support the following variables:
 
 | variable                      | description                                                               |
-| ----------------------------- | ------------------------------------------------------------------------- |
-| `force_registration: true`    | set to true if you want to re-register `cnquery` and `cnspec`            |
+|-------------------------------|---------------------------------------------------------------------------|
+| `force_registration: true`    | set to true if you want to re-register `cnquery` and `cnspec`             |
 | `ensure_managed_client: true` | ensures the configured clients are configured as managed Client in Mondoo |
+| `proxy_env['https_proxy']`    | set the proxy for the `cnspec` client                                     |
 
 ```yaml
 ---
@@ -77,7 +78,7 @@ In addition we support the following variables:
         ensure_managed_client: true
 ```
 
-If you want to use mondoo behind a proxy
+If you want to use cnspec behind a proxy
 
 ```yaml
 ---

tasks/linux_login.yml

@@ -25,8 +25,18 @@
     mode: '0644'
   when: force_registration
 
+- name: Store cnspec login command as string
+  ansible.builtin.set_fact:
+    login_cmd: "cnspec login --config /etc/opt/mondoo/mondoo.yml --token {{ registration_token }}"
+
+- name: Add api-proxy to cnspec login command
+  ansible.builtin.set_fact:
+    login_cmd: "{{ login_cmd + ' --api-proxy ' + proxy_env['https_proxy'] }}"
+  when: proxy_env['https_proxy'] is defined
+
 - name: Login cnquery and cnspec with Mondoo platform
-  ansible.builtin.command: cnspec login --config /etc/opt/mondoo/mondoo.yml --token {{ registration_token }}
+  ansible.builtin.command:
+    cmd: "{{ login_cmd }}"
   args:
     # only run the command if no config file exists (was not deleted in non-force mode)
     creates: /etc/opt/mondoo/mondoo.yml

tasks/windows.yml

@@ -49,8 +49,17 @@
     path: C:\ProgramData\Mondoo\mondoo.yml
   when: force_registration
 
+- name: Store cnspec login command as string
+  ansible.builtin.set_fact:
+    login_cmd: "cnspec.exe login --config C:\\ProgramData\\Mondoo\\mondoo.yml --token {{ registration_token }}"
+
+- name: Add api-proxy to cnspec login command
+  ansible.builtin.set_fact:
+    login_cmd: "{{ login_cmd + ' --api-proxy ' + proxy_env['https_proxy'] }}"
+  when: proxy_env['https_proxy'] is defined
+
 - name: Login cnquery and cnspec
-  ansible.windows.win_command: cnspec.exe login --config C:\\ProgramData\\Mondoo\\mondoo.yml --token {{ registration_token }}
+  ansible.windows.win_command: "{{ login_cmd }}"
   args:
     chdir: "C:\\Program Files\\Mondoo"
     # only run the command if no config file exists (was not deleted in non-force mode)

templates/cnspec.service.j2

@@ -3,12 +3,6 @@ Description=cnspec Service
 After=network-online.target
 
 [Service]
-{% if proxy_env['https_proxy'] is defined %}
-Environment='https_proxy={{ proxy_env['https_proxy'] }}'
-{% endif %}
-{% if https_proxy is defined %}
-Environment='https_proxy={{ https_proxy }}'
-{% endif %}
 Type=simple
 WorkingDirectory=/etc/opt/mondoo/
 ExecStart=/usr/bin/cnspec --config /etc/opt/mondoo/mondoo.yml serve

templates/mondoo.service.j2

@@ -3,12 +3,6 @@ Description=Mondoo Client Service
 After=network-online.target
 
 [Service]
-{% if proxy_env['https_proxy'] is defined %}
-Environment='https_proxy={{ proxy_env['https_proxy'] }}'
-{% endif %}
-{% if https_proxy is defined %}
-Environment='https_proxy={{ https_proxy }}'
-{% endif %}
 Type=simple
 WorkingDirectory=/opt/mondoo/bin/
 ExecStart=/opt/mondoo/bin/mondoo --config /etc/opt/mondoo/mondoo.yml serve