-
Notifications
You must be signed in to change notification settings - Fork 13
/
main.yml
170 lines (139 loc) · 9.32 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
---
# By default, the OpenAPI file is read as YAML
threescale_cicd_openapi_file_format: YAML
# Controls how much time to wait for smoke tests to be OK and OIDC client to
# appear in RH-SSO.
#
# Max time is threescale_cicd_delay x threescale_cicd_retries
threescale_cicd_delay: 10
threescale_cicd_retries: 50
# How much time to wait between each write call to the 3scale Admin API
threescale_cicd_throttling: 2
# The two 3scale standard environments are named "sandbox" and "production"
threescale_cicd_staging_environment_name: sandbox
threescale_cicd_production_environment_name: production
# The staging gateway has a "-staging" suffix...
threescale_cicd_default_staging_suffix: -staging
# ... while the production one does not.
threescale_cicd_default_production_suffix: ""
# APIcast instances are expected to be configured for TLS
threescale_cicd_default_apicast_scheme: https
# The OIDC scopes to use for smoke tests
threescale_cicd_openapi_smoketest_default_scope: openid
threescale_cicd_default_oauth_scopes:
openid: Any OpenID Connect token
# The application plans to create with each service
threescale_cicd_application_plans:
- system_name: ansible
default: false
state: hidden
name: Ansible Test Plan
# Controls when to log sensitive information. Can be set to false for
# production environments.
#
# By default, log sensitive information only when Ansible is called with
# A verbosity level of at least one "-v".
threescale_cicd_nolog: '{{ ansible_verbosity|default(0) == 0 }}'
# A folder where to download dependencies, when required
threescale_cicd_local_bin_path: '{{ playbook_dir }}/bin'
# Enable the OpenAPI Specification validation
threescale_cicd_validate_openapi: yes
##
## APIcast policies
##
# CORS
threescale_cicd_apicast_policies_cors: no
##
## Policies computation
##
## what we want
threescale_cicd_wanted_policies: '{{ lookup(''template'', ''wanted_policies.j2'') }}'
## what we have
threescale_cicd_existing_policies: '{{ lookup(''template'', ''existing_policies.j2'') }}'
# update the items that we want and we have
threescale_cicd_policies_to_update: '{{ threescale_cicd_wanted_policies|union(threescale_cicd_existing_policies) }}'
# APIcast public base URLs
threescale_cicd_apicast_sandbox_endpoint: '{{ lookup(''template'', ''openapi/apicast_sandbox_endpoint.j2'') }}'
threescale_cicd_apicast_production_endpoint: '{{ lookup(''template'', ''openapi/apicast_production_endpoint.j2'') }}'
# SSO Issuer Endpoint
threescale_cicd_sso_issuer_endpoint: '{{ lookup(''template'', ''openapi/sso_issuer_endpoint.j2'') }}'
##
## Default Application (used for Smoke Tests)
##
threescale_cicd_default_application_name: 'Ansible smoke-tests default application'
threescale_cicd_default_application_description: 'This app is used to run smoke tests during the deployment phase. It will be automatically recreated if you delete it.'
# The application plan to pick for the default application (the one used for
# smoke tests)
threescale_cicd_default_application_plan: '{{ (threescale_cicd_application_plans|first).system_name }}'
# Compute the default application's appid. By default, we are using a combination
# of app, api and environment data, hashed toghether to produce a stable id.
threescale_cicd_default_application_appid: '{{ (threescale_cicd_default_application_name ~ threescale_cicd_api_system_name ~ threescale_cicd_access_token)|hash(''sha1'') }}'
threescale_cicd_default_application_appsecret: '{{ (''secret'' ~ threescale_cicd_default_application_name ~ threescale_cicd_api_system_name ~ threescale_cicd_access_token)|hash(''sha1'') }}'
##
## Create test application whether or not smoke tests are enabled
##
threescale_cicd_create_default_application: no
# The OpenAPI Operation to use for the smoketest
threescale_cicd_openapi_smoketest_operation: '{{ threescale_cicd_openapi_file_content|json_query(''paths.*.get[? "x-threescale-smoketests-operation" ].operationId'')|first|default("")|regex_replace(''[^0-9a-zA-Z_]+'', ''_'') }}'
##
## OpenAPI Specification File parsing
##
threescale_cicd_api_basepath: '{{ threescale_cicd_openapi_file_content.basePath|default("") }}'
threescale_cicd_api_base_system_name: '{{ lookup(''template'', ''openapi/generate_base_system_name.j2'') }}'
threescale_cicd_api_system_name: '{{ lookup(''template'', ''openapi/generate_final_system_name.j2'') }}'
threescale_cicd_private_base_url: '{{ lookup(''template'', ''openapi/private_base_url.j2'') }}'
# Credentials are expected to be passed in HTTP headers unless stated otherwise
# and only for API Keys
threescale_cicd_api_credentials_location: '{{ ''headers'' if threescale_cicd_api_security_scheme.in|default(''header'') == ''header'' or threescale_cicd_api_security_scheme.type == ''oauth2'' else ''query'' }}'
# The OpenAPI file to be pushed to 3scale as an ActiveDocs
threescale_cicd_openapi_rewritten: '{{ lookup(''template'', ''rewritten_openapi.j2'') }}'
# Compute the Keycloak Realm endpoint from the threescale_cicd_sso_issuer_endpoint
threescale_cicd_sso_realm_endpoint: '{{ (threescale_cicd_sso_issuer_endpoint|urlsplit(''scheme'')) ~ ''://'' ~ (threescale_cicd_sso_issuer_endpoint|urlsplit(''hostname'')) ~ (threescale_cicd_sso_issuer_endpoint|urlsplit(''path'')) }}'
# Compute the Keycloak REST Admin Endpoint from the threescale_cicd_sso_realm_endpoint
threescale_cicd_sso_admin_endpoint: '{{ threescale_cicd_sso_realm_endpoint|replace(''/auth/realms/'', ''/auth/admin/realms/'') }}'
##
## OpenAPI Specification File parsing
##
threescale_cicd_openapi_file_content: '{{ lookup(''file'', threescale_cicd_openapi_file)|from_json if threescale_cicd_openapi_file_format|upper == ''JSON'' else lookup(''file'', threescale_cicd_openapi_file)|from_yaml }}'
threescale_cicd_openapi_file_version: '{{ threescale_cicd_openapi_file_content.swagger }}'
threescale_cicd_api_default_name: '{{ threescale_cicd_openapi_file_content.info.title|default("API") }}'
threescale_cicd_api_name: '{{ lookup(''template'', ''openapi/service_name.j2'') }}'
threescale_cicd_api_description: '{{ threescale_cicd_openapi_file_content.info.description|default("") }}'
threescale_cicd_api_version: '{{ threescale_cicd_openapi_file_content.info.version|default("0.0.1") }}'
threescale_cicd_api_version_components: '{{ threescale_cicd_api_version.split(".") }}'
threescale_cicd_api_version_major: '{{ threescale_cicd_api_version_components|first }}'
threescale_cicd_api_security_requirements: '{{ threescale_cicd_openapi_file_content.security|default([]) }}'
threescale_cicd_api_security_definitions: '{{ threescale_cicd_openapi_file_content.securityDefinitions|default({}) }}'
threescale_cicd_api_security_scheme_name: '{{ (threescale_cicd_api_security_requirements|first|default(''{ "none": {} }'')).keys()|list|first }}'
threescale_cicd_api_security_scheme: '{{ threescale_cicd_api_security_definitions[threescale_cicd_api_security_scheme_name] if threescale_cicd_api_security_scheme_name in threescale_cicd_api_security_definitions else {} }}'
##
## Mapping Rules computation
##
# what we want
threescale_cicd_wanted_mapping_rules: '{{ lookup(''template'', ''wanted_mapping_rules.j2'') }}'
# what we have
threescale_cicd_existing_mapping_rules: '{{ lookup(''template'', ''existing_mapping_rules.j2'') }}'
##
## 3scale API Payload definition
##
threescale_cicd_update_proxy_payload: '{{ lookup(''template'', ''api-calls/update_proxy.j2'') }}'
threescale_cicd_update_service_payload: '{{ lookup(''template'', ''api-calls/update_service.j2'') }}'
threescale_cicd_create_service_payload: '{{ lookup(''template'', ''api-calls/create_service.j2'') }}'
threescale_cicd_update_method_payload: '{{ lookup(''template'', ''api-calls/update_method.j2'') }}'
threescale_cicd_create_method_payload: '{{ lookup(''template'', ''api-calls/create_method.j2'') }}'
threescale_cicd_update_mapping_rule_payload: '{{ lookup(''template'', ''api-calls/update_mapping_rule.j2'') }}'
threescale_cicd_create_mapping_rule_payload: '{{ lookup(''template'', ''api-calls/create_mapping_rule.j2'') }}'
threescale_cicd_update_policies_payload: '{{ lookup(''template'', ''api-calls/update_policies.j2'') }}'
threescale_cicd_update_application_plan_payload: '{{ lookup(''template'', ''api-calls/update_application_plan.j2'') }}'
threescale_cicd_create_application_plan_payload: '{{ lookup(''template'', ''api-calls/create_application_plan.j2'') }}'
threescale_cicd_find_application_payload: '{{ lookup(''template'', ''api-calls/find_application.j2'') }}'
threescale_cicd_update_application_payload: '{{ lookup(''template'', ''api-calls/update_application.j2'') }}'
threescale_cicd_create_application_payload: '{{ lookup(''template'', ''api-calls/create_application.j2'') }}'
threescale_cicd_authenticate_to_keycloak_payload: '{{ lookup(''template'', ''api-calls/keycloak/authenticate.j2'') }}'
threescale_cicd_patch_keycloak_client_payload: '{{ lookup(''template'', ''api-calls/keycloak/patch_client.j2'') }}'
threescale_cicd_smoke_test_headers: '{{ lookup(''template'', ''api-calls/smoke-test/headers.j2'') }}'
threescale_cicd_smoke_test_url: '{{ lookup(''template'', ''api-calls/smoke-test/url.j2'') }}'
threescale_cicd_promote_proxy_payload: '{{ lookup(''template'', ''api-calls/promote_proxy.j2'') }}'
threescale_cicd_update_activedoc_payload: '{{ lookup(''template'', ''api-calls/update_activedoc.j2'') }}'
threescale_cicd_create_activedoc_payload: '{{ lookup(''template'', ''api-calls/create_activedoc.j2'') }}'
threescale_cicd_update_oidc_configuration_payload: '{{ lookup(''template'', ''api-calls/update_oidc_configuration.j2'') }}'