From 549dbd568f8ea942694046bca45f5d8d74274386 Mon Sep 17 00:00:00 2001
From: Aaron Guise <aaron@guise.net.nz>
Date: Wed, 11 Oct 2023 12:48:46 +1300
Subject: [PATCH] Support fixed mirror

---
 defaults/main.yml                        |  3 +++
 molecule/default/prepare.yml             |  6 +++--
 molecule/fixed-mirror/INSTALL.rst        | 22 +++++++++++++++++++
 molecule/fixed-mirror/converge.yml       | 18 +++++++++++++++
 molecule/fixed-mirror/molecule.yml       | 17 ++++++++++++++
 molecule/fixed-mirror/prepare.yml        | 24 ++++++++++++++++++++
 molecule/fixed-mirror/verify.yml         | 28 ++++++++++++++++++++++++
 tasks/duo-repo.yml                       |  4 ++--
 templates/etc.yum.repos.d.duosecurity.j2 | 10 +++++++++
 9 files changed, 128 insertions(+), 4 deletions(-)
 create mode 100644 molecule/fixed-mirror/INSTALL.rst
 create mode 100644 molecule/fixed-mirror/converge.yml
 create mode 100644 molecule/fixed-mirror/molecule.yml
 create mode 100644 molecule/fixed-mirror/prepare.yml
 create mode 100644 molecule/fixed-mirror/verify.yml
 create mode 100644 templates/etc.yum.repos.d.duosecurity.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index 0cc3471..c80fef7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -12,3 +12,6 @@ auth_duo_settings:
     value: someskey
   - key: host
     value: somehost
+
+auth_duo_specify_mirror: false
+auth_duo_mirror_url: ~
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
index 56e8d22..041c640 100644
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@@ -2,9 +2,11 @@
 - name: Prepare
   hosts: all
   tasks:
-    - name: Ensure openssh installed
+    - name: Ensure Pre-Requisites are installed
       yum:
-        name: openssh-server, openssh-clients, sshpass
+        name: >
+          openssh-server, openssh-clients, 
+          sshpass, passwd
         state: installed
 
     - name: Ensure sshd is running
diff --git a/molecule/fixed-mirror/INSTALL.rst b/molecule/fixed-mirror/INSTALL.rst
new file mode 100644
index 0000000..6a44bde
--- /dev/null
+++ b/molecule/fixed-mirror/INSTALL.rst
@@ -0,0 +1,22 @@
+*******
+Docker driver installation guide
+*******
+
+Requirements
+============
+
+* Docker Engine
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule[docker]'
diff --git a/molecule/fixed-mirror/converge.yml b/molecule/fixed-mirror/converge.yml
new file mode 100644
index 0000000..30f9ffe
--- /dev/null
+++ b/molecule/fixed-mirror/converge.yml
@@ -0,0 +1,18 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: "Include role under test"
+      include_role:
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+      vars:
+        auth_duo_settings:
+          - key: ikey
+            value: "{{ lookup('env', 'AUTH_DUO_IKEY') }}"
+          - key: skey
+            value: "{{ lookup('env', 'AUTH_DUO_SKEY') }}" 
+          - key: host
+            value: "{{ lookup('env', 'AUTH_DUO_HOST') }}"
+        auth_duo_specify_mirror: true
+        auth_duo_mirror_url: https://yum-proxy.ultrafastfibre.co.nz/duo
+
diff --git a/molecule/fixed-mirror/molecule.yml b/molecule/fixed-mirror/molecule.yml
new file mode 100644
index 0000000..161d0ea
--- /dev/null
+++ b/molecule/fixed-mirror/molecule.yml
@@ -0,0 +1,17 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: ${MOLECULE_DISTRO:-almalinux8}-role-auth-duo
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    image: "cybercinch/docker-${MOLECULE_DISTRO:-almalinux8}-ansible:latest"
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
diff --git a/molecule/fixed-mirror/prepare.yml b/molecule/fixed-mirror/prepare.yml
new file mode 100644
index 0000000..041c640
--- /dev/null
+++ b/molecule/fixed-mirror/prepare.yml
@@ -0,0 +1,24 @@
+---
+- name: Prepare
+  hosts: all
+  tasks:
+    - name: Ensure Pre-Requisites are installed
+      yum:
+        name: >
+          openssh-server, openssh-clients, 
+          sshpass, passwd
+        state: installed
+
+    - name: Ensure sshd is running
+      service:
+        name: sshd
+        state: started
+        enabled: true
+        
+    - name: Ensure nologin files are absent
+      file: 
+        path: "{{ item }}"
+        state: absent
+      with_items: 
+        - /etc/nologin
+        - /var/run/nologin
diff --git a/molecule/fixed-mirror/verify.yml b/molecule/fixed-mirror/verify.yml
new file mode 100644
index 0000000..17d3baf
--- /dev/null
+++ b/molecule/fixed-mirror/verify.yml
@@ -0,0 +1,28 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  pre_tasks: 
+    - name: Create test user
+      shell: 
+        cmd: adduser "auth_duo_test" && echo "password" | passwd "auth_duo_test" --stdin
+  tasks:
+  - name: Try and Login as test user
+    shell: |
+      /usr/bin/sshpass -v -p password \
+      /usr/bin/ssh -tt -o "UserKnownHostsFile=/dev/null" \
+      -o "StrictHostKeyChecking=no" \
+      auth_duo_test@localhost > /tmp/sshtest 2>&1 | tee /tmp/sshtest
+    async: 20
+    poll: 10
+    ignore_errors: true
+  
+  - name: Retrieve SSH login info from file
+    slurp:
+      src: /tmp/sshtest
+    register: slurpfile
+
+  - name: Did duo prompt show?
+    assert:
+      that: "'Duo two-factor login for' in slurpfile['content'] | b64decode"
diff --git a/tasks/duo-repo.yml b/tasks/duo-repo.yml
index 0f07398..625f1e3 100644
--- a/tasks/duo-repo.yml
+++ b/tasks/duo-repo.yml
@@ -5,7 +5,7 @@
     state: present
 
 - name: Ensure duo repository is present
-  copy:
-    src: etc.yum.repos.d.duosecurity
+  template:
+    src: etc.yum.repos.d.duosecurity.j2
     dest: /etc/yum.repos.d/duosecurity.repo
     
\ No newline at end of file
diff --git a/templates/etc.yum.repos.d.duosecurity.j2 b/templates/etc.yum.repos.d.duosecurity.j2
new file mode 100644
index 0000000..80bac18
--- /dev/null
+++ b/templates/etc.yum.repos.d.duosecurity.j2
@@ -0,0 +1,10 @@
+## Managed by Ansible ##
+[duosecurity]
+name=Duo Security Repository
+{% if auth_duo_specify_mirror is sameas true %}
+baseurl={{ auth_duo_mirror_url }}/RedHat/{{ ansible_distribution_major_version }}Server/$basearch
+{% else %}
+baseurl=https://pkg.duosecurity.com/RedHat/{{ ansible_distribution_major_version }}Server/$basearch
+{% endif %}
+enabled=1
+gpgcheck=1
\ No newline at end of file