├── ci ├── build.sh ├── postbuild.sh ├── prebuild.sh ├── ansible-role-contrast.jenkins └── ansible-role-contrast-branches.jenkins ├── vars └── main.yml ├── handlers └── main.yml ├── test.yml ├── defaults └── main.yml ├── Vagrantfile ├── tasks └── main.yml ├── README.md ├── LICENSE └── meta └── main.yml /ci/build.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ci/postbuild.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ci/prebuild.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ci/ansible-role-contrast.jenkins: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ci/ansible-role-contrast-branches.jenkins: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ansible-role-contrast/ 3 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for ansible-role-contrast/ 3 | -------------------------------------------------------------------------------- /test.yml: -------------------------------------------------------------------------------- 1 | - hosts: all 2 | sudo: True 3 | vars_files: 4 | - 'defaults/main.yml' 5 | tasks: 6 | - include: 'tasks/main.yml' 7 | handlers: 8 | - include: 'handlers/main.yml' 9 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for ansible-role-contrast/ 3 | contrast_api_key: apikey 4 | contrast_service_key: servicekey 5 | contrast_username: email@awesome.com 6 | contrast_teamserver_url: https://app.contrastsecurity.com 7 | contrast_teamserver_organization: blarg-foo-random-things 8 | contrast_agent_type: java?jvm=1_6 9 | contrast_agent_path_group: vagrant 10 | contrast_agent_path_owner: vagrant 11 | contrast_agent_path: "/opt" 12 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure('2') do |config| 5 | config.vm.define 'ansible-role-contrast' do |c| 6 | c.vm.box = 'ubuntu/trusty64' 7 | c.vm.hostname = 'ansible-role-contrast' 8 | c.vm.provision 'ansible' do |ansible| 9 | ansible.playbook = 'test.yml' 10 | ansible.verbose = 'v' 11 | #ansible.extra_vars = 'test_vars.yml' 12 | #ansible.inventory_path = 'vagrant-inventory' 13 | ansible.host_key_checking = false 14 | end 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create directory for contrast agent 3 | file: path={{ contrast_agent_path }}/contrast state=directory owner={{ contrast_agent_path_owner }} group={{ contrast_agent_path_group }} 4 | sudo: True 5 | 6 | - name: Create Authorization 7 | set_fact: 8 | contrast_authorization_key: "{{ contrast_username }}:{{ contrast_service_key }}" 9 | 10 | - name: Download Agent from TeamServer 11 | get_url: 12 | url: "{{ contrast_teamserver_url }}/Contrast/api/ng/{{ contrast_teamserver_organization }}/agents/default/{{ contrast_agent_type }}" 13 | dest: "{{ contrast_agent_path }}/contrast/contrast.jar" 14 | headers: 'Accept:application/json,API-Key:{{ contrast_api_key }},Authorization:{{ contrast_authorization_key | b64encode }}' 15 | sudo: True 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ansible-role-contrast 2 | ========= 3 | 4 | An ansible role to download an agent from Contrast Security TeamServer. 5 | 6 | Requirements 7 | ------------ 8 | 9 | The instance running this role will need network access to the Contrast TeamServer 10 | 11 | Role Variables 12 | -------------- 13 | 14 | ``` 15 | contrast_api_key: apikey 16 | contrast_service_key: servicekey 17 | contrast_username: email@awesome.com 18 | contrast_teamserver_url: https://app.contrastsecurity.com 19 | contrast_teamserver_organization: blarg-foo-random-things 20 | contrast_agent_type: java?jvm=1_6 21 | contrast_agent_path_group: vagrant 22 | contrast_agent_path_owner: vagrant 23 | contrast_agent_path: "/opt" 24 | ``` 25 | 26 | Dependencies 27 | ------------ 28 | 29 | You will need credentials and network access to a Contrast Security TeamServer to download the agent. 30 | 31 | Example Playbook 32 | ---------------- 33 | 34 | - hosts: servers 35 | roles: 36 | - { role: contrast } 37 | 38 | License 39 | ------- 40 | 41 | BSD 42 | 43 | Author Information 44 | ------------------ 45 | 46 | David Hafley 47 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Contrast Security OSS 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: your name 4 | description: 5 | company: your company (optional) 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | # Some suggested licenses: 10 | # - BSD (default) 11 | # - MIT 12 | # - GPLv2 13 | # - GPLv3 14 | # - Apache 15 | # - CC-BY 16 | license: license (GPLv2, CC-BY, etc) 17 | min_ansible_version: 1.2 18 | # 19 | # Below are all platforms currently available. Just uncomment 20 | # the ones that apply to your role. If you don't see your 21 | # platform on this list, let us know and we'll get it added! 22 | # 23 | #platforms: 24 | #- name: EL 25 | # versions: 26 | # - all 27 | # - 5 28 | # - 6 29 | # - 7 30 | #- name: GenericUNIX 31 | # versions: 32 | # - all 33 | # - any 34 | #- name: Fedora 35 | # versions: 36 | # - all 37 | # - 16 38 | # - 17 39 | # - 18 40 | # - 19 41 | # - 20 42 | # - 21 43 | # - 22 44 | #- name: SmartOS 45 | # versions: 46 | # - all 47 | # - any 48 | #- name: opensuse 49 | # versions: 50 | # - all 51 | # - 12.1 52 | # - 12.2 53 | # - 12.3 54 | # - 13.1 55 | # - 13.2 56 | #- name: Amazon 57 | # versions: 58 | # - all 59 | # - 2013.03 60 | # - 2013.09 61 | #- name: GenericBSD 62 | # versions: 63 | # - all 64 | # - any 65 | #- name: FreeBSD 66 | # versions: 67 | # - all 68 | # - 8.0 69 | # - 8.1 70 | # - 8.2 71 | # - 8.3 72 | # - 8.4 73 | # - 9.0 74 | # - 9.1 75 | # - 9.1 76 | # - 9.2 77 | #- name: Ubuntu 78 | # versions: 79 | # - all 80 | # - lucid 81 | # - maverick 82 | # - natty 83 | # - oneiric 84 | # - precise 85 | # - quantal 86 | # - raring 87 | # - saucy 88 | # - trusty 89 | # - utopic 90 | # - vivid 91 | #- name: SLES 92 | # versions: 93 | # - all 94 | # - 10SP3 95 | # - 10SP4 96 | # - 11 97 | # - 11SP1 98 | # - 11SP2 99 | # - 11SP3 100 | #- name: GenericLinux 101 | # versions: 102 | # - all 103 | # - any 104 | #- name: Debian 105 | # versions: 106 | # - all 107 | # - etch 108 | # - jessie 109 | # - lenny 110 | # - squeeze 111 | # - wheezy 112 | # 113 | # Below are all categories currently available. Just as with 114 | # the platforms above, uncomment those that apply to your role. 115 | # 116 | #categories: 117 | #- cloud 118 | #- cloud:ec2 119 | #- cloud:gce 120 | #- cloud:rax 121 | #- clustering 122 | #- database 123 | #- database:nosql 124 | #- database:sql 125 | #- development 126 | #- monitoring 127 | #- networking 128 | #- packaging 129 | #- system 130 | #- web 131 | dependencies: [] 132 | # List your role dependencies here, one per line. 133 | # Be sure to remove the '[]' above if you add dependencies 134 | # to this list. 135 | 136 | --------------------------------------------------------------------------------