Merge pull request #38 from CoffeeITWorks/develop

Develop
CoffeeITWorks · Aug 6, 2023 · f99dac6 · f99dac6
2 parents 4f3927a + 6407c8e
commit f99dac6
Show file tree

Hide file tree

Showing 19 changed files with 28 additions and 200 deletions.
diff --git a/.github/workflows/molecule-test.yml b/.github/workflows/molecule-test.yml
@@ -19,8 +19,9 @@ jobs:
       matrix:
         # Better to use one scenario per OS for faster performance and easier debugging
         scenario:
-            - ubuntu-2204
-            - rocky9
+           # - ubuntu-2204
+           # - rocky9
+           - local-stable
     steps:
 
       - name: Checkout
@@ -32,14 +33,22 @@ jobs:
         uses: actions/setup-python@v2
         with:
           python-version: '3.x'
-      
+
       - name: Install dependencies.
         run: |
           python3 -m pip install --upgrade pip
-          python3 -m pip install yamllint ansible-lint ansible "molecule[lint,docker]"
+          python3 -m pip install yamllint ansible-lint ansible molecule molecule-plugins[podman] podman
+
+      # https://www.linkedin.com/pulse/how-run-rootless-podman-service-github-actions-%D0%B4%D0%BC%D0%B8%D1%82%D1%80%D0%B8%D0%B9-%D0%BC%D0%B8%D1%88%D0%B0%D1%80%D0%BE%D0%B2
+      - name: Prepare the environment for podman
+        run: |
+          loginctl enable-linger $(whoami)
+          export XDG_RUNTIME_DIR=/run/user/$UID
+          podman system service --time=0 unix://${XDG_RUNTIME_DIR}/podman/podman.sock &
       
       - name: Install Galaxy dependencies.
-        run: ansible-galaxy collection install community.docker
+        run: | 
+          ansible-galaxy collection install community.docker
       
       - name: check molecule version
         run: molecule --version

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -10,7 +10,7 @@ burpui_use_dev: False # False to use pip version with burpui_version var.
 # burpui_use_dev: True
 
 burpui_pip_burpui: "burp-ui"
-burpui_version: 1.0.0
+burpui_version: 1.1.1
 
 burpui_pip_packages:
   - { name: "{{ burpui_pip_burpui }}", version: "{{ burpui_version }}" }
@@ -108,6 +108,7 @@ burpui_ldap_searchattr: "uid"
 burpui_ldap_base: '"ou=users,dc=example,dc=com"'
 burpui_ldap_binddn: '"cn=admin,dc=example,dc=com"'
 burpui_ldap_bindpw: "Sup3rS3cr3tPa$$w0rd"
+burpui_ldap_filter: '"(&({0}={1})(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))"'
 
 #[BASIC:AUTH]
 burpui_basic_enabled: false
@@ -135,7 +136,7 @@ burpui_acl_legacy: 'false'
 burpui_basic_acl_enabled: false
 burpui_basic_acl_priority: 100
 burpui_basic_acl_admins: "user1,user2"
-burpui_basic_acl_users: false
+burpui_basic_acl_users: []
 # https://burp-ui.readthedocs.io/en/stable/advanced_usage.html#basic-acl
 # burpui_basic_acl_users:
 #  - '+moderator = user5,user6'
@@ -192,7 +193,7 @@ burpui_audit_rotate: '5'
 # https://git.ziirish.me/ziirish/burp-ui/-/blob/master/requirements.txt
 burpui_virtualenv: /venv_apps/bui
 burpui_virtualenv_bin: "{{ burpui_virtualenv}}/bin"
-burpui_virtualenv_python: python3
+burpui_virtualenv_command: python3 -m venv
 
 # There are links in virtualenv_bin to link to /usr/local/bin
 burpui_bin_links:
@@ -215,8 +216,9 @@ burpui_pip_present:
   - "ujson>=1.35"
   - "urllib3>=1.19" # required to avoid issues with get_url module
   # - "ndg-httpsclient>=0.4.2" # required to avoid issues with get_url module
-  - "pyasn1==0.4.8"
+  #- "pyasn1==0.4.8"
   #- "six>=1.10.0"  # try to fix error in dependencies with requests[security]
   - "requests[security]>=2.12"  # required to avoid issues with get_url module
+  #- "normalizer==0.2.1"
 
 ##### --------------------------- #####
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
diff --git a/molecule/local/converge.yml → molecule/local-dev/converge.yml b/molecule/local/converge.yml → molecule/local-dev/converge.yml
diff --git a/molecule/local/molecule.yml → molecule/local-dev/molecule.yml b/molecule/local/molecule.yml → molecule/local-dev/molecule.yml
diff --git a/molecule/default/verify.yml → molecule/local-dev/verify.yml b/molecule/default/verify.yml → molecule/local-dev/verify.yml
diff --git a/molecule/local-stable/molecule.yml b/molecule/local-stable/molecule.yml
@@ -9,21 +9,6 @@ driver:
   name: podman
 platforms:
 
-  - name: ansible_burpui_rocky9
-    image: "docker.io/geerlingguy/docker-rockylinux9-ansible:latest"
-    #privileged: True
-    command: "/lib/systemd/systemd"
-    pre_build_image: true
-    capabilities:
-      - SYS_ADMIN
-    tmpfs:
-      - /run
-      - /tmp
-    volumes:
-      - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
-    groups:
-      - group1
-
   - name: ansible_burpui_server-03
     image: "geerlingguy/docker-ubuntu2204-ansible:latest"
     #privileged: True

diff --git a/molecule/local/verify.yml b/molecule/local/verify.yml
diff --git a/molecule/rocky9/converge.yml b/molecule/rocky9/converge.yml
diff --git a/molecule/rocky9/molecule.yml b/molecule/rocky9/molecule.yml
diff --git a/molecule/rocky9/verify.yml b/molecule/rocky9/verify.yml
diff --git a/molecule/ubuntu-2204/converge.yml b/molecule/ubuntu-2204/converge.yml
diff --git a/molecule/ubuntu-2204/molecule.yml b/molecule/ubuntu-2204/molecule.yml
diff --git a/molecule/ubuntu-2204/verify.yml b/molecule/ubuntu-2204/verify.yml
diff --git a/tasks/gunicorn.yml b/tasks/gunicorn.yml
@@ -18,7 +18,7 @@
     name: gunicorn>=19.7.1
     state: present
     virtualenv: "{{ burpui_virtualenv }}"
-    virtualenv_python: "{{ burpui_virtualenv_python }}"
+    virtualenv_command: "{{ burpui_virtualenv_command }}"
 
 - name: check "{{ burpui_virtualenv }}/gunicorn/bin/gunicorn" stat
   stat: 

diff --git a/tasks/python3_pip.yml b/tasks/python3_pip.yml
@@ -1,40 +1,27 @@
 ---
 
-- name: pip3 | install virtualenv from pip3
-  pip:
-    name: "virtualenv>=20.16.6"
-    state: present
-    executable: "pip3"
-
 - name: pip3 | check only if burpui is installed
   pip:
     name: "{{ burpui_pip_burpui }}"
     state: present
     virtualenv: "{{ burpui_virtualenv }}"
-    virtualenv_python: "{{ burpui_virtualenv_python }}"
+    virtualenv_command: "{{ burpui_virtualenv_command }}"
   register: burpui_installed_check
   check_mode: yes
 
-- name: pip3 | update pip
-  pip:
-    name: 'pip>=20'
-    state: present
-    virtualenv: "{{ burpui_virtualenv }}"
-    virtualenv_python: "{{ burpui_virtualenv_python }}"
-
 - name: pip3 | install pip packages
   pip:
     name: '{{ burpui_pip_present }}'
     state: present
     virtualenv: "{{ burpui_virtualenv }}"
-    virtualenv_python: "{{ burpui_virtualenv_python }}"
+    virtualenv_command: "{{ burpui_virtualenv_command }}"
   when: not burpui_use_dev
 
 - name: pip3 | install pip dev packages from requirements_dev.txt
   pip:
     requirements: "{{ burpui_virtualenv }}/requirements_dev.txt"
     virtualenv: "{{ burpui_virtualenv }}"
-    virtualenv_python: "{{ burpui_virtualenv_python }}"
+    virtualenv_command: "{{ burpui_virtualenv_command }}"
   when: burpui_use_dev
 
 - name: pip3 | Install pip packages by version
@@ -43,7 +30,7 @@
     state: present
     version: "{{ item.version}}"
     virtualenv: "{{ burpui_virtualenv }}"
-    virtualenv_python: "{{ burpui_virtualenv_python }}"
+    virtualenv_command: "{{ burpui_virtualenv_command }}"
   with_items: "{{ burpui_pip_packages }}"
   register: bui_pip_install
   when: not burpui_use_dev
@@ -63,7 +50,7 @@
     name: "{{ burpui_pip_burpui_dev }}"
     state: present
     virtualenv: "{{ burpui_virtualenv }}"
-    virtualenv_python: "{{ burpui_virtualenv_python }}"
+    virtualenv_command: "{{ burpui_virtualenv_command }}"
   register: bui_pip_install
   when: burpui_use_dev
   notify: restart burpui services

diff --git a/tasks/requirements.yml b/tasks/requirements.yml
@@ -18,7 +18,7 @@
 
 - name: requirements | ensure install requirements for ansible pip
   package:
-    name: ['python3-setuptools']
+    name: ['python3-setuptools', 'python3-venv']
     state: present
 
 - name: requirements | ensure install burpui package requirements for python3

diff --git a/templates/burpui.cfg.j2 b/templates/burpui.cfg.j2
@@ -224,6 +224,7 @@ searchattr = {{ burpui_ldap_searchattr }}
 ##  - {1} will be replaced by the login name
 ##filter = (&({0}={1})(burpui=1))
 ##filter = (&({0}={1})(|(userAccountControl=512)(userAccountControl=66048)))
+filter = {{ burpui_ldap_filter }}
 ## LDAP base (quotes are mandatory)
 base = {{ burpui_ldap_base }}
 ## Binddn to list existing users (quotes are mandatory)