From dc8438401fb2e9737d05b53a3095e5c7b3906f10 Mon Sep 17 00:00:00 2001
From: Werner Dijkerman <werner@dj-wasabi.nl>
Date: Tue, 16 Apr 2019 19:09:36 +0200
Subject: [PATCH] Added where possible the wazuh-manager role idempotent. Have
 to disable this because of issue #107

---
 molecule/default/molecule.yml                      | 14 ++++++++++++++
 roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml |  6 ++++--
 .../wazuh/ansible-wazuh-manager/tasks/RMDebian.yml |  2 ++
 .../wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml |  2 ++
 roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml |  2 ++
 roles/wazuh/ansible-wazuh-manager/tasks/main.yml   |  6 +++++-
 6 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index e18bd1f9..e8fa0c77 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -37,6 +37,20 @@ provisioner:
     enabled: true # fix in seperate PR
 scenario:
   name: default
+  test_sequence:
+    - lint
+    - dependency
+    - cleanup
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    # - idempotence
+    - side_effect
+    - verify
+    - cleanup
+    - destroy
 verifier:
   name: testinfra
   lint:
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
index 8123e4c9..e9be63db 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/Debian.yml
@@ -31,6 +31,7 @@
     repo: 'deb https://packages.wazuh.com/3.x/apt/ stable main'
     state: present
     update_cache: yes
+  changed_when: False
 
 - name: Debian/Ubuntu | Installing NodeJS repository key (Ubuntu 14)
   become: yes
@@ -55,6 +56,7 @@
     repo: "deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main"
     state: present
     update_cache: yes
+  changed_when: False
 
 - name: Debian/Ubuntu | Set Distribution CIS filename for Debian/Ubuntu
   set_fact:
@@ -101,7 +103,7 @@
   shell: "dpkg-query --showformat='${Version}' --show libopenscap8"
   when: wazuh_manager_config.openscap.disable == 'no'
   register: openscap_version
-  changed_when: true
+  changed_when: False
   tags:
     - config
 
@@ -109,6 +111,6 @@
   shell: "dpkg --compare-versions '{{ openscap_version.stdout }}' '>=' '1.2'; echo $?"
   when: wazuh_manager_config.openscap.disable == 'no'
   register: openscap_version_valid
-  changed_when: true
+  changed_when: False
   tags:
     - config
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml
index 1fb9b04d..c0f1f797 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/RMDebian.yml
@@ -3,8 +3,10 @@
   apt_repository:
     repo: deb https://packages.wazuh.com/apt {{ ansible_distribution_release }} main
     state: absent
+  changed_when: False
 
 - name: Debian/Ubuntu | Remove Nodejs repository.
   apt_repository:
     repo: deb https://deb.nodesource.com/node_6.x {{ ansible_distribution_release }} main
     state: absent
+  changed_when: False
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml
index 6349dc6a..2b30cf5c 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/RMRedHat.yml
@@ -3,8 +3,10 @@
   yum_repository:
     name: NodeJS
     state: absent
+  changed_when: False
 
 - name: RedHat/CentOS/Fedora | Remove Wazuh repository (and clean up left-over metadata)
   yum_repository:
     name: wazuh_repo
     state: absent
+  changed_when: False
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
index 93118e83..0bf5aca2 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/RedHat.yml
@@ -6,6 +6,7 @@
     baseurl: https://rpm.nodesource.com/pub_6.x/el/{{ ansible_distribution_major_version }}/x86_64
     gpgkey: https://rpm.nodesource.com/pub/el/NODESOURCE-GPG-SIGNING-KEY-EL
     gpgcheck: yes
+  changed_when: False
   when:
     - ansible_distribution_major_version|int > 5
 
@@ -42,6 +43,7 @@
     baseurl: https://packages.wazuh.com/3.x/yum/
     gpgkey: https://packages.wazuh.com/key/GPG-KEY-WAZUH
     gpgcheck: yes
+  changed_when: False
   when:
     - (ansible_distribution_major_version|int > 5) or (ansible_distribution == "Amazon" and ansible_distribution_major_version == "NA")
 
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
index 5ccc4057..02c2a440 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -329,12 +329,16 @@
     group: ossec
     mode: 0640
   no_log: true
+  register: wazuh_manager_cdb_lists
+  until: wazuh_manager_cdb_lists is succeeded
   notify:
     - rebuild cdb_lists
     - restart wazuh-manager
   with_items:
     - "{{ cdb_lists }}"
-  when: cdb_lists is defined
+  when:
+    - cdb_lists is defined
+    - cdb_lists is iterable
   tags:
     - config