Desired Outcome

An issue was reported in the Conjur docs regarding the Ansible Collection, described below.
The changes in this PR are intended to explicitly test use of the conjur-host-identity module installed from Ansible Galaxy, both individually and as part of the Conjur Collection.

Issue Report Details

Environment:

Ansible 2.9.27
CentOS 8.4

Procedure:

1. Install the Conjur Ansible Collection:

   ansible-galaxy collection install cyberark.conju
   

2. Run the following playbook to set up a Conjur role:

   - hosts: servers
     roles:
       - role: cyberark.conjur.conjur-host-identity
         conjur_appliance_url: 'https://conjur.myorg.com',
         conjur_account: 'myorg',
         conjur_host_factory_token: "{{ lookup('env', 'HFTOKEN') }}",
         conjur_host_name: "{{ inventory_hostname }}"
         conjur_ssl_certificate: "{{ lookup('file', '/path/to/conjur.pem') }}"
         conjur_validate_certs: yes
   

   This results in the following error:

   ERROR! the role 'cyberark.conjur.conjur-host-identity' was not found in /huydd/ansible/ansible-conjur-testing/roles:/root/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:/huydd/ansible/ansible-conjur-testing
   

   The error was eventually resolved by using the individual Role instructions, meant for Ansible 2.8.

Issue Solution

The problem, in short:
Installing the Conjur Collection provides the role cyberark.conjur.conjur_host_identity, note the underscores (_)
Installing the standalone Role provides the role cyberark.conjur-host-identity, note the dashes (-)

From Ansible documentation on Role names:

Role names are limited to lowercase word characters (i.e., a-z, 0-9) and ‘’. No special characters are allowed, including ‘.’, ‘-‘, and space. During import, any ‘.’ and ‘-‘ characters contained in the repository name or role_name will be replaced with ‘’.

The error here is in the documentation:

...You can configure each Ansible node with a Conjur identity by including a section like the example below in your Ansible playbook:

- hosts: servers
 roles:
   - role: cyberark.conjur.conjur-host-identity
     conjur_appliance_url: 'https://conjur.myorg.com',
     conjur_account: 'myorg',
     conjur_host_factory_token: "{{ lookup('env', 'HFTOKEN') }}",
     conjur_host_name: "{{ inventory_hostname }}"
     conjur_ssl_certificate: "{{ lookup('file', '/path/to/conjur.pem') }}"
     conjur_validate_certs: yes

NOTE: Ansible 2.8 users who leverage the standalone role instead of the collection, should reference the role as: cyberark.conjur-host-identity instead.

The solution here should be to release a new version of the standalone Role, where the naming convention is corrected, using underscores. This would include updating the documentation to reference the Role by each method with underscores.

Implemented Changes

Updates to conjur-host-identity testing:

• ansible service in docker-compose no longer mounts the repo for use in tests.
  • Instead, the Dockerfile used to build this service installs both the Conjur Collection and the Role module.
• Updated test cases:
  • configure-conjur-identity-from-collection uses Collection-based Role
  • configure-conjur-identity-from-role uses individual Role

Connected Issue/Story

Resolves #72
Resolves #73
CyberArk internal issue link: ONYX-14387

Definition of Done

At least 1 todo must be completed in the sections below for the PR to be
merged.

Changelog

• The CHANGELOG has been updated, or
• This PR does not include user-facing changes and doesn't require a
  CHANGELOG update

Test coverage

• This PR includes new unit and integration tests to go with the code
  changes, or
• The changes in this PR do not require tests

Documentation

• Docs (e.g. READMEs) were updated in this PR
• A follow-up issue to update official docs has been filed here: insert issue ID
• This PR does not require updating any documentation

Behavior

• This PR changes product behavior and has been reviewed by a PO, or
• These changes are part of a larger initiative that will be reviewed later, or
• No behavior was changed with this PR

Security

• Security architect has reviewed the changes in this PR,
• These changes are part of a larger initiative with a separate security review, or
• There are no security aspects to these changes