2-scan.yml

---
- name: Set SSH tunel
  command: ssh -o StrictHostKeyChecking=no -f -N -L localhost:9390:scans.cloud.infn.it:9390 jenkins@scans.cloud.infn.it 

- name: Copy scan script
  copy: 
    src: files/scan.py
    dest: "{{ paas_ci_workdir + '/scan.py' }}"

- name: Copy utilities module
  copy: 
    src: files/scan_utilities.py
    dest: "{{ paas_ci_workdir + '/scan_utilities.py' }}"

- name: Copy gvm_library module
  copy: 
    src: files/scan_gvm_library.py
    dest: "{{ paas_ci_workdir + '/scan_gvm_library.py' }}"

- name: Adding execution permission to scan script
  file: 
    dest: "{{ paas_ci_workdir + '/scan.py' }}"
    mode: a+x 

############# DA TOGLIERE
- name: Load depdep log
  command: cat "{{ paas_ci_workdir + '/dep.json' }}"
  register: dep_json

- name: import depdep_log
  set_fact:
    imported_depdep_log: "{{ dep_json.stdout }}"

- name: Show depdep log
  debug:
    var: imported_depdep_log

- name: Show paas_ci_test.endpoints_to_scan log
  debug:
    var: paas_ci_test.endpoints_to_scan
################### FINO QUI

- name:  Run scan without endpoints_to_scan variable
  command: "{{ paas_ci_workdir + '/scan.py' }} --dep-json {{ paas_ci_workdir + '/dep.json'}} --output-dir {{ paas_ci_workdir }}" 
  register: scan_output
  when: paas_ci_test.endpoints_to_scan is undefined

- name:  Run scan with endpoints_to_scan variable
  command: "{{ paas_ci_workdir + '/scan.py' }} --endpoint-keys {{ paas_ci_test.endpoints_to_scan }} --dep-json {{ paas_ci_workdir + '/dep.json'}} --output-dir {{ paas_ci_workdir }}" 
  register: scan_output
  when: paas_ci_test.endpoints_to_scan is defined

- name: Show scan output
  debug:
    msg: "{{ scan_output }}"

- name: Find report files
  find:
    paths: "{{ paas_ci_workdir }}"
    patterns: '*-report.txt'
  register: report_files

- name: read summary report file
  shell: cat "{{ paas_ci_workdir + '/summary-report.json' }}"
  register: summary_report 

- name: import summary_report
  set_fact:
    summary_report_json: "{{ summary_report.stdout | from_json }}"

- name: Show reports
  debug:
    msg: "{{ lookup('file', item.path) }}"
  with_items: "{{ report_files.files }}"
  when: summary_report_json.global == 'NOK'

- name: Show scan log if vulnerability detected
  block:
  - name: Load log
    command: cat "{{ paas_ci_workdir + '/scan.log' }}"
    register: log
  - name: import log
    set_fact:
      imported_log: "{{ log.stdout }}"
  - name: Show log
    debug:
      var: imported_log
  when: summary_report_json.global == 'NOK'

- name: Show scan log if vulnerability detected
  block:
  - name: Load log
    command: cat "{{ paas_ci_workdir + '/scan.log' }}"
    register: imported_log
  - name: Show log
    debug:
      var: imported_log.stdout_lines
  when: summary_report_json.global == 'NOK'

- name: Detailed report summary
  debug:
    var: summary_report_json

- name: Report Summary
  assert:
    that:
      - summary_report_json.global == 'OK'
    fail_msg: "SCAN FAILED - deployment: {{ summary_report_json.deployment }}"
    success_msg: "SCAN PASSED - deployment: {{ summary_report_json.deployment }}"