cisagov · mcdonnnj · Apr 6, 2024 · Apr 6, 2024 · Apr 10, 2024 · Apr 10, 2024
@@ -3,8 +3,9 @@
 [![GitHub Build Status](https://github.com/cisagov/ansible-role-cyhy-mailer/workflows/build/badge.svg)](https://github.com/cisagov/ansible-role-cyhy-mailer/actions)
 [![CodeQL](https://github.com/cisagov/ansible-role-cyhy-mailer/workflows/CodeQL/badge.svg)](https://github.com/cisagov/ansible-role-cyhy-mailer/actions/workflows/codeql-analysis.yml)
 
-An Ansible role for installing
-[cisagov/cyhy-mailer](https://github.com/cisagov/cyhy-mailer).
+An Ansible role for installing [Docker Compose](https://docs.docker.com/compose/)
+files to run [cisagov/cyhy-mailer](https://github.com/cisagov/cyhy-mailer) in the
+[CyHy environment](https://github.com/cisagov/cyhy_amis).
 
 ## Requirements ##
 
@@ -19,7 +20,7 @@ None.
 
 ## Dependencies ##
 
-None.
+- [cisagov/ansible-role-docker](https://github.com/cisagov/ansible-role-docker)
 
 ## Installation ##
 

@@ -0,0 +1,20 @@
+---
+version: '3.2'
+
+services:
+  mailer:
+    volumes:
+      - type: bind
+        source: "/var/cyhy/orchestrator/output/archive/latest/reporting/\
+        trustymail_reports"
+        target: /trustymail_reports
+      - type: bind
+        source: "/var/cyhy/orchestrator/output/archive/latest/reporting/\
+        pshtt_reports"
+        target: /pshtt_reports
+    command:
+      - bod1801
+      - --tmail-report-dir=/trustymail_reports/
+      - --https-report-dir=/pshtt_reports/
+      - --db-creds-file=/run/secrets/database_creds.yml
+      - "--summary-to=cisa-cyhy-mailer@gwe.cisa.dhs.gov"
@@ -0,0 +1,22 @@
+---
+version: '3.2'
+
+secrets:
+  csa_emails:
+    file: ./secrets/csa_emails.yml
+
+services:
+  mailer:
+    secrets:
+      - source: csa_emails
+        target: csa_emails.yml
+    volumes:
+      - type: bind
+        source: /var/cyhy/reports/output/notification_archive/latest
+        target: /cyhy_notifications
+    command:
+      - notification
+      - --cyhy-notification-dir=/cyhy_notifications/
+      - --db-creds-file=/run/secrets/database_creds.yml
+      - --csa-emails-file=/run/secrets/csa_emails.yml
+      - "--summary-to=cisa-cyhy-mailer@gwe.cisa.dhs.gov"
@@ -0,0 +1,27 @@
+---
+version: '3.2'
+
+secrets:
+  csa_emails:
+    file: ./secrets/csa_emails.yml
+
+services:
+  mailer:
+    secrets:
+      - source: csa_emails
+        target: csa_emails.yml
+    volumes:
+      - type: bind
+        source: /var/cyhy/reports/output/report_archive/latest
+        target: /cyhy_reports
+      - type: bind
+        source: /var/cyhy/reports/output/scorecards/latest
+        target: /cybex_scorecard
+    command:
+      - cyhy
+      - cybex
+      - --cyhy-report-dir=/cyhy_reports/
+      - --cybex-scorecard-dir=/cybex_scorecard/
+      - --db-creds-file=/run/secrets/database_creds.yml
+      - --csa-emails-file=/run/secrets/csa_emails.yml
+      - "--summary-to=cisa-cyhy-mailer@gwe.cisa.dhs.gov"
@@ -0,0 +1,26 @@
+---
+# The version for the main docker-compose configuration needs to be
+# the lowest version that supports the features used by all
+# docker-compose configurations in this project. This is to support
+# the use of a 'docker-compose.override.yml' file derived from one of
+# the other configurations as documented here:
+# https://docs.docker.com/compose/extends/#multiple-compose-files
+version: '3.2'
+
+secrets:
+  database_creds:
+    file: ./secrets/database_creds.yml
+  aws_config:
+    file: ./secrets/aws_config
+
+services:
+  mailer:
+    image: cisagov/cyhy-mailer:1.7.0
+    secrets:
+      - source: database_creds
+        target: database_creds.yml
+      - source: aws_config
+        target: aws_config
+    environment:
+      - AWS_CONFIG_FILE=/run/secrets/aws_config
+      - AWS_PROFILE=default
@@ -12,18 +12,27 @@
 ).get_hosts("all")
 
 
-@pytest.mark.parametrize(
-    "directory", [{"path": "/var/cyhy/cyhy-mailer", "mode": "0o755"}]
-)
-def test_packages(host, directory):
+@pytest.mark.parametrize("path,mode", [("/var/cyhy/cyhy-mailer", "0o755")])
+def test_directories(host, path, mode):
     """Test that the appropriate directories were created."""
-    assert host.file(directory["path"]).exists
-    assert host.file(directory["path"]).is_directory
-    assert oct(host.file(directory["path"]).mode) == directory["mode"]
+    directory = host.file(path)
+    assert directory.exists
+    assert directory.is_directory
+    assert oct(directory.mode) == mode
 
 
-@pytest.mark.parametrize("f", ["/var/cyhy/cyhy-mailer/docker-compose.yml"])
-def test_command(host, f):
-    """Test that appropriate files exist."""
-    assert host.file(f).exists
-    assert host.file(f).is_file
+@pytest.mark.parametrize(
+    "path,mode",
+    [
+        ("/var/cyhy/cyhy-mailer/docker-compose.bod.yml", "0o644"),
+        ("/var/cyhy/cyhy-mailer/docker-compose.cyhy-notification.yml", "0o644"),
+        ("/var/cyhy/cyhy-mailer/docker-compose.cyhy.yml", "0o644"),
+        ("/var/cyhy/cyhy-mailer/docker-compose.yml", "0o644"),
+    ],
+)
+def test_files(host, path, mode):
+    """Test that the appropriate files were created."""
+    file = host.file(path)
+    assert file.exists
+    assert file.is_file
+    assert oct(file.mode) == mode
@@ -7,12 +7,15 @@
     path: /var/cyhy/cyhy-mailer
     state: directory
 
-- name: Download and untar the cyhy-mailer tarball
-  ansible.builtin.unarchive:
+- name: Copy Docker Compose files to the /var/cyhy/cyhy-mailer directory
+  ansible.builtin.copy:
     dest: /var/cyhy/cyhy-mailer
-    extra_opts:
-      - "--strip-components=1"
     group: "{{ cyhy_mailer_file_owner_group | default(omit) }}"
+    mode: 0644
     owner: "{{ cyhy_mailer_file_owner_username | default(omit) }}"
-    remote_src: true
-    src: https://api.github.com/repos/cisagov/cyhy-mailer/tarball/develop
+    src: "{{ item }}"
+  loop:
+    - docker-compose.bod.yml
+    - docker-compose.cyhy-notification.yml
+    - docker-compose.cyhy.yml
+    - docker-compose.yml