From ed6a8e77465c461f22949af5f8028db84d44e21c Mon Sep 17 00:00:00 2001 From: Martin Pitt Date: Fri, 13 Jun 2025 10:22:01 +0200 Subject: [PATCH 1/4] fix: Avoid setting ansible_managed variable Cause: The test used a temporary variable `ansible_managed`, but that is a "magic" string constant. Ansible 2.19 does not permit assigning to it any more. Consequence: Tests failed with Ansible 2.19. Fix: Rename the variable. --- tests/tasks/check_header.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/tasks/check_header.yml b/tests/tasks/check_header.yml index 607320f..00f5205 100644 --- a/tests/tasks/check_header.yml +++ b/tests/tasks/check_header.yml @@ -9,8 +9,8 @@ - name: Check for presence of ansible managed header, fingerprint assert: that: - - ansible_managed in content + - __ansible_managed in content - __fingerprint in content vars: - content: "{{ (__file_content | d(__content)).content | b64decode }}" - ansible_managed: "{{ lookup('template', 'get_ansible_managed.j2') }}" + content: "{{ __content.content | b64decode }}" + __ansible_managed: "{{ lookup('template', 'get_ansible_managed.j2') }}" From 263b2b88a10c505a074deacf250af540d208b4ed Mon Sep 17 00:00:00 2001 From: Martin Pitt Date: Thu, 12 Jun 2025 07:34:53 +0200 Subject: [PATCH 2/4] fix: Set __is_system_running in check mode Cause: `systemctl is-system-running` was not called in `--check` mode. Consequence: The "Determine if system is booted with systemd" step failed in check mode as the `__is_system_running` variable was not populated. Fix: Force calling `systemctl is-system-running` in check mode. It does not modify the system and the outcome is very influential for what the role does. --- tasks/set_vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/set_vars.yml b/tasks/set_vars.yml index 619b31e..1f30a59 100644 --- a/tasks/set_vars.yml +++ b/tasks/set_vars.yml @@ -25,6 +25,7 @@ command: systemctl is-system-running register: __is_system_running changed_when: false + check_mode: false failed_when: false - name: Require installed systemd From 06018f1590672217c4a147491ef7abbecb063b71 Mon Sep 17 00:00:00 2001 From: Martin Pitt Date: Thu, 12 Jun 2025 07:54:13 +0200 Subject: [PATCH 3/4] fix: Fix assertions to have a boolean type Cause: Ansible 2.19 requires explicit boolean types for assertions. Consequence: The test failed with Ansible 2.19 with "Conditional result was '62' of type 'int', which evaluates to True. Conditionals must have a boolean result." Fix: find() does not actually have a result which is compatible with boolean coercion, as 0 means "string found at the start", and "not found" results in -1 (which is `True`). We could compare the find() result explicitly, but let's instead use the `in` operator to make this more readable. Also rewrite these assertions to use Python string concatenation. This fixes > [WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: 'scope={{ tlog_scope_sssd }}' in __tlog_conf_content.stdout Likewise, `regex_search()` returns a string (possibly empty for non-matches) or `none`, so explicitly check the length to convert to a bool. --- tests/check_sssd_with_tlog.yml | 2 +- tests/run_sssd_tests.yml | 15 ++++++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/tests/check_sssd_with_tlog.yml b/tests/check_sssd_with_tlog.yml index 45f0198..2552cfe 100644 --- a/tests/check_sssd_with_tlog.yml +++ b/tests/check_sssd_with_tlog.yml @@ -18,7 +18,7 @@ - name: Check if with tlog authselect feature enabled and nsswitch set correctly assert: that: - - __nsswitch_contents | regex_search('^passwd:\\s+sss', multiline=True) + - __nsswitch_contents | regex_search('^passwd:\\s+sss', multiline=True) | length > 0 - '"with-tlog" in __tlog_authselect_current.stdout' when: '"with-tlog" in __tlog_authselect_features.stdout' vars: diff --git a/tests/run_sssd_tests.yml b/tests/run_sssd_tests.yml index 5be51d7..0622210 100644 --- a/tests/run_sssd_tests.yml +++ b/tests/run_sssd_tests.yml @@ -19,12 +19,17 @@ - name: Verify that contents of sssd conf are correct assert: that: - - __tlog_conf_content.stdout.find('scope={{ tlog_scope_sssd }}') + - ('scope=' + tlog_scope_sssd) in __tlog_conf_content.stdout # yamllint disable-line rule:line-length - - __tlog_conf_content.stdout.find('users={{ tlog_users_sssd | join(', ') }}') + - ('users=' + tlog_users_sssd_str) in __tlog_conf_content.stdout # yamllint disable-line rule:line-length - - __tlog_conf_content.stdout.find('groups={{ tlog_groups_sssd | join(', ') }}') + - ('groups=' + tlog_groups_sssd_str) in __tlog_conf_content.stdout # yamllint disable-line rule:line-length - - __tlog_conf_content.stdout.find('exclude_users={{ tlog_exclude_users_sssd | join(', ') }}') + - ('exclude_users=' + tlog_exclude_users_sssd_str) in __tlog_conf_content.stdout # yamllint disable-line rule:line-length - - __tlog_conf_content.stdout.find('exclude_groups={{ tlog_exclude_groups_sssd | join(', ') }}') + - ('exclude_groups=' + tlog_exclude_groups_sssd_str) in __tlog_conf_content.stdout + vars: + tlog_users_sssd_str: "{{ tlog_users_sssd | join(', ') }}" + tlog_groups_sssd_str: "{{ tlog_groups_sssd | join(', ') }}" + tlog_exclude_users_sssd_str: "{{ tlog_exclude_users_sssd | join(', ') }}" + tlog_exclude_groups_sssd_str: "{{ tlog_exclude_groups_sssd | join(', ') }}" From a4b8796f19617622973e3b5a4e70d9e82b9f7e26 Mon Sep 17 00:00:00 2001 From: Martin Pitt Date: Thu, 12 Jun 2025 21:48:45 +0200 Subject: [PATCH 4/4] tests: Fix tests_sssd.yml variable scoping Group the test cases in blocks which use the same definition of `tlog_scope_sssd` and other variables for both the role invocation and check_sssd_with_tlog.yml. Then the latter can actually check for the correct value. This was previously masked by the wrong `find()` result evaluation. --- tests/tests_sssd.yml | 48 +++++++++++++++++++++++--------------------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/tests/tests_sssd.yml b/tests/tests_sssd.yml index 68667ff..b2f445e 100644 --- a/tests/tests_sssd.yml +++ b/tests/tests_sssd.yml @@ -21,27 +21,24 @@ - name: Run sssd tests import_tasks: run_sssd_tests.yml - - name: Run role with tlog_scope_sssd all - import_role: - name: linux-system-roles.tlog + - name: Test role with tlog_scope_sssd all vars: tlog_scope_sssd: all + block: + - name: Run role + import_role: + name: linux-system-roles.tlog - - name: Check sssd authselect with tlog setup properly - import_tasks: check_sssd_with_tlog.yml + - name: Check sssd authselect with tlog setup properly + import_tasks: check_sssd_with_tlog.yml - - name: Run sssd tests - import_tasks: run_sssd_tests.yml + - name: Run sssd tests + import_tasks: run_sssd_tests.yml - - name: Check authselect files provider setup properly - import_tasks: check_sssd_files_provider.yml - - - name: Run sssd tests - import_tasks: run_sssd_tests.yml + - name: Check authselect files provider setup properly + import_tasks: check_sssd_files_provider.yml - - name: Run role with tlog_scope_sssd some - import_role: - name: linux-system-roles.tlog + - name: Test role with tlog_scope_sssd some vars: tlog_scope_sssd: some tlog_users_sssd: @@ -50,14 +47,15 @@ tlog_groups_sssd: - teachers - students + block: + - name: Run role + import_role: + name: linux-system-roles.tlog - - name: Run sssd tests - import_tasks: run_sssd_tests.yml + - name: Run sssd tests + import_tasks: run_sssd_tests.yml - - name: Run role with excluded users and groups - include_role: # instead of import - so we can use public: - name: linux-system-roles.tlog - public: true + - name: Test role with excluded users and groups vars: tlog_scope_sssd: all tlog_exclude_users_sssd: @@ -65,9 +63,13 @@ - james tlog_exclude_groups_sssd: - admins + block: + - name: Run role + import_role: + name: linux-system-roles.tlog - - name: Run sssd tests - import_tasks: run_sssd_tests.yml + - name: Run sssd tests + import_tasks: run_sssd_tests.yml - name: Check for ansible_managed, fingerprint in generated files include_tasks: tasks/check_header.yml