From 6c94fe9bd59cc31f684b5b2744027e1071518e1a Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Tue, 5 Nov 2024 11:08:13 -0300
Subject: [PATCH] tests/sudorule: Don't become or gather_facts and use only
true/false
Unless there's a real need to use privileged access or to gather Ansible
facts upfront, we should always set "become: false" and
"gather_facts: false". In the case that only a few Ansible facts are
required, 'ansible.builtin.setup' with 'gather_subset' should be used.
As the YAML 1.2 standard dictates, boolean values should only use 'true'
or 'false' values.
This patch fixes these issues in the 'sudorule' test suite.
---
tests/sudorule/test_sudorule.yml | 8 ++++++--
tests/sudorule/test_sudorule_categories.yml | 19 ++++++++++++++-----
.../sudorule/test_sudorule_client_context.yml | 4 ++--
.../test_sudorule_member_case_insensitive.yml | 6 +++---
.../test_sudorule_single_hostnames.yml | 19 ++++++++++++-------
tests/sudorule/test_sudorules.yml | 2 +-
6 files changed, 38 insertions(+), 20 deletions(-)
diff --git a/tests/sudorule/test_sudorule.yml b/tests/sudorule/test_sudorule.yml
index 476fb1d8..25dd84cd 100644
--- a/tests/sudorule/test_sudorule.yml
+++ b/tests/sudorule/test_sudorule.yml
@@ -3,11 +3,15 @@
- name: Test sudorule
hosts: "{{ ipa_test_host | default('ipaserver') }}"
become: true
- gather_facts: true
+ gather_facts: false
tasks:
# setup
+ - name: Ensure DNS Ansible facts are available
+ ansible.builtin.setup:
+ gather_subset: dns
+
- name: Ensure test user is present
ipauser:
ipaadmin_password: SomeADMINpassword
@@ -1157,7 +1161,7 @@
hostmask: 192.168.120.0/24
action: member
register: result
- check_mode: yes
+ check_mode: true
failed_when: not result.changed or result.failed
- name: Ensure sudorule hostmask member is present
diff --git a/tests/sudorule/test_sudorule_categories.yml b/tests/sudorule/test_sudorule_categories.yml
index 95b94f12..91b9dca0 100644
--- a/tests/sudorule/test_sudorule_categories.yml
+++ b/tests/sudorule/test_sudorule_categories.yml
@@ -1,13 +1,22 @@
---
- name: Test sudorule user category
hosts: ipaserver
- become: yes
- gather_facts: yes
+ become: false
+ gather_facts: false
tasks:
- - name: Get Domain from the server name
- ansible.builtin.set_fact:
- ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
+ - name: Test sudorule single hostnames
+ block:
+ # setup test environment
+ - name: Ensure ipaserver_domain is set
+ when: ipaserver_domain is not defined
+ block:
+ - name: Retrieve host information
+ ansible.builtin.setup:
+ gather_subset: dns
+ - name: Get Domain from the server name
+ ansible.builtin.set_fact:
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
- name: Ensure sudorules are absent
ipasudorule:
diff --git a/tests/sudorule/test_sudorule_client_context.yml b/tests/sudorule/test_sudorule_client_context.yml
index 331f138b..faa111b9 100644
--- a/tests/sudorule/test_sudorule_client_context.yml
+++ b/tests/sudorule/test_sudorule_client_context.yml
@@ -1,8 +1,8 @@
---
- name: Test sudorule
hosts: ipaclients, ipaserver
- become: no
- gather_facts: no
+ become: false
+ gather_facts: false
tasks:
- name: Include FreeIPA facts.
diff --git a/tests/sudorule/test_sudorule_member_case_insensitive.yml b/tests/sudorule/test_sudorule_member_case_insensitive.yml
index cc212406..21ffe302 100644
--- a/tests/sudorule/test_sudorule_member_case_insensitive.yml
+++ b/tests/sudorule/test_sudorule_member_case_insensitive.yml
@@ -1,8 +1,8 @@
---
- name: Test sudorule members should be case insensitive.
hosts: "{{ ipa_test_host | default('ipaserver') }}"
- become: no
- gather_facts: no
+ become: false
+ gather_facts: false
vars:
groups_present:
@@ -37,7 +37,7 @@
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ item }}.{{ ipa_domain }}"
- force: yes
+ force: true
loop: "{{ groups_present }}"
- name: Ensure test users exist.
diff --git a/tests/sudorule/test_sudorule_single_hostnames.yml b/tests/sudorule/test_sudorule_single_hostnames.yml
index cc6a7819..728aab1c 100644
--- a/tests/sudorule/test_sudorule_single_hostnames.yml
+++ b/tests/sudorule/test_sudorule_single_hostnames.yml
@@ -1,17 +1,22 @@
---
- name: Test sudorule with single hostnames.
hosts: "{{ ipa_test_host | default('ipaserver') }}"
- become: no
- gather_facts: no
+ become: false
+ gather_facts: false
tasks:
- name: Test sudorule single hostnames
block:
# setup test environment
- - name: Get Domain from the server name
- ansible.builtin.set_fact:
- ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
+ - name: Ensure ipaserver_domain is set
when: ipaserver_domain is not defined
+ block:
+ - name: Retrieve host information
+ ansible.builtin.setup:
+ gather_subset: dns
+ - name: Get Domain from the server name
+ ansible.builtin.set_fact:
+ ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
- name: Ensure test sudo rule is absent
ipasudorule:
@@ -24,9 +29,9 @@
ipaadmin_password: SomeADMINpassword
hosts:
- name: "host01.{{ ipaserver_domain }}"
- force: yes
+ force: true
- name: "host02.{{ ipaserver_domain }}"
- force: yes
+ force: true
# start tests
- name: Ensure sudorule exist with host member using FQDN.
diff --git a/tests/sudorule/test_sudorules.yml b/tests/sudorule/test_sudorules.yml
index 74592689..0df3066c 100644
--- a/tests/sudorule/test_sudorules.yml
+++ b/tests/sudorule/test_sudorules.yml
@@ -2,7 +2,7 @@
- name: Test sudorule
hosts: "{{ ipa_test_host | default('ipaserver') }}"
become: false
- gather_facts: true # required for ansible_facts['fqdn']
+ gather_facts: false
module_defaults:
ipauser:
--
GitLab