Skip to content
Commits on Source (12)
Expand all Hide whitespace changes
Inline Side-by-side
.github/workflows/lint.yml
View file @ 48c0fd0a
...@@ -16,7 +16,7 @@ jobs: ...@@ -16,7 +16,7 @@ jobs:
python-version: "3.x" python-version: "3.x"
- name: Run ansible-lint - name: Run ansible-lint
run: | run: |
pip install "ansible-core >=2.15,<2.16" 'ansible-lint<6.21' pip install "ansible-core>=2.16,<2.17" 'ansible-lint>=6.21'
utils/build-galaxy-release.sh -ki utils/build-galaxy-release.sh -ki
cd .galaxy-build cd .galaxy-build
ansible-lint --profile production --exclude tests/integration/ --exclude tests/unit/ --parseable --nocolor ansible-lint --profile production --exclude tests/integration/ --exclude tests/unit/ --parseable --nocolor
...@@ -76,7 +76,7 @@ jobs: ...@@ -76,7 +76,7 @@ jobs:
python-version: "3.x" python-version: "3.x"
- name: Run pylint - name: Run pylint
run: | run: |
pip install pylint==2.17.2 pip install 'pylint>=3.0'
pylint plugins roles --disable=import-error pylint plugins roles --disable=import-error
shellcheck: shellcheck:
......
.pre-commit-config.yaml
View file @ 48c0fd0a
--- ---
repos: repos:
- repo: https://github.com/ansible/ansible-lint.git - repo: https://github.com/ansible/ansible-lint.git
rev: v6.17.2 rev: v6.22.0
hooks: hooks:
- id: ansible-lint - id: ansible-lint
always_run: false always_run: false
...@@ -34,7 +34,7 @@ repos: ...@@ -34,7 +34,7 @@ repos:
hooks: hooks:
- id: pydocstyle - id: pydocstyle
- repo: https://github.com/pycqa/pylint - repo: https://github.com/pycqa/pylint
rev: v2.17.2 rev: v3.0.2
hooks: hooks:
- id: pylint - id: pylint
args: args:
......
plugins/modules/ipaidoverridegroup.py
View file @ 48c0fd0a
...@@ -332,7 +332,7 @@ def main(): ...@@ -332,7 +332,7 @@ def main():
merge_dicts( merge_dicts(
{ {
"ipaanchoruuid": anchor, "ipaanchoruuid": anchor,
"continue": delete_continue "continue": delete_continue or False
}, },
runtime_args runtime_args
)] )]
......
plugins/modules/ipaidoverrideuser.py
View file @ 48c0fd0a
...@@ -572,7 +572,7 @@ def main(): ...@@ -572,7 +572,7 @@ def main():
merge_dicts( merge_dicts(
{ {
"ipaanchoruuid": anchor, "ipaanchoruuid": anchor,
"continue": delete_continue "continue": delete_continue or False
}, },
runtime_args runtime_args
)] )]
......
tests/azure/build-containers.yml
View file @ 48c0fd0a
...@@ -13,34 +13,49 @@ trigger: none ...@@ -13,34 +13,49 @@ trigger: none
pool: pool:
vmImage: 'ubuntu-20.04' vmImage: 'ubuntu-20.04'
jobs: stages:
- template: templates/build_container.yml - stage: CentOS_7
parameters: dependsOn: []
job_name_suffix: Centos7 jobs:
container_name: centos-7 - template: templates/build_container.yml
build_scenario_name: centos-7-build parameters:
job_name_suffix: Centos7
- template: templates/build_container.yml container_name: centos-7
parameters: build_scenario_name: centos-7-build
job_name_suffix: C8S
container_name: c8s - stage: CentOS_8_Stream
build_scenario_name: c8s-build dependsOn: []
jobs:
- template: templates/build_container.yml - template: templates/build_container.yml
parameters: parameters:
job_name_suffix: C9S job_name_suffix: C8S
container_name: c9s container_name: c8s
build_scenario_name: c9s-build build_scenario_name: c8s-build
- template: templates/build_container.yml - stage: CentOS_9_Stream
parameters: dependsOn: []
job_name_suffix: FedoraLatest jobs:
container_name: fedora-latest - template: templates/build_container.yml
build_scenario_name: fedora-latest-build parameters:
job_name_suffix: C9S
- template: templates/build_container.yml container_name: c9s
parameters: build_scenario_name: c9s-build
job_name_suffix: FedoraRawhide
container_name: fedora-rawhide - stage: Fedora_Latest
build_scenario_name: fedora-rawhide-build dependsOn: []
jobs:
- template: templates/build_container.yml
parameters:
job_name_suffix: FedoraLatest
container_name: fedora-latest
build_scenario_name: fedora-latest-build
- stage: Fedora_Rawhide
dependsOn: []
jobs:
- template: templates/build_container.yml
parameters:
job_name_suffix: FedoraRawhide
container_name: fedora-rawhide
build_scenario_name: fedora-rawhide-build
tests/host/test_host.yml
View file @ 48c0fd0a
...@@ -32,6 +32,26 @@ ...@@ -32,6 +32,26 @@
update_dns: yes update_dns: yes
state: absent state: absent
- name: Ensure leftover DNS records for test hosts are not present.
ipadnsrecord:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
zone_name: "{{ ipaserver_domain }}"
records:
- name: "host1"
del_all: true
- name: "host2"
del_all: true
- name: "host3"
del_all: true
- name: "host4"
del_all: true
- name: "host5"
del_all: true
- name: "host6"
del_all: true
state: absent
- name: Get IPv4 address prefix from server node - name: Get IPv4 address prefix from server node
ansible.builtin.set_fact: ansible.builtin.set_fact:
ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] | ipv4_prefix: "{{ ansible_facts['default_ipv4'].address.split('.')[:-1] |
......
tests/idoverridegroup/test_idoverridegroup.yml
View file @ 48c0fd0a
...@@ -18,16 +18,21 @@ ...@@ -18,16 +18,21 @@
# CLEANUP TEST ITEMS # CLEANUP TEST ITEMS
- name: Ensure test group test_group does not exist - name: Ensure test groups test_group1..3 do not exist
ipagroup: ipagroup:
name: test_group name:
- test_group1
- test_group2
- test_group3
state: absent state: absent
- name: Ensure test group test_group is absent in idview test_idview - name: Ensure test groups test_group1..3 are absent in idview test_idview
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor:
continue: true - test_group1
- test_group2
- test_group3
state: absent state: absent
- name: Ensure test idview test_idview does not exist - name: Ensure test idview test_idview does not exist
...@@ -37,9 +42,17 @@ ...@@ -37,9 +42,17 @@
# CREATE TEST ITEMS # CREATE TEST ITEMS
- name: Ensure test group test_group exists - name: Ensure test group test_group1 exists
ipagroup: ipagroup:
name: test_group name: test_group1
- name: Ensure test group test_group2 exists
ipagroup:
name: test_group2
- name: Ensure test group test_group3 exists
ipagroup:
name: test_group3
- name: Ensure test idview test_idview exists - name: Ensure test idview test_idview exists
ipaidview: ipaidview:
...@@ -47,118 +60,146 @@ ...@@ -47,118 +60,146 @@
# TESTS # TESTS
- name: Ensure test group test_group is present in idview test_idview - name: Ensure test group test_group1 is present in idview test_idview
ipaidoverridegroup:
idview: test_idview
anchor: test_group1
register: result
failed_when: not result.changed or result.failed
- name: Ensure test group test_group1 is present in idview test_idview, again
ipaidoverridegroup:
idview: test_idview
anchor: test_group1
register: result
failed_when: result.changed or result.failed
- name: Ensure test group test_group2 is present in idview test_idview
ipaidoverridegroup:
idview: test_idview
anchor: test_group2
register: result
failed_when: not result.changed or result.failed
- name: Ensure test group test_group2 is present in idview test_idview, again
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor: test_group2
register: result
failed_when: result.changed or result.failed
- name: Ensure test group test_group3 is present in idview test_idview
ipaidoverridegroup:
idview: test_idview
anchor: test_group3
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed or result.failed
- name: Ensure test group test_group is present in idview test_idview, again - name: Ensure test group test_group3 is present in idview test_idview, again
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor: test_group3
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed or result.failed
# description # description
- name: Ensure test group test_group is present in idview test_idview with description - name: Ensure test group test_group1 is present in idview test_idview with description
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor: test_group1
description: "test_group description" description: "test_group1 description"
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed or result.failed
- name: Ensure test group test_group is present in idview test_idview with description, again - name: Ensure test group test_group1 is present in idview test_idview with description, again
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor: test_group1
description: "test_group description" description: "test_group1 description"
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed or result.failed
- name: Ensure test group test_group is present in idview test_idview without description - name: Ensure test group test_group1 is present in idview test_idview without description
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor: test_group1
description: "" description: ""
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed or result.failed
- name: Ensure test group test_group is present in idview test_idview without description, again - name: Ensure test group test_group1 is present in idview test_idview without description, again
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor: test_group1
description: "" description: ""
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed or result.failed
# name # name
- name: Ensure test group test_group is present in idview test_idview with internal name test_123_group - name: Ensure test group test_group1 is present in idview test_idview with internal name test_123_group
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor: test_group1
name: test_123_group name: test_123_group
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed or result.failed
- name: Ensure test group test_group is present in idview test_idview with internal name test_123_group, again - name: Ensure test group test_group1 is present in idview test_idview with internal name test_123_group, again
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor: test_group1
name: test_123_group name: test_123_group
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed or result.failed
- name: Ensure test group test_group is present in idview test_idview without internal name - name: Ensure test group test_group1 is present in idview test_idview without internal name
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor: test_group1
name: "" name: ""
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed or result.failed
- name: Ensure test group test_group is present in idview test_idview without internal name, again - name: Ensure test group test_group1 is present in idview test_idview without internal name, again
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor: test_group1
name: "" name: ""
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed or result.failed
# gid # gid
- name: Ensure test group test_group is present in idview test_idview with gid 20001 - name: Ensure test group test_group1 is present in idview test_idview with gid 20001
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor: test_group1
gid: 20001 gid: 20001
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed or result.failed
- name: Ensure test group test_group is present in idview test_idview with gid 20001, again - name: Ensure test group test_group1 is present in idview test_idview with gid 20001, again
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor: test_group1
gid: 20001 gid: 20001
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed or result.failed
- name: Ensure test group test_group is present in idview test_idview without gid - name: Ensure test group test_group1 is present in idview test_idview without gid
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor: test_group1
gid: "" gid: ""
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed or result.failed
- name: Ensure test group test_group is present in idview test_idview without gid, again - name: Ensure test group test_group1 is present in idview test_idview without gid, again
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor: test_group1
gid: "" gid: ""
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed or result.failed
...@@ -167,36 +208,56 @@ ...@@ -167,36 +208,56 @@
# absent # absent
- name: Ensure test group test_group is absent in idview test_idview - name: Ensure test group test_group1 is absent in idview test_idview
ipaidoverridegroup:
idview: test_idview
anchor: test_group1
state: absent
register: result
failed_when: not result.changed or result.failed
- name: Ensure test group test_group1 is absent in idview test_idview, again
ipaidoverridegroup:
idview: test_idview
anchor: test_group1
state: absent
register: result
failed_when: result.changed or result.failed
- name: Ensure test groups test_group2,3 are absent in idview test_idview
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor:
continue: true - test_group2
- test_group3
state: absent state: absent
register: result register: result
failed_when: not result.changed or result.failed failed_when: not result.changed or result.failed
- name: Ensure test group test_group is absent in idview test_idview, again - name: Ensure test groups test_group2,3 are absent in idview test_idview, again
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor:
continue: true - test_group2
- test_group3
state: absent state: absent
register: result register: result
failed_when: result.changed or result.failed failed_when: result.changed or result.failed
# CLEANUP TEST ITEMS # CLEANUP TEST ITEMS
- name: Ensure test group test_group does not exist - name: Ensure test group test_group1 does not exist
ipagroup: ipagroup:
name: test_group name: test_group1
state: absent state: absent
- name: Ensure test group test_group is absent in idview test_idview - name: Ensure test groups test_group1..3 are absent in idview test_idview
ipaidoverridegroup: ipaidoverridegroup:
idview: test_idview idview: test_idview
anchor: test_group anchor:
continue: true - test_group1
- test_group2
- test_group3
state: absent state: absent
- name: Ensure test idview test_idview does not exist - name: Ensure test idview test_idview does not exist
......
tests/pwpolicy/test_pwpolicy.yml
View file @ 48c0fd0a
...@@ -176,21 +176,10 @@ ...@@ -176,21 +176,10 @@
minlength: "" minlength: ""
register: result register: result
failed_when: failed_when:
result.changed or
(result.failed and not (result.failed and not
("an internal error has occurred" in result.msg or ("an internal error has occurred" in result.msg or
"int() argument must be" in result.msg)) "int() argument must be" in result.msg))
when: ipa_version is version("4.9", ">=") or (not result.failed and not result.changed)
- name: Ensure minlength is not cleared due to FreeIPA issue
ipapwpolicy:
ipaadmin_password: SomeADMINpassword
ipaapi_context: "{{ ipa_context | default(omit) }}"
name: ops
minlength: ""
register: result
failed_when: not result.changed or result.failed
when: ipa_version is version("4.7", "<")
- name: Execute tests if ipa_version >= 4.9.0 - name: Execute tests if ipa_version >= 4.9.0
when: ipa_version is version("4.9", ">=") when: ipa_version is version("4.9", ">=")
......
utils/run-tests.sh
View file @ 48c0fd0a
...@@ -32,7 +32,7 @@ interrupt_exception() { ...@@ -32,7 +32,7 @@ interrupt_exception() {
usage() { usage() {
local prog="${0##*/}" local prog="${0##*/}"
cat <<EOF cat <<EOF
usage: ${prog} [-h] [-l] [-e] [-g] [-s TESTS_SUITE] [-i IMAGE] [TEST...] usage: ${prog} [-h] [-l] [-e] [-K] [-c CONTAINER] [-s TESTS_SUITE] [-x] [-A SEED.GRP] [-i IMAGE] [-m MEMORY] [-v...] [TEST...]
${prog} runs playbook(s) TEST using an ansible-freeipa testing image. ${prog} runs playbook(s) TEST using an ansible-freeipa testing image.
EOF EOF
...@@ -51,10 +51,13 @@ optional arguments: ...@@ -51,10 +51,13 @@ optional arguments:
-K keep container, even if tests succeed -K keep container, even if tests succeed
-l list available images -l list available images
-e force recreation of the virtual environment -e force recreation of the virtual environment
-i select image to run the tests (default: fedora-latest) -i IMAGE select image to run the tests (default: fedora-latest)
-m container memory, in GiB (default: 3) -m container memory, in GiB (default: 3)
-s TEST_SUITE run all playbooks for test suite, which is a directory -s TEST_SUITE run all playbooks for test suite, which is a directory
under ${WHITE}tests${RST} under ${WHITE}tests${RST}
-A SEED.GROUP Replicate Azure's test group and seed (seed is YYYYMMDD)
-v Increase Ansible verbosity (can be used multiple times)
-x Stop on first error.
EOF EOF
)" )"
} }
...@@ -179,15 +182,29 @@ IMAGE_TAG="fedora-latest" ...@@ -179,15 +182,29 @@ IMAGE_TAG="fedora-latest"
scenario="" scenario=""
MEMORY=3 MEMORY=3
hostname="ipaserver.test.local" hostname="ipaserver.test.local"
SEED=""
GROUP=0
SPLITS=0
ANSIBLE_COLLECTIONS=${ANSIBLE_COLLECTIONS:-"containers.podman"} ANSIBLE_COLLECTIONS=${ANSIBLE_COLLECTIONS:-"containers.podman"}
EXTRA_OPTIONS=""
# Process command options # Process command options
while getopts ":hc:ei:Klms:v" option while getopts ":hA:c:ei:Klms:vx" option
do do
case "$option" in case "$option" in
h) help && exit 0 ;; h) help && exit 0 ;;
A)
[ ${#ENABLED_MODULES[@]} -eq 0 ] || die -u "Can't use '-A' with '-s'"
SEED="$(cut -d. -f1 <<< "${OPTARG}" | tr -d "-")"
GROUP="$(cut -d. -f2 <<< "${OPTARG}")"
if [ -z "${SEED}" ] || [ -z "${GROUP}" ]
then
die -u "Seed for '-A' must have the format YYYYMMDD.N"
fi
SPLITS=3
;;
c) scenario="${OPTARG}" ;; c) scenario="${OPTARG}" ;;
e) FORCE_ENV="Y" ;; e) FORCE_ENV="Y" ;;
i) IMAGE_TAG="${OPTARG}" ;; i) IMAGE_TAG="${OPTARG}" ;;
...@@ -195,6 +212,7 @@ do ...@@ -195,6 +212,7 @@ do
l) list_images && exit 0 || exit 1;; l) list_images && exit 0 || exit 1;;
m) MEMORY="${OPTARG}" ;; m) MEMORY="${OPTARG}" ;;
s) s)
[ ${SPLITS} -ne 0 ] && die -u "Can't use '-A' with '-s'"
if [ -d "${TOPDIR}/tests/${OPTARG}" ] if [ -d "${TOPDIR}/tests/${OPTARG}" ]
then then
ENABLED_MODULES+=("${OPTARG}") ENABLED_MODULES+=("${OPTARG}")
...@@ -203,6 +221,7 @@ do ...@@ -203,6 +221,7 @@ do
fi fi
;; ;;
v) verbose=${verbose:--}${option} ;; v) verbose=${verbose:--}${option} ;;
x) EXTRA_OPTIONS="$EXTRA_OPTIONS --exitfirst" ;;
*) die -u "Invalid option: ${OPTARG}" ;; *) die -u "Invalid option: ${OPTARG}" ;;
esac esac
done done
...@@ -212,13 +231,14 @@ do ...@@ -212,13 +231,14 @@ do
# shellcheck disable=SC2207 # shellcheck disable=SC2207
if stat "$test" >/dev/null 2>&1 if stat "$test" >/dev/null 2>&1
then then
[ ${SPLITS} -ne 0 ] && die -u "Can't define tests and use '-A'"
ENABLED_TESTS+=($(basename "${test}" .yml)) ENABLED_TESTS+=($(basename "${test}" .yml))
else else
log error "Test not found: ${test}" log error "Test not found: ${test}"
fi fi
done done
[ ${#ENABLED_MODULES[@]} -eq 0 ] && [ ${#ENABLED_TESTS[@]} -eq 0 ] && die -u "No test defined." [ ${SPLITS} -eq 0 ] && [ ${#ENABLED_MODULES[@]} -eq 0 ] && [ ${#ENABLED_TESTS[@]} -eq 0 ] && die -u "No test defined."
# Prepare virtual environment # Prepare virtual environment
VENV=$(in_python_virtualenv && echo Y || echo N) VENV=$(in_python_virtualenv && echo Y || echo N)
...@@ -373,23 +393,31 @@ EOF ...@@ -373,23 +393,31 @@ EOF
# run tests # run tests
RESULT=0 RESULT=0
# shellcheck disable=SC2086
export RUN_TESTS_IN_DOCKER=${engine} export RUN_TESTS_IN_DOCKER=${engine}
export IPA_SERVER_HOST="${scenario}" export IPA_SERVER_HOST="${scenario}"
joined="$(printf "%s," "${ENABLED_MODULES[@]}")" if [ ${SPLITS} -ne 0 ]
# shelcheck disable=SC2178 then
IPA_ENABLED_MODULES="${joined%,}" EXTRA_OPTIONS="${EXTRA_OPTIONS} --splits=${SPLITS} --group=${GROUP} --randomly-seed=${SEED}"
joined="$(printf "%s," "${ENABLED_TESTS[@]}")" log info "Running tests for group ${GROUP} of ${SPLITS} with seed ${SEED}"
# shelcheck disable=SC2178 else
IPA_ENABLED_TESTS="${joined%,}" # shellcheck disable=SC2086
export IPA_ENABLED_MODULES IPA_ENABLED_TESTS joined="$(printf "%s," "${ENABLED_MODULES[@]}")"
[ -n "${IPA_ENABLED_MODULES}" ] && log info "Test suites: ${IPA_ENABLED_MODULES}" # shelcheck disable=SC2178
[ -n "${IPA_ENABLED_TESTS}" ] && log info "Individual tests: ${IPA_ENABLED_TESTS}" IPA_ENABLED_MODULES="${joined%,}"
joined="$(printf "%s," "${ENABLED_TESTS[@]}")"
# shelcheck disable=SC2178
IPA_ENABLED_TESTS="${joined%,}"
export IPA_ENABLED_MODULES IPA_ENABLED_TESTS
[ -n "${IPA_ENABLED_MODULES}" ] && log info "Test suites: ${IPA_ENABLED_MODULES}"
[ -n "${IPA_ENABLED_TESTS}" ] && log info "Individual tests: ${IPA_ENABLED_TESTS}"
fi
IPA_VERBOSITY="${verbose}" IPA_VERBOSITY="${verbose}"
[ -n "${IPA_VERBOSITY}" ] && export IPA_VERBOSITY [ -n "${IPA_VERBOSITY}" ] && export IPA_VERBOSITY
if ! pytest -m "playbook" --verbose --color=yes # shellcheck disable=SC2086
if ! pytest -m "playbook" --verbose --color=yes ${EXTRA_OPTIONS}
then then
RESULT=2 RESULT=2
log error "Container not stopped for verification: ${scenario}" log error "Container not stopped for verification: ${scenario}"
......