From 3f59332d9995fc6a770a48f2c553ae8175b1f52a Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Thu, 12 Jun 2025 15:14:22 -0300
Subject: [PATCH 1/4] ansible-core 2.19: when clause don't automatically
 convert to bool

In ansible-core 2.19, when clauses (when, failed_when, etc) do not
convert values to bool automatically, also, templating with "|bool" does
not work too, so an actual value comparison is required.

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
---
 tests/cert/test_cert_host.yml    | 4 ++--
 tests/cert/test_cert_service.yml | 4 ++--
 tests/cert/test_cert_user.yml    | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/tests/cert/test_cert_host.yml b/tests/cert/test_cert_host.yml
index 31cd1a27..a40850eb 100644
--- a/tests/cert/test_cert_host.yml
+++ b/tests/cert/test_cert_host.yml
@@ -140,7 +140,7 @@
       certificate_out: "/root/cert_1.pem"
       state: requested
     register: result
-    failed_when: not result.changed or result.failed or result.certificate
+    failed_when: not result.changed or result.failed or result.certificate != {}
 
   - name: Check requested certificate file
     ansible.builtin.file:
@@ -155,7 +155,7 @@
       certificate_out: "/root/retrieved.pem"
       state: retrieved
     register: result
-    failed_when: result.changed or result.failed or result.certificate
+    failed_when: result.changed or result.failed or result.certificate != {}
 
   - name: Check retrieved certificate file
     ansible.builtin.file:
diff --git a/tests/cert/test_cert_service.yml b/tests/cert/test_cert_service.yml
index b931c07c..2089fc3d 100644
--- a/tests/cert/test_cert_service.yml
+++ b/tests/cert/test_cert_service.yml
@@ -153,7 +153,7 @@
       certificate_out: "/root/cert_1.pem"
       state: requested
     register: result
-    failed_when: not result.changed or result.failed or result.certificate
+    failed_when: not result.changed or result.failed or result.certificate != {}
 
   - name: Check requested certificate file
     ansible.builtin.file:
@@ -168,7 +168,7 @@
       certificate_out: "/root/retrieved.pem"
       state: retrieved
     register: result
-    failed_when: result.changed or result.failed or result.certificate
+    failed_when: result.changed or result.failed or result.certificate != {}
 
   - name: Check retrieved certificate file
     ansible.builtin.file:
diff --git a/tests/cert/test_cert_user.yml b/tests/cert/test_cert_user.yml
index b8f80ebc..4a85b459 100644
--- a/tests/cert/test_cert_user.yml
+++ b/tests/cert/test_cert_user.yml
@@ -140,7 +140,7 @@
       certificate_out: "/root/cert_1.pem"
       state: requested
     register: result
-    failed_when: not result.changed or result.failed or result.certificate
+    failed_when: not result.changed or result.failed or result.certificate != {}
 
   - name: Check requested certificate file
     ansible.builtin.file:
@@ -155,7 +155,7 @@
       certificate_out: "/root/retrieved.pem"
       state: retrieved
     register: result
-    failed_when: result.changed or result.failed or result.certificate
+    failed_when: result.changed or result.failed or result.certificate != {}
 
   - name: Check retrieved certificate file
     ansible.builtin.file:

From 5ae39ec9dedf23cfbd9ce46ef81231fc43cc09ea Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Thu, 12 Jun 2025 16:22:18 -0300
Subject: [PATCH 2/4] ansible-core 2.19: Templates and expressions must use
 trusted sources

In ansible-core, templates and expressions must use trusted sources,
such as playbooks or roles, and module results are considered untrusted
sources.

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
---
 tests/host/test_host_random.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/host/test_host_random.yml b/tests/host/test_host_random.yml
index b2a6a49e..0451f443 100644
--- a/tests/host/test_host_random.yml
+++ b/tests/host/test_host_random.yml
@@ -92,11 +92,11 @@
 
   - name: Print generated random password for "{{ host1_fqdn }}"
     ansible.builtin.debug:
-      var: ipahost.host["{{ host1_fqdn }}"].randompassword
+      var: ipahost.host[host1_fqdn].randompassword
 
   - name: Print generated random password for "{{ host2_fqdn }}"
     ansible.builtin.debug:
-      var: ipahost.host["{{ host2_fqdn }}"].randompassword
+      var: ipahost.host[host2_fqdn].randompassword
 
   - name: Enrolled host "{{ server_fqdn }}" fails to set random password with update_password always
     ipahost:

From 668830fc9449976c68106be88a5cb75d014fcaf9 Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Thu, 12 Jun 2025 17:10:08 -0300
Subject: [PATCH 3/4] ansible-core 2.19: 'upper' and 'lower' make lists into
 strings

As ansible-core 2.19 'upper' and 'lower' filters make lists into strings
and these strings are not interpreted as lists when running the plugins,
it is needed to use 'map(<filter>)' to apply the filter to all entries
of a list.

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
---
 tests/group/test_group_case_insensitive.yml    | 18 +++++++++---------
 ...st_hbacsvcgroup_member_case_insensitive.yml | 16 ++++++++--------
 .../test_hostgroup_case_insensitive.yml        | 10 +++++-----
 3 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/tests/group/test_group_case_insensitive.yml b/tests/group/test_group_case_insensitive.yml
index 098d77e6..22fcc0d4 100644
--- a/tests/group/test_group_case_insensitive.yml
+++ b/tests/group/test_group_case_insensitive.yml
@@ -49,8 +49,8 @@
             - { id: 2, value: "{{ user_names[0] | upper }}", expected: false }
             - { id: 3, value: "{{ user_names[0] }}", expected: false }
             - { id: 4, value: "{{ user_names }}", expected: true }
-            - { id: 5, value: "{{ user_names | upper }}", expected: false }
-            - { id: 6, value: "{{ user_names | lower }}", expected: false }
+            - { id: 5, value: "{{ user_names | map('upper') }}", expected: false }
+            - { id: 6, value: "{{ user_names | map('lower') }}", expected: false }
             - { id: 7, value: "{{ user_names[1] }}", expected: true }
             - { id: 8, value: "{{ user_names[1] | upper }}", expected: false }
             - { id: 9, value: "{{ user_names[1] | lower }}", expected: false }
@@ -64,7 +64,7 @@
             failed_when: output.changed != item.expected or output.failed
             loop: "{{ test_cases }}"
             loop_control:
-              label: "Test id: {{ item.id }}"
+              label: "Test id: {{ item.id }} - {{ item.value }}"
 
       - name: Test group presence with group parameter
         vars:
@@ -73,8 +73,8 @@
             - { id: 2, value: "{{ group_names[0] | upper }}", expected: false }
             - { id: 3, value: "{{ group_names[0] }}", expected: false }
             - { id: 4, value: "{{ group_names }}", expected: true }
-            - { id: 5, value: "{{ group_names | upper }}", expected: false }
-            - { id: 6, value: "{{ group_names | lower }}", expected: false }
+            - { id: 5, value: "{{ group_names | map('upper') }}", expected: false }
+            - { id: 6, value: "{{ group_names | map('lower') }}", expected: false }
             - { id: 7, value: "{{ group_names[1] }}", expected: true }
             - { id: 8, value: "{{ group_names[1] | upper }}", expected: false }
             - { id: 9, value: "{{ group_names[1] | lower }}", expected: false }
@@ -159,8 +159,8 @@
             - { id: 2, value: "{{ user_names[0] | upper }}", expected: false }
             - { id: 3, value: "{{ user_names[0] }}", expected: false }
             - { id: 4, value: "{{ user_names }}", expected: true }
-            - { id: 5, value: "{{ user_names | upper }}", expected: false }
-            - { id: 6, value: "{{ user_names | lower }}", expected: false }
+            - { id: 5, value: "{{ user_names | map('upper') }}", expected: false }
+            - { id: 6, value: "{{ user_names | map('lower') }}", expected: false }
             - { id: 7, value: "{{ user_names[1] }}", expected: true }
             - { id: 8, value: "{{ user_names[1] | upper }}", expected: false }
             - { id: 9, value: "{{ user_names[1] | lower }}", expected: false }
@@ -183,8 +183,8 @@
             - { id: 2, value: "{{ group_names[0] | upper }}", expected: false }
             - { id: 3, value: "{{ group_names[0] }}", expected: false }
             - { id: 4, value: "{{ group_names }}", expected: true }
-            - { id: 5, value: "{{ group_names | upper }}", expected: false }
-            - { id: 6, value: "{{ group_names | lower }}", expected: false }
+            - { id: 5, value: "{{ group_names | map('upper') }}", expected: false }
+            - { id: 6, value: "{{ group_names | map('lower') }}", expected: false }
             - { id: 7, value: "{{ group_names[1] }}", expected: true }
             - { id: 8, value: "{{ group_names[1] | upper }}", expected: false }
             - { id: 9, value: "{{ group_names[1] | lower }}", expected: false }
diff --git a/tests/hbacsvcgroup/test_hbacsvcgroup_member_case_insensitive.yml b/tests/hbacsvcgroup/test_hbacsvcgroup_member_case_insensitive.yml
index 6a62c830..b986e1e0 100644
--- a/tests/hbacsvcgroup/test_hbacsvcgroup_member_case_insensitive.yml
+++ b/tests/hbacsvcgroup/test_hbacsvcgroup_member_case_insensitive.yml
@@ -97,7 +97,7 @@
         ipahbacsvcgroup:
           ipaadmin_password: SomeADMINpassword
           name: testgroup
-          hbacsvc: "{{ hbacsvc_list | lower }}"
+          hbacsvc: "{{ hbacsvc_list | map('lower') }}"
         register: result
         failed_when: result.changed or result.failed
 
@@ -105,7 +105,7 @@
         ipahbacsvcgroup:
           ipaadmin_password: SomeADMINpassword
           name: testgroup
-          hbacsvc: "{{ hbacsvc_list | upper }}"
+          hbacsvc: "{{ hbacsvc_list | map('upper') }}"
         register: result
         failed_when: result.changed or result.failed
 
@@ -153,7 +153,7 @@
         ipahbacsvcgroup:
           ipaadmin_password: SomeADMINpassword
           name: testgroup
-          hbacsvc: "{{ hbacsvc_list | lower }}"
+          hbacsvc: "{{ hbacsvc_list | map('lower') }}"
           action: member
         register: result
         failed_when: result.changed or result.failed
@@ -162,7 +162,7 @@
         ipahbacsvcgroup:
           ipaadmin_password: SomeADMINpassword
           name: testgroup
-          hbacsvc: "{{ hbacsvc_list | upper }}"
+          hbacsvc: "{{ hbacsvc_list | map('upper') }}"
           action: member
         register: result
         failed_when: result.changed or result.failed
@@ -171,7 +171,7 @@
         ipahbacsvcgroup:
           ipaadmin_password: SomeADMINpassword
           name: testgroup
-          hbacsvc: "{{ hbacsvc_list | upper }}"
+          hbacsvc: "{{ hbacsvc_list | map('upper') }}"
           action: member
           state: absent
         check_mode: yes
@@ -182,7 +182,7 @@
         ipahbacsvcgroup:
           ipaadmin_password: SomeADMINpassword
           name: testgroup
-          hbacsvc: "{{ hbacsvc_list | upper }}"
+          hbacsvc: "{{ hbacsvc_list | map('upper') }}"
           action: member
           state: absent
         register: result
@@ -192,7 +192,7 @@
         ipahbacsvcgroup:
           ipaadmin_password: SomeADMINpassword
           name: testgroup
-          hbacsvc: "{{ hbacsvc_list | upper }}"
+          hbacsvc: "{{ hbacsvc_list | map('upper') }}"
           action: member
           state: absent
         check_mode: yes
@@ -213,7 +213,7 @@
         ipahbacsvcgroup:
           ipaadmin_password: SomeADMINpassword
           name: testgroup
-          hbacsvc: "{{ hbacsvc_list | lower }}"
+          hbacsvc: "{{ hbacsvc_list | map('lower') }}"
           action: member
           state: absent
         register: result
diff --git a/tests/hostgroup/test_hostgroup_case_insensitive.yml b/tests/hostgroup/test_hostgroup_case_insensitive.yml
index ca0b7bad..abe41804 100644
--- a/tests/hostgroup/test_hostgroup_case_insensitive.yml
+++ b/tests/hostgroup/test_hostgroup_case_insensitive.yml
@@ -81,8 +81,8 @@
       - name: Test hostgroup presence with multiple hosts and action hostgroup
         vars:
           test_cases:
-            - { id: 1, value: "{{ test_hosts | lower }}", expected: true }
-            - { id: 2, value: "{{ test_hosts | upper }}", expected: false }
+            - { id: 1, value: "{{ test_hosts | map('lower') }}", expected: true }
+            - { id: 2, value: "{{ test_hosts | map('upper') }}", expected: false }
             - { id: 3, value: "{{ test_hosts }}", expected: false }
             - { id: 4, value: "{{ test_hosts[1] }}", expected: true }
             - { id: 5, value: "{{ test_hosts[1] | lower }}", expected: false }
@@ -104,8 +104,8 @@
       - name: Test hostgroup with multiple hosts and action member
         vars:
           test_cases:
-            - { id: 1, value: "{{ test_hosts | lower }}", state: "absent", expected: true }
-            - { id: 2, value: "{{ test_hosts | upper }}", state: "absent", expected: false }
+            - { id: 1, value: "{{ test_hosts | map('lower') }}", state: "absent", expected: true }
+            - { id: 2, value: "{{ test_hosts | map('upper') }}", state: "absent", expected: false }
             - { id: 3, value: "{{ test_hosts }}", state: "present", expected: true }
             - { id: 4, value: "{{ test_hosts[1] }}", state: "absent", expected: true }
             - { id: 5, value: "{{ test_hosts[1] | lower }}", state: "absent", expected: false }
@@ -113,7 +113,7 @@
             - { id: 7, value: "{{ test_hosts[0] | lower }}", state: "present", expected: false }
             - { id: 8, value: "{{ test_hosts[0] }}", state: "present", expected: false }
             - { id: 9, value: "{{ test_hosts[0] | upper }}", state: "present", expected: false }
-            - { id: 10, value: "{{ test_hosts | upper }}", state: "present", expected: true }
+            - { id: 10, value: "{{ test_hosts | map('upper') }}", state: "present", expected: true }
             - { id: 11, value: "{{ test_hosts[1] }}", state: "present", expected: false }
             - { id: 12, value: "{{ test_hosts[0] | lower }}", state: "present", expected: false }
             - { id: 13, value: "{{ test_hosts[0] }}", state: "absent", expected: true }

From d1dfdc38c926f00153c3dc46e333788bf33a02b8 Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Thu, 12 Jun 2025 18:48:44 -0300
Subject: [PATCH 4/4] tests service: Fixes evaluation of 'Keytab = True'

In ansible-core 2.19 there's no automatic coercion from None or empty
strings to the boolean value "false", so we need to compare the result
of the filter 'regex_search' to 'None' and the empty string to evaluate
if any match occurred.

In fixing this issue, it was found that the tests were incorrectly
evaluating the results, and the comparisons were fixed.

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
---
 tests/service/test_service_disable.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/tests/service/test_service_disable.yml b/tests/service/test_service_disable.yml
index 3152280a..0bb924a5 100644
--- a/tests/service/test_service_disable.yml
+++ b/tests/service/test_service_disable.yml
@@ -48,7 +48,8 @@
   - name: Verify keytab
     ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
     register: result
-    failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
+    changed_when: false
+    failed_when: result.failed or (result.stdout | regex_search(" Keytab. [Tt]rue")) in [None, ""]
 
   - name: Ensure service is disabled
     ipaservice:
@@ -61,7 +62,8 @@
   - name: Verify keytab
     ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
     register: result
-    failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
+    changed_when: false
+    failed_when: result.failed or (result.stdout | regex_search(" Keytab. [Ff]alse")) in [None, ""]
 
   - name: Obtain keytab
     ansible.builtin.shell: ipa-getkeytab -s "{{ ansible_facts['fqdn'] }}" -p "mysvc1/{{ ansible_facts['fqdn'] }}" -k mysvc1.keytab
@@ -69,7 +71,8 @@
   - name: Verify keytab
     ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
     register: result
-    failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
+    changed_when: false
+    failed_when: result.failed or (result.stdout | regex_search(" Keytab. [Tt]rue")) in [None, ""]
 
   - name: Ensure service is disabled
     ipaservice:
@@ -82,7 +85,8 @@
   - name: Verify keytab
     ansible.builtin.shell: ipa service-find "mysvc1/{{ ansible_facts['fqdn'] }}"
     register: result
-    failed_when: result.failed or result.stdout | regex_search(" Keytab. true")
+    changed_when: false
+    failed_when: result.failed or (result.stdout | regex_search(" Keytab. [Ff]alse")) in [None, ""]
 
   - name: Ensure service is disabled, with no keytab.
     ipaservice: