internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #307 from seocam/molecule-tests

Browse Source 
Running upstream tests on Azure pipelines
This commit is contained in:
Thomas Woerner
2020-07-30 13:26:53 +02:00
committed by GitHub
parent 4e89da8536 627c644166
commit 3633ba5a3d
45 changed files with 494 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
azure-pipelines.yml
View File

@@ -1,22 +0,0 @@
trigger:
- master
pool:
vmImage: 'ubuntu-18.04'
steps:
- task: UsePythonVersion@0
inputs:
versionSpec: '3.6'
- script: python -m pip install --upgrade pip setuptools wheel
displayName: Install tools
- script: pip install pydocstyle flake8
displayName: Install dependencies
- script: flake8 .
displayName: Run flake8 checks
- script: pydocstyle .
displayName: Verify docstings

20
molecule/centos-7-build/molecule.yml Normal file
View File

@@ -0,0 +1,20 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: centos-7-build
image: centos/systemd
pre_build_image: true
hostname: ipaserver.test.local
dns_servers:
- 8.8.8.8
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
command: /usr/sbin/init
privileged: true
provisioner:
name: ansible
playbooks:
prepare: ../resources/playbooks/prepare-build.yml

20
molecule/centos-7/molecule.yml Normal file
View File

@@ -0,0 +1,20 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: centos-7
image: quay.io/ansible-freeipa/upstream-tests:centos-7
pre_build_image: true
hostname: ipaserver.test.local
dns_servers:
- 127.0.0.1
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
command: /usr/sbin/init
privileged: true
provisioner:
name: ansible
playbooks:
prepare: ../resources/playbooks/prepare.yml

20
molecule/centos-8-build/molecule.yml Normal file
View File

@@ -0,0 +1,20 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: centos-8-build
image: centos:8
pre_build_image: true
hostname: ipaserver.test.local
dns_servers:
- 8.8.8.8
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
command: /usr/sbin/init
privileged: true
provisioner:
name: ansible
playbooks:
prepare: ../resources/playbooks/prepare-build.yml

20
molecule/centos-8/molecule.yml Normal file
View File

@@ -0,0 +1,20 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: centos-8
image: quay.io/ansible-freeipa/upstream-tests:centos-8
pre_build_image: true
hostname: ipaserver.test.local
dns_servers:
- 127.0.0.1
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
command: /usr/sbin/init
privileged: true
provisioner:
name: ansible
playbooks:
prepare: ../resources/playbooks/prepare.yml

1
molecule/default Symbolic link
View File

@@ -0,0 +1 @@
/home/scampos/src/ansible-freeipa/molecule/centos-8

1
molecule/resources/playbooks/library Symbolic link
View File

@@ -0,0 +1 @@
/home/scampos/src/ansible-freeipa/plugins/modules/

1
molecule/resources/playbooks/module_utils Symbolic link
View File

@@ -0,0 +1 @@
/home/scampos/src/ansible-freeipa/plugins/module_utils/

54
molecule/resources/playbooks/prepare-build.yml Normal file
View File

@@ -0,0 +1,54 @@
---
- name: Converge
hosts: all
tasks:
- name: Ensure IPv6 is ENABLED
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
sysctl_set: yes
state: present
reload: yes
with_items :
- name: net.ipv6.conf.all.disable_ipv6
value: 0
- name: net.ipv6.conf.lo.disable_ipv6
value: 0
- name: net.ipv6.conf.eth0.disable_ipv6
value: 1
- name: stat protected_regular
stat:
path: /proc/sys/fs/protected_regular
register: result
- name: Ensure fs.protected_regular is disabled
sysctl:
name: fs.protected_regular
value: 0
sysctl_set: yes
state: present
reload: yes
when: result.stat.exists
- name: Ensure sudo package is installed
package:
name: sudo
- name: Ensure nss package is updated
package:
name: nss
state: latest
- include_role:
name: ipaserver
vars:
ipaserver_setup_dns: yes
ipaserver_setup_kra: yes
ipaserver_auto_forwarders: yes
ipaserver_no_dnssec_validation: yes
ipaserver_auto_reverse: yes
ipaadmin_password: SomeADMINpassword
ipadm_password: SomeDMpassword
ipaserver_domain: test.local
ipaserver_realm: TEST.LOCAL

18
molecule/resources/playbooks/prepare.yml Normal file
View File

@@ -0,0 +1,18 @@
---
- name: Converge
hosts: all
tasks:
- name: Ensure lock dirs for DS exists
file:
state: directory
owner: dirsrv
group: dirsrv
path: "{{ item }} "
loop:
- /var/lock/dirsrv/
- /var/lock/dirsrv/slapd-TEST-LOCAL/
- name: Ensure IPA server is up an running
service:
name: ipa
state: started

1
molecule/resources/playbooks/roles Symbolic link
View File

@@ -0,0 +1 @@
/home/scampos/src/ansible-freeipa/roles

1
pytest.ini
View File

@@ -1,2 +1,3 @@
[pytest]
python_files = test_*.py
junit_family = xunit1

47
tests/README.md
View File

@@ -29,7 +29,13 @@ environment variable. For example:
ANSIBLE_REMOTE_USER=root IPA_SERVER_HOST=<ipaserver_host_or_ip> pytest
```
To select which tests to run use the option `-k`. For example:
To run a single test use the full path with the following format:
```
IPA_SERVER_HOST=<ipaserver_host_or_ip> pytest tests/test_playbook_runs.py::sudorule::test_sudorule
```
To select which tests to run based on search use the option `-k`. For example:
```
IPA_SERVER_HOST=<ipaserver_host_or_ip> pytest -k dnszone
@@ -50,6 +56,45 @@ IPA_SERVER_HOST=<ipaserver_host_or_ip> pytest -rs
For a complete list of options check `pytest --help`.
## Running tests in a docker container
It's also possible to run the tests in a container.
### Creating a container to run the tests
Before setting up a container you will need to install molecule framework:
```
pip install molecule[docker]>=3
```
Now you can start a test container using the following command:
```
molecule create -s centos-8
```
Note: Currently the containers available for running the tests are:
* centos-7
* centos-8
### Running the tests inside the container
To run the tests you will use pytest (works the same as for VMs).
```
RUN_TESTS_IN_DOCKER=1 IPA_SERVER_HOST=centos-8 pytest
```
### Cleaning up after tests
After running the tests you should probably destroy the test container using:
```
molecule destroy -s centos-8
```
See [Running the tests](#running-the-tests) section for more information on available options.
## Upcoming/desired improvements:
* A script to pre-config the complete test environment using virsh.

56
tests/azure/azure-pipelines.yml Normal file
View File

@@ -0,0 +1,56 @@
# Using Ansible 2.10.0a1 under Azure there might happen that the output of a
# task is changed if a module uses no_log = True for an attribute.
#
# For example, if the output of the module should contain "changed: True", and
# an attribute with no_log set contains the value `hang` it might happen that
# the output is modified to "c******ed: True", and if this output is further
# processed (registering the result and comparing the value of `changed`),
# the test might fail, but not because of module code, but because of unexpected
# output processing.
#
# This behavior was, currently, only reproduced with Ansible 2.10.0a1 running
# under Azure.
---
trigger:
- master
pool:
vmImage: 'ubuntu-18.04'
jobs:
- job: RunLinters
displayName: Run Linters
steps:
- task: UsePythonVersion@0
inputs:
versionSpec: '3.6'
- script: python -m pip install --upgrade pip setuptools wheel
displayName: Install tools
- script: pip install pydocstyle flake8
displayName: Install dependencies
- script: flake8 .
displayName: Run flake8 checks
- script: pydocstyle .
displayName: Verify docstings
- template: templates/playbook_tests.yml
parameters:
group_number: 1
number_of_groups: 3
build_number: $(Build.BuildNumber)
- template: templates/playbook_tests.yml
parameters:
group_number: 2
number_of_groups: 3
build_number: $(Build.BuildNumber)
- template: templates/playbook_tests.yml
parameters:
group_number: 3
number_of_groups: 3
build_number: $(Build.BuildNumber)

61
tests/azure/templates/playbook_tests.yml Normal file
View File

@@ -0,0 +1,61 @@
parameters:
- name: group_number
type: number
default: 1
- name: number_of_groups
type: number
default: 1
- name: scenario
type: string
default: centos-8
- name: ansible_version
type: string
default: ">=2.9,<2.10"
- name: python_version
type: string
default: 3.6
- name: build_number
jobs:
- job: RunTests${{ parameters.group_number }}
displayName: Run tests ${{ parameters.group_number }}/${{ parameters.number_of_groups }}
steps:
- task: UsePythonVersion@0
inputs:
versionSpec: '${{ parameters.python_version }}'
- script: |
pip install \
"molecule[docker]>=3" \
"ansible${{ parameters.ansible_version }}" \
pytest \
pytest-split-tests
displayName: Install dependencies
- script: |
mkdir -p ~/.ansible/roles ~/.ansible/library ~/.ansible/module_utils
cp -a roles/* ~/.ansible/roles
cp -a plugins/modules/* ~/.ansible/library
cp -a plugins/module_utils/* ~/.ansible/module_utils
molecule create -s ${{ parameters.scenario }}
displayName: Setup test container
- script: |
pytest \
--verbose \
--color=yes \
--test-group-count=${{ parameters.number_of_groups }} \
--test-group=${{ parameters.group_number }} \
--test-group-random-seed=97943259814 \
--junit-xml=TEST-results-group-${{ parameters.group_number }}.xml
displayName: Run playbook tests
env:
IPA_SERVER_HOST: ${{ parameters.scenario }}
RUN_TESTS_IN_DOCKER: true
- task: PublishTestResults@2
inputs:
mergeTestResults: true
testRunTitle: PlaybookTests-Build${{ parameters.build_number }}
condition: succeededOrFailed()

2
tests/ca-less/clean_up_certificates.yml
View File

@@ -12,4 +12,4 @@
chdir: "{{ playbook_dir }}"
with_items:
- "{{ groups.ipaserver[0] }}"
- "{{ groups.ipareplicas[0] }}"
- "{{ groups.ipareplicas[0] }}"

4
tests/dnsrecord/env_cleanup.yml
View File

@@ -129,7 +129,7 @@
- "{{ zone_prefix_reverse_24 }}"
- "{{ zone_prefix_reverse_16 }}"
- "{{ zone_prefix_reverse_8 }}"
- "{{ zone_ipv6_reverse }}"
- "{{ zone_ipv6_reverse_workaround }}"
- "{{ testzone }}"
- ip6.arpa.
- d.f.ip6.arpa.
- "{{ safezone }}"

3
tests/dnsrecord/env_setup.yml
View File

@@ -18,8 +18,9 @@
- "{{ zone_prefix_reverse_24 }}"
- "{{ zone_prefix_reverse_16 }}"
- "{{ zone_prefix_reverse_8 }}"
- "{{ zone_ipv6_reverse_workaround }}"
- "{{ testzone }}"
- ip6.arpa.
- "{{ zone_ipv6_reverse }}"
- name: Ensure DNSSEC zone '"{{ safezone }}"' is present.
ipadnszone:

7
tests/dnsrecord/env_vars.yml
View File

@@ -2,8 +2,11 @@
# Set common vars and facts for test.
- name: Set IPv4 address prefix.
set_fact:
ipv4_prefix: '192.168.122'
ipv4_reverse_sufix: '122.168.192'
ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
join('.') }}"
ipv4_reverse_sufix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
reverse |
join('.') }}"
- name: Set zone prefixes.
set_fact:

1
tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml
View File

@@ -12,7 +12,6 @@
- name: Create CA, get /root/ipa.csr signed by your CA, ..
hosts: localhost
gather_facts: false
tasks:
- name: Run external-ca.sh

1
tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml
View File

@@ -18,7 +18,6 @@
- name: Get /root/ipa.csr, create CA, sign with our CA and copy to node
hosts: localhost
gather_facts: false
tasks:
- name: Run external-ca.sh

2
tests/hbacrule/test_hbacrule.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
# CLEANUP TEST ITEMS

3
tests/host/certificate/test_host_certificate.yml
View File

@@ -21,12 +21,11 @@
- name: Test host certificates
hosts: ipaserver
become: true
gather_facts: false
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Host test absent

3
tests/host/certificate/test_hosts_certificate.yml
View File

@@ -21,12 +21,11 @@
- name: Test host certificates
hosts: ipaserver
become: true
gather_facts: false
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Host test absent

2
tests/host/test_host.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host6_fqdn

4
tests/host/test_host_allow_create_keytab.yml
View File

@@ -6,12 +6,12 @@
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Get Realm from server name
set_fact:
ipaserver_realm: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') | upper }}"
ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}"
when: ipaserver_realm is not defined
- name: Set host1_fqdn .. host3_fqdn

4
tests/host/test_host_allow_retrieve_keytab.yml
View File

@@ -6,12 +6,12 @@
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Get Realm from server name
set_fact:
ipaserver_realm: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') | upper }}"
ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}"
when: ipaserver_realm is not defined
- name: Set host1_fqdn .. host3_fqdn

2
tests/host/test_host_bool_params.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host6_fqdn

2
tests/host/test_host_ipaddresses.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host6_fqdn

18
tests/host/test_host_managedby_host.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host2_fqdn
@@ -55,39 +55,39 @@
register: result
failed_when: result.changed
- name: Host "{{ host1_fqdn }}" managed by "{{ groups.ipaserver[0] }}"
- name: Host "{{ host1_fqdn }}" managed by "{{ ansible_fqdn }}"
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
managedby_host: "{{ groups.ipaserver[0] }}"
managedby_host: "{{ ansible_fqdn }}"
action: member
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" managed by "{{ groups.ipaserver[0] }}" again
- name: Host "{{ host1_fqdn }}" managed by "{{ ansible_fqdn }}" again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
managedby_host: "{{ groups.ipaserver[0] }}"
managedby_host: "{{ ansible_fqdn }}"
action: member
register: result
failed_when: result.changed
- name: Host "{{ host1_fqdn }}" not managed by "{{ groups.ipaserver[0] }}"
- name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_fqdn }}"
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
managedby_host: "{{ groups.ipaserver[0] }}"
managedby_host: "{{ ansible_fqdn }}"
action: member
state: absent
register: result
failed_when: not result.changed
- name: Host "{{ host1_fqdn }}" not managed by "{{ groups.ipaserver[0] }}" again
- name: Host "{{ host1_fqdn }}" not managed by "{{ ansible_fqdn }}" again
ipahost:
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
managedby_host: "{{ groups.ipaserver[0] }}"
managedby_host: "{{ ansible_fqdn }}"
action: member
state: absent
register: result

1
tests/host/test_host_no_zone.yml
View File

@@ -6,6 +6,7 @@
tasks:
- name: Ensure host with inexistent zone is absent.
ipahost:
ipaadmin_password: SomeADMINpassword
name: host01.absentzone.test
state: absent
register: result

4
tests/host/test_host_principal.yml
View File

@@ -6,12 +6,12 @@
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Get Realm from server name
set_fact:
ipaserver_realm: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') | upper }}"
ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}"
when: ipaserver_realm is not defined
- name: Set host1_fqdn

8
tests/host/test_host_random.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn and host2_fqdn
@@ -77,11 +77,11 @@
debug:
var: ipahost.host["{{host2_fqdn }}"].randompassword
- name: Enrolled host "{{ groups.ipaserver[0] }}" fails to set random password with update_password always
- name: Enrolled host "{{ ansible_fqdn }}" fails to set random password with update_password always
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ groups.ipaserver[0] }}"
- name: "{{ ansible_fqdn }}"
random: yes
update_password: always
register: ipahost
@@ -89,7 +89,7 @@
- assert:
that:
- ipahost.host["{{ groups.ipaserver[0] }}"].randompassword is
- ipahost.host["{{ ansible_fqdn }}"].randompassword is
not defined
- "'Password cannot be set on enrolled host' in ipahost.msg"

44
tests/host/test_host_reverse.yml
View File

@@ -2,12 +2,11 @@
- name: Test host
hosts: ipaserver
become: true
gather_facts: true
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn
@@ -26,15 +25,29 @@
set_fact:
ipv4_prefix: "{{ ansible_default_ipv4.address.split('.')[:-1] |
join('.') }}"
reverse_zone: "{{ ansible_default_ipv4.address.split('.')[2::-1] |
join('.') }}"
- name: Set zone prefixes.
set_fact:
zone_ipv6_reverse: "ip6.arpa."
zone_ipv6_reverse_workaround: "d.f.ip6.arpa."
zone_prefix_reverse: "in-addr.arpa"
zone_prefix_reverse_8: "{{ ipv4_prefix.split('.')[2::-1] | join ('.') }}.in-addr.arpa"
zone_prefix_reverse_16: "{{ ipv4_prefix.split('.')[1::-1] | join ('.') }}.in-addr.arpa"
zone_prefix_reverse_24: "{{ ipv4_prefix.split('.')[::-1] | join ('.') }}.in-addr.arpa"
- name: Set zone for reverse address.
command: ipa dnszone-add "{{ item }}" --skip-nameserver-check --skip-overlap-check
ipadnszone:
ipaadmin_password: SomeADMINpassword
name: "{{ item }}"
skip_nameserver_check: yes
skip_overlap_check: yes
with_items:
- "{{ reverse_zone + '.in-addr.arpa.' }}"
- 'ip6.arpa.'
ignore_errors: yes
- "{{ zone_ipv6_reverse }}"
- "{{ zone_ipv6_reverse_workaround }}"
- "{{ zone_prefix_reverse }}"
- "{{ zone_prefix_reverse_8 }}"
- "{{ zone_prefix_reverse_16 }}"
- "{{ zone_prefix_reverse_24 }}"
- name: Host "{{ host1_fqdn }}" present
ipahost:
@@ -96,8 +109,15 @@
register: result
failed_when: not result.changed
- name: Set zone for reverse address.
command: ipa dnszone-del "{{ item }}"
- name: Delete zone for reverse address.
ipadnszone:
ipaadmin_password: SomeADMINpassword
name: "{{ item }}"
state: absent
with_items:
- "{{ reverse_zone + '.in-addr.arpa.' }}"
- 'ip6.arpa.'
- "{{ zone_ipv6_reverse }}"
- "{{ zone_ipv6_reverse_workaround }}"
- "{{ zone_prefix_reverse }}"
- "{{ zone_prefix_reverse_8 }}"
- "{{ zone_prefix_reverse_16 }}"
- "{{ zone_prefix_reverse_24 }}"

3
tests/host/test_hosts.yml
View File

@@ -2,12 +2,11 @@
- name: Test hosts
hosts: ipaserver
become: true
gather_facts: false
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host6_fqdn

2
tests/host/test_hosts_managedby_host.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1_fqdn .. host5_fqdn

4
tests/host/test_hosts_principal.yml
View File

@@ -6,12 +6,12 @@
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Get Realm from server name
set_fact:
ipaserver_realm: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') | upper }}"
ipaserver_realm: "{{ ansible_fqdn.split('.')[1:] | join ('.') | upper }}"
when: ipaserver_realm is not defined
- name: Set host1_fqdn .. host2_fqdn

4
tests/hostgroup/test_hostgroup.yml
View File

@@ -2,12 +2,12 @@
- name: Test hostgroup
hosts: ipaserver
become: true
gather_facts: false
gather_facts: true
tasks:
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Ensure host-group databases, mysql-server and oracle-server are absent

2
tests/service/certificate/test_service_certificate.yml
View File

@@ -29,7 +29,7 @@
# setup
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Get IPv4 address prefix from server node

15
tests/service/test_service.yml
View File

@@ -19,7 +19,7 @@
# setup
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1, host2 and svc hosts fqdn
@@ -51,13 +51,16 @@
ipaadmin_password: SomeADMINpassword
hosts:
- name: "{{ host1_fqdn }}"
ip_address: "{{ ipv4_prefix + '.101' }}"
force: yes
- name: "{{ host2_fqdn }}"
ip_address: "{{ ipv4_prefix + '.102' }}"
force: yes
- name: "{{ svc_fqdn }}"
ip_address: "{{ ipv4_prefix + '.201' }}"
- name: svc.ihavenodns.info
force: yes
update_dns: yes
- name: Ensure testing user user01 is present.
ipauser:
@@ -408,7 +411,7 @@
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- host02.exampl "{{ groups.ipaserver[0] }}"e.com
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02
@@ -543,7 +546,7 @@
- name: Ensure SMB service is present.
ipaservice:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
smb: yes
netbiosname: SAMBASVC
@@ -552,7 +555,7 @@
- name: Ensure SMB service is again.
ipaservice:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "{{ host1_fqdn }}"
smb: yes
netbiosname: SAMBASVC
@@ -561,7 +564,7 @@
- name: Ensure SMB service is absent.
ipaservice:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "cifs/{{ host1_fqdn }}"
state: absent
register: result
@@ -569,7 +572,7 @@
- name: Ensure SMB service is absent, again.
ipaservice:
ipaadmin_password: MyPassword123
ipaadmin_password: SomeADMINpassword
name: "cifs/{{ host1_fqdn }}"
state: absent
register: result

4
tests/service/test_service_without_skip_host_check.yml
View File

@@ -7,7 +7,7 @@
# setup
- name: Get Domain from server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
when: ipaserver_domain is not defined
- name: Set host1, host2 and svc hosts fqdn
@@ -358,7 +358,7 @@
- group02
allow_retrieve_keytab_host:
- "{{ host1_fqdn }}"
- host02.exampl "{{ groups.ipaserver[0] }}"e.com
- "{{ host2_fqdn }}"
allow_retrieve_keytab_hostgroup:
- hostgroup01
- hostgroup02

13
tests/sudorule/test_sudorule.yml
View File

@@ -3,7 +3,7 @@
- name: Test sudorule
hosts: ipaserver
become: true
gather_facts: false
gather_facts: true
tasks:
@@ -43,8 +43,7 @@
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: cluster
host:
- "{{ groups.ipaserver[0] }}"
host: "{{ ansible_fqdn }}"
- name: Ensure some sudocmds are available
ipasudocmd:
@@ -501,20 +500,20 @@
register: result
failed_when: result.changed
- name: Ensure host "{{ groups.ipaserver[0] }}" is present in sudorule.
- name: Ensure host "{{ ansible_fqdn }}" is present in sudorule.
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule1
host: "{{ groups.ipaserver[0] }}"
host: "{{ ansible_fqdn }}"
action: member
register: result
failed_when: not result.changed
- name: Ensure host "{{ groups.ipaserver[0] }}" is present in sudorule, again.
- name: Ensure host "{{ ansible_fqdn }}" is present in sudorule, again.
ipasudorule:
ipaadmin_password: SomeADMINpassword
name: testrule1
host: "{{ groups.ipaserver[0] }}"
host: "{{ ansible_fqdn }}"
action: member
register: result
failed_when: result.changed

2
tests/sudorule/test_sudorule_categories.yml
View File

@@ -7,7 +7,7 @@
tasks:
- name: Get Domain from the server name
set_fact:
ipaserver_domain: "{{ groups.ipaserver[0].split('.')[1:] | join ('.') }}"
ipaserver_domain: "{{ ansible_fqdn.split('.')[1:] | join ('.') }}"
- name: Ensure sudorules are absent
ipasudorule:

86
tests/test_playbook_runs.py
View File

@@ -4,7 +4,7 @@ import os
import functools
import tempfile
from subprocess import Popen
import subprocess
from unittest import TestCase
@@ -13,12 +13,53 @@ import pytest
SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
def is_docker_env():
if os.getenv("RUN_TESTS_IN_DOCKER", "0") == "0":
return False
return True
def get_server_host():
return os.getenv("IPA_SERVER_HOST")
def get_molecule_scenario():
return get_server_host()
def get_inventory_content():
ipa_server_host = os.getenv("IPA_SERVER_HOST")
return "[ipaserver]\n{}".format(ipa_server_host).encode("utf8")
ipa_server_host = get_server_host()
if is_docker_env():
ipa_server_host += " ansible_connection=docker"
lines = [
"[ipaserver]",
ipa_server_host,
"[ipaserver:vars]",
"ipaserver_domain=test.local",
"ipaserver_realm=TEST.LOCAL",
]
return "\n".join(lines).encode("utf8")
def run_playbook(playbook):
def write_logs(result, test_name):
log_dir = os.path.join(SCRIPT_DIR, "logs")
if not os.path.exists(log_dir):
os.makedirs(log_dir)
# Write stdout log for test
log_path = os.path.join(log_dir, test_name + ".log")
with open(log_path, "w") as log_file:
log_file.write(result.stdout.decode("utf-8"))
# Write stderr log for test
error_log_path = os.path.join(log_dir, test_name + "-error.log")
with open(error_log_path, "w") as log_file:
log_file.write(result.stderr.decode("utf-8"))
def run_playbook(playbook, test_name):
with tempfile.NamedTemporaryFile() as inventory_file:
inventory_file.write(get_inventory_content())
inventory_file.flush()
@@ -28,15 +69,17 @@ def run_playbook(playbook):
inventory_file.name,
playbook,
]
process = Popen(cmd, cwd=SCRIPT_DIR)
process.wait()
process = subprocess.run(
cmd, cwd=SCRIPT_DIR, stdout=subprocess.PIPE, stderr=subprocess.PIPE
)
write_logs(process, test_name)
return process
def list_test_yaml(dir_path):
yamls = []
for yaml_name in os.listdir(dir_path):
for yaml_name in sorted(os.listdir(dir_path)):
if yaml_name.startswith("test_") and yaml_name.endswith(".yml"):
yamls.append(
{
@@ -50,7 +93,7 @@ def list_test_yaml(dir_path):
def get_test_groups():
test_dirs = os.listdir(SCRIPT_DIR)
groups = {}
for test_group_dir in test_dirs:
for test_group_dir in sorted(test_dirs):
group_dir_path = os.path.join(SCRIPT_DIR, test_group_dir)
if not os.path.isdir(group_dir_path):
continue
@@ -65,6 +108,7 @@ def prepare_test(test_name, test_path):
@functools.wraps(func)
def wrapper(*args, **kwargs):
kwargs["test_path"] = test_path
kwargs["test_name"] = test_name
return func(*args, **kwargs)
return wrapper
@@ -82,13 +126,29 @@ for group_name, group_tests in get_test_groups().items():
test_path = test_config["path"]
@pytest.mark.skipif(
os.getenv("IPA_SERVER_HOST") is None,
not get_server_host(),
reason="Environment variable IPA_SERVER_HOST must be set",
)
@prepare_test(test_name, test_path)
def method(self, test_path):
result = run_playbook(test_path)
assert result.returncode == 0
def method(self, test_path, test_name):
result = run_playbook(test_path, test_name)
status_code_msg = "ansible-playbook return code: {}".format(
result.returncode
)
assert_msg = "\n".join(
[
"",
"-" * 30 + " Captured stdout " + "-" * 30,
result.stdout.decode("utf8"),
"-" * 30 + " Captured stderr " + "-" * 30,
result.stderr.decode("utf8"),
"-" * 30 + " Playbook Return Code " + "-" * 30,
status_code_msg,
]
)
# Need to get the last bytes of msg otherwise Azure
# will cut it out.
assert result.returncode == 0, assert_msg[-2500:]
_tests[test_name] = method
globals()[group_name] = type(group_name, (TestCase,), _tests)
globals()[group_name] = type(group_name, tuple([TestCase]), _tests,)

16
tests/vault/tasks_vault_members.yml
View File

@@ -151,7 +151,7 @@
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ groups.ipaserver[0] }}"
services: "HTTP/{{ ansible_fqdn }}"
register: result
failed_when: not result.changed
@@ -160,7 +160,7 @@
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ groups.ipaserver[0] }}"
services: "HTTP/{{ ansible_fqdn }}"
register: result
failed_when: result.changed
@@ -169,7 +169,7 @@
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ groups.ipaserver[0] }}"
services: "HTTP/{{ ansible_fqdn }}"
state: absent
register: result
failed_when: not result.changed
@@ -179,7 +179,7 @@
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
action: member
services: "HTTP/{{ groups.ipaserver[0] }}"
services: "HTTP/{{ ansible_fqdn }}"
state: absent
register: result
failed_when: result.changed
@@ -264,7 +264,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ groups.ipaserver[0] }}"
ownerservices: "HTTP/{{ ansible_fqdn }}"
action: member
register: result
failed_when: not result.changed
@@ -273,7 +273,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ groups.ipaserver[0] }}"
ownerservices: "HTTP/{{ ansible_fqdn }}"
action: member
register: result
failed_when: result.changed
@@ -282,7 +282,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ groups.ipaserver[0] }}"
ownerservices: "HTTP/{{ ansible_fqdn }}"
state: absent
action: member
register: result
@@ -292,7 +292,7 @@
ipavault:
ipaadmin_password: SomeADMINpassword
name: "{{vault.name}}"
ownerservices: "HTTP/{{ groups.ipaserver[0] }}"
ownerservices: "HTTP/{{ ansible_fqdn }}"
state: absent
action: member
register: result