tests/sudorule: Don't become or gather_facts and use only true/false

Unless there's a real need to use privileged access or to gather Ansible facts upfront, we should always set "become: false" and "gather_facts: false". In the case that only a few Ansible facts are required, 'ansible.builtin.setup' with 'gather_subset' should be used. As the YAML 1.2 standard dictates, boolean values should only use 'true' or 'false' values. This patch fixes these issues in the 'sudorule' test suite.
2026-06-11 19:25:54 +00:00 · 2024-11-05 11:08:13 -03:00
parent 4fa0621156
commit 6c94fe9bd5
6 changed files with 38 additions and 20 deletions
--- a/tests/sudorule/test_sudorule_single_hostnames.yml
+++ b/tests/sudorule/test_sudorule_single_hostnames.yml
@@ -1,17 +1,22 @@
 ---
 - name: Test sudorule with single hostnames.
  hosts: "{{ ipa_test_host | default('ipaserver') }}"
-  become: no
-  gather_facts: no
+  become: false
+  gather_facts: false

  tasks:
  - name: Test sudorule single hostnames
    block:
    # setup test environment
-    - name: Get Domain from the server name
-      ansible.builtin.set_fact:
-        ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"
+    - name: Ensure ipaserver_domain is set
      when: ipaserver_domain is not defined
+      block:
+      - name: Retrieve host information
+        ansible.builtin.setup:
+          gather_subset: dns
+      - name: Get Domain from the server name
+        ansible.builtin.set_fact:
+          ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}"

    - name: Ensure test sudo rule is absent
      ipasudorule:
@@ -24,9 +29,9 @@
        ipaadmin_password: SomeADMINpassword
        hosts:
          - name: "host01.{{ ipaserver_domain }}"
-            force: yes
+            force: true
          - name: "host02.{{ ipaserver_domain }}"
-            force: yes
+            force: true

    # start tests
    - name: Ensure sudorule exist with host member using FQDN.