From a1cad32a46afd3ceab83ab0d172a0adae77eeaed Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Fri, 15 Aug 2025 10:16:27 -0300 Subject: [PATCH 1/7] requirements.txt: Add setuptools In recent Python setups, 'setuptools' may not be readily available, and, as we depend on it, it should be a requirement. Signed-off-by: Rafael Guterres Jeffman --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index e69de29b..49fe098d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -0,0 +1 @@ +setuptools From fdd45cc475fa07afc8884a9839024466f1586e7a Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Fri, 15 Aug 2025 16:09:24 -0300 Subject: [PATCH 2/7] pylint: Fix pylint 3.3.8 issues With the latest pylint version, an issue is raised by inheriting from BaseInventoryPlugin, as the class has too many ancestors (too-many-ancestors). This is caused by a class hierarchy that is too deep, and is not under ansible-freeipa's control. --- plugins/inventory/freeipa.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/inventory/freeipa.py b/plugins/inventory/freeipa.py index 8cb2ec5b..fc1c0ef0 100644 --- a/plugins/inventory/freeipa.py +++ b/plugins/inventory/freeipa.py @@ -107,7 +107,7 @@ from ansible.plugins.inventory import BaseInventoryPlugin from ansible.module_utils.six.moves.urllib.parse import quote -class InventoryModule(BaseInventoryPlugin): +class InventoryModule(BaseInventoryPlugin): # pylint: disable=R0901 NAME = 'freeipa' From 52f7f7848e8cff8ccfa21726df5891a9e91cb213 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Fri, 15 Aug 2025 16:15:35 -0300 Subject: [PATCH 3/7] ansible-lint: Fix deprecation warning with bool and omit The application of the 'bool' filter to an OmitType value is deprecated and will be removed on ansible-core 2.23. --- tests/config/test_config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/config/test_config.yml b/tests/config/test_config.yml index 555a142e..525e4b33 100644 --- a/tests/config/test_config.yml +++ b/tests/config/test_config.yml @@ -400,7 +400,7 @@ searchrecordslimit: '{{ previousconfig.config.searchrecordslimit | default(100) | int }}' usersearch: '{{ previousconfig.config.usersearch | default(omit) }}' groupsearch: '{{ previousconfig.config.groupsearch | default(omit) }}' - enable_migration: '{{ previousconfig.config.enable_migration | default(False) | bool }}' + enable_migration: '{{ omit if previousconfig.config.enable_migration is not defined else (previousconfig.config.enable_migration | bool) }}' groupobjectclasses: '{{ previousconfig.config.groupobjectclasses | default(omit) }}' userobjectclasses: '{{ previousconfig.config.userobjectclasses | default(omit) }}' pwdexpnotify: '{{ previousconfig.config.pwdexpnotify | default(4) | int }}' @@ -436,7 +436,7 @@ searchrecordslimit: '{{ previousconfig.config.searchrecordslimit | default(omit) | int }}' usersearch: '{{ previousconfig.config.usersearch | default(omit) }}' groupsearch: '{{ previousconfig.config.groupsearch | default(omit) }}' - enable_migration: '{{ previousconfig.config.enable_migration | default(omit) | bool }}' + enable_migration: '{{ omit if previousconfig.config.enable_migration is not defined else (previousconfig.config.enable_migration | bool) }}' groupobjectclasses: '{{ previousconfig.config.groupobjectclasses | default(omit) }}' userobjectclasses: '{{ previousconfig.config.userobjectclasses | default(omit) }}' pwdexpnotify: '{{ previousconfig.config.pwdexpnotify | default(omit) | int }}' @@ -473,7 +473,7 @@ searchrecordslimit: '{{ previousconfig.config.searchrecordslimit | default(omit) | int }}' usersearch: '{{ previousconfig.config.usersearch | default(omit) }}' groupsearch: '{{ previousconfig.config.groupsearch | default(omit) }}' - enable_migration: '{{ previousconfig.config.enable_migration | default(omit) | bool }}' + enable_migration: '{{ omit if previousconfig.config.enable_migration is not defined else (previousconfig.config.enable_migration | bool) }}' groupobjectclasses: '{{ previousconfig.config.groupobjectclasses | default(omit) }}' userobjectclasses: '{{ previousconfig.config.userobjectclasses | default(omit) }}' pwdexpnotify: '{{ previousconfig.config.pwdexpnotify | default(omit) | int }}' From 6f15cd093a4d3721d2770d4d7329e171598b579d Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Fri, 15 Aug 2025 16:18:53 -0300 Subject: [PATCH 4/7] ansible-lint: Fix Jinja error A task in 'roles/ipaclient/tasks/install.yml' uses logic that ansible-lint and jinja are unable to evaluate due to missing type. By refactoring the task the tools are able to evaluate the task. --- roles/ipaclient/tasks/install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml index ca56be3d..7191cece 100644 --- a/roles/ipaclient/tasks/install.yml +++ b/roles/ipaclient/tasks/install.yml @@ -181,10 +181,10 @@ - name: Install - Store the previously obtained OTP no_log: yes + when: result_ipaclient_get_otp.host is defined ansible.builtin.set_fact: ipaadmin_orig_password: "{{ ipaadmin_password | default(omit) }}" - ipaadmin_password: "{{ result_ipaclient_get_otp.host.randompassword - if result_ipaclient_get_otp.host is defined }}" + ipaadmin_password: "{{ result_ipaclient_get_otp.host.randompassword | default(omit) }}" rescue: - name: Install - Report error for OTP generation ansible.builtin.debug: From 97378c38cfd910a6952d1bafbf395dea9fac59fd Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Fri, 17 Oct 2025 17:57:20 -0300 Subject: [PATCH 5/7] pylint: Add list of upper case constants to setup.cfg Pylint 4.0.1 seems to not understand that some of the constants used by ansible-freeipa roles and modules are constants and not variables, and complain about the naming style. By adding these constant names to the "good-names" list avoid pylint errors and don't require future unnecessary changes. Signed-off-by: Rafael Guterres Jeffman --- setup.cfg | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/setup.cfg b/setup.cfg index c1cd4c64..b0cbe64d 100644 --- a/setup.cfg +++ b/setup.cfg @@ -61,7 +61,12 @@ good-names = dt, ca, # These are utils tools, and not part of the released collection. galaxyfy-playbook, galaxyfy-README, galaxyfy-module-EXAMPLES, - module_EXAMPLES + module_EXAMPLES, + MODULE_IMPORT_ERROR, ANSIBLE_IPA_CLIENT_MODULE_IMPORT_ERROR, + CLIENT_SUPPORTS_NO_DNSSEC_VALIDATION, ANSIBLE_IPA_REPLICA_MODULE_IMPORT_ERROR, + SYSTEMD_RESOLVED_IPA_CONF, ANSIBLE_IPA_SERVER_MODULE_IMPORT_ERROR, + NETWORK_MANAGER_IPA_CONF, ANSIBLE_FREEIPA_MODULE_IMPORT_ERROR, + FIX_6741_DEEPCOPY_OBJECTCLASSES [pylint.IMPORTS] From d307635c38aec5a95ced0c6d182821a650019f16 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Mon, 10 Nov 2025 14:42:32 -0300 Subject: [PATCH 6/7] pytest: update to work with recent Python With Python 3.14, the required pytest version stopped working due to breaking changes in AST. This patch changes the test tool versions to the most recent one, by requiring only the minimal version, but not setting a specific one. Recent pytest version also requires that the search path for Python modules is defined. Signed-off-by: Rafael Guterres Jeffman --- pytest.ini | 1 + requirements-tests.txt | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/pytest.ini b/pytest.ini index d9707737..f325221a 100644 --- a/pytest.ini +++ b/pytest.ini @@ -4,3 +4,4 @@ junit_family = xunit1 markers= source_order: mark test as order bound playbook: playbook tests +pythonpath = tests diff --git a/requirements-tests.txt b/requirements-tests.txt index e6f74d64..052ba720 100644 --- a/requirements-tests.txt +++ b/requirements-tests.txt @@ -1,8 +1,8 @@ -r requirements.txt -pytest==7.1.3 -pytest-sourceorder==0.6.0 +pytest +pytest-sourceorder pytest-split>=0.8.0 pytest-custom_exit_code>=0.3.0 -pytest-testinfra==6.8.0 -pytest-randomly==3.12.0 +pytest-testinfra +pytest-randomly pyyaml>=3 From b186a1f28fc51a17a28c62e73032eba6c7faee78 Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Mon, 10 Nov 2025 15:48:26 -0300 Subject: [PATCH 7/7] upstream CI: Update Ansible version for c9s Although the available ansible-core package version for c9s is 2.14, the upstream "pip" version of this package has a broken certificate and is unusable against Galaxy. This patch fixes the version to 2.16, as it is the same version for c8s and c10s, and the oldest one available as packages for the CentOS Streams. Signed-off-by: Rafael Guterres Jeffman --- infra/azure/pr-pipeline.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/infra/azure/pr-pipeline.yml b/infra/azure/pr-pipeline.yml index 9d990dfd..8eff18e3 100644 --- a/infra/azure/pr-pipeline.yml +++ b/infra/azure/pr-pipeline.yml @@ -13,7 +13,9 @@ parameters: type: object default: - { distro: "c8s", ansible_version: "2.16" } - - { distro: "c9s", ansible_version: "2.14" } + # c9s should use 2.14, but this version has an invalid certificate + # and so is unsuable against ansible-galaxy. + - { distro: "c9s", ansible_version: "2.16" } - { distro: "c10s", ansible_version: "2.16" } variables: