A dangling 'when:' clause was failing anisble-lint tests as the task did
not match any valid schema. The dangling clause was removed, and the
usage of 'shell' was changed from free form to use the 'cmd' parameter.
In latest ansible-lint versions, the use of "blocks" has a required
order to be implemented. According to ansible-lint error mesage, the
order is name, when, block, rescue, always.
As not following this rule is now an error, this patch fixes all tests
for the 'key-order[task]' error.
ansible-lint is issuing an warning when using '# noqa 505' instead of
'#noqa missing-import' on playbooks. This patch changes all occurrences
of the tag to use the newer format.
The test in ipaclient_test_keytab is at first trying to use an existing
krb5.conf to test if the host keytab can be used. With working DNS lookup
an absent krb5.conf is not reported as an error as DNS lookup is
silently used instead.
A temporary krb5.conf is now used in this test that forces to deactivate
DNS lookups and also to load /etc/krb5.conf. A missing krb5.conf is now
detected properly as the kinit call fails now properly. Thanks to Julien
Rische for this proposal.
ipaclient_test_keytab is now properly returning the state of usable or
not usable krb5.conf in krb5_conf_ok. This fixes the handling of this
case later on in the role.
Due to DNS issues and the increase number of tests, the timeout setting
used for upstream tests was being reached. As we still have room for
running the tests using Azure infrastructure, this patch increases the
timeout to 240 minutes (4h), per worker.
The playbooks automount-map-absent.yaml and automount-map-present.yaml
have been using the wrong extention. The files have been renamed to use
.yml now.
The experimental tests is running several additional tests like for
example to check module arg values. It fails everytime a variable is
used to pass the value in.
Examples:
- playbooks/topology/add-topologysegments.yml:15: args[module]: value of
suffix must be one of: domain, ca, domain+ca, got: {{ item.suffix }}
- tests/host/test_host.yml:21: args[module]: value of ipaapi_context must
be one of: server, client, got: {{ ipa_context | default(omit) }}
The name template test is failing for every template use inside of a name.
This is forcing to have only generic names and nothing specific in the
log anymore.
These two tests have been deactivated to have less overflow in the
ansible-lint output.
When clearing minimum length parameter, FreeIPA raises an error, and the
error is different when executing the playbook in server or client
context. Since the error message is evaluated in the text, both errors
must be accepted as "not a failure", since ansible-freeipa did the
correct call.
Once https://pagure.io/freeipa/issue/9297 is fixed, the test must be
updated to not accept any of these error messages.
ansible-lint required to be run in a collection source directory with
correct and working galaxy.yml
As ansible-freeipa is not converted to a collection, the galaxy.yml file
can not be used to create the collection. This needs to be done with
utils/build-galaxy-release.sh. The script is fixing all the prefixes for
the roles and modules in all the yml files and also example snippets and
in the documentation.
Therefore utils/build-galaxy-release.sh is called with the "-k" option
to keep the directory that has been used to generate the collection with
the script. Afterwards ansible-lint is run in this build directory.
With 4.9.10, the value of bools have been changed from "TRUE" and
"FALSE" to real bool values.
With IPA < 4.9.10 the new bool checks distcheck and usercheck failed
the tests for enabling the checks with a "already enabled" error.
A new version check altogether with providing the ansible module for
gen_args has been added. The values True and False are now transformed
into "TRUE" and "FALSE" for IPA < 4.9.10.
The function bool_param has been renamed to bool_or_empty_param to match
the int_or_empty_param and to have a more explaining name.
All values for pwpolicy can be cleared with an empty string in IPA CLI,
and this behavior was missing in ansible-freeipa.
As of today, there is an issue in FreeIPA that does not allow clearing
'minlength' policy. The is is tracked by the FreeIPA project through
https://pagure.io/freeipa/issue/9297
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2150334
As we now have ansible-core 2.14 available through 'pip', the versions
used for testing on Azure should be 2.12, 2.13 and 2.14, as Ansible
keeps upstream support for the latest version plus the two previous
ones.
This patch update the version used in tests by increasing the version
used by 1 (MINOR).
