Since test configuration can vary in different scenarios (test images)
this patch adds a script to list the scenarios configuration, and a
step to the playbook test jobs to display the scenario configuration.
Currently, all tests are scheduled to execution, even those that are
not executed due to being absent from the list of enabled tests
configured in the IPA_ENABLED_* variables. The tests that are not
executed are marked 'skipped'.
This patch change this behavior by not scheduling tests that are not
configured to be executed. It means that tests not the IPA_DISABLED_*
lists are not skipped anymore, but not scheduled to be executed. If
any test is in IPA_ENABLED_* lists, only those tests are marked for
execution. A side effect is that there is no visual feedback on which
tests were not executed, as disabled tests are not evaluated anymore.
Also, when IPA_SERVER_HOST was not set, all tests were skipped, but
an error should raised in this case, as there are no hosts to run the
tests against.
This patch modifies this behavior to fail the test with an exception if
IPA_SERVER_HOST is not set.
Sometimes, mostly due do differences in package versions, there are
some tests that fail on a single distribution which cannot be fixed
by ansible-freeipa, requiring that the offending package is fixed.
To keep tests running succesfully we have options to disable the
failing tests, but this changes are globally applied, meaning that, by
disabling a test, it is disable in all tested distributions.
This patch allows tests to be enabled or disabled for a specific
distribution, by setting the configuration on the 'variable' template
for the specific testing scenario.
flake8 reports an issue in ipavault:
plugins/modules/ipavault.py:528:20: E275 missing whitespace after keyword
The missing whitespace has been added: "and not(" -> "and not ("
The internal parameter sid_generation_always is generated in
ipareplica_test to enable SID generation if ipareplica_setup_adtrust is
not enabled.
This parameter was not used for ipareplica_prepare though, therefore
adtrust.install_check was not executed and did not set the attribute
adtrust.netbios_name. As a result adtrust.netbios_name was None and the
try to use this as the new NetBIOS domain name failed with an
INVALID_SYNTAX error in adtrustinstance while executing
ipareplica_setup_adtrust.
This issue only occurs if SIDs are not enabled in the domain yet for
example with an old deployment.
The SID is always generated in the command line installers in newer IPA
versions. This also needs to be done in the ipaserver and ipareplica roles.
For the IPA versions that are supporting this, the adtrust setup is always
executed to generated the SIDs, but only configures AD trust if
ipaserver_setup_adtrust or ipareplica_setup_adtrust is also enabled. A
check has been added to ipaserver_test and ipareplica_test to only enable
the SID generation for the IPA versions supporting this.
This is related to https://pagure.io/freeipa/8995
Fixes:
- https://bugzilla.redhat.com/show_bug.cgi?id=2110478
- https://bugzilla.redhat.com/show_bug.cgi?id=2110491
Due to an issue with python-dns, FreeIPA is raising an expection when
setting a DNS forwarder with a custom port. Separating the test for
ipadnsconfig that use forwarders with custom allows the other tests
to be correctly executed.
When running tests/sanity/sanity.sh locally, podman might be available
instead of Docker. Due to current configuration, only Docker is used by
sanity.sh.
This patch searches for the availability of docker, which is kept as
the default container engine to use, and use podman only if docker is
not found.
This change also allows the execution of the script from a directory
other than the repository root.
api_check_ipa_version was using packaging.version. IPA is using
pkg_resources.parse_version in ipaplatform.tasks.parse_ipa_version.
With this change tasks.parse_ipa_version from ipaplatform is used to
have exactly the same version comparison that also IPA has.
Additionally tasks is added to __all__.
Checking if some output is present or absent from standard streams was
done by simple string searching. Due to recent changes in FreeIPA, this
search is not effective due to capitalization differences in boolean
values output. Changing the string searching to regular expression
searches fixes this behavior for current and previous versions of
FreeIPA.
This patch also adds more information on the assert tests in case of an
error, so that it is easier to understand why the test failed.
The fallback function used to compare IPA versions was spliting the
version string into a tuple of strings, and the comparison of the tuple
would fail if comparing a field with one digit aginst a two-digit one,
for example, '8' with '10', as the string comparison would put '10'
before the '8'.
This patch forces the version fields to be converted to integers, so
a numerical comparison will be performed. If a version string field
cannot be converted to a number, than the string comparison will still
be used.
FreeIPA 4.9.10+ and 4.10 use proper mapping for boolean values, and
only searching for "TRUE" does not work anymore.
This patch fix ipadnszone plugin and IPAParamMapping class handling
of boolean values.
The generation of ipaserver_domain has issues: At first
ansible_facts['hostname'] instead of ansible_facts['fqdn'] is used
and second the first entry after the split operation is used and third
the final join is missing.
Python 3.11 dropped compat inspect.getargspec. As the roles and modules
need to support Python2 and Python3, the code for getargspec has been
copied from Python 3.10 and is added as a fallback as soon as getargspec
can not be imported from inspect. The copied getargspec is using
getfullargspec internally.
Fixes: #855 (Python's inspect.getargspec was removed in version 3.11)
With the support for Random Serial Numbers v3 in FreeIPA 4.10, the
attribute random_serial_numbers has been added to the installer options.
options._random_serial_numbers is generated by ca.install_check and
later used by ca.install in the _setup_ca module.
ca.install_check is using options.random_serial_numbers and generating
options._random_serial_numbers which is later used by ca.install in
ca.install the _setup_ca module.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2103928https://bugzilla.redhat.com/show_bug.cgi?id=2103924
With ansible-2.13 it is required to use jinja for list concatenation.
list: "[] + ['a'] + ['b']"
needs to become
list: "{{ [] + ['a'] + ['b'] }}"
copy_external_cert.yml needed to be changed.
As the current latest upstream version of ansible-core is 2.13.0, to
test against ansible-core 2.12 series we need to pin the version used
on the test.
This patch enables the already defined tests for ansible-core 2.12 that
were available but commented out.
There are new smartcard roles in the roles folder:
roles/ipasmartcard_server
roles/ipasmartcard_client
This roles allows to setup smartcard for servers and clients.
Here is the documentation for the roles:
roles/ipasmartcard_server/README.md
roles/ipasmartcard_client/README.md
New example playbooks have been added:
playbooks/install-smartcard-server.yml
playbooks/install-smartcard-replicas.yml
playbooks/install-smartcard-servers.yml
playbooks/install-smartcard-clients.yml
As an idrange has no members, when using `state: absent`, all
parameters but 'name' and 'state' are invalid. The list of invalid
parameters when 'state: absent', have been fixed to include some
missing parameters.
Provide a pipeline to test ansible-freeipa as an Ansible Galaxy
collection. The tests will use 'utils/build-galaxy-release.sh' to
create the galaxy release file, install it as a collection, and run
the tests in it, which were modified to use FQCN.
The tests will run only on 'fedora-latest' for each PR, and on all
platforms for nightly and weekly tests.
