88f84cefee
Due to Ansible filtering out values in the output that might be match values in sensible attributes that have `no_log` set, if a module need to return data to the controller, it cannot rely on `ansible_module.exit_json` if there is a chance that a partial match may occur. See: https://github.com/ansible/ansible/issues/71789 The change provided here uses the same implementation that is used on Ansible's `AnsibleModule.exit_json`, without the data filtering layer, so every attribute with be printed and, therefore, logged by Ansible. This is needed for the Vault module, as we need to return values that are explicit requested by the user and that might, at least partially, match the values in attributes with `no_log` set. Tests that reproduced the issue, and show it was fixed were provided for all Vault types.
Running the tests
Before starting
In order to run ansible-freeipa tests you will need to install the dependencies listed in the file requirements-tests.txt in your local machine. We'll call this local machine controller.
You will also need to have a remote host with freeipa server installed and configured. We'll call this remote host ipaserver.
Some other requirements:
- The
controllermust be able to connect toipaserverthrough ssh using keys. ipaservermust be configured with DNS support. See ipaserver role.- IPA admin password must be
SomeADMINpassword. - Directory Server admin password must be
SomeDMpassword.
Running the tests
To run the tests run:
IPA_SERVER_HOST=<ipaserver_host_or_ip> pytest
If you need to run using a different user you can use ANSIBLE_REMOTE_USER
environment variable. For example:
ANSIBLE_REMOTE_USER=root IPA_SERVER_HOST=<ipaserver_host_or_ip> pytest
If you want to use ssh with password, you must set IPA_SSH_PASSWORD
environment variable. For example:
IPA_SSH_PASSWORD=<ipaserver_ssh_password> IPA_SERVER_HOST=<ipaserver_host_or_ip> pytest
To run a single test use the full path with the following format:
IPA_SERVER_HOST=<ipaserver_host_or_ip> pytest tests/test_playbook_runs.py::sudorule::test_sudorule
To select which tests to run based on search use the option -k. For example:
IPA_SERVER_HOST=<ipaserver_host_or_ip> pytest -k dnszone
To see the ansible output use the option --capture=sys. For example:
IPA_SERVER_HOST=<ipaserver_host_or_ip> pytest --capture=sys
To see why tests were skipped use -rs. For example:
IPA_SERVER_HOST=<ipaserver_host_or_ip> pytest -rs
For a complete list of options check pytest --help.
Types of tests
Playbook tests
The playbook tests will run our roles / modules using Ansible with various parameters. Most of these tests will be executed more than once, to verify idempotence. In general those tests don't verify the state of the machine after the playbook is executed.
To select only these tests use the option -m "playbook"
Python tests (pytests)
The pytests are tests that will execute small playbooks and then will verify the test results immediately after, using python code for that.
To select only these tests on a test execution use the option -m "not playbook".
Running tests in a docker container
It's also possible to run the tests in a container.
Creating a container to run the tests
Before setting up a container you will need to install molecule framework:
pip install molecule[docker]>=3
Now you can start a test container using the following command:
molecule create -s centos-8
Note: Currently the containers available for running the tests are:
- centos-7
- centos-8
Running the tests inside the container
To run the tests you will use pytest (works the same as for VMs).
RUN_TESTS_IN_DOCKER=1 IPA_SERVER_HOST=centos-8 pytest
Cleaning up after tests
After running the tests you should probably destroy the test container using:
molecule destroy -s centos-8
See Running the tests section for more information on available options.
Upcoming/desired improvements:
- A script to pre-config the complete test environment using virsh.
- A test matrix to run tests against different distros in parallel (probably using tox).