diff --git a/tests/integration/targets/acme_account/aliases b/tests/integration/targets/acme_account/aliases index d7936330..b5385e3a 100644 --- a/tests/integration/targets/acme_account/aliases +++ b/tests/integration/targets/acme_account/aliases @@ -1,2 +1,14 @@ shippable/cloud/group1 cloud/acme + +# Since skipping below fails miserably with ansible-core 2.11 and earlier, we have to skip all POSIX tests... +# (https://github.com/ansible/ansible/issues/75711) +# shippable/posix/group1 + +# Skip all VMs, since we cannot talk to the ACME simulator from these: +# (TODO: remove when ansible-core 2.12 is the earliest version we support) +# skip/aix +# skip/freebsd +# skip/macos +# skip/osx +# skip/rhel diff --git a/tests/integration/targets/acme_account_info/aliases b/tests/integration/targets/acme_account_info/aliases index d7936330..b5385e3a 100644 --- a/tests/integration/targets/acme_account_info/aliases +++ b/tests/integration/targets/acme_account_info/aliases @@ -1,2 +1,14 @@ shippable/cloud/group1 cloud/acme + +# Since skipping below fails miserably with ansible-core 2.11 and earlier, we have to skip all POSIX tests... +# (https://github.com/ansible/ansible/issues/75711) +# shippable/posix/group1 + +# Skip all VMs, since we cannot talk to the ACME simulator from these: +# (TODO: remove when ansible-core 2.12 is the earliest version we support) +# skip/aix +# skip/freebsd +# skip/macos +# skip/osx +# skip/rhel diff --git a/tests/integration/targets/acme_certificate/aliases b/tests/integration/targets/acme_certificate/aliases index d7936330..b5385e3a 100644 --- a/tests/integration/targets/acme_certificate/aliases +++ b/tests/integration/targets/acme_certificate/aliases @@ -1,2 +1,14 @@ shippable/cloud/group1 cloud/acme + +# Since skipping below fails miserably with ansible-core 2.11 and earlier, we have to skip all POSIX tests... +# (https://github.com/ansible/ansible/issues/75711) +# shippable/posix/group1 + +# Skip all VMs, since we cannot talk to the ACME simulator from these: +# (TODO: remove when ansible-core 2.12 is the earliest version we support) +# skip/aix +# skip/freebsd +# skip/macos +# skip/osx +# skip/rhel diff --git a/tests/integration/targets/acme_certificate/meta/main.yml b/tests/integration/targets/acme_certificate/meta/main.yml index 3e283946..22ed4058 100644 --- a/tests/integration/targets/acme_certificate/meta/main.yml +++ b/tests/integration/targets/acme_certificate/meta/main.yml @@ -1,4 +1,5 @@ dependencies: - setup_acme + - setup_pyopenssl # needed for Ubuntu 16.04 - setup_remote_tmp_dir - prepare_jinja2_compat diff --git a/tests/integration/targets/acme_certificate_revoke/aliases b/tests/integration/targets/acme_certificate_revoke/aliases index d7936330..b5385e3a 100644 --- a/tests/integration/targets/acme_certificate_revoke/aliases +++ b/tests/integration/targets/acme_certificate_revoke/aliases @@ -1,2 +1,14 @@ shippable/cloud/group1 cloud/acme + +# Since skipping below fails miserably with ansible-core 2.11 and earlier, we have to skip all POSIX tests... +# (https://github.com/ansible/ansible/issues/75711) +# shippable/posix/group1 + +# Skip all VMs, since we cannot talk to the ACME simulator from these: +# (TODO: remove when ansible-core 2.12 is the earliest version we support) +# skip/aix +# skip/freebsd +# skip/macos +# skip/osx +# skip/rhel diff --git a/tests/integration/targets/acme_challenge_cert_helper/aliases b/tests/integration/targets/acme_challenge_cert_helper/aliases index d7936330..b5385e3a 100644 --- a/tests/integration/targets/acme_challenge_cert_helper/aliases +++ b/tests/integration/targets/acme_challenge_cert_helper/aliases @@ -1,2 +1,14 @@ shippable/cloud/group1 cloud/acme + +# Since skipping below fails miserably with ansible-core 2.11 and earlier, we have to skip all POSIX tests... +# (https://github.com/ansible/ansible/issues/75711) +# shippable/posix/group1 + +# Skip all VMs, since we cannot talk to the ACME simulator from these: +# (TODO: remove when ansible-core 2.12 is the earliest version we support) +# skip/aix +# skip/freebsd +# skip/macos +# skip/osx +# skip/rhel diff --git a/tests/integration/targets/acme_inspect/aliases b/tests/integration/targets/acme_inspect/aliases index d7936330..b5385e3a 100644 --- a/tests/integration/targets/acme_inspect/aliases +++ b/tests/integration/targets/acme_inspect/aliases @@ -1,2 +1,14 @@ shippable/cloud/group1 cloud/acme + +# Since skipping below fails miserably with ansible-core 2.11 and earlier, we have to skip all POSIX tests... +# (https://github.com/ansible/ansible/issues/75711) +# shippable/posix/group1 + +# Skip all VMs, since we cannot talk to the ACME simulator from these: +# (TODO: remove when ansible-core 2.12 is the earliest version we support) +# skip/aix +# skip/freebsd +# skip/macos +# skip/osx +# skip/rhel diff --git a/tests/integration/targets/certificate_complete_chain/aliases b/tests/integration/targets/certificate_complete_chain/aliases index a6dafcf8..ec8a50b9 100644 --- a/tests/integration/targets/certificate_complete_chain/aliases +++ b/tests/integration/targets/certificate_complete_chain/aliases @@ -1 +1,2 @@ +shippable/cloud/group1 shippable/posix/group1 diff --git a/tests/integration/targets/get_certificate/aliases b/tests/integration/targets/get_certificate/aliases index db2a5672..5876a928 100644 --- a/tests/integration/targets/get_certificate/aliases +++ b/tests/integration/targets/get_certificate/aliases @@ -1,3 +1,4 @@ +shippable/cloud/group1 shippable/posix/group1 destructive needs/httptester diff --git a/tests/integration/targets/openssl_csr/aliases b/tests/integration/targets/openssl_csr/aliases index 6eae8bd8..b71f6f33 100644 --- a/tests/integration/targets/openssl_csr/aliases +++ b/tests/integration/targets/openssl_csr/aliases @@ -1,2 +1,3 @@ +shippable/cloud/group1 shippable/posix/group1 destructive diff --git a/tests/integration/targets/openssl_csr_info/aliases b/tests/integration/targets/openssl_csr_info/aliases index 6eae8bd8..b71f6f33 100644 --- a/tests/integration/targets/openssl_csr_info/aliases +++ b/tests/integration/targets/openssl_csr_info/aliases @@ -1,2 +1,3 @@ +shippable/cloud/group1 shippable/posix/group1 destructive diff --git a/tests/integration/targets/openssl_csr_pipe/aliases b/tests/integration/targets/openssl_csr_pipe/aliases index 6eae8bd8..b71f6f33 100644 --- a/tests/integration/targets/openssl_csr_pipe/aliases +++ b/tests/integration/targets/openssl_csr_pipe/aliases @@ -1,2 +1,3 @@ +shippable/cloud/group1 shippable/posix/group1 destructive diff --git a/tests/integration/targets/openssl_dhparam/aliases b/tests/integration/targets/openssl_dhparam/aliases index 6eae8bd8..b71f6f33 100644 --- a/tests/integration/targets/openssl_dhparam/aliases +++ b/tests/integration/targets/openssl_dhparam/aliases @@ -1,2 +1,3 @@ +shippable/cloud/group1 shippable/posix/group1 destructive diff --git a/tests/integration/targets/openssl_pkcs12/aliases b/tests/integration/targets/openssl_pkcs12/aliases index 6eae8bd8..b71f6f33 100644 --- a/tests/integration/targets/openssl_pkcs12/aliases +++ b/tests/integration/targets/openssl_pkcs12/aliases @@ -1,2 +1,3 @@ +shippable/cloud/group1 shippable/posix/group1 destructive diff --git a/tests/integration/targets/openssl_privatekey/aliases b/tests/integration/targets/openssl_privatekey/aliases index 6eae8bd8..b71f6f33 100644 --- a/tests/integration/targets/openssl_privatekey/aliases +++ b/tests/integration/targets/openssl_privatekey/aliases @@ -1,2 +1,3 @@ +shippable/cloud/group1 shippable/posix/group1 destructive diff --git a/tests/integration/targets/openssl_privatekey_info/aliases b/tests/integration/targets/openssl_privatekey_info/aliases index 6eae8bd8..b71f6f33 100644 --- a/tests/integration/targets/openssl_privatekey_info/aliases +++ b/tests/integration/targets/openssl_privatekey_info/aliases @@ -1,2 +1,3 @@ +shippable/cloud/group1 shippable/posix/group1 destructive diff --git a/tests/integration/targets/openssl_privatekey_pipe/aliases b/tests/integration/targets/openssl_privatekey_pipe/aliases index 06946f86..4ff07c7d 100644 --- a/tests/integration/targets/openssl_privatekey_pipe/aliases +++ b/tests/integration/targets/openssl_privatekey_pipe/aliases @@ -1,3 +1,4 @@ context/controller +shippable/cloud/group1 shippable/posix/group1 destructive diff --git a/tests/integration/targets/openssl_publickey/aliases b/tests/integration/targets/openssl_publickey/aliases index 6eae8bd8..b71f6f33 100644 --- a/tests/integration/targets/openssl_publickey/aliases +++ b/tests/integration/targets/openssl_publickey/aliases @@ -1,2 +1,3 @@ +shippable/cloud/group1 shippable/posix/group1 destructive diff --git a/tests/integration/targets/openssl_publickey_info/aliases b/tests/integration/targets/openssl_publickey_info/aliases index 6eae8bd8..b71f6f33 100644 --- a/tests/integration/targets/openssl_publickey_info/aliases +++ b/tests/integration/targets/openssl_publickey_info/aliases @@ -1,2 +1,3 @@ +shippable/cloud/group1 shippable/posix/group1 destructive diff --git a/tests/integration/targets/openssl_signature/aliases b/tests/integration/targets/openssl_signature/aliases index 5a35a4b5..15f29a1c 100644 --- a/tests/integration/targets/openssl_signature/aliases +++ b/tests/integration/targets/openssl_signature/aliases @@ -1,3 +1,4 @@ +shippable/cloud/group1 shippable/posix/group1 openssl_signature_info destructive diff --git a/tests/integration/targets/setup_acme/meta/main.yml b/tests/integration/targets/setup_acme/meta/main.yml index cce7385c..7f98a190 100644 --- a/tests/integration/targets/setup_acme/meta/main.yml +++ b/tests/integration/targets/setup_acme/meta/main.yml @@ -1,4 +1,3 @@ dependencies: -# - setup_openssl - - setup_remote_constraints + - setup_openssl - setup_remote_tmp_dir diff --git a/tests/integration/targets/setup_acme/tasks/main.yml b/tests/integration/targets/setup_acme/tasks/main.yml index 72507986..f58b153a 100644 --- a/tests/integration/targets/setup_acme/tasks/main.yml +++ b/tests/integration/targets/setup_acme/tasks/main.yml @@ -4,24 +4,5 @@ # and should not be used as examples of how to write Ansible roles # #################################################################### -# BEGIN HACK: remove whenever we know how to properly detect 'default' docker container !!!!!!!!!!!!!!!!!!!!! -- name: Default value for OpenSSL binary path - set_fact: - openssl_binary: openssl - -- name: Make sure cryptography is installed - pip: - name: cryptography - extra_args: "-c {{ remote_constraints }}" - -- name: Register openssl version - shell: "{{ openssl_binary }} version | cut -d' ' -f2" - register: openssl_version - -- name: Register cryptography version - command: "{{ ansible_python.executable }} -c 'import cryptography; print(cryptography.__version__)'" - register: cryptography_version -# END HACK !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - - debug: msg: "ACME test container IP is {{ acme_host }}; OpenSSL version is {{ openssl_version.stdout }}; cryptography version is {{ cryptography_version.stdout }}" diff --git a/tests/integration/targets/setup_acme/vars/main.yml b/tests/integration/targets/setup_acme/vars/main.yml deleted file mode 120000 index 1a806ff7..00000000 --- a/tests/integration/targets/setup_acme/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -../../setup_openssl/vars/main.yml \ No newline at end of file diff --git a/tests/integration/targets/setup_openssl/tasks/main.yml b/tests/integration/targets/setup_openssl/tasks/main.yml index 3916633d..06f334c3 100644 --- a/tests/integration/targets/setup_openssl/tasks/main.yml +++ b/tests/integration/targets/setup_openssl/tasks/main.yml @@ -106,6 +106,7 @@ become: true pip: name: 'cryptography{% if ansible_os_family == "Darwin" %}>=3.3{% endif %}' + state: "{{ 'latest' if not target_system_python_cannot_upgrade_cryptography else omit }}" extra_args: "-c {{ remote_constraints }}" - name: Register cryptography version diff --git a/tests/integration/targets/setup_pyopenssl/tasks/main.yml b/tests/integration/targets/setup_pyopenssl/tasks/main.yml index 3eac2a5a..ec9c3961 100644 --- a/tests/integration/targets/setup_pyopenssl/tasks/main.yml +++ b/tests/integration/targets/setup_pyopenssl/tasks/main.yml @@ -31,6 +31,7 @@ become: true pip: name: pyOpenSSL + state: "{{ 'latest' if not target_system_python_cannot_upgrade_cryptography else omit }}" extra_args: "-c {{ remote_constraints }}" - name: Register pyOpenSSL version diff --git a/tests/integration/targets/setup_python_info/filter_plugins/version_filter.py b/tests/integration/targets/setup_python_info/filter_plugins/version_filter.py index 7ed25b05..c18ad87d 100644 --- a/tests/integration/targets/setup_python_info/filter_plugins/version_filter.py +++ b/tests/integration/targets/setup_python_info/filter_plugins/version_filter.py @@ -24,10 +24,31 @@ def get_major_minor_version(version): return '.'.join(parts) +def version_lookup(data, distribution, os_family, distribution_version, distribution_major_version, python_version, default_value=False): + if distribution in data: + data = data[distribution] + elif os_family in data: + data = data[os_family] + else: + return default_value + + if distribution_version in data: + data = data[distribution_version] + elif get_major_minor_version(distribution_version) in data: + data = data[get_major_minor_version(distribution_version)] + elif str(distribution_major_version) in data: + data = data[str(distribution_major_version)] + else: + return default_value + + return python_version in data + + class FilterModule(object): """ IP address and network manipulation filters """ def filters(self): return { 'internal__get_major_minor_version': get_major_minor_version, + 'internal__version_lookup': version_lookup, } diff --git a/tests/integration/targets/setup_python_info/tasks/main.yml b/tests/integration/targets/setup_python_info/tasks/main.yml index 37f68711..3ce7bf0e 100644 --- a/tests/integration/targets/setup_python_info/tasks/main.yml +++ b/tests/integration/targets/setup_python_info/tasks/main.yml @@ -25,31 +25,45 @@ set_fact: target_system_python: >- {{ - (ansible_facts.python.version.major ~ '.' ~ ansible_facts.python.version.minor) - in - ( - system_python_version_data[ansible_facts.distribution] | - default(system_python_version_data[ansible_facts.os_family]) - )[ansible_facts.distribution_version | internal__get_major_minor_version] - | default( - ( - system_python_version_data[ansible_facts.distribution] | - default(system_python_version_data[ansible_facts.os_family]) - )[ansible_facts.distribution_major_version] + system_python_version_data | + internal__version_lookup( + ansible_facts.distribution, + ansible_facts.os_family, + ansible_facts.distribution_version, + ansible_facts.distribution_major_version, + ansible_facts.python.version.major ~ '.' ~ ansible_facts.python.version.minor + ) + }} + target_system_python_cannot_upgrade_cryptography: >- + {{ + cannot_upgrade_cryptography | + internal__version_lookup( + ansible_facts.distribution, + ansible_facts.os_family, + ansible_facts.distribution_version, + ansible_facts.distribution_major_version, + ansible_facts.python.version.major ~ '.' ~ ansible_facts.python.version.minor ) }} controller_system_python: >- {{ - (hostvars['localhost'].ansible_facts.python.version.major ~ '.' ~ hostvars['localhost'].ansible_facts.python.version.minor) - in - ( - system_python_version_data[hostvars['localhost'].ansible_facts.distribution] | - default(system_python_version_data[hostvars['localhost'].ansible_facts.os_family]) - )[ansible_facts.distribution_version | internal__get_major_minor_version] - | default( - ( - system_python_version_data[hostvars['localhost'].ansible_facts.distribution] | - default(system_python_version_data[hostvars['localhost'].ansible_facts.os_family]) - )[hostvars['localhost'].ansible_facts.distribution_major_version] + system_python_version_data | + internal__version_lookup( + hostvars['localhost'].ansible_facts.distribution, + hostvars['localhost'].ansible_facts.os_family, + hostvars['localhost'].ansible_facts.distribution_version, + hostvars['localhost'].ansible_facts.distribution_major_version, + hostvars['localhost'].ansible_facts.python.version.major ~ '.' ~ hostvars['localhost'].ansible_facts.python.version.minor + ) + }} + controller_system_python_cannot_upgrade_cryptography: >- + {{ + cannot_upgrade_cryptography | + internal__version_lookup( + hostvars['localhost'].ansible_facts.distribution, + hostvars['localhost'].ansible_facts.os_family, + hostvars['localhost'].ansible_facts.distribution_version, + hostvars['localhost'].ansible_facts.distribution_major_version, + hostvars['localhost'].ansible_facts.python.version.major ~ '.' ~ hostvars['localhost'].ansible_facts.python.version.minor ) }} diff --git a/tests/integration/targets/setup_python_info/vars/main.yml b/tests/integration/targets/setup_python_info/vars/main.yml index 3903c9a7..12243588 100644 --- a/tests/integration/targets/setup_python_info/vars/main.yml +++ b/tests/integration/targets/setup_python_info/vars/main.yml @@ -48,3 +48,10 @@ system_python_version_data: '15': - '2.7' - '3.6' + +cannot_upgrade_cryptography: + FreeBSD: + '12.2': + - '3.8' # on the VMs in CI, system packages are used for this version as well + '13.0': + - '3.8' # on the VMs in CI, system packages are used for this version as well diff --git a/tests/integration/targets/x509_certificate-acme/aliases b/tests/integration/targets/x509_certificate-acme/aliases index d7936330..b5385e3a 100644 --- a/tests/integration/targets/x509_certificate-acme/aliases +++ b/tests/integration/targets/x509_certificate-acme/aliases @@ -1,2 +1,14 @@ shippable/cloud/group1 cloud/acme + +# Since skipping below fails miserably with ansible-core 2.11 and earlier, we have to skip all POSIX tests... +# (https://github.com/ansible/ansible/issues/75711) +# shippable/posix/group1 + +# Skip all VMs, since we cannot talk to the ACME simulator from these: +# (TODO: remove when ansible-core 2.12 is the earliest version we support) +# skip/aix +# skip/freebsd +# skip/macos +# skip/osx +# skip/rhel diff --git a/tests/integration/targets/x509_certificate-acme/meta/main.yml b/tests/integration/targets/x509_certificate-acme/meta/main.yml index 3e283946..22ed4058 100644 --- a/tests/integration/targets/x509_certificate-acme/meta/main.yml +++ b/tests/integration/targets/x509_certificate-acme/meta/main.yml @@ -1,4 +1,5 @@ dependencies: - setup_acme + - setup_pyopenssl # needed for Ubuntu 16.04 - setup_remote_tmp_dir - prepare_jinja2_compat diff --git a/tests/integration/targets/x509_certificate/aliases b/tests/integration/targets/x509_certificate/aliases index 6eae8bd8..b71f6f33 100644 --- a/tests/integration/targets/x509_certificate/aliases +++ b/tests/integration/targets/x509_certificate/aliases @@ -1,2 +1,3 @@ +shippable/cloud/group1 shippable/posix/group1 destructive diff --git a/tests/integration/targets/x509_certificate_info/aliases b/tests/integration/targets/x509_certificate_info/aliases index 6eae8bd8..b71f6f33 100644 --- a/tests/integration/targets/x509_certificate_info/aliases +++ b/tests/integration/targets/x509_certificate_info/aliases @@ -1,2 +1,3 @@ +shippable/cloud/group1 shippable/posix/group1 destructive diff --git a/tests/integration/targets/x509_certificate_pipe/aliases b/tests/integration/targets/x509_certificate_pipe/aliases index 6eae8bd8..b71f6f33 100644 --- a/tests/integration/targets/x509_certificate_pipe/aliases +++ b/tests/integration/targets/x509_certificate_pipe/aliases @@ -1,2 +1,3 @@ +shippable/cloud/group1 shippable/posix/group1 destructive diff --git a/tests/integration/targets/x509_crl/aliases b/tests/integration/targets/x509_crl/aliases index 96537bac..fa37cdcd 100644 --- a/tests/integration/targets/x509_crl/aliases +++ b/tests/integration/targets/x509_crl/aliases @@ -1,3 +1,4 @@ +shippable/cloud/group1 shippable/posix/group1 x509_crl_info destructive