Add RHEL 9.0, FreeBSD 13.1, Ubuntu 22.04 and Fedora 36 to CI (#456)

* Add RHEL 9.0 and FreeBSD 13.1 to CI. * Add Ubuntu 22.04 and Fedora 36 to CI. * Switch orders so that root doesn't have a SHA1 signature. * Skip openssh_cert test on RHEL 9.0. * Make it possible that pyOpenSSL isn't installed *at all*. * Work with default.
2026-05-08 14:22:56 +00:00 · 2022-05-20 23:03:54 +02:00
parent fd0048827d
commit c566a7abf3
8 changed files with 59 additions and 36 deletions
--- a/tests/integration/targets/certificate_complete_chain/tasks/existing.yml
+++ b/tests/integration/targets/certificate_complete_chain/tasks/existing.yml
@@ -130,11 +130,11 @@

 - name: Check failure when infinite loop is found
  certificate_complete_chain:
-    input_chain: '{{ lookup("file", "cert2-fullchain.pem", rstrip=True) }}'
+    input_chain: '{{ lookup("file", "cert1-fullchain.pem", rstrip=True) }}'
    intermediate_certificates:
    - '{{ remote_tmp_dir }}/files/roots.pem'
    root_certificates:
-    - '{{ remote_tmp_dir }}/files/cert1-chain.pem'
+    - '{{ remote_tmp_dir }}/files/cert2-chain.pem'
  register: cert2_infinite_loop
  ignore_errors: true
 - name: Verify failure
--- a/tests/integration/targets/openssh_cert/aliases
+++ b/tests/integration/targets/openssh_cert/aliases
@@ -1,2 +1,3 @@
 shippable/posix/group1
 destructive
+skip/rhel9.0  # TODO figure out why and fix
--- a/tests/integration/targets/openssl_pkcs12/tasks/main.yml
+++ b/tests/integration/targets/openssl_pkcs12/tasks/main.yml
@@ -65,7 +65,7 @@
      vars:
        select_crypto_backend: pyopenssl

-    when: pyopenssl_version.stdout is version('0.15', '>=')
+    when: (pyopenssl_version.stdout | default('0.0')) is version('0.15', '>=')

  - block:
    - name: Running tests with cryptography backend
@@ -75,4 +75,4 @@

    when: cryptography_version.stdout is version('3.0', '>=')

-  when: pyopenssl_version.stdout is version('0.15', '>=') or cryptography_version.stdout is version('3.0', '>=')
+  when: (pyopenssl_version.stdout | default('0.0')) is version('0.15', '>=') or cryptography_version.stdout is version('3.0', '>=')
--- a/tests/integration/targets/setup_pyopenssl/defaults/main.yml
+++ b/tests/integration/targets/setup_pyopenssl/defaults/main.yml
@@ -0,0 +1 @@
+has_pyopenssl: true
--- a/tests/integration/targets/setup_pyopenssl/tasks/main.yml
+++ b/tests/integration/targets/setup_pyopenssl/tasks/main.yml
@@ -9,19 +9,31 @@
  block:

  - name: Include OS-specific variables
-    include_vars: '{{ ansible_os_family }}.yml'
+    include_vars: '{{ lookup("first_found", search) }}'
+    vars:
+      search:
+        files:
+        - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml'
+        - '{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml'
+        - '{{ ansible_distribution }}.yml'
+        - '{{ ansible_os_family }}.yml'
+        paths:
+        - vars

-  - name: Install pyOpenSSL (Python 3 from system packages)
-    become: true
-    package:
-      name: '{{ pyopenssl_package_name_python3 }}'
-    when: ansible_python_version is version('3.0', '>=')
+  - when: has_pyopenssl
+    block:

-  - name: Install pyOpenSSL (Python 2 from system packages)
-    become: true
-    package:
-      name: '{{ pyopenssl_package_name }}'
-    when: ansible_python_version is version('3.0', '<')
+    - name: Install pyOpenSSL (Python 3 from system packages)
+      become: true
+      package:
+        name: '{{ pyopenssl_package_name_python3 }}'
+      when: ansible_python_version is version('3.0', '>=')
+
+    - name: Install pyOpenSSL (Python 2 from system packages)
+      become: true
+      package:
+        name: '{{ pyopenssl_package_name }}'
+      when: ansible_python_version is version('3.0', '<')

 - name: Install from PyPi
  when: ansible_os_family == "Darwin" or not target_system_python
@@ -34,14 +46,17 @@
      state: "{{ 'latest' if not target_system_python_cannot_upgrade_cryptography else omit }}"
      extra_args: "-c {{ remote_constraints }}"

- name: Register pyOpenSSL version
-  command: "{{ ansible_python.executable }} -c 'import OpenSSL; print(OpenSSL.__version__)'"
-  register: pyopenssl_version
+- when: has_pyopenssl
+  block:

- name: Register pyOpenSSL debug details
-  command: "{{ ansible_python.executable }} -m OpenSSL.debug"
-  register: pyopenssl_debug_version
-  ignore_errors: yes
+  - name: Register pyOpenSSL version
+    command: "{{ ansible_python.executable }} -c 'import OpenSSL; print(OpenSSL.__version__)'"
+    register: pyopenssl_version
+
+  - name: Register pyOpenSSL debug details
+    command: "{{ ansible_python.executable }} -m OpenSSL.debug"
+    register: pyopenssl_debug_version
+    ignore_errors: yes

 # Depending on which pyOpenSSL version has been installed, it could be that cryptography has
 # been upgraded to a newer version. Make sure to register cryptography_version another time here
--- a/tests/integration/targets/setup_pyopenssl/vars/RedHat-9.yml
+++ b/tests/integration/targets/setup_pyopenssl/vars/RedHat-9.yml
@@ -0,0 +1,2 @@
+---
+has_pyopenssl: false
--- a/tests/integration/targets/setup_python_info/vars/main.yml
+++ b/tests/integration/targets/setup_python_info/vars/main.yml
@@ -43,11 +43,15 @@ system_python_version_data:
      - '3.8'
    '13.0':
      - '3.7'
+    '13.1':
+      - '3.8'
  RedHat:
    '7':
      - '2.7'
    '8':
      - '3.6'
+    '9.0':
+      - '3.9'
  Suse:
    '15':
      - '2.7'