[PR #11697/8b114e99 backport][stable-12] consul integration tests: re-enable on macOS (#11727)

consul integration tests: re-enable on macOS (#11697)

* consul integration tests: re-enable on macOS

- Update consul version to 1.22.6
- Add arm64/aarch64 architecture support
- Fix macOS Gatekeeper quarantine on downloaded binary
- Add wait_for before ACL bootstrap (race condition fix)
- Update HCL config to use tls stanza (required in 1.22)
- Disable gRPC port (conflicts with tls stanza when not configured)
- Remove skip/macos from aliases

Fixes: https://github.com/ansible-collections/community.general/issues/1016



* changelogs/fragments: add PR number for consul tests fix



* remove changelog fragment (test-only PR)



---------


(cherry picked from commit 8b114e999e)

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

tests/integration/targets/consul/aliases

@@ -4,4 +4,3 @@
 
 azp/posix/2
 destructive
-skip/macos  # cannot simply create binaries in system locations on newer macOS versions

tests/integration/targets/consul/tasks/main.yml

@@ -10,7 +10,7 @@
 
 - name: Install Consul and test
   vars:
-    consul_version: 1.13.2
+    consul_version: 1.22.6
     consul_uri: https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_{{ ansible_facts.system | lower }}_{{ consul_arch }}.zip
     consul_cmd: '{{ remote_tmp_dir }}/consul'
   block:
@@ -53,13 +53,16 @@
       until: result is success
       when: ansible_facts.distribution != "MacOSX"
     - assert:
-        that: ansible_facts.architecture in ['i386', 'x86_64', 'amd64']
+        that: ansible_facts.architecture in ['i386', 'x86_64', 'amd64', 'arm64', 'aarch64']
     - set_fact:
         consul_arch: '386'
       when: ansible_facts.architecture == 'i386'
     - set_fact:
         consul_arch: amd64
       when: ansible_facts.architecture in ['x86_64', 'amd64']
+    - set_fact:
+        consul_arch: arm64
+      when: ansible_facts.architecture in ['arm64', 'aarch64']
     - name: Download consul binary
       unarchive:
         src: '{{ consul_uri }}'
@@ -67,6 +70,10 @@
         remote_src: true
       register: result
       until: result is success
+    - name: Remove macOS quarantine attribute from consul binary
+      command: xattr -d com.apple.quarantine {{ consul_cmd }}
+      when: ansible_facts.system == 'Darwin'
+      ignore_errors: true
     - vars:
         remote_dir: '{{ echo_remote_tmp_dir.stdout }}'
       block:
@@ -78,6 +85,12 @@
             dest: '{{ remote_tmp_dir }}/consul_config.hcl'
         - name: Start Consul (dev mode enabled)
           shell: nohup {{ consul_cmd }} agent -dev -config-file {{ remote_tmp_dir }}/consul_config.hcl </dev/null >/dev/null 2>&1 &
+        - name: Wait for Consul HTTP API to be ready
+          wait_for:
+            host: localhost
+            port: 8500
+            delay: 3
+            timeout: 60
         - name: Bootstrap ACL
           consul_acl_bootstrap:
           register: consul_bootstrap_result

tests/integration/targets/consul/templates/consul_config.hcl.j2

@@ -7,11 +7,18 @@ SPDX-License-Identifier: GPL-3.0-or-later
 server = true
 pid_file = "{{ remote_dir }}/consul.pid"
 ports {
-  http = 8500
+  http  = 8500
   https = 8501
+  grpc  = -1
+}
+tls {
+  defaults {
+    key_file         = "{{ remote_dir }}/privatekey.pem"
+    cert_file        = "{{ remote_dir }}/cert.pem"
+    verify_incoming  = false
+    verify_outgoing  = false
+  }
 }
-key_file = "{{ remote_dir }}/privatekey.pem"
-cert_file = "{{ remote_dir }}/cert.pem"
 acl {
   enabled        = true
   default_policy = "deny"