diff options
Diffstat (limited to 'test/integration/targets')
57 files changed, 299 insertions, 145 deletions
diff --git a/test/integration/targets/ansible-galaxy-collection-scm/tasks/scm_dependency_deduplication.yml b/test/integration/targets/ansible-galaxy-collection-scm/tasks/scm_dependency_deduplication.yml index f200be18..e0847524 100644 --- a/test/integration/targets/ansible-galaxy-collection-scm/tasks/scm_dependency_deduplication.yml +++ b/test/integration/targets/ansible-galaxy-collection-scm/tasks/scm_dependency_deduplication.yml @@ -13,22 +13,22 @@ in command.stdout_lines - >- "Installing 'namespace_1.collection_1:1.0.0' to - '{{ install_path }}/namespace_1/collection_1'" + '" ~ install_path ~ "/namespace_1/collection_1'" in command.stdout_lines - >- 'Created collection for namespace_1.collection_1:1.0.0 at - {{ install_path }}/namespace_1/collection_1' + ' ~ install_path ~ '/namespace_1/collection_1' in command.stdout_lines - >- 'namespace_1.collection_1:1.0.0 was installed successfully' in command.stdout_lines - >- "Installing 'namespace_2.collection_2:1.0.0' to - '{{ install_path }}/namespace_2/collection_2'" + '" ~ install_path ~ "/namespace_2/collection_2'" in command.stdout_lines - >- 'Created collection for namespace_2.collection_2:1.0.0 at - {{ install_path }}/namespace_2/collection_2' + ' ~ install_path ~ '/namespace_2/collection_2' in command.stdout_lines - >- 'namespace_2.collection_2:1.0.0 was installed successfully' @@ -58,22 +58,22 @@ in command.stdout_lines - >- "Installing 'namespace_1.collection_1:1.0.0' to - '{{ install_path }}/namespace_1/collection_1'" + '" ~ install_path ~ "/namespace_1/collection_1'" in command.stdout_lines - >- 'Created collection for namespace_1.collection_1:1.0.0 at - {{ install_path }}/namespace_1/collection_1' + ' ~ install_path ~ '/namespace_1/collection_1' in command.stdout_lines - >- 'namespace_1.collection_1:1.0.0 was installed successfully' in command.stdout_lines - >- "Installing 'namespace_2.collection_2:1.0.0' to - '{{ install_path }}/namespace_2/collection_2'" + '" ~ install_path ~ "/namespace_2/collection_2'" in command.stdout_lines - >- 'Created collection for namespace_2.collection_2:1.0.0 at - {{ install_path }}/namespace_2/collection_2' + ' ~ install_path ~ '/namespace_2/collection_2' in command.stdout_lines - >- 'namespace_2.collection_2:1.0.0 was installed successfully' diff --git a/test/integration/targets/ansible-pull/runme.sh b/test/integration/targets/ansible-pull/runme.sh index 347971a4..582e8099 100755 --- a/test/integration/targets/ansible-pull/runme.sh +++ b/test/integration/targets/ansible-pull/runme.sh @@ -84,4 +84,7 @@ pass_tests ANSIBLE_CONFIG='' ansible-pull -d "${pull_dir}" -U "${repo_dir}" "$@" multi_play_1.yml multi_play_2.yml | tee "${temp_log}" -pass_tests_multi
\ No newline at end of file +pass_tests_multi + +# fail if we try do delete /var/tmp +ANSIBLE_CONFIG='' ansible-pull -d var/tmp -U "${repo_dir}" --purge "$@" diff --git a/test/integration/targets/ansible-test-container/runme.py b/test/integration/targets/ansible-test-container/runme.py index 68712805..8ff48e0d 100755 --- a/test/integration/targets/ansible-test-container/runme.py +++ b/test/integration/targets/ansible-test-container/runme.py @@ -1050,9 +1050,16 @@ class ApkBootstrapper(Bootstrapper): def run(cls) -> None: """Run the bootstrapper.""" # The `openssl` package is used to generate hashed passwords. - packages = ['docker', 'podman', 'openssl'] + # crun added as podman won't install it as dep if runc is present + # but we don't want runc as it fails + # The edge `crun` package installed below requires ip6tables, and in + # edge, the `iptables` package includes `ip6tables`, but in 3.16 they + # are separate. + packages = ['docker', 'podman', 'openssl', 'crun', 'ip6tables'] run_command('apk', 'add', *packages) + # 3.16 only contains crun 1.4.5, to get 1.9.2 to resolve the run/shm issue, install crun from edge + run_command('apk', 'upgrade', '-U', '--repository=http://dl-cdn.alpinelinux.org/alpine/edge/community', 'crun') run_command('service', 'docker', 'start') run_command('modprobe', 'tun') diff --git a/test/integration/targets/ansible-vault/roles/test_vault_embedded/tasks/main.yml b/test/integration/targets/ansible-vault/roles/test_vault_embedded/tasks/main.yml index eba93896..98ef751b 100644 --- a/test/integration/targets/ansible-vault/roles/test_vault_embedded/tasks/main.yml +++ b/test/integration/targets/ansible-vault/roles/test_vault_embedded/tasks/main.yml @@ -2,7 +2,7 @@ - name: Assert that a embedded vault of a string with no newline works assert: that: - - '"{{ vault_encrypted_one_line_var }}" == "Setec Astronomy"' + - 'vault_encrypted_one_line_var == "Setec Astronomy"' - name: Assert that a multi line embedded vault works, including new line assert: diff --git a/test/integration/targets/ansible-vault/roles/test_vault_file_encrypted_embedded/tasks/main.yml b/test/integration/targets/ansible-vault/roles/test_vault_file_encrypted_embedded/tasks/main.yml index e09004a1..107e65cb 100644 --- a/test/integration/targets/ansible-vault/roles/test_vault_file_encrypted_embedded/tasks/main.yml +++ b/test/integration/targets/ansible-vault/roles/test_vault_file_encrypted_embedded/tasks/main.yml @@ -2,7 +2,7 @@ - name: Assert that a vault encrypted file with embedded vault of a string with no newline works assert: that: - - '"{{ vault_file_encrypted_with_encrypted_one_line_var }}" == "Setec Astronomy"' + - 'vault_file_encrypted_with_encrypted_one_line_var == "Setec Astronomy"' - name: Assert that a vault encrypted file with multi line embedded vault works, including new line assert: diff --git a/test/integration/targets/apt_repository/tasks/apt.yml b/test/integration/targets/apt_repository/tasks/apt.yml index 0dc25afd..9c15e647 100644 --- a/test/integration/targets/apt_repository/tasks/apt.yml +++ b/test/integration/targets/apt_repository/tasks/apt.yml @@ -50,7 +50,7 @@ that: - 'result.changed' - 'result.state == "present"' - - 'result.repo == "{{test_ppa_name}}"' + - 'result.repo == test_ppa_name' - name: 'examine apt cache mtime' stat: path='/var/cache/apt/pkgcache.bin' @@ -81,7 +81,7 @@ that: - 'result.changed' - 'result.state == "present"' - - 'result.repo == "{{test_ppa_name}}"' + - 'result.repo == test_ppa_name' - name: 'examine apt cache mtime' stat: path='/var/cache/apt/pkgcache.bin' @@ -112,7 +112,7 @@ that: - 'result.changed' - 'result.state == "present"' - - 'result.repo == "{{test_ppa_name}}"' + - 'result.repo == test_ppa_name' - name: 'examine apt cache mtime' stat: path='/var/cache/apt/pkgcache.bin' @@ -151,7 +151,7 @@ that: - 'result.changed' - 'result.state == "present"' - - 'result.repo == "{{test_ppa_spec}}"' + - 'result.repo == test_ppa_spec' - result_cache is not changed - name: 'examine apt cache mtime' @@ -191,7 +191,7 @@ that: - 'result.changed' - 'result.state == "present"' - - 'result.repo == "{{test_ppa_spec}}"' + - 'result.repo == test_ppa_spec' - name: 'examine source file' stat: path='/etc/apt/sources.list.d/{{test_ppa_filename}}.list' diff --git a/test/integration/targets/assert/assert.out.nested_tmpl.stderr b/test/integration/targets/assert/assert.out.nested_tmpl.stderr new file mode 100644 index 00000000..ea208a41 --- /dev/null +++ b/test/integration/targets/assert/assert.out.nested_tmpl.stderr @@ -0,0 +1,4 @@ ++ ansible-playbook -i localhost, -c local nested_tmpl.yml +++ set +x +[WARNING]: conditional statements should not include jinja2 templating +delimiters such as {{ }} or {% %}. Found: "{{ foo }}" == "bar" diff --git a/test/integration/targets/assert/assert.out.nested_tmpl.stdout b/test/integration/targets/assert/assert.out.nested_tmpl.stdout new file mode 100644 index 00000000..8ca3fb76 --- /dev/null +++ b/test/integration/targets/assert/assert.out.nested_tmpl.stdout @@ -0,0 +1,12 @@ + +PLAY [localhost] *************************************************************** + +TASK [assert] ****************************************************************** +ok: [localhost] => { + "changed": false, + "msg": "All assertions passed" +} + +PLAY RECAP ********************************************************************* +localhost : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 + diff --git a/test/integration/targets/assert/assert_quiet.out.quiet.stderr b/test/integration/targets/assert/assert.out.quiet.stderr index bd973b04..bd973b04 100644 --- a/test/integration/targets/assert/assert_quiet.out.quiet.stderr +++ b/test/integration/targets/assert/assert.out.quiet.stderr diff --git a/test/integration/targets/assert/assert_quiet.out.quiet.stdout b/test/integration/targets/assert/assert.out.quiet.stdout index b62aac6c..b62aac6c 100644 --- a/test/integration/targets/assert/assert_quiet.out.quiet.stdout +++ b/test/integration/targets/assert/assert.out.quiet.stdout diff --git a/test/integration/targets/assert/nested_tmpl.yml b/test/integration/targets/assert/nested_tmpl.yml new file mode 100644 index 00000000..3da4b1d8 --- /dev/null +++ b/test/integration/targets/assert/nested_tmpl.yml @@ -0,0 +1,9 @@ +- hosts: localhost + gather_facts: False + tasks: + - assert: + that: + - '"{{ foo }}" == "bar"' + - foo == "bar" + vars: + foo: bar diff --git a/test/integration/targets/assert/quiet.yml b/test/integration/targets/assert/quiet.yml index 6834712c..1c425cb5 100644 --- a/test/integration/targets/assert/quiet.yml +++ b/test/integration/targets/assert/quiet.yml @@ -5,12 +5,12 @@ item_A: yes tasks: - assert: - that: "{{ item }} is defined" + that: "item is defined" quiet: True with_items: - item_A - assert: - that: "{{ item }} is defined" + that: "item is defined" quiet: False with_items: - item_A diff --git a/test/integration/targets/assert/runme.sh b/test/integration/targets/assert/runme.sh index ca0a8587..b7907281 100755 --- a/test/integration/targets/assert/runme.sh +++ b/test/integration/targets/assert/runme.sh @@ -45,7 +45,7 @@ cleanup() { fi } -BASEFILE=assert_quiet.out +BASEFILE=assert.out ORIGFILE="${BASEFILE}" OUTFILE="${BASEFILE}.new" @@ -69,3 +69,4 @@ export ANSIBLE_NOCOLOR=1 export ANSIBLE_RETRY_FILES_ENABLED=0 run_test quiet +run_test nested_tmpl diff --git a/test/integration/targets/command_shell/tasks/main.yml b/test/integration/targets/command_shell/tasks/main.yml index 12a944c4..1f4aa5d7 100644 --- a/test/integration/targets/command_shell/tasks/main.yml +++ b/test/integration/targets/command_shell/tasks/main.yml @@ -296,7 +296,7 @@ assert: that: - shell_result0 is changed - - shell_result0.cmd == '{{ remote_tmp_dir_test }}/test.sh' + - shell_result0.cmd == remote_tmp_dir_test ~ '/test.sh' - shell_result0.rc == 0 - shell_result0.stderr == '' - shell_result0.stdout == 'win' diff --git a/test/integration/targets/copy/tasks/tests.yml b/test/integration/targets/copy/tasks/tests.yml index 72203563..d6c8e63c 100644 --- a/test/integration/targets/copy/tasks/tests.yml +++ b/test/integration/targets/copy/tasks/tests.yml @@ -1176,7 +1176,7 @@ assert: that: - "copy_result6.changed" - - "copy_result6.dest == '{{remote_dir_expanded}}/multiline.txt'" + - "copy_result6.dest == remote_dir_expanded ~ '/multiline.txt'" - "copy_result6.checksum == '9cd0697c6a9ff6689f0afb9136fa62e0b3fee903'" # test overwriting a file as an unprivileged user (pull request #8624) @@ -2079,26 +2079,26 @@ assert: that: - testcase5 is changed - - "stat_new_dir_with_chown.stat.uid == {{ ansible_copy_test_user.uid }}" - - "stat_new_dir_with_chown.stat.gid == {{ ansible_copy_test_group.gid }}" - - "stat_new_dir_with_chown.stat.pw_name == '{{ ansible_copy_test_user_name }}'" - - "stat_new_dir_with_chown.stat.gr_name == '{{ ansible_copy_test_user_name }}'" - - "stat_new_dir_with_chown_file1.stat.uid == {{ ansible_copy_test_user.uid }}" - - "stat_new_dir_with_chown_file1.stat.gid == {{ ansible_copy_test_group.gid }}" - - "stat_new_dir_with_chown_file1.stat.pw_name == '{{ ansible_copy_test_user_name }}'" - - "stat_new_dir_with_chown_file1.stat.gr_name == '{{ ansible_copy_test_user_name }}'" - - "stat_new_dir_with_chown_subdir.stat.uid == {{ ansible_copy_test_user.uid }}" - - "stat_new_dir_with_chown_subdir.stat.gid == {{ ansible_copy_test_group.gid }}" - - "stat_new_dir_with_chown_subdir.stat.pw_name == '{{ ansible_copy_test_user_name }}'" - - "stat_new_dir_with_chown_subdir.stat.gr_name == '{{ ansible_copy_test_user_name }}'" - - "stat_new_dir_with_chown_subdir_file12.stat.uid == {{ ansible_copy_test_user.uid }}" - - "stat_new_dir_with_chown_subdir_file12.stat.gid == {{ ansible_copy_test_group.gid }}" - - "stat_new_dir_with_chown_subdir_file12.stat.pw_name == '{{ ansible_copy_test_user_name }}'" - - "stat_new_dir_with_chown_subdir_file12.stat.gr_name == '{{ ansible_copy_test_user_name }}'" - - "stat_new_dir_with_chown_link_file12.stat.uid == {{ ansible_copy_test_user.uid }}" - - "stat_new_dir_with_chown_link_file12.stat.gid == {{ ansible_copy_test_group.gid }}" - - "stat_new_dir_with_chown_link_file12.stat.pw_name == '{{ ansible_copy_test_user_name }}'" - - "stat_new_dir_with_chown_link_file12.stat.gr_name == '{{ ansible_copy_test_user_name }}'" + - "stat_new_dir_with_chown.stat.uid == ansible_copy_test_user.uid" + - "stat_new_dir_with_chown.stat.gid == ansible_copy_test_group.gid" + - "stat_new_dir_with_chown.stat.pw_name == ansible_copy_test_user_name" + - "stat_new_dir_with_chown.stat.gr_name == ansible_copy_test_user_name" + - "stat_new_dir_with_chown_file1.stat.uid == ansible_copy_test_user.uid" + - "stat_new_dir_with_chown_file1.stat.gid == ansible_copy_test_group.gid" + - "stat_new_dir_with_chown_file1.stat.pw_name == ansible_copy_test_user_name" + - "stat_new_dir_with_chown_file1.stat.gr_name == ansible_copy_test_user_name" + - "stat_new_dir_with_chown_subdir.stat.uid == ansible_copy_test_user.uid" + - "stat_new_dir_with_chown_subdir.stat.gid == ansible_copy_test_group.gid" + - "stat_new_dir_with_chown_subdir.stat.pw_name == ansible_copy_test_user_name" + - "stat_new_dir_with_chown_subdir.stat.gr_name == ansible_copy_test_user_name" + - "stat_new_dir_with_chown_subdir_file12.stat.uid == ansible_copy_test_user.uid" + - "stat_new_dir_with_chown_subdir_file12.stat.gid == ansible_copy_test_group.gid" + - "stat_new_dir_with_chown_subdir_file12.stat.pw_name == ansible_copy_test_user_name" + - "stat_new_dir_with_chown_subdir_file12.stat.gr_name == ansible_copy_test_user_name" + - "stat_new_dir_with_chown_link_file12.stat.uid == ansible_copy_test_user.uid" + - "stat_new_dir_with_chown_link_file12.stat.gid == ansible_copy_test_group.gid" + - "stat_new_dir_with_chown_link_file12.stat.pw_name == ansible_copy_test_user_name" + - "stat_new_dir_with_chown_link_file12.stat.gr_name == ansible_copy_test_user_name" always: - name: execute - remove the user for test diff --git a/test/integration/targets/debug/runme.sh b/test/integration/targets/debug/runme.sh index 5faeb782..dc02859d 100755 --- a/test/integration/targets/debug/runme.sh +++ b/test/integration/targets/debug/runme.sh @@ -18,3 +18,5 @@ done # ensure debug does not set top level vars when looking at ansible_facts ansible-playbook nosetfacts.yml "$@" + +ansible-playbook unsafe.yml "$@" diff --git a/test/integration/targets/debug/unsafe.yml b/test/integration/targets/debug/unsafe.yml new file mode 100644 index 00000000..6a78af1a --- /dev/null +++ b/test/integration/targets/debug/unsafe.yml @@ -0,0 +1,13 @@ +- hosts: localhost + gather_facts: false + vars: + unsafe_var: !unsafe undef()|mandatory + tasks: + - debug: + var: '{{ unsafe_var }}' + ignore_errors: true + register: result + + - assert: + that: + - result is successful diff --git a/test/integration/targets/dnf/tasks/test_sos_removal.yml b/test/integration/targets/dnf/tasks/test_sos_removal.yml index 40ceb62b..0d70cf78 100644 --- a/test/integration/targets/dnf/tasks/test_sos_removal.yml +++ b/test/integration/targets/dnf/tasks/test_sos_removal.yml @@ -15,5 +15,5 @@ that: - sos_rm is successful - sos_rm is changed - - "'Removed: sos-{{ sos_version }}-{{ sos_release }}' in sos_rm.results[0]" + - "'Removed: sos-' ~ sos_version ~ '-' ~ sos_release in sos_rm.results[0]" - sos_rm.results|length == 1 diff --git a/test/integration/targets/expect/tasks/main.yml b/test/integration/targets/expect/tasks/main.yml index d6f43f2c..7bf18c5e 100644 --- a/test/integration/targets/expect/tasks/main.yml +++ b/test/integration/targets/expect/tasks/main.yml @@ -117,7 +117,7 @@ - name: assert chdir works assert: that: - - "'{{chdir_result.stdout | trim}}' == '{{remote_tmp_dir_real_path.stdout | trim}}'" + - "chdir_result.stdout | trim == remote_tmp_dir_real_path.stdout | trim" - name: test timeout option expect: diff --git a/test/integration/targets/file/tasks/main.yml b/test/integration/targets/file/tasks/main.yml index 17b0fae6..a5bd68d7 100644 --- a/test/integration/targets/file/tasks/main.yml +++ b/test/integration/targets/file/tasks/main.yml @@ -927,7 +927,7 @@ that: - "file_error3 is failed" - "file_error3.msg == 'src does not exist'" - - "file_error3.dest == '{{ remote_tmp_dir_test }}/hard.txt' | expanduser" + - "file_error3.dest == remote_tmp_dir_test | expanduser ~ '/hard.txt'" - "file_error3.src == 'non-existing-file-that-does-not-exist.txt'" - block: diff --git a/test/integration/targets/file/tasks/state_link.yml b/test/integration/targets/file/tasks/state_link.yml index 673fe6fd..6f96cdcb 100644 --- a/test/integration/targets/file/tasks/state_link.yml +++ b/test/integration/targets/file/tasks/state_link.yml @@ -199,7 +199,7 @@ - "missing_dst_no_follow_enable_force_use_mode2 is changed" - "missing_dst_no_follow_enable_force_use_mode3 is not changed" - "soft3_result['stat'].islnk" - - "soft3_result['stat'].lnk_target == '{{ user.home }}/nonexistent'" + - "soft3_result['stat'].lnk_target == user.home ~ '/nonexistent'" # # Test creating a link to a directory https://github.com/ansible/ansible/issues/1369 diff --git a/test/integration/targets/filter_urls/tasks/main.yml b/test/integration/targets/filter_urls/tasks/main.yml index c062326c..72ed689a 100644 --- a/test/integration/targets/filter_urls/tasks/main.yml +++ b/test/integration/targets/filter_urls/tasks/main.yml @@ -19,6 +19,13 @@ - "{'foo': 'bar', 'baz': 'buz'}|urlencode == 'foo=bar&baz=buz'" - "()|urlencode == ''" +- name: verify urlencode works for unsafe strings + assert: + that: + - thing|urlencode == 'foo%3Abar' + vars: + thing: !unsafe foo:bar + # Needed (temporarily) due to coverage reports not including the last task. - assert: that: true diff --git a/test/integration/targets/find/tasks/main.yml b/test/integration/targets/find/tasks/main.yml index 5381a144..89c62b9b 100644 --- a/test/integration/targets/find/tasks/main.yml +++ b/test/integration/targets/find/tasks/main.yml @@ -267,7 +267,7 @@ - name: assert we skipped the ogg file assert: that: - - '"{{ remote_tmp_dir_test }}/e/f/g/h/8.ogg" not in find_test3_list' + - 'remote_tmp_dir_test ~ "/e/f/g/h/8.ogg" not in find_test3_list' - name: patterns with regex find: @@ -317,7 +317,7 @@ assert: that: - result.matched == 1 - - '"{{ remote_tmp_dir_test }}/astest/old.txt" in astest_list' + - 'remote_tmp_dir_test ~ "/astest/old.txt" in astest_list' - name: find files newer than 1 week find: @@ -332,7 +332,7 @@ assert: that: - result.matched == 1 - - '"{{ remote_tmp_dir_test }}/astest/new.txt" in astest_list' + - 'remote_tmp_dir_test ~ "/astest/new.txt" in astest_list' - name: add some content to the new file shell: "echo hello world > {{ remote_tmp_dir_test }}/astest/new.txt" @@ -352,7 +352,7 @@ assert: that: - result.matched == 1 - - '"{{ remote_tmp_dir_test }}/astest/new.txt" in astest_list' + - 'remote_tmp_dir_test ~ "/astest/new.txt" in astest_list' - '"checksum" in result.files[0]' - name: find ANY item with LESS than 5 bytes, also get checksums @@ -371,6 +371,6 @@ assert: that: - result.matched == 2 - - '"{{ remote_tmp_dir_test }}/astest/old.txt" in astest_list' - - '"{{ remote_tmp_dir_test }}/astest/.hidden.txt" in astest_list' + - 'remote_tmp_dir_test ~ "/astest/old.txt" in astest_list' + - 'remote_tmp_dir_test ~ "/astest/.hidden.txt" in astest_list' - '"checksum" in result.files[0]' diff --git a/test/integration/targets/gathering_facts/test_gathering_facts.yml b/test/integration/targets/gathering_facts/test_gathering_facts.yml index 47027e87..faa187b7 100644 --- a/test/integration/targets/gathering_facts/test_gathering_facts.yml +++ b/test/integration/targets/gathering_facts/test_gathering_facts.yml @@ -433,7 +433,7 @@ - name: Test reading facts from default fact_path assert: that: - - '"{{ ansible_local.testfact.fact_dir }}" == "default"' + - 'ansible_local.testfact.fact_dir == "default"' - hosts: facthost9 tags: [ 'fact_local'] @@ -444,7 +444,7 @@ - name: Test reading facts from custom fact_path assert: that: - - '"{{ ansible_local.testfact.fact_dir }}" == "custom"' + - 'ansible_local.testfact.fact_dir == "custom"' - hosts: facthost20 tags: [ 'fact_facter_ohai' ] diff --git a/test/integration/targets/git/tasks/depth.yml b/test/integration/targets/git/tasks/depth.yml index 547f84f7..e0585ca3 100644 --- a/test/integration/targets/git/tasks/depth.yml +++ b/test/integration/targets/git/tasks/depth.yml @@ -169,7 +169,7 @@ - name: DEPTH | check update arrived assert: that: - - "{{ a_file.content | b64decode | trim }} == 3" + - a_file.content | b64decode | trim == "3" - git_fetch is changed - name: DEPTH | clear checkout_dir diff --git a/test/integration/targets/git/tasks/localmods.yml b/test/integration/targets/git/tasks/localmods.yml index 09a1326d..0e0cf684 100644 --- a/test/integration/targets/git/tasks/localmods.yml +++ b/test/integration/targets/git/tasks/localmods.yml @@ -47,7 +47,7 @@ - name: LOCALMODS | check update arrived assert: that: - - "{{ a_file.content | b64decode | trim }} == 2" + - a_file.content | b64decode | trim == "2" - git_fetch_force is changed - name: LOCALMODS | clear checkout_dir @@ -105,7 +105,7 @@ - name: LOCALMODS | check update arrived assert: that: - - "{{ a_file.content | b64decode | trim }} == 2" + - a_file.content | b64decode | trim == "2" - git_fetch_force is changed - name: LOCALMODS | clear checkout_dir diff --git a/test/integration/targets/git/tasks/submodules.yml b/test/integration/targets/git/tasks/submodules.yml index 0b311e79..b6b02490 100644 --- a/test/integration/targets/git/tasks/submodules.yml +++ b/test/integration/targets/git/tasks/submodules.yml @@ -32,7 +32,7 @@ - name: SUBMODULES | Ensure submodu1 is at the appropriate commit assert: - that: '{{ submodule1.stdout_lines | length }} == 2' + that: 'submodule1.stdout_lines | length == 2' - name: SUBMODULES | clear checkout_dir file: @@ -53,7 +53,7 @@ - name: SUBMODULES | Ensure submodule1 is at the appropriate commit assert: - that: '{{ submodule1.stdout_lines | length }} == 4' + that: 'submodule1.stdout_lines | length == 4' - name: SUBMODULES | Copy the checkout so we can run several different tests on it command: 'cp -pr {{ checkout_dir }} {{ checkout_dir }}.bak' @@ -84,8 +84,8 @@ - name: SUBMODULES | Ensure both submodules are at the appropriate commit assert: that: - - '{{ submodule1.stdout_lines|length }} == 4' - - '{{ submodule2.stdout_lines|length }} == 2' + - 'submodule1.stdout_lines|length == 4' + - 'submodule2.stdout_lines|length == 2' - name: SUBMODULES | Remove checkout dir @@ -112,7 +112,7 @@ - name: SUBMODULES | Ensure submodule1 is at the appropriate commit assert: - that: '{{ submodule1.stdout_lines | length }} == 5' + that: 'submodule1.stdout_lines | length == 5' - name: SUBMODULES | Test that update with recursive found new submodules @@ -121,7 +121,7 @@ - name: SUBMODULES | Enusre submodule2 is at the appropriate commit assert: - that: '{{ submodule2.stdout_lines | length }} == 4' + that: 'submodule2.stdout_lines | length == 4' - name: SUBMODULES | clear checkout_dir file: @@ -147,4 +147,4 @@ - name: SUBMODULES | Ensure submodule1 is at the appropriate commit assert: - that: '{{ submodule1.stdout_lines | length }} == 4' + that: 'submodule1.stdout_lines | length == 4' diff --git a/test/integration/targets/incidental_vyos_config/tests/cli/check_config.yaml b/test/integration/targets/incidental_vyos_config/tests/cli/check_config.yaml index f1ddc71b..e45331a1 100644 --- a/test/integration/targets/incidental_vyos_config/tests/cli/check_config.yaml +++ b/test/integration/targets/incidental_vyos_config/tests/cli/check_config.yaml @@ -22,7 +22,7 @@ - name: Check that multiple duplicate lines collapse into a single commands assert: that: - - "{{ result.commands|length }} == 1" + - "result.commands|length == 1" - name: Check that set is correctly prepended assert: @@ -58,6 +58,6 @@ - assert: that: - - "{{ result.filtered|length }} == 2" + - "result.filtered|length == 2" - debug: msg="END cli/config_check.yaml on connection={{ ansible_connection }}" diff --git a/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/deleted.yaml b/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/deleted.yaml index 7b2d53a3..316e91c4 100644 --- a/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/deleted.yaml +++ b/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/deleted.yaml @@ -16,17 +16,17 @@ - name: Assert that the before dicts were correctly generated assert: that: - - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + - "populate | symmetric_difference(result['before']) |length == 0" - name: Assert that the correct set of commands were generated assert: that: - - "{{ deleted['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + - "deleted['commands'] | symmetric_difference(result['commands']) |length == 0" - name: Assert that the after dicts were correctly generated assert: that: - - "{{ deleted['after'] | symmetric_difference(result['after']) |length == 0 }}" + - "deleted['after'] | symmetric_difference(result['after']) |length == 0" - name: Delete attributes of given interfaces (IDEMPOTENT) vyos.vyos.vyos_lldp_interfaces: *deleted @@ -41,6 +41,6 @@ - name: Assert that the before dicts were correctly generated assert: that: - - "{{ deleted['after'] | symmetric_difference(result['before']) |length == 0 }}" + - "deleted['after'] | symmetric_difference(result['before']) |length == 0" always: - include_tasks: _remove_config.yaml diff --git a/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/merged.yaml b/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/merged.yaml index bf968b21..7e0bb53d 100644 --- a/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/merged.yaml +++ b/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/merged.yaml @@ -28,17 +28,17 @@ - name: Assert that before dicts were correctly generated assert: - that: "{{ merged['before'] | symmetric_difference(result['before']) |length == 0 }}" + that: "merged['before'] | symmetric_difference(result['before']) |length == 0" - name: Assert that correct set of commands were generated assert: that: - - "{{ merged['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + - "merged['commands'] | symmetric_difference(result['commands']) |length == 0" - name: Assert that after dicts was correctly generated assert: that: - - "{{ merged['after'] | symmetric_difference(result['after']) |length == 0 }}" + - "merged['after'] | symmetric_difference(result['after']) |length == 0" - name: Merge the provided configuration with the existing running configuration (IDEMPOTENT) vyos.vyos.vyos_lldp_interfaces: *merged @@ -52,7 +52,7 @@ - name: Assert that before dicts were correctly generated assert: that: - - "{{ merged['after'] | symmetric_difference(result['before']) |length == 0 }}" + - "merged['after'] | symmetric_difference(result['before']) |length == 0" always: - include_tasks: _remove_config.yaml diff --git a/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/overridden.yaml b/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/overridden.yaml index 8cf038c9..ad13f393 100644 --- a/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/overridden.yaml +++ b/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/overridden.yaml @@ -19,17 +19,17 @@ - name: Assert that before dicts were correctly generated assert: that: - - "{{ populate_intf | symmetric_difference(result['before']) |length == 0 }}" + - "populate_intf | symmetric_difference(result['before']) |length == 0" - name: Assert that correct commands were generated assert: that: - - "{{ overridden['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + - "overridden['commands'] | symmetric_difference(result['commands']) |length == 0" - name: Assert that after dicts were correctly generated assert: that: - - "{{ overridden['after'] | symmetric_difference(result['after']) |length == 0 }}" + - "overridden['after'] | symmetric_difference(result['after']) |length == 0" - name: Overrides all device configuration with provided configurations (IDEMPOTENT) vyos.vyos.vyos_lldp_interfaces: *overridden @@ -43,7 +43,7 @@ - name: Assert that before dicts were correctly generated assert: that: - - "{{ overridden['after'] | symmetric_difference(result['before']) |length == 0 }}" + - "overridden['after'] | symmetric_difference(result['before']) |length == 0" always: - include_tasks: _remove_config.yaml diff --git a/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/replaced.yaml b/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/replaced.yaml index 17acf065..aadc3793 100644 --- a/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/replaced.yaml +++ b/test/integration/targets/incidental_vyos_lldp_interfaces/tests/cli/replaced.yaml @@ -33,17 +33,17 @@ - name: Assert that correct set of commands were generated assert: that: - - "{{ replaced['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + - "replaced['commands'] | symmetric_difference(result['commands']) |length == 0" - name: Assert that before dicts are correctly generated assert: that: - - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + - "populate | symmetric_difference(result['before']) |length == 0" - name: Assert that after dict is correctly generated assert: that: - - "{{ replaced['after'] | symmetric_difference(result['after']) |length == 0 }}" + - "replaced['after'] | symmetric_difference(result['after']) |length == 0" - name: Replace device configurations of listed LLDP interfaces with provided configurarions (IDEMPOTENT) vyos.vyos.vyos_lldp_interfaces: *replaced @@ -57,7 +57,7 @@ - name: Assert that before dict is correctly generated assert: that: - - "{{ replaced['after'] | symmetric_difference(result['before']) |length == 0 }}" + - "replaced['after'] | symmetric_difference(result['before']) |length == 0" always: - include_tasks: _remove_config.yaml diff --git a/test/integration/targets/include_vars/tasks/main.yml b/test/integration/targets/include_vars/tasks/main.yml index db15ba3c..6fc4e85a 100644 --- a/test/integration/targets/include_vars/tasks/main.yml +++ b/test/integration/targets/include_vars/tasks/main.yml @@ -15,7 +15,7 @@ that: - "testing == 789" - "base_dir == 'environments/development'" - - "{{ included_one_file.ansible_included_var_files | length }} == 1" + - "included_one_file.ansible_included_var_files | length == 1" - "'vars/environments/development/all.yml' in included_one_file.ansible_included_var_files[0]" - name: include the vars/environments/development/all.yml and save results in all @@ -51,7 +51,7 @@ assert: that: - webapp_version is defined - - "'file_without_extension' in '{{ include_without_file_extension.ansible_included_var_files | join(' ') }}'" + - "'file_without_extension' in include_without_file_extension.ansible_included_var_files | join(' ')" - name: include every directory in vars include_vars: @@ -67,7 +67,7 @@ - "testing == 456" - "base_dir == 'services'" - "webapp_containers == 10" - - "{{ include_every_dir.ansible_included_var_files | length }} == 7" + - "include_every_dir.ansible_included_var_files | length == 7" - "'vars/all/all.yml' in include_every_dir.ansible_included_var_files[0]" - "'vars/environments/development/all.yml' in include_every_dir.ansible_included_var_files[1]" - "'vars/environments/development/services/webapp.yml' in include_every_dir.ansible_included_var_files[2]" @@ -88,9 +88,9 @@ that: - "testing == 789" - "base_dir == 'environments/development'" - - "{{ include_without_webapp.ansible_included_var_files | length }} == 4" - - "'webapp.yml' not in '{{ include_without_webapp.ansible_included_var_files | join(' ') }}'" - - "'file_without_extension' not in '{{ include_without_webapp.ansible_included_var_files | join(' ') }}'" + - "include_without_webapp.ansible_included_var_files | length == 4" + - "'webapp.yml' not in include_without_webapp.ansible_included_var_files | join(' ')" + - "'file_without_extension' not in include_without_webapp.ansible_included_var_files | join(' ')" - name: include only files matching webapp.yml include_vars: @@ -104,9 +104,9 @@ - "testing == 101112" - "base_dir == 'development/services'" - "webapp_containers == 20" - - "{{ include_match_webapp.ansible_included_var_files | length }} == 1" + - "include_match_webapp.ansible_included_var_files | length == 1" - "'vars/environments/development/services/webapp.yml' in include_match_webapp.ansible_included_var_files[0]" - - "'all.yml' not in '{{ include_match_webapp.ansible_included_var_files | join(' ') }}'" + - "'all.yml' not in include_match_webapp.ansible_included_var_files | join(' ')" - name: include only files matching webapp.yml and store results in webapp include_vars: @@ -173,10 +173,10 @@ - name: Verify the hash variable assert: that: - - "{{ config | length }} == 3" + - "config | length == 3" - "config.key0 == 0" - "config.key1 == 0" - - "{{ config.key2 | length }} == 1" + - "config.key2 | length == 1" - "config.key2.a == 21" - name: Include the second file to merge the hash variable @@ -187,10 +187,10 @@ - name: Verify that the hash is merged assert: that: - - "{{ config | length }} == 4" + - "config | length == 4" - "config.key0 == 0" - "config.key1 == 1" - - "{{ config.key2 | length }} == 2" + - "config.key2 | length == 2" - "config.key2.a == 21" - "config.key2.b == 22" - "config.key3 == 3" @@ -202,9 +202,9 @@ - name: Verify that the properties from the first file is cleared assert: that: - - "{{ config | length }} == 3" + - "config | length == 3" - "config.key1 == 1" - - "{{ config.key2 | length }} == 1" + - "config.key2 | length == 1" - "config.key2.b == 22" - "config.key3 == 3" diff --git a/test/integration/targets/lookup_ini/test_lookup_properties.yml b/test/integration/targets/lookup_ini/test_lookup_properties.yml index a6fc0f7d..ed347600 100644 --- a/test/integration/targets/lookup_ini/test_lookup_properties.yml +++ b/test/integration/targets/lookup_ini/test_lookup_properties.yml @@ -10,7 +10,7 @@ field_with_space: "{{lookup('ini', 'field.with.space type=properties file=lookup.properties')}}" - assert: - that: "{{item}} is defined" + that: "item is defined" with_items: [ 'test1', 'test2', 'test_dot', 'field_with_space' ] - name: "read ini value" diff --git a/test/integration/targets/lookup_subelements/tasks/main.yml b/test/integration/targets/lookup_subelements/tasks/main.yml index 9d93cf20..7885347b 100644 --- a/test/integration/targets/lookup_subelements/tasks/main.yml +++ b/test/integration/targets/lookup_subelements/tasks/main.yml @@ -133,7 +133,7 @@ - assert: that: - - "'{{ item.0.name }}' != 'carol'" + - "item.0.name != 'carol'" with_subelements: - "{{ users }}" - mysql.privs @@ -220,5 +220,5 @@ - assert: that: - - "'{{ user_alice }}' == 'localhost'" - - "'{{ user_bob }}' == 'db1'" + - "user_alice == 'localhost'" + - "user_bob == 'db1'" diff --git a/test/integration/targets/loop_control/inner.yml b/test/integration/targets/loop_control/inner.yml index 1c286fa4..976f1961 100644 --- a/test/integration/targets/loop_control/inner.yml +++ b/test/integration/targets/loop_control/inner.yml @@ -3,7 +3,7 @@ that: - ansible_loop.index == ansible_loop.index0 + 1 - ansible_loop.revindex == ansible_loop.revindex0 + 1 - - ansible_loop.first == {{ ansible_loop.index == 1 }} - - ansible_loop.last == {{ ansible_loop.index == ansible_loop.length }} + - ansible_loop.first == (ansible_loop.index == 1) + - ansible_loop.last == (ansible_loop.index == ansible_loop.length) - ansible_loop.length == 3 - ansible_loop.allitems|join(',') == 'first,second,third' diff --git a/test/integration/targets/module_precedence/modules_test_multiple_roles.yml b/test/integration/targets/module_precedence/modules_test_multiple_roles.yml index f4bd2649..182c2158 100644 --- a/test/integration/targets/module_precedence/modules_test_multiple_roles.yml +++ b/test/integration/targets/module_precedence/modules_test_multiple_roles.yml @@ -14,4 +14,4 @@ - assert: that: - '"location" in result' - - 'result["location"] == "{{ expected_location}}"' + - 'result["location"] == expected_location' diff --git a/test/integration/targets/module_precedence/modules_test_multiple_roles_reverse_order.yml b/test/integration/targets/module_precedence/modules_test_multiple_roles_reverse_order.yml index 5403ae23..ec5619f3 100644 --- a/test/integration/targets/module_precedence/modules_test_multiple_roles_reverse_order.yml +++ b/test/integration/targets/module_precedence/modules_test_multiple_roles_reverse_order.yml @@ -13,4 +13,4 @@ - assert: that: - '"location" in result' - - 'result["location"] == "{{ expected_location}}"' + - 'result["location"] == expected_location' diff --git a/test/integration/targets/module_precedence/multiple_roles/bar/tasks/main.yml b/test/integration/targets/module_precedence/multiple_roles/bar/tasks/main.yml index 52c34020..62b38a7c 100644 --- a/test/integration/targets/module_precedence/multiple_roles/bar/tasks/main.yml +++ b/test/integration/targets/module_precedence/multiple_roles/bar/tasks/main.yml @@ -7,4 +7,4 @@ assert: that: - '"location" in result' - - 'result["location"] == "{{ expected_location }}"' + - 'result["location"] == expected_location' diff --git a/test/integration/targets/module_precedence/multiple_roles/foo/tasks/main.yml b/test/integration/targets/module_precedence/multiple_roles/foo/tasks/main.yml index 52c34020..62b38a7c 100644 --- a/test/integration/targets/module_precedence/multiple_roles/foo/tasks/main.yml +++ b/test/integration/targets/module_precedence/multiple_roles/foo/tasks/main.yml @@ -7,4 +7,4 @@ assert: that: - '"location" in result' - - 'result["location"] == "{{ expected_location }}"' + - 'result["location"] == expected_location' diff --git a/test/integration/targets/script/tasks/main.yml b/test/integration/targets/script/tasks/main.yml index 989513d5..74189f81 100644 --- a/test/integration/targets/script/tasks/main.yml +++ b/test/integration/targets/script/tasks/main.yml @@ -198,7 +198,7 @@ assert: that: - _check_mode_test2 is skipped - - '_check_mode_test2.msg == "{{ remote_tmp_dir_test | expanduser }}/afile2.txt exists, matching creates option"' + - '_check_mode_test2.msg == remote_tmp_dir_test | expanduser ~ "/afile2.txt exists, matching creates option"' - name: Remove afile2.txt file: @@ -220,7 +220,7 @@ assert: that: - _check_mode_test3 is skipped - - '_check_mode_test3.msg == "{{ remote_tmp_dir_test | expanduser }}/afile2.txt does not exist, matching removes option"' + - '_check_mode_test3.msg == remote_tmp_dir_test | expanduser ~ "/afile2.txt does not exist, matching removes option"' # executable diff --git a/test/integration/targets/slurp/tasks/main.yml b/test/integration/targets/slurp/tasks/main.yml index 93985941..f8ebb159 100644 --- a/test/integration/targets/slurp/tasks/main.yml +++ b/test/integration/targets/slurp/tasks/main.yml @@ -33,7 +33,7 @@ - 'slurp_existing.encoding == "base64"' - 'slurp_existing is not changed' - 'slurp_existing is not failed' - - '"{{ slurp_existing.content | b64decode }}" == "We are at the café"' + - 'slurp_existing.content | b64decode == "We are at the café"' - name: Create a binary file to test with copy: diff --git a/test/integration/targets/subversion/aliases b/test/integration/targets/subversion/aliases index 23ada3cc..3cc41e4c 100644 --- a/test/integration/targets/subversion/aliases +++ b/test/integration/targets/subversion/aliases @@ -1,4 +1,3 @@ -setup/always/setup_passlib shippable/posix/group2 skip/osx skip/macos diff --git a/test/integration/targets/subversion/roles/subversion/defaults/main.yml b/test/integration/targets/subversion/roles/subversion/defaults/main.yml index e647d598..02ecd1ea 100644 --- a/test/integration/targets/subversion/roles/subversion/defaults/main.yml +++ b/test/integration/targets/subversion/roles/subversion/defaults/main.yml @@ -3,8 +3,7 @@ apache_port: 11386 # cannot use 80 as httptester overrides this subversion_test_dir: /tmp/ansible-svn-test-dir subversion_server_dir: /tmp/ansible-svn # cannot use a path in the home dir without userdir or granting exec permission to the apache user subversion_repo_name: ansible-test-repo -subversion_repo_url: http://127.0.0.1:{{ apache_port }}/svn/{{ subversion_repo_name }} -subversion_repo_auth_url: http://127.0.0.1:{{ apache_port }}/svnauth/{{ subversion_repo_name }} +subversion_repo_url: https://localhost:{{ apache_port }}/svn/{{ subversion_repo_name }} # svn can't verify TLS certificates against IP addresses +subversion_repo_auth_url: https://localhost:{{ apache_port }}/svnauth/{{ subversion_repo_name }} subversion_username: subsvn_user''' subversion_password: Password123! -subversion_external_repo_url: https://github.com/ansible/ansible.github.com # GitHub serves SVN diff --git a/test/integration/targets/subversion/roles/subversion/tasks/cleanup.yml b/test/integration/targets/subversion/roles/subversion/tasks/cleanup.yml index 9be43b4c..f86cf59b 100644 --- a/test/integration/targets/subversion/roles/subversion/tasks/cleanup.yml +++ b/test/integration/targets/subversion/roles/subversion/tasks/cleanup.yml @@ -1,8 +1,18 @@ --- -- name: stop apache after tests - shell: "kill -9 $(cat '{{ subversion_server_dir }}/apache.pid')" +- name: stop apache after tests - non Red Hat + shell: apachectl -k stop -f {{ subversion_server_dir }}/subversion.conf + when: ansible_os_family not in ['RedHat'] + +- name: stop apache after tests - Red Hat + shell: "kill $(cat '{{ subversion_server_dir }}/apache.pid')" + when: ansible_os_family in ['RedHat'] - name: remove tmp subversion server dir file: path: '{{ subversion_server_dir }}' state: absent + +- name: remove tmp subversion checkout dir + file: + path: '{{ subversion_test_dir }}' + state: absent diff --git a/test/integration/targets/subversion/roles/subversion/tasks/setup.yml b/test/integration/targets/subversion/roles/subversion/tasks/setup.yml index 3cf5af56..880c295c 100644 --- a/test/integration/targets/subversion/roles/subversion/tasks/setup.yml +++ b/test/integration/targets/subversion/roles/subversion/tasks/setup.yml @@ -33,6 +33,60 @@ include_tasks: setup_selinux.yml when: ansible_selinux.status == "enabled" +- name: Generate CA and TLS certificates via trustme + vars: + venv_path: >- + {{ subversion_server_dir }}/.venv + venv_python: >- + {{ subversion_server_dir }}/.venv/bin/python + block: + - name: trustme -- provision a venv + command: >- + {{ ansible_python_interpreter }} + -{% if ansible_python.version.major != 2 %}I{% endif %}m + {% if ansible_python.version.major != 2 %}venv{% + else %}virtualenv{% endif %} + + {{ venv_path }} + - name: trustme -- upgrade pip in venv | RHEL 7.9 & 8.8+py36 + when: >- # these don't know how to notice `cryptography` wheels + ansible_distribution == 'RedHat' + and ansible_distribution_major_version | int < 9 + pip: + name: pip + state: latest + virtualenv: >- + {{ venv_path }} + - name: trustme -- install tool + pip: + name: trustme + virtualenv: >- + {{ venv_path }} + - name: trustme -- generate CA and TLS certs + command: + argv: + - >- + {{ venv_python }} + - -{%- if ansible_python.version.major != 2 -%}I{%- endif -%}m + - trustme + - --dir={{ subversion_server_dir }} + +- name: symlink trustme certificates into apache config dir - Red Hat + when: ansible_os_family in ['RedHat'] + # when: ansible_distribution in ['Fedora', 'RedHat'] + file: + src: /tmp/ansible-svn/server.{{ item.trustme_filetype }} + dest: /etc/pki/tls/{{ item.apache_target_path }} + state: link + force: yes # Othewise Apache on CentOS 7 uses its own fake certificate + loop: + - apache_target_path: certs/localhost.crt + trustme_filetype: pem + - apache_target_path: certs/server-chain.crt + trustme_filetype: pem + - apache_target_path: private/localhost.key + trustme_filetype: key + - name: template out configuration file template: src: subversion.conf.j2 @@ -45,11 +99,7 @@ creates: '{{ subversion_server_dir }}/{{ subversion_repo_name }}' - name: add test user to htpasswd for Subversion site - htpasswd: - path: '{{ subversion_server_dir }}/svn-auth-users' - name: '{{ subversion_username }}' - password: '{{ subversion_password }}' - state: present + command: htpasswd -bc {{ subversion_server_dir + '/svn-auth-users' | quote }} {{ subversion_username | quote }} {{ subversion_password | quote }} - name: apply ownership for all SVN directories file: @@ -62,11 +112,22 @@ command: apachectl -k start -f {{ subversion_server_dir }}/subversion.conf async: 3600 # We kill apache manually in the clean up phase poll: 0 - when: ansible_os_family not in ['RedHat', 'Alpine'] + when: ansible_os_family not in ['RedHat'] # On Red Hat based OS', we can't use apachectl to start up own instance, just use the raw httpd - name: start test Apache SVN site - Red Hat command: httpd -k start -f {{ subversion_server_dir }}/subversion.conf async: 3600 # We kill apache manually in the clean up phase poll: 0 - when: ansible_os_family in ['RedHat', 'Alpine'] + when: ansible_os_family in ['RedHat'] + +- lineinfile: + dest: >- + {{ ansible_env.HOME }}/.subversion/servers + regexp: >- + ^#\s*ssl-authority-files\s*=\s* + line: >- + ssl-authority-files = {{ subversion_server_dir }}/client.pem + insertafter: >- + ^\[global\] + state: present diff --git a/test/integration/targets/subversion/roles/subversion/tasks/tests.yml b/test/integration/targets/subversion/roles/subversion/tasks/tests.yml index b8f85d95..70737a19 100644 --- a/test/integration/targets/subversion/roles/subversion/tasks/tests.yml +++ b/test/integration/targets/subversion/roles/subversion/tasks/tests.yml @@ -18,10 +18,11 @@ # checks out every branch so using a small repo -- name: initial checkout +- name: initial checkout with validate_certs=true subversion: repo: '{{ subversion_repo_url }}' dest: '{{ subversion_test_dir }}/svn' + validate_certs: yes register: subverted - name: check if dir was checked out @@ -130,16 +131,27 @@ - "export_branches.stat.isdir" - "subverted4.changed" -- name: clone a small external repo with validate_certs=true +- name: unconfigure client-side TLS trust + block: + - name: remove TLS CA chain file path from the SVN config + lineinfile: + dest: >- + {{ ansible_env.HOME }}/.subversion/servers + regexp: >- + ^(?:#)?\s*ssl-authority-files\s*=\s* + state: absent + - name: drop the client TLS CA chain file + file: + path: >- + {{ subversion_server_dir }}/client.pem + state: absent + +- name: >- + clone a HTTPS-accessible repo with validate_certs=false + and untrusted CA over TLS subversion: - repo: "{{ subversion_external_repo_url }}" - dest: "{{ subversion_test_dir }}/svn-external1" - validate_certs: yes - -- name: clone a small external repo with validate_certs=false - subversion: - repo: "{{ subversion_external_repo_url }}" - dest: "{{ subversion_test_dir }}/svn-external2" + repo: '{{ subversion_repo_url }}' + dest: '{{ subversion_test_dir }}/svn-untrusted-tls' validate_certs: no # TBA: test for additional options or URL variants welcome diff --git a/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 b/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 index 86f40707..133c70c6 100644 --- a/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 +++ b/test/integration/targets/subversion/roles/subversion/templates/subversion.conf.j2 @@ -19,6 +19,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent +Include mods-available/ssl.load IncludeOptional mods-enabled/*.load IncludeOptional mods-enabled/*.conf IncludeOptional conf-enabled/*.conf @@ -32,6 +33,7 @@ IncludeOptional sites-enabled/*conf {% elif ansible_os_family == "FreeBSD" %} Include /usr/local/etc/apache24/httpd.conf +LoadModule ssl_module libexec/apache24/mod_ssl.so LoadModule dav_module libexec/apache24/mod_dav.so LoadModule dav_svn_module libexec/apache24/mod_dav_svn.so LoadModule authz_svn_module libexec/apache24/mod_authz_svn.so @@ -48,7 +50,14 @@ Include /etc/httpd/conf/httpd.conf {% endif %} PidFile {{ subversion_server_dir }}/apache.pid -Listen 127.0.0.1:{{ apache_port }} +Listen 127.0.0.1:{{ apache_port }} https +{% if ansible_distribution not in ["Alpine", "CentOS", "Fedora", "openSUSE Leap", "Ubuntu"] %} +Listen [::1]:{{ apache_port }} https +{% endif %} +SSLEngine on +SSLCertificateFile {{ subversion_server_dir }}/server.pem +SSLCertificateKeyFile {{ subversion_server_dir }}/server.key +SSLCertificateChainFile {{ subversion_server_dir }}/server.pem ErrorLog {{ subversion_server_dir }}/apache2-error.log <Location /svn> diff --git a/test/integration/targets/subversion/vars/Alpine.yml b/test/integration/targets/subversion/vars/Alpine.yml index ce071fdd..71077b12 100644 --- a/test/integration/targets/subversion/vars/Alpine.yml +++ b/test/integration/targets/subversion/vars/Alpine.yml @@ -3,5 +3,8 @@ subversion_packages: - subversion - mod_dav_svn - apache2-webdav +- apache2-utils +- apache2-ctl +- apache2-ssl apache_user: apache apache_group: apache diff --git a/test/integration/targets/subversion/vars/RedHat.yml b/test/integration/targets/subversion/vars/RedHat.yml index 3e3f9109..a3298318 100644 --- a/test/integration/targets/subversion/vars/RedHat.yml +++ b/test/integration/targets/subversion/vars/RedHat.yml @@ -1,6 +1,7 @@ --- subversion_packages: - mod_dav_svn +- mod_ssl - subversion upgrade_packages: # prevent sqlite from being out-of-sync with the version subversion was compiled with diff --git a/test/integration/targets/subversion/vars/Ubuntu-20.yml b/test/integration/targets/subversion/vars/Ubuntu-20.yml index dfe131b0..bfd880fd 100644 --- a/test/integration/targets/subversion/vars/Ubuntu-20.yml +++ b/test/integration/targets/subversion/vars/Ubuntu-20.yml @@ -1,5 +1,7 @@ --- subversion_packages: +- apache2 # /usr/sbin/apachectl +- apache2-utils # htpasswd - subversion - libapache2-mod-svn apache_user: www-data diff --git a/test/integration/targets/template/tasks/main.yml b/test/integration/targets/template/tasks/main.yml index c0d2e11a..3c91734b 100644 --- a/test/integration/targets/template/tasks/main.yml +++ b/test/integration/targets/template/tasks/main.yml @@ -357,7 +357,7 @@ - assert: that: - "\"foo t'e~m\\plated\" in unusual_results.stdout_lines" - - "{{unusual_results.stdout_lines| length}} == 1" + - "unusual_results.stdout_lines| length == 1" - name: check that the unusual filename can be checked for changes template: diff --git a/test/integration/targets/unarchive/tasks/test_missing_binaries.yml b/test/integration/targets/unarchive/tasks/test_missing_binaries.yml index 58d38f4f..49f862b4 100644 --- a/test/integration/targets/unarchive/tasks/test_missing_binaries.yml +++ b/test/integration/targets/unarchive/tasks/test_missing_binaries.yml @@ -66,7 +66,7 @@ - zip_success.changed # Verify that file list is generated - "'files' in zip_success" - - "{{zip_success['files']| length}} == 3" + - "zip_success['files']| length == 3" - "'foo-unarchive.txt' in zip_success['files']" - "'foo-unarchive-777.txt' in zip_success['files']" - "'FOO-UNAR.TXT' in zip_success['files']" diff --git a/test/integration/targets/unarchive/tasks/test_mode.yml b/test/integration/targets/unarchive/tasks/test_mode.yml index c69e3bd2..06fbc7b8 100644 --- a/test/integration/targets/unarchive/tasks/test_mode.yml +++ b/test/integration/targets/unarchive/tasks/test_mode.yml @@ -24,7 +24,7 @@ - "unarchive06_stat.stat.mode == '0600'" # Verify that file list is generated - "'files' in unarchive06" - - "{{unarchive06['files']| length}} == 1" + - "unarchive06['files']| length == 1" - "'foo-unarchive.txt' in unarchive06['files']" - name: remove our tar.gz unarchive destination @@ -74,7 +74,7 @@ - "unarchive07.changed == false" # Verify that file list is generated - "'files' in unarchive07" - - "{{unarchive07['files']| length}} == 1" + - "unarchive07['files']| length == 1" - "'foo-unarchive.txt' in unarchive07['files']" - name: remove our tar.gz unarchive destination @@ -108,7 +108,7 @@ - "unarchive08_stat.stat.mode == '0601'" # Verify that file list is generated - "'files' in unarchive08" - - "{{unarchive08['files']| length}} == 3" + - "unarchive08['files']| length == 3" - "'foo-unarchive.txt' in unarchive08['files']" - "'foo-unarchive-777.txt' in unarchive08['files']" - "'FOO-UNAR.TXT' in unarchive08['files']" @@ -140,7 +140,7 @@ - "unarchive08_stat.stat.mode == '0601'" # Verify that file list is generated - "'files' in unarchive08" - - "{{unarchive08['files']| length}} == 3" + - "unarchive08['files']| length == 3" - "'foo-unarchive.txt' in unarchive08['files']" - "'foo-unarchive-777.txt' in unarchive08['files']" - "'FOO-UNAR.TXT' in unarchive08['files']" diff --git a/test/integration/targets/unarchive/tasks/test_unprivileged_user.yml b/test/integration/targets/unarchive/tasks/test_unprivileged_user.yml index 8ee1db49..9f45e4c9 100644 --- a/test/integration/targets/unarchive/tasks/test_unprivileged_user.yml +++ b/test/integration/targets/unarchive/tasks/test_unprivileged_user.yml @@ -40,7 +40,7 @@ - unarchive10 is changed # Verify that file list is generated - "'files' in unarchive10" - - "{{unarchive10['files']| length}} == 1" + - "unarchive10['files']| length == 1" - "'foo-unarchive.txt' in unarchive10['files']" - archive_path.stat.exists diff --git a/test/integration/targets/unarchive/tasks/test_zip.yml b/test/integration/targets/unarchive/tasks/test_zip.yml index cf03946f..0fc5dc9c 100644 --- a/test/integration/targets/unarchive/tasks/test_zip.yml +++ b/test/integration/targets/unarchive/tasks/test_zip.yml @@ -17,7 +17,7 @@ - "unarchive03.changed == true" # Verify that file list is generated - "'files' in unarchive03" - - "{{unarchive03['files']| length}} == 3" + - "unarchive03['files']| length == 3" - "'foo-unarchive.txt' in unarchive03['files']" - "'foo-unarchive-777.txt' in unarchive03['files']" - "'FOO-UNAR.TXT' in unarchive03['files']" diff --git a/test/integration/targets/wait_for/tasks/main.yml b/test/integration/targets/wait_for/tasks/main.yml index f71ddbda..f81fd0f2 100644 --- a/test/integration/targets/wait_for/tasks/main.yml +++ b/test/integration/targets/wait_for/tasks/main.yml @@ -40,7 +40,7 @@ assert: that: - waitfor is successful - - waitfor.path == "{{ remote_tmp_dir | expanduser }}/wait_for_file" + - waitfor.path == remote_tmp_dir | expanduser ~ "/wait_for_file" - waitfor.elapsed >= 2 - waitfor.elapsed <= 15 @@ -58,7 +58,7 @@ assert: that: - waitfor is successful - - waitfor.path == "{{ remote_tmp_dir | expanduser }}/wait_for_file" + - waitfor.path == remote_tmp_dir | expanduser ~ "/wait_for_file" - waitfor.elapsed >= 2 - waitfor.elapsed <= 15 @@ -156,7 +156,7 @@ that: - waitfor is successful - waitfor is not changed - - "waitfor.port == {{ http_port }}" + - "waitfor.port == http_port" - name: install psutil using pip (non-Linux only) pip: @@ -184,7 +184,7 @@ that: - waitfor is successful - waitfor is not changed - - "waitfor.port == {{ http_port }}" + - "waitfor.port == http_port" - name: test wait_for with delay wait_for: |