From 6c94fe9bd59cc31f684b5b2744027e1071518e1a Mon Sep 17 00:00:00 2001 From: Rafael Guterres Jeffman Date: Tue, 5 Nov 2024 11:08:13 -0300 Subject: [PATCH] tests/sudorule: Don't become or gather_facts and use only true/false Unless there's a real need to use privileged access or to gather Ansible facts upfront, we should always set "become: false" and "gather_facts: false". In the case that only a few Ansible facts are required, 'ansible.builtin.setup' with 'gather_subset' should be used. As the YAML 1.2 standard dictates, boolean values should only use 'true' or 'false' values. This patch fixes these issues in the 'sudorule' test suite. --- tests/sudorule/test_sudorule.yml | 8 ++++++-- tests/sudorule/test_sudorule_categories.yml | 19 ++++++++++++++----- .../sudorule/test_sudorule_client_context.yml | 4 ++-- .../test_sudorule_member_case_insensitive.yml | 6 +++--- .../test_sudorule_single_hostnames.yml | 19 ++++++++++++------- tests/sudorule/test_sudorules.yml | 2 +- 6 files changed, 38 insertions(+), 20 deletions(-) diff --git a/tests/sudorule/test_sudorule.yml b/tests/sudorule/test_sudorule.yml index 476fb1d89b..25dd84cdd1 100644 --- a/tests/sudorule/test_sudorule.yml +++ b/tests/sudorule/test_sudorule.yml @@ -3,11 +3,15 @@ - name: Test sudorule hosts: "{{ ipa_test_host | default('ipaserver') }}" become: true - gather_facts: true + gather_facts: false tasks: # setup + - name: Ensure DNS Ansible facts are available + ansible.builtin.setup: + gather_subset: dns + - name: Ensure test user is present ipauser: ipaadmin_password: SomeADMINpassword @@ -1157,7 +1161,7 @@ hostmask: 192.168.120.0/24 action: member register: result - check_mode: yes + check_mode: true failed_when: not result.changed or result.failed - name: Ensure sudorule hostmask member is present diff --git a/tests/sudorule/test_sudorule_categories.yml b/tests/sudorule/test_sudorule_categories.yml index 95b94f1282..91b9dca0d9 100644 --- a/tests/sudorule/test_sudorule_categories.yml +++ b/tests/sudorule/test_sudorule_categories.yml @@ -1,13 +1,22 @@ --- - name: Test sudorule user category hosts: ipaserver - become: yes - gather_facts: yes + become: false + gather_facts: false tasks: - - name: Get Domain from the server name - ansible.builtin.set_fact: - ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}" + - name: Test sudorule single hostnames + block: + # setup test environment + - name: Ensure ipaserver_domain is set + when: ipaserver_domain is not defined + block: + - name: Retrieve host information + ansible.builtin.setup: + gather_subset: dns + - name: Get Domain from the server name + ansible.builtin.set_fact: + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}" - name: Ensure sudorules are absent ipasudorule: diff --git a/tests/sudorule/test_sudorule_client_context.yml b/tests/sudorule/test_sudorule_client_context.yml index 331f138be4..faa111b931 100644 --- a/tests/sudorule/test_sudorule_client_context.yml +++ b/tests/sudorule/test_sudorule_client_context.yml @@ -1,8 +1,8 @@ --- - name: Test sudorule hosts: ipaclients, ipaserver - become: no - gather_facts: no + become: false + gather_facts: false tasks: - name: Include FreeIPA facts. diff --git a/tests/sudorule/test_sudorule_member_case_insensitive.yml b/tests/sudorule/test_sudorule_member_case_insensitive.yml index cc212406a4..21ffe3028e 100644 --- a/tests/sudorule/test_sudorule_member_case_insensitive.yml +++ b/tests/sudorule/test_sudorule_member_case_insensitive.yml @@ -1,8 +1,8 @@ --- - name: Test sudorule members should be case insensitive. hosts: "{{ ipa_test_host | default('ipaserver') }}" - become: no - gather_facts: no + become: false + gather_facts: false vars: groups_present: @@ -37,7 +37,7 @@ ipahost: ipaadmin_password: SomeADMINpassword name: "{{ item }}.{{ ipa_domain }}" - force: yes + force: true loop: "{{ groups_present }}" - name: Ensure test users exist. diff --git a/tests/sudorule/test_sudorule_single_hostnames.yml b/tests/sudorule/test_sudorule_single_hostnames.yml index cc6a781928..728aab1cc7 100644 --- a/tests/sudorule/test_sudorule_single_hostnames.yml +++ b/tests/sudorule/test_sudorule_single_hostnames.yml @@ -1,17 +1,22 @@ --- - name: Test sudorule with single hostnames. hosts: "{{ ipa_test_host | default('ipaserver') }}" - become: no - gather_facts: no + become: false + gather_facts: false tasks: - name: Test sudorule single hostnames block: # setup test environment - - name: Get Domain from the server name - ansible.builtin.set_fact: - ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}" + - name: Ensure ipaserver_domain is set when: ipaserver_domain is not defined + block: + - name: Retrieve host information + ansible.builtin.setup: + gather_subset: dns + - name: Get Domain from the server name + ansible.builtin.set_fact: + ipaserver_domain: "{{ ansible_facts['fqdn'].split('.')[1:] | join('.') }}" - name: Ensure test sudo rule is absent ipasudorule: @@ -24,9 +29,9 @@ ipaadmin_password: SomeADMINpassword hosts: - name: "host01.{{ ipaserver_domain }}" - force: yes + force: true - name: "host02.{{ ipaserver_domain }}" - force: yes + force: true # start tests - name: Ensure sudorule exist with host member using FQDN. diff --git a/tests/sudorule/test_sudorules.yml b/tests/sudorule/test_sudorules.yml index 745926897b..0df3066c89 100644 --- a/tests/sudorule/test_sudorules.yml +++ b/tests/sudorule/test_sudorules.yml @@ -2,7 +2,7 @@ - name: Test sudorule hosts: "{{ ipa_test_host | default('ipaserver') }}" become: false - gather_facts: true # required for ansible_facts['fqdn'] + gather_facts: false module_defaults: ipauser: