Releases: linux-system-roles/certificate
Version 1.1.6
[1.1.6] - 2022-07-19
New Features
- none
Bug Fixes
- none
Other Changes
- make all tests work with gather_facts: false (#121)
Ensure tests work when using ANSIBLE_GATHERING=explicit
- make min_ansible_version a string in meta/main.yml (#122)
The Ansible developers say that min_ansible_version in meta/main.yml
must be a string value like "2.9", not a float value like 2.9.
- Add CHANGELOG.md (#123)
tag basic ipa test as a slow test (#120)
[citest skip] bump tox-lsr version to 2.11.0; remove py37; add py310 (#119)
tox-lsr version 2.11.0 has support for collection-requirements.yml,
runqemu improvements, and support for python 3.10
python 3.7 is not used on any supported platform, so remove it
Signed-off-by: Rich Megginson rmeggins@redhat.com
tag basic ipa test as a slow test (#120)
support setup-snapshot.yml; support set_vars.yml; test improvements
Remove the unnecessary code (#115)
In the condition of param_sha1 == file_sha1, the condition "param !=
cur_script (contents of file)" never be true and never be executed.
It was introduced in commit e5fe039
System Roles should consistently use ansible_managed in configuration files it manages
Replace ansible_managed_new with __header
Signed-off-by: Noriko Hosoi nhosoi@redhat.com
Let each test use a different certificate file name (#116)
This is part of the effort to allow CI tests run in the serialized
manner on one VM for shortening the duration of the CI tests. In
the current tests, the same certificate file path is shared and
there is no cleaning up implemented. When multiple tests run
sequentially, some attribute, e.g., the file ownership, could be
inherited from the previous tests, which could make the test fail
in the attribute verification. To avoid the false negative failure,
this commit chooses different certificate file name per test.
support setup-snapshot.yml; support set_vars.yml (#118)
support setup-snapshot.yml - tests can use
--setup-yml tests/setup-snapshot.yml --use-snapshot
to create a pre-populated image to make subsequent tests faster.
support gather_facts: false playbooks - the role will gather
the facts it needs.
Update ansible-freeipa to use master branch.
use ansible_managed header in script files managed by this role
bz#2044640
The certificate role needs to generate the hook scripts with the
correct ansible_managed string commented in the same format as
generated by the template module. Borrowed the method from the
kernel_settings to get the ansible managed comment and updated
the base class in module_utils so that it adds the comment to
the pre and post scripts as follows.
==> {pre,post}-scripts/.sh <==
#!/bin/bash
Ansible managed
... script ...
Signed-off-by: Noriko Hosoi nhosoi@redhat.com
remove recursive role symlink in tests/roles
update tox-lsr version to 2.8.0
New version adds check for proper commenting of the ansible_managed var
Signed-off-by: Sergei Petrosian spetrosi@redhat.com
Run the new tox test
Signed-off-by: Sergei Petrosian spetrosi@redhat.com
bump tox-lsr version to 2.8.3 (#104)
Signed-off-by: Rich Megginson rmeggins@redhat.com
change recursive role symlink to individual role dir symlinks (#105)
Signed-off-by: Rich Megginson rmeggins@redhat.com
Fix permissions with "group" option; test with ansible 2.12
use tox-lsr version 2.5.1
This version removes support for molecule until we can figure out
what to do about molecule. This should make all of the tox tests
pass (except for python 2.6).
Signed-off-by: Rich Megginson rmeggins@redhat.com
support ansible-core 2.11 ansible-test and ansible-lint
Fix parser fail on certificate verification.
Due to a change in Python's cryptography version 35.0.0 certificate
parser, and a difference in the ASN.1 certificate spec interpretation,
the certificates generated by certmonger fail to be validated.
This patch forces the version for the 'cryptography' package installed
to ignore the affected version, and should allow the tests for this
role to be executed.
certmonger already has a fix for the issue, but it might not be
available for every release supported by certificate role.
tests: Validate certificate permissions
Without specifying group:, certificates ought to have tight
permissions and only be accessible to the owner.
This currently also applies to certificates with group:, which is
wrong -- this will be fixed in the next commit.
Fix certificate permissions with "group" option
The default permissions are 0600, so that certificates are inaccessible
to the specified group. Add group read permission in that case, so that
this actually works.
Test this for both local certmonger and IPA.
support python 39, ansible-core 2.12, ansible-plugin-scan
update tox-lsr version to 2.7.1
update the tox-lsr version used in github actions tox CI
to 2.7.1
The only difference between this an 2.7.0 is that Ansible 2.12
is now GA.
Signed-off-by: Rich Megginson rmeggins@redhat.com
drop support for ansible 2.8
Drop support for Ansible 2.8 by bumping the Ansible version to 2.9
min_ansible_version is now 2.9
Bug 1989197 - drop support for Ansible 2.8
https://bugzilla.redhat.com/show_bug.cgi?id=1989197
Suppress warnings when using `tar`
- Instead of the unarchive module, use "tar" command for backup.
- Do not warn about unarchive.
Ref: bz1984182, bz1987096
Instead of the archive module, use "tar" command for backup.
Instead of the archive module, use "tar" command for backup.
Note: having the module 'archive' makes the role fail with an error
"couldn't resolve module/action 'archive'." if executed with ansible-
navigator.
Ref: bz1984182
Fix lint issues; support EL 9 managed hosts
Fix lint issues
support EL 9 managed hosts