diff --git a/tests/tasks/setup_test_data.yml b/tests/tasks/setup_test_data.yml index 44c01ae9..51a26ebc 100644 --- a/tests/tasks/setup_test_data.yml +++ b/tests/tasks/setup_test_data.yml @@ -37,3 +37,47 @@ - name: Set flag to indicate system is ostree set_fact: __rhc_is_ostree: "{{ __ostree_booted_stat.stat.exists }}" + +- name: Setup for external proxy + vars: + __proxy: "{{ lookup('env', 'SR_RHC_EXTERNAL_PROXY') }}" + __http_proxy: "http://{{ __proxy }}" + __https_proxy: "{{ __http_proxy }}" + when: __proxy | length > 0 + block: + - name: Add proxy vars to bashrc + lineinfile: + path: /root/.bashrc + line: "{{ item }}" + create: true + mode: "0644" + loop: + - export http_proxy={{ __http_proxy }} + - export https_proxy={{ __https_proxy }} + + - name: Ensure rhsm service.d directory exists + file: + path: /etc/systemd/system/rhsm.service.d + state: directory + mode: "0755" + + - name: Add proxy vars to rhsm service + copy: + content: | + [Service] + Environment=http_proxy={{ __http_proxy }} + Environment=https_proxy={{ __https_proxy }} + dest: /etc/systemd/system/rhsm.service.d/proxy.conf + mode: "0644" + register: __proxy_conf + + - name: Reload rhsm service + systemd: + name: rhsm.service + state: restarted + daemon_reload: true + when: __proxy_conf is changed # noqa no-handler + + - name: Check rhsm service + command: systemctl status rhsm.service + changed_when: false diff --git a/tests/tests_proxy.yml b/tests/tests_proxy.yml index 1d6def45..abae17b0 100644 --- a/tests/tests_proxy.yml +++ b/tests/tests_proxy.yml @@ -159,141 +159,145 @@ vars: rhc_state: absent - - name: Setup authenticated Squid - import_tasks: tasks/setup_squid.yml - vars: - authentication: true - - - name: Try to register (missing credentials) + - name: Run tests for when proxy requires authentication + when: lookup("env", "SR_RHC_EXTERNAL_PROXY") | length == 0 block: - - name: Register (missing credentials) - include_role: - name: linux-system-roles.rhc + - name: Setup authenticated Squid + import_tasks: tasks/setup_squid.yml vars: - rhc_auth: - login: - username: "{{ lsr_rhc_test_data.reg_username }}" - password: "{{ lsr_rhc_test_data.reg_password }}" - rhc_insights: - state: absent - rhc_organization: "{{ lsr_rhc_test_data.reg_organization }}" - rhc_server: - hostname: "{{ lsr_rhc_test_data.candlepin_host }}" - port: "{{ lsr_rhc_test_data.candlepin_port }}" - prefix: "{{ lsr_rhc_test_data.candlepin_prefix }}" - insecure: "{{ lsr_rhc_test_data.candlepin_insecure }}" - rhc_proxy: - hostname: "{{ lsr_rhc_test_data.proxy_auth_hostname }}" - scheme: "{{ lsr_rhc_test_data.proxy_auth_scheme | d(omit) }}" - port: "{{ lsr_rhc_test_data.proxy_auth_port }}" + authentication: true - - name: Unreachable task - fail: - msg: The above task must fail - rescue: - - name: Assert registration failed - assert: - that: ansible_failed_result.msg != 'The above task must fail' + - name: Try to register (missing credentials) + block: + - name: Register (missing credentials) + include_role: + name: linux-system-roles.rhc + vars: + rhc_auth: + login: + username: "{{ lsr_rhc_test_data.reg_username }}" + password: "{{ lsr_rhc_test_data.reg_password }}" + rhc_insights: + state: absent + rhc_organization: "{{ lsr_rhc_test_data.reg_organization }}" + rhc_server: + hostname: "{{ lsr_rhc_test_data.candlepin_host }}" + port: "{{ lsr_rhc_test_data.candlepin_port }}" + prefix: "{{ lsr_rhc_test_data.candlepin_prefix }}" + insecure: "{{ lsr_rhc_test_data.candlepin_insecure }}" + rhc_proxy: + hostname: "{{ lsr_rhc_test_data.proxy_auth_hostname }}" + scheme: "{{ lsr_rhc_test_data.proxy_auth_scheme | d(omit) }}" + port: "{{ lsr_rhc_test_data.proxy_auth_port }}" - - name: Try to register (wrong username, wrong password) - block: - - name: Register (wrong username, wrong password) - include_role: - name: linux-system-roles.rhc - vars: - rhc_auth: - login: - username: "{{ lsr_rhc_test_data.reg_username }}" - password: "{{ lsr_rhc_test_data.reg_password }}" - rhc_insights: - state: absent - rhc_organization: "{{ lsr_rhc_test_data.reg_organization }}" - rhc_server: - hostname: "{{ lsr_rhc_test_data.candlepin_host }}" - port: "{{ lsr_rhc_test_data.candlepin_port }}" - prefix: "{{ lsr_rhc_test_data.candlepin_prefix }}" - insecure: "{{ lsr_rhc_test_data.candlepin_insecure }}" - rhc_proxy: - hostname: "{{ lsr_rhc_test_data.proxy_auth_hostname }}" - scheme: "{{ lsr_rhc_test_data.proxy_auth_scheme | d(omit) }}" - port: "{{ lsr_rhc_test_data.proxy_auth_port }}" - username: "{{ lsr_rhc_test_data.proxy_nonworking_username }}" - password: "{{ lsr_rhc_test_data.proxy_nonworking_password }}" + - name: Unreachable task + fail: + msg: The above task must fail + rescue: + - name: Assert registration failed + assert: + that: ansible_failed_result.msg != 'The above task must fail' - - name: Unreachable task - fail: - msg: The above task must fail - rescue: - - name: Assert registration failed - assert: - that: ansible_failed_result.msg != 'The above task must fail' + - name: Try to register (wrong username, wrong password) + block: + - name: Register (wrong username, wrong password) + include_role: + name: linux-system-roles.rhc + vars: + rhc_auth: + login: + username: "{{ lsr_rhc_test_data.reg_username }}" + password: "{{ lsr_rhc_test_data.reg_password }}" + rhc_insights: + state: absent + rhc_organization: "{{ lsr_rhc_test_data.reg_organization }}" + rhc_server: + hostname: "{{ lsr_rhc_test_data.candlepin_host }}" + port: "{{ lsr_rhc_test_data.candlepin_port }}" + prefix: "{{ lsr_rhc_test_data.candlepin_prefix }}" + insecure: "{{ lsr_rhc_test_data.candlepin_insecure }}" + rhc_proxy: + hostname: "{{ lsr_rhc_test_data.proxy_auth_hostname }}" + scheme: "{{ lsr_rhc_test_data.proxy_auth_scheme | d(omit) }}" + port: "{{ lsr_rhc_test_data.proxy_auth_port }}" + username: "{{ lsr_rhc_test_data.proxy_nonworking_username }}" + password: "{{ lsr_rhc_test_data.proxy_nonworking_password }}" - - name: Try to register (wrong username) - block: - - name: Register (wrong username) - include_role: - name: linux-system-roles.rhc - vars: - rhc_auth: - login: - username: "{{ lsr_rhc_test_data.reg_username }}" - password: "{{ lsr_rhc_test_data.reg_password }}" - rhc_insights: - state: absent - rhc_organization: "{{ lsr_rhc_test_data.reg_organization }}" - rhc_server: - hostname: "{{ lsr_rhc_test_data.candlepin_host }}" - port: "{{ lsr_rhc_test_data.candlepin_port }}" - prefix: "{{ lsr_rhc_test_data.candlepin_prefix }}" - insecure: "{{ lsr_rhc_test_data.candlepin_insecure }}" - rhc_proxy: - hostname: "{{ lsr_rhc_test_data.proxy_auth_hostname }}" - scheme: "{{ lsr_rhc_test_data.proxy_auth_scheme | d(omit) }}" - port: "{{ lsr_rhc_test_data.proxy_auth_port }}" - username: "{{ lsr_rhc_test_data.proxy_nonworking_username }}" - password: "{{ lsr_rhc_test_data.proxy_auth_password }}" + - name: Unreachable task + fail: + msg: The above task must fail + rescue: + - name: Assert registration failed + assert: + that: ansible_failed_result.msg != 'The above task must fail' - - name: Unreachable task - fail: - msg: The above task must fail - rescue: - - name: Assert registration failed - assert: - that: ansible_failed_result.msg != 'The above task must fail' + - name: Try to register (wrong username) + block: + - name: Register (wrong username) + include_role: + name: linux-system-roles.rhc + vars: + rhc_auth: + login: + username: "{{ lsr_rhc_test_data.reg_username }}" + password: "{{ lsr_rhc_test_data.reg_password }}" + rhc_insights: + state: absent + rhc_organization: "{{ lsr_rhc_test_data.reg_organization }}" + rhc_server: + hostname: "{{ lsr_rhc_test_data.candlepin_host }}" + port: "{{ lsr_rhc_test_data.candlepin_port }}" + prefix: "{{ lsr_rhc_test_data.candlepin_prefix }}" + insecure: "{{ lsr_rhc_test_data.candlepin_insecure }}" + rhc_proxy: + hostname: "{{ lsr_rhc_test_data.proxy_auth_hostname }}" + scheme: "{{ lsr_rhc_test_data.proxy_auth_scheme | d(omit) }}" + port: "{{ lsr_rhc_test_data.proxy_auth_port }}" + username: "{{ lsr_rhc_test_data.proxy_nonworking_username }}" + password: "{{ lsr_rhc_test_data.proxy_auth_password }}" - - name: Try to register (wrong password) - block: - - name: Register (wrong password) - include_role: - name: linux-system-roles.rhc - vars: - rhc_auth: - login: - username: "{{ lsr_rhc_test_data.reg_username }}" - password: "{{ lsr_rhc_test_data.reg_password }}" - rhc_insights: - state: absent - rhc_organization: "{{ lsr_rhc_test_data.reg_organization }}" - rhc_server: - hostname: "{{ lsr_rhc_test_data.candlepin_host }}" - port: "{{ lsr_rhc_test_data.candlepin_port }}" - prefix: "{{ lsr_rhc_test_data.candlepin_prefix }}" - insecure: "{{ lsr_rhc_test_data.candlepin_insecure }}" - rhc_proxy: - hostname: "{{ lsr_rhc_test_data.proxy_auth_hostname }}" - scheme: "{{ lsr_rhc_test_data.proxy_auth_scheme | d(omit) }}" - port: "{{ lsr_rhc_test_data.proxy_auth_port }}" - username: "{{ lsr_rhc_test_data.proxy_auth_username }}" - password: "{{ lsr_rhc_test_data.proxy_nonworking_password }}" + - name: Unreachable task + fail: + msg: The above task must fail + rescue: + - name: Assert registration failed + assert: + that: ansible_failed_result.msg != 'The above task must fail' - - name: Unreachable task - fail: - msg: The above task must fail - rescue: - - name: Assert registration failed - assert: - that: ansible_failed_result.msg != 'The above task must fail' + - name: Try to register (wrong password) + block: + - name: Register (wrong password) + include_role: + name: linux-system-roles.rhc + vars: + rhc_auth: + login: + username: "{{ lsr_rhc_test_data.reg_username }}" + password: "{{ lsr_rhc_test_data.reg_password }}" + rhc_insights: + state: absent + rhc_organization: "{{ lsr_rhc_test_data.reg_organization }}" + rhc_server: + hostname: "{{ lsr_rhc_test_data.candlepin_host }}" + port: "{{ lsr_rhc_test_data.candlepin_port }}" + prefix: "{{ lsr_rhc_test_data.candlepin_prefix }}" + insecure: "{{ lsr_rhc_test_data.candlepin_insecure }}" + rhc_proxy: + hostname: "{{ lsr_rhc_test_data.proxy_auth_hostname }}" + scheme: "{{ lsr_rhc_test_data.proxy_auth_scheme | d(omit) }}" + port: "{{ lsr_rhc_test_data.proxy_auth_port }}" + username: "{{ lsr_rhc_test_data.proxy_auth_username }}" + password: "{{ lsr_rhc_test_data.proxy_nonworking_password }}" + + - name: Unreachable task + fail: + msg: The above task must fail + rescue: + - name: Assert registration failed + assert: + that: ansible_failed_result.msg != 'The above task must fail' + # also works when the proxy does not require authentication - name: Register (authentication) include_role: name: linux-system-roles.rhc @@ -332,6 +336,7 @@ rhc_state: absent - name: Register (without proxy) + when: lookup("env", "SR_RHC_EXTERNAL_PROXY") | length == 0 include_role: name: linux-system-roles.rhc vars: @@ -363,8 +368,9 @@ include_role: name: fedora.linux_system_roles.selinux vars: + remove_port_list: "{{ __proxy_port_list | reject('match', '^3128$') | list }}" selinux_ports: - - ports: "{{ __proxy_port_list }}" + - ports: "{{ remove_port_list }}" proto: tcp setype: squid_port_t state: absent