diff --git a/tests/tasks/bind_slot_with_passphrase.yml b/tests/tasks/bind_slot_with_passphrase.yml index 1323eb1b..c7157c99 100644 --- a/tests/tasks/bind_slot_with_passphrase.yml +++ b/tests/tasks/bind_slot_with_passphrase.yml @@ -17,10 +17,9 @@ register: nbde_client_device_checksum_before - name: Perform binding with nbde_client role - include_role: - name: linux-system-roles.nbde_client - public: true + include_tasks: tasks/run_role_with_clear_facts.yml vars: + __sr_public: true nbde_client_bindings: - device: "{{ nbde_client_selected_device }}" slot: "{{ nbde_client_test_slot }}" diff --git a/tests/tasks/run_role_with_clear_facts.yml b/tests/tasks/run_role_with_clear_facts.yml new file mode 100644 index 00000000..d80b5323 --- /dev/null +++ b/tests/tasks/run_role_with_clear_facts.yml @@ -0,0 +1,37 @@ +--- +# Task file: clear_facts, run linux-system-roles.nbde_client. +# Include this with include_tasks or import_tasks +# Input: +# - __sr_tasks_from: tasks_from to run - same as tasks_from in include_role +# - __sr_public: export private vars from role - same as public in include_role +# - __sr_failed_when: set to false to ignore role errors - same as failed_when in include_role +- name: Clear facts + meta: clear_facts + +# note that you can use failed_when with import_role but not with include_role +# so this simulates the __sr_failed_when false case +# Q: Why do we need a separate task to run the role normally? Why not just +# run the role in the block and rethrow the error in the rescue block? +# A: Because you cannot rethrow the error in exactly the same way as the role does. +# It might be possible to exactly reconstruct ansible_failed_result but it's not worth the effort. +- name: Run the role with __sr_failed_when false + when: + - __sr_failed_when is defined + - not __sr_failed_when + block: + - name: Run the role + include_role: + name: linux-system-roles.nbde_client + tasks_from: "{{ __sr_tasks_from | default('main') }}" + public: "{{ __sr_public | default(false) }}" + rescue: + - name: Ignore the failure when __sr_failed_when is false + debug: + msg: Ignoring failure when __sr_failed_when is false + +- name: Run the role normally + include_role: + name: linux-system-roles.nbde_client + tasks_from: "{{ __sr_tasks_from | default('main') }}" + public: "{{ __sr_public | default(false) }}" + when: __sr_failed_when | d(true) diff --git a/tests/tasks/verify_idempotency.yml b/tests/tasks/verify_idempotency.yml index 653b356c..3cfb9e1c 100644 --- a/tests/tasks/verify_idempotency.yml +++ b/tests/tasks/verify_idempotency.yml @@ -1,7 +1,6 @@ --- - name: Use nbde_client role - idempotency check - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml - name: Verify idempotency of clevis operations assert: diff --git a/tests/tests_bind_high_availability.yml b/tests/tests_bind_high_availability.yml index 088faa4c..e44b9a99 100644 --- a/tests/tests_bind_high_availability.yml +++ b/tests/tests_bind_high_availability.yml @@ -16,8 +16,7 @@ - name: Run the test block: - name: Use nbde_client role - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml - name: Attempt to unlock device include_tasks: tasks/verify_unlock_device.yml diff --git a/tests/tests_default.yml b/tests/tests_default.yml index 4c3cb515..42146161 100644 --- a/tests/tests_default.yml +++ b/tests/tests_default.yml @@ -1,8 +1,8 @@ --- - name: Ensure that the role runs with default parameters hosts: all - gather_facts: false - roles: - - linux-system-roles.nbde_client + tasks: + - name: Run nbde_client role + include_tasks: tasks/run_role_with_clear_facts.yml # vim:set ts=2 sw=2 et: diff --git a/tests/tests_default_vars.yml b/tests/tests_default_vars.yml index 4da22673..e1a4ed45 100644 --- a/tests/tests_default_vars.yml +++ b/tests/tests_default_vars.yml @@ -5,8 +5,10 @@ - name: Run test block: - name: Import role - import_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml + vars: + __sr_public: true + - name: Assert that the role declares all parameters in defaults assert: that: diff --git a/tests/tests_error_handling.yml b/tests/tests_error_handling.yml index fe94213f..13d35b4c 100644 --- a/tests/tests_error_handling.yml +++ b/tests/tests_error_handling.yml @@ -16,8 +16,7 @@ - name: Run the test block: - name: Use nbde_client role - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml rescue: - name: Extract the result set_fact: diff --git a/tests/tests_include_vars_from_parent.yml b/tests/tests_include_vars_from_parent.yml index 1fdeab8f..da91e2d3 100644 --- a/tests/tests_include_vars_from_parent.yml +++ b/tests/tests_include_vars_from_parent.yml @@ -1,7 +1,6 @@ --- - name: Test role include variable override hosts: all - gather_facts: true tasks: - name: Create var file in caller that can override the one in called role delegate_to: localhost diff --git a/tests/tests_key_rotation.yml b/tests/tests_key_rotation.yml index fa3fc0c5..fd8972fd 100644 --- a/tests/tests_key_rotation.yml +++ b/tests/tests_key_rotation.yml @@ -15,8 +15,7 @@ - name: Run the test block: - name: Use nbde_client role - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml - name: Attempt to unlock device include_tasks: tasks/verify_unlock_device.yml @@ -34,8 +33,7 @@ include_tasks: tasks/rotate_keys.yml - name: Use nbde_client role - idempotency check - change expected - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml - name: Assert change happened after key rotation assert: diff --git a/tests/tests_passphrase_temporary.yml b/tests/tests_passphrase_temporary.yml index b7b11e7d..b595f359 100644 --- a/tests/tests_passphrase_temporary.yml +++ b/tests/tests_passphrase_temporary.yml @@ -19,8 +19,7 @@ - name: Run the test block: - name: Use nbde_client role - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml - name: Attempt to unlock device include_tasks: tasks/verify_unlock_device.yml diff --git a/tests/tests_passphrase_temporary_keyfile.yml b/tests/tests_passphrase_temporary_keyfile.yml index 6a6c14ff..3358b5d0 100644 --- a/tests/tests_passphrase_temporary_keyfile.yml +++ b/tests/tests_passphrase_temporary_keyfile.yml @@ -19,8 +19,7 @@ - name: Run the test block: - name: Use nbde_client role - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml - name: Attempt to unlock device include_tasks: tasks/verify_unlock_device.yml diff --git a/tests/tests_simple_bind.yml b/tests/tests_simple_bind.yml index ae371c11..eb398f88 100644 --- a/tests/tests_simple_bind.yml +++ b/tests/tests_simple_bind.yml @@ -15,9 +15,9 @@ - name: Run the test block: - name: Use nbde_client role - include_role: - name: linux-system-roles.nbde_client - public: true + include_tasks: tasks/run_role_with_clear_facts.yml + vars: + __sr_public: true - name: Check ansible_managed, fingerprint in generated files include_tasks: tasks/check_header.yml diff --git a/tests/tests_simple_bind_keyfile.yml b/tests/tests_simple_bind_keyfile.yml index b8a6216b..14ae026d 100644 --- a/tests/tests_simple_bind_keyfile.yml +++ b/tests/tests_simple_bind_keyfile.yml @@ -15,8 +15,7 @@ - name: Run the test block: - name: Use nbde_client role - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml - name: Attempt to unlock device include_tasks: tasks/verify_unlock_device.yml diff --git a/tests/tests_simple_bind_unbind.yml b/tests/tests_simple_bind_unbind.yml index 0fda1016..14ac34e8 100644 --- a/tests/tests_simple_bind_unbind.yml +++ b/tests/tests_simple_bind_unbind.yml @@ -18,8 +18,7 @@ - name: Run the test block: - name: Use nbde_client role - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml - name: Attempt to unlock device include_tasks: tasks/verify_unlock_device.yml diff --git a/tests/tests_simple_bind_unbind_keyfile.yml b/tests/tests_simple_bind_unbind_keyfile.yml index 353155b8..531415a2 100644 --- a/tests/tests_simple_bind_unbind_keyfile.yml +++ b/tests/tests_simple_bind_unbind_keyfile.yml @@ -18,8 +18,7 @@ - name: Run the test block: - name: Use nbde_client role - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml - name: Attempt to unlock device include_tasks: tasks/verify_unlock_device.yml diff --git a/tests/tests_use_existing_binding.yml b/tests/tests_use_existing_binding.yml index d13d1e55..7891f2ba 100644 --- a/tests/tests_use_existing_binding.yml +++ b/tests/tests_use_existing_binding.yml @@ -8,8 +8,7 @@ include_tasks: tasks/setup_test.yml - name: Add binding to slot 1 - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml vars: nbde_client_bindings: - device: "{{ nbde_client_test_device }}" @@ -19,8 +18,7 @@ - http://localhost - name: Add binding to slot 2 without providing encryption_password - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml vars: nbde_client_bindings: - device: "{{ nbde_client_test_device }}" @@ -29,8 +27,7 @@ - http://localhost - name: Remove binding from slot 1 - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml vars: nbde_client_bindings: - device: "{{ nbde_client_test_device }}" @@ -86,8 +83,7 @@ state: absent - name: Add binding to slot 2 without providing encryption_password - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml vars: nbde_client_bindings: - device: "{{ nbde_client_test_device }}" @@ -96,8 +92,7 @@ - http://localhost - name: Remove binding from slot 1 - include_role: - name: linux-system-roles.nbde_client + include_tasks: tasks/run_role_with_clear_facts.yml vars: nbde_client_bindings: - device: "{{ nbde_client_test_device }}"