test: find cockpit test group dynamically

https://cockpit-project.org/blog/cockpit-317.html changed the user/group name from cockpit-ws to cockpit-wsinstance which causes tests to fail. Instead, add a task file tests/tasks/get_cockpit_group.yml to determine which group name to use. Signed-off-by: Rich Megginson <[email protected]>
linux-system-roles · Jun 13, 2024 · 6ed3e15 · 6ed3e15
1 parent 83d0b37
commit 6ed3e15
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -227,7 +227,7 @@ This example also installs Cockpit with an IdM-issued web server certificate.
           - name: /etc/cockpit/ws-certs.d/monger-cockpit
             dns: ['localhost', 'www.example.com']
             ca: ipa
-            group: cockpit-ws
+            group: cockpit-ws  # or cockpit-wsinstance on newer cockpit versions
 ```
 
 NOTE: The `certificate` role, unless using IPA and joining the systems to an IPA domain,

diff --git a/tests/tasks/get_cockpit_group.yml b/tests/tasks/get_cockpit_group.yml
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: MIT
+---
+- name: Get name of cockpit group for tests
+  getent:
+    database: group
+    key: cockpit-wsinstance
+    fail_key: false
+
+- name: Set __cockpit_test_group
+  set_fact:
+    __cockpit_test_group: "{{ 'cockpit-wsinstance'
+      if 'cockpit-wsinstance' in ansible_facts['getent_group']
+      else 'cockpit-ws' }}"
diff --git a/tests/tests_certificate_external.yml b/tests/tests_certificate_external.yml
@@ -26,6 +26,10 @@
                 setype: cert_t
                 mode: "0755"
 
+            # returns global variable __cockpit_test_group
+            - name: Get name of cockpit group to use
+              include_tasks: tasks/get_cockpit_group.yml
+
             # has to be done dynamically, as the first step checks it out
             - name: Generate certificate with certificate system role
               include_role:
@@ -35,7 +39,7 @@
                   - name: /etc/cockpit/ws-certs.d/monger-cockpit
                     dns: ['localhost', 'www.example.com']
                     ca: self-sign
-                    group: cockpit-ws
+                    group: "{{ __cockpit_test_group }}"
 
             # ostree cannot remove packages and cannot cleanup properly
             # this works around that issue

diff --git a/tests/tests_certificate_internal.yml b/tests/tests_certificate_internal.yml
@@ -9,14 +9,26 @@
         - name: >-
             Install cockpit using the certificate role to create a certificate
           block:
+            # install cockpit package to get group
+            - name: Include role
+              include_role:
+                name: linux-system-roles.cockpit
+                public: true
+              vars:
+                cockpit_packages: minimal
+
+            # returns global variable __cockpit_test_group
+            - name: Get name of cockpit group to use
+              include_tasks: tasks/get_cockpit_group.yml
+
             - name: Install cockpit with cockpit_certificates request
               vars:
                 cockpit_packages: minimal
                 cockpit_certificates:
                   - name: "{{ cert_name }}"
                     dns: ['localhost', 'www.example.com']
                     ca: self-sign
-                    group: cockpit-ws
+                    group: "{{ __cockpit_test_group }}"
               include_role:
                 name: linux-system-roles.cockpit
                 public: true

diff --git a/tests/tests_certificate_runafter.yml b/tests/tests_certificate_runafter.yml
@@ -24,6 +24,10 @@
         setype: cert_t
         mode: "0755"
 
+    # returns global variable __cockpit_test_group
+    - name: Get name of cockpit group to use
+      include_tasks: tasks/get_cockpit_group.yml
+
     # has to be done dynamically, as the first step checks it out
     - name: Generate certificate with certificate system role
       include_role:
@@ -34,7 +38,7 @@
           - name: monger-cockpit
             dns: ['localhost', 'www.example.com']
             ca: local
-            group: cockpit-ws
+            group: "{{ __cockpit_test_group }}"
             # ideally we'd put the cert directly into /etc/cockpit/ws-certs.d;
             # however, cockpit in RHEL/CentOS 7 does not yet support a separate
             # key file, and lsr.certificate sets wrong permissions
@@ -44,7 +48,7 @@
               cat {{ __certificate_default_directory }}/certs/monger-cockpit.crt \
               {{ __certificate_default_directory }}/private/monger-cockpit.key > $DEST
               chmod 640 $DEST
-              chown root:cockpit-ws $DEST
+              chown root:{{ __cockpit_test_group }} $DEST
 
     - name: Validate installation
       block: