From c566a7abf3fc6b941e8e673675b1291331813bcb Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Fri, 20 May 2022 23:03:54 +0200
Subject: [PATCH] Add RHEL 9.0, FreeBSD 13.1, Ubuntu 22.04 and Fedora 36 to CI
 (#456)

* Add RHEL 9.0 and FreeBSD 13.1 to CI.

* Add Ubuntu 22.04 and Fedora 36 to CI.

* Switch orders so that root doesn't have a SHA1 signature.

* Skip openssh_cert test on RHEL 9.0.

* Make it possible that pyOpenSSL isn't installed *at all*.

* Work with default.
---
 .azure-pipelines/azure-pipelines.yml          | 28 +++++-----
 .../tasks/existing.yml                        |  4 +-
 .../integration/targets/openssh_cert/aliases  |  1 +
 .../targets/openssl_pkcs12/tasks/main.yml     |  4 +-
 .../targets/setup_pyopenssl/defaults/main.yml |  1 +
 .../targets/setup_pyopenssl/tasks/main.yml    | 51 ++++++++++++-------
 .../targets/setup_pyopenssl/vars/RedHat-9.yml |  2 +
 .../targets/setup_python_info/vars/main.yml   |  4 ++
 8 files changed, 59 insertions(+), 36 deletions(-)
 create mode 100644 tests/integration/targets/setup_pyopenssl/defaults/main.yml
 create mode 100644 tests/integration/targets/setup_pyopenssl/vars/RedHat-9.yml

diff --git a/.azure-pipelines/azure-pipelines.yml b/.azure-pipelines/azure-pipelines.yml
index 164c0970..8b52cd89 100644
--- a/.azure-pipelines/azure-pipelines.yml
+++ b/.azure-pipelines/azure-pipelines.yml
@@ -126,16 +126,16 @@ stages:
           targets:
             - name: CentOS 7
               test: centos7
-            - name: Fedora 34
-              test: fedora34
             - name: Fedora 35
               test: fedora35
+            - name: Fedora 36
+              test: fedora36
             - name: openSUSE 15
               test: opensuse15
             - name: Ubuntu 18.04
               test: ubuntu1804
-            - name: Ubuntu 20.04
-              test: ubuntu2004
+            - name: Ubuntu 22.04
+              test: ubuntu2204
             - name: Alpine 3
               test: alpine3
   - stage: Docker_2_13
@@ -148,8 +148,10 @@ stages:
           targets:
             - name: openSUSE 15 py2
               test: opensuse15py2
-            - name: Ubuntu 18.04
-              test: ubuntu1804
+            - name: Fedora 34
+              test: fedora34
+            - name: Ubuntu 20.04
+              test: ubuntu2004
             - name: Alpine 3
               test: alpine3
   - stage: Docker_2_12
@@ -188,8 +190,6 @@ stages:
           targets:
             - name: CentOS 6
               test: centos6
-            - name: Fedora 31
-              test: fedora31
   - stage: Docker_2_9
     displayName: Docker 2.9
     dependsOn: []
@@ -232,12 +232,12 @@ stages:
               test: macos/12.0
             - name: RHEL 7.9
               test: rhel/7.9
-            - name: RHEL 8.5
-              test: rhel/8.5
+            - name: RHEL 9.0
+              test: rhel/9.0
             - name: FreeBSD 12.3
               test: freebsd/12.3
-            - name: FreeBSD 13.0
-              test: freebsd/13.0
+            - name: FreeBSD 13.1
+              test: freebsd/13.1
   - stage: Remote_2_13
     displayName: Remote 2.13
     dependsOn: []
@@ -250,6 +250,8 @@ stages:
               test: macos/12.0
             - name: RHEL 8.5
               test: rhel/8.5
+            - name: FreeBSD 13.0
+              test: freebsd/13.0
   - stage: Remote_2_12
     displayName: Remote 2.12
     dependsOn: []
@@ -270,8 +272,6 @@ stages:
         parameters:
           testFormat: 2.11/{0}/1
           targets:
-            - name: RHEL 7.9
-              test: rhel/7.9
             - name: RHEL 8.3
               test: rhel/8.3
             - name: FreeBSD 12.2
diff --git a/tests/integration/targets/certificate_complete_chain/tasks/existing.yml b/tests/integration/targets/certificate_complete_chain/tasks/existing.yml
index 15ccdd41..75af0270 100644
--- a/tests/integration/targets/certificate_complete_chain/tasks/existing.yml
+++ b/tests/integration/targets/certificate_complete_chain/tasks/existing.yml
@@ -130,11 +130,11 @@
 
 - name: Check failure when infinite loop is found
   certificate_complete_chain:
-    input_chain: '{{ lookup("file", "cert2-fullchain.pem", rstrip=True) }}'
+    input_chain: '{{ lookup("file", "cert1-fullchain.pem", rstrip=True) }}'
     intermediate_certificates:
     - '{{ remote_tmp_dir }}/files/roots.pem'
     root_certificates:
-    - '{{ remote_tmp_dir }}/files/cert1-chain.pem'
+    - '{{ remote_tmp_dir }}/files/cert2-chain.pem'
   register: cert2_infinite_loop
   ignore_errors: true
 - name: Verify failure
diff --git a/tests/integration/targets/openssh_cert/aliases b/tests/integration/targets/openssh_cert/aliases
index 6eae8bd8..d84d0772 100644
--- a/tests/integration/targets/openssh_cert/aliases
+++ b/tests/integration/targets/openssh_cert/aliases
@@ -1,2 +1,3 @@
 shippable/posix/group1
 destructive
+skip/rhel9.0  # TODO figure out why and fix
diff --git a/tests/integration/targets/openssl_pkcs12/tasks/main.yml b/tests/integration/targets/openssl_pkcs12/tasks/main.yml
index b9878c37..d3911cfb 100644
--- a/tests/integration/targets/openssl_pkcs12/tasks/main.yml
+++ b/tests/integration/targets/openssl_pkcs12/tasks/main.yml
@@ -65,7 +65,7 @@
       vars:
         select_crypto_backend: pyopenssl
 
-    when: pyopenssl_version.stdout is version('0.15', '>=')
+    when: (pyopenssl_version.stdout | default('0.0')) is version('0.15', '>=')
 
   - block:
     - name: Running tests with cryptography backend
@@ -75,4 +75,4 @@
 
     when: cryptography_version.stdout is version('3.0', '>=')
 
-  when: pyopenssl_version.stdout is version('0.15', '>=') or cryptography_version.stdout is version('3.0', '>=')
+  when: (pyopenssl_version.stdout | default('0.0')) is version('0.15', '>=') or cryptography_version.stdout is version('3.0', '>=')
diff --git a/tests/integration/targets/setup_pyopenssl/defaults/main.yml b/tests/integration/targets/setup_pyopenssl/defaults/main.yml
new file mode 100644
index 00000000..69a93c5f
--- /dev/null
+++ b/tests/integration/targets/setup_pyopenssl/defaults/main.yml
@@ -0,0 +1 @@
+has_pyopenssl: true
diff --git a/tests/integration/targets/setup_pyopenssl/tasks/main.yml b/tests/integration/targets/setup_pyopenssl/tasks/main.yml
index ec9c3961..9de6bea3 100644
--- a/tests/integration/targets/setup_pyopenssl/tasks/main.yml
+++ b/tests/integration/targets/setup_pyopenssl/tasks/main.yml
@@ -9,19 +9,31 @@
   block:
 
   - name: Include OS-specific variables
-    include_vars: '{{ ansible_os_family }}.yml'
+    include_vars: '{{ lookup("first_found", search) }}'
+    vars:
+      search:
+        files:
+        - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml'
+        - '{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml'
+        - '{{ ansible_distribution }}.yml'
+        - '{{ ansible_os_family }}.yml'
+        paths:
+        - vars
 
-  - name: Install pyOpenSSL (Python 3 from system packages)
-    become: true
-    package:
-      name: '{{ pyopenssl_package_name_python3 }}'
-    when: ansible_python_version is version('3.0', '>=')
+  - when: has_pyopenssl
+    block:
 
-  - name: Install pyOpenSSL (Python 2 from system packages)
-    become: true
-    package:
-      name: '{{ pyopenssl_package_name }}'
-    when: ansible_python_version is version('3.0', '<')
+    - name: Install pyOpenSSL (Python 3 from system packages)
+      become: true
+      package:
+        name: '{{ pyopenssl_package_name_python3 }}'
+      when: ansible_python_version is version('3.0', '>=')
+
+    - name: Install pyOpenSSL (Python 2 from system packages)
+      become: true
+      package:
+        name: '{{ pyopenssl_package_name }}'
+      when: ansible_python_version is version('3.0', '<')
 
 - name: Install from PyPi
   when: ansible_os_family == "Darwin" or not target_system_python
@@ -34,14 +46,17 @@
       state: "{{ 'latest' if not target_system_python_cannot_upgrade_cryptography else omit }}"
       extra_args: "-c {{ remote_constraints }}"
 
-- name: Register pyOpenSSL version
-  command: "{{ ansible_python.executable }} -c 'import OpenSSL; print(OpenSSL.__version__)'"
-  register: pyopenssl_version
+- when: has_pyopenssl
+  block:
 
-- name: Register pyOpenSSL debug details
-  command: "{{ ansible_python.executable }} -m OpenSSL.debug"
-  register: pyopenssl_debug_version
-  ignore_errors: yes
+  - name: Register pyOpenSSL version
+    command: "{{ ansible_python.executable }} -c 'import OpenSSL; print(OpenSSL.__version__)'"
+    register: pyopenssl_version
+
+  - name: Register pyOpenSSL debug details
+    command: "{{ ansible_python.executable }} -m OpenSSL.debug"
+    register: pyopenssl_debug_version
+    ignore_errors: yes
 
 # Depending on which pyOpenSSL version has been installed, it could be that cryptography has
 # been upgraded to a newer version. Make sure to register cryptography_version another time here
diff --git a/tests/integration/targets/setup_pyopenssl/vars/RedHat-9.yml b/tests/integration/targets/setup_pyopenssl/vars/RedHat-9.yml
new file mode 100644
index 00000000..971641eb
--- /dev/null
+++ b/tests/integration/targets/setup_pyopenssl/vars/RedHat-9.yml
@@ -0,0 +1,2 @@
+---
+has_pyopenssl: false
diff --git a/tests/integration/targets/setup_python_info/vars/main.yml b/tests/integration/targets/setup_python_info/vars/main.yml
index d6d7a221..5091dd59 100644
--- a/tests/integration/targets/setup_python_info/vars/main.yml
+++ b/tests/integration/targets/setup_python_info/vars/main.yml
@@ -43,11 +43,15 @@ system_python_version_data:
       - '3.8'
     '13.0':
       - '3.7'
+    '13.1':
+      - '3.8'
   RedHat:
     '7':
       - '2.7'
     '8':
       - '3.6'
+    '9.0':
+      - '3.9'
   Suse:
     '15':
       - '2.7'