Fix/advanced ldap filters (#252)

* Fix quoting in template and quote if "!" is in chars * add icingaweb2_groups syntax for testing * added molecule test for ini_templating * added pyinilint as ini validator
Icinga · Jan 4, 2024 · b93d146 · b93d146
1 parent 12c4ac1
commit b93d146
Show file tree

Hide file tree

Showing 10 changed files with 182 additions and 4 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -12,8 +12,7 @@ on:
     paths:
       - roles/**
       - plugins/**
-      - molecule/**
-      - tests/**
+      - molecule/default/**
   pull_request:
     branches:
       - 'feature/**'

diff --git a/.github/workflows/test_icingaweb2_ini_template.yml b/.github/workflows/test_icingaweb2_ini_template.yml
@@ -0,0 +1,62 @@
+name: Icingaweb2 Templates
+on:
+  push:
+    tags:
+      - '*'
+    branches:
+      - main
+      - 'feature/**'
+      - 'fix/**'
+      - '!doc/**'
+    paths:
+      - 'roles/icingaweb2/templates/**'
+      - 'molecule/ini-configuration-tests/**'
+  pull_request:
+    branches:
+      - 'feature/**'
+      - 'fix/**'
+      - '!doc/**'
+
+jobs:
+  test_ini_template:
+    runs-on: ubuntu-latest
+
+    env:
+      COLLECTION_NAMESPACE: icinga
+      COLLECTION_NAME: icinga
+
+    strategy:
+      fail-fast: false
+      max-parallel: 1
+      matrix:
+        distro: [ubuntu2204]
+        python: ['3.9', '3.10']
+        ansible: ['2.13.10', '2.14.7']
+        scenario: [ini-configuration-tests]
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python }}
+
+      - name: Install dependencies ansible
+        run: |
+          python3 -m pip install --upgrade pip
+          python3 -m pip install -r requirements-test-${{ matrix.ansible }}.txt
+
+      - name: Install collection
+        run: |
+          mkdir -p ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE
+          cp -a ../ansible-collection-$COLLECTION_NAME ~/.ansible/collections/ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME
+
+      - name: Test with molecule
+        run: |
+          ansible --version
+          molecule --version
+          molecule test -s ${{ matrix.scenario }}
+        env:
+          MOLECULE_DISTRO: ${{ matrix.distro }}
diff --git a/changelogs/fragments/fix_advanced_ldap_filters.yml b/changelogs/fragments/fix_advanced_ldap_filters.yml
@@ -0,0 +1,3 @@
+bugfixes:
+  - "Fix quoting for ! in templating Issue #208"
+  - "Replaced quote filter from ini template"
diff --git a/changelogs/fragments/minor_changes.yml b/changelogs/fragments/minor_changes.yml
@@ -2,3 +2,6 @@
 bugfixes:
   - "icingaweb2: run pqslcmd with LANG=C to ensure the output is in english."
   - remove superfluous curly brace (#246)
+minor_changes:
+  - added tests for icingaweb2 ini template
+  - added pyinilint as ini validator after templates
diff --git a/molecule/ini-configuration-tests/collections.yml b/molecule/ini-configuration-tests/collections.yml
@@ -0,0 +1,4 @@
+collections:
+  - name: community.docker
+  - name: community.general
+    version: ">=2,<3"
diff --git a/molecule/ini-configuration-tests/converge.yml b/molecule/ini-configuration-tests/converge.yml
@@ -0,0 +1,46 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    test_cases:
+      -  name: string
+         _i2_config_hash:
+           section:
+             test: string
+      -  name: number
+         _i2_config_hash:
+           section:
+             test: 10
+      -  name: advanced_filter
+         _i2_config_hash:
+           section:
+             test: '!(objectClass=user)'
+             test2: "!(objectClass=user)"
+             test3: "!attribute"
+      -  name: list
+         _i2_config_hash:
+           section:
+             test:
+               - "foo"
+               - bar
+               - 'baz'
+      -  name: equal_sign
+         _i2_config_hash:
+           section:
+             test: equal=sign
+
+
+  collections:
+    - icinga.icinga
+  tasks:
+    - ansible.builtin.pip:
+        name: pyinilint
+        state: present
+
+    - ansible.builtin.template:
+        src: "{{ lookup('ansible.builtin.env', 'MOLECULE_PROJECT_DIRECTORY', default=Undefined) }}/roles/icingaweb2/templates/modules_config.ini.j2"
+        dest: "/tmp/{{ item.name }}"
+        validate: pyinilint %s
+      loop: "{{ test_cases }}"
+      vars:
+        _i2_config_hash: "{{ item._i2_config_hash }}"
diff --git a/molecule/ini-configuration-tests/molecule.yml b/molecule/ini-configuration-tests/molecule.yml
@@ -0,0 +1,26 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: icinga-default
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest"
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  inventory:
+    link:
+      host_vars: host_vars/
+verifier:
+  name: testinfra
+  directory: tests/integration/
+lint: |
+  set -e
+  yamllint --no-warnings roles/
+  ansible-lint roles/
diff --git a/molecule/ini-configuration-tests/tests/integration/test_ini_config.py b/molecule/ini-configuration-tests/tests/integration/test_ini_config.py
@@ -0,0 +1,29 @@
+def test_string(host):
+    i2_file = host.file("/tmp/string")
+    print(i2_file.content_string)
+    assert i2_file.is_file
+    assert i2_file.content_string == "\n[section]\ntest = string\n"
+
+def test_number(host):
+    i2_file = host.file("/tmp/number")
+    print(i2_file.content_string)
+    assert i2_file.is_file
+    assert i2_file.content_string == '\n[section]\ntest = "10"\n'
+
+def test_list(host):
+    i2_file = host.file("/tmp/list")
+    print(i2_file.content_string)
+    assert i2_file.is_file
+    assert i2_file.content_string == '\n[section]\ntest = "foo, bar, baz"\n'
+
+def test_advanced_filter(host):
+    i2_file = host.file("/tmp/advanced_filter")
+    print(i2_file.content_string)
+    assert i2_file.is_file
+    assert i2_file.content_string == "\n[section]\ntest = '!(objectClass=user)'\ntest2 = '!(objectClass=user)'\ntest3 = '!attribute'\n"
+
+def test_equal_sign(host):
+    i2_file = host.file("/tmp/equal_sign")
+    print(i2_file.content_string)
+    assert i2_file.is_file
+    assert i2_file.content_string == "\n[section]\ntest = 'equal=sign'\n"
diff --git a/molecule/local-default/converge.yml b/molecule/local-default/converge.yml
@@ -5,6 +5,12 @@
     ansible.builtin.apt:
       cache_valid_time: 3600
   vars:
+    icingaweb2_groups:
+      icingaweb2_group_ldap:
+        resource: icingaweb2_ldap
+        user_backend: icingaweb2_user_ldap
+        group_class: group
+        group_filter: '!(objectClass=user)'
     icingaweb2_resources:
       director_db:
         type: db

diff --git a/roles/icingaweb2/templates/ini_template.j2 b/roles/icingaweb2/templates/ini_template.j2
@@ -7,8 +7,8 @@
 {{ option }} = "{{ value }}"
 {% elif value is iterable and (value is not string and value is not mapping) %}
 {{ option }} = "{{ value | join(', ') }}"
-{% elif value is string and "=" in value %}
-{{ option }} = "{{ value | quote }}"
+{% elif ( value is string and ( "=" in value or "!" in value ) )%}
+{{ option }} = '{{ value }}'
 {% else %}
 {{ option }} = {{ value }}
 {% endif %}