[stable-2.7] -Fix: The Ubuntu 14.04 image on Shippable runs an old version of python, causing issues with checking out bitbucket, adjust tests to compensate. (#49433)

-Add: Mention bitbucket dropping TLSv1 and TLSv1.1 support as per 01 Dec 2018, potentially causing issues with older clients.
(cherry picked from commit a6db7f7abd)

Co-authored-by: Xaroth <xaroth+github@xaroth.nl>
This commit is contained in:
Xaroth 2018-12-03 13:35:58 +01:00 committed by Toshio Kuratomi
parent aed38b12cd
commit 99612b8224
3 changed files with 114 additions and 72 deletions

View file

@ -70,6 +70,9 @@ notes:
SSH will prompt user to authorize the first contact with a remote host. To avoid this prompt, SSH will prompt user to authorize the first contact with a remote host. To avoid this prompt,
one solution is to add the remote host public key in C(/etc/ssh/ssh_known_hosts) before calling one solution is to add the remote host public key in C(/etc/ssh/ssh_known_hosts) before calling
the hg module, with the following command: ssh-keyscan remote_host.com >> /etc/ssh/ssh_known_hosts." the hg module, with the following command: ssh-keyscan remote_host.com >> /etc/ssh/ssh_known_hosts."
- As per 01 Dec 2018, Bitbucket has dropped support for TLSv1 and TLSv1.1 connections. As such,
if the underlying system still uses a Python version below 2.7.9, you will have issues checking out
bitbucket repositories. See U(https://bitbucket.org/blog/deprecating-tlsv1-tlsv1-1-2018-12-01).
''' '''
EXAMPLES = ''' EXAMPLES = '''

View file

@ -21,79 +21,32 @@
register: has_hg register: has_hg
ignore_errors: yes ignore_errors: yes
- name: install mercurial - name: warn if the underlying system is not capable of running these tests
debug:
msg: >-
The mercurial client is not able to check out Bitbucket repositories as per the changes mentioned here:
https://bitbucket.org/blog/deprecating-tlsv1-tlsv1-1-2018-12-01 . Therefore these tests are skipped.
when: (ansible_distribution == "Ubuntu" and ansible_distribution_version == "14.04") or ansible_python_version is version("2.7.9", "<")
- block:
- name: install mercurial
include_tasks: install.yml include_tasks: install.yml
when: has_hg is failed when: has_hg is failed
- name: set where to extract the repo - name: test mercurial
set_fact: checkout_dir={{ output_dir }}/epdb include_tasks: run-tests.yml
- name: set what repo to use - name: uninstall mercurial
set_fact: repo=https://bitbucket.org/rpathsync/epdb
- name: clean out the output_dir
shell: rm -rf {{ output_dir }}/*
- name: verify that mercurial is installed so this test can continue
shell: which hg
- name: initial checkout
hg: repo={{ repo }} dest={{ checkout_dir }}
register: hg_result
- debug: var=hg_result
#- shell: ls ~/ansible_testing/epdb
- shell: ls {{ checkout_dir }}
- name: verify information about the initial clone
assert:
that:
- "'before' in hg_result"
- "'after' in hg_result"
- "not hg_result.before"
- "hg_result.changed"
- name: repeated checkout
hg: repo={{ repo }} dest={{ checkout_dir }}
register: hg_result2
- debug: var=hg_result2
- name: check for tags
stat: path={{ checkout_dir }}/.hgtags
register: tags
- name: check for remotes
stat: path={{ checkout_dir }}/.hg/branch
register: branches
- debug: var=tags
- debug: var=branches
- name: assert presence of tags/trunk/branches
assert:
that:
- "tags.stat.isreg"
- "branches.stat.isreg"
- name: verify on a reclone things are marked unchanged
assert:
that:
- "not hg_result2.changed"
- name: Checkout non-existent repo clone
hg: repo=https://bitbucket.org/pyro46/pythonscript_1 clone=no update=no
register: hg_result3
ignore_errors: true
- name: Verify result of non-existent repo clone
assert:
that:
- hg_result3.msg
- "'abort: HTTP Error 404: Not Found' in hg_result3.msg"
- "not hg_result3.changed"
- name: uninstall mercurial
include_tasks: uninstall.yml include_tasks: uninstall.yml
when: has_hg is failed when: has_hg is failed
# As per the bitbucket changes in https://bitbucket.org/blog/deprecating-tlsv1-tlsv1-1-2018-12-01 , this
# test will fail under certain circumstances, to avoid false positives, we skip these tests under the following
# circumstances:
#
# - The ubuntu 14.04 image used on shippable runs python 2.7.6, so we skip explicitly for this image.
# - When ansible_python_version is not 2.7.9 or higher, mercurial is likely to also run using this same (old)
# python version, which causes issues as per the link above.
when:
- not (ansible_distribution == "Ubuntu" and ansible_distribution_version == "14.04")
- ansible_python_version is version("2.7.9", ">=")

View file

@ -0,0 +1,86 @@
# test code for the hg module
# (c) 2018, Ansible Project
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: set where to extract the repo
set_fact: checkout_dir={{ output_dir }}/epdb
- name: set what repo to use
set_fact: repo=https://bitbucket.org/rpathsync/epdb
- name: clean out the output_dir
shell: rm -rf {{ output_dir }}/*
- name: verify that mercurial is installed so this test can continue
shell: which hg
- name: initial checkout
hg: repo={{ repo }} dest={{ checkout_dir }}
register: hg_result
- debug: var=hg_result
- shell: ls {{ checkout_dir }}
- name: verify information about the initial clone
assert:
that:
- "'before' in hg_result"
- "'after' in hg_result"
- "not hg_result.before"
- "hg_result.changed"
- name: repeated checkout
hg: repo={{ repo }} dest={{ checkout_dir }}
register: hg_result2
- debug: var=hg_result2
- name: check for tags
stat: path={{ checkout_dir }}/.hgtags
register: tags
- name: check for remotes
stat: path={{ checkout_dir }}/.hg/branch
register: branches
- debug: var=tags
- debug: var=branches
- name: assert presence of tags/trunk/branches
assert:
that:
- "tags.stat.isreg"
- "branches.stat.isreg"
- name: verify on a reclone things are marked unchanged
assert:
that:
- "not hg_result2.changed"
- name: Checkout non-existent repo clone
hg: repo=https://bitbucket.org/pyro46/pythonscript_1 clone=no update=no
register: hg_result3
ignore_errors: true
- name: Verify result of non-existent repo clone
assert:
that:
- hg_result3.msg
- "'abort: HTTP Error 404: Not Found' in hg_result3.msg"
- "not hg_result3.changed"