Bug 2100251

Here is the error:

TASK [linux-system-roles.crypto_policies : Find out what is the currently active policy] ***
task path: /home/rmeggins/linux-system-roles/crypto_policies/tests/roles/linux-system-roles.crypto_policies/tasks/gather_facts.yml:3
Wednesday 22 June 2022  14:47:15 -0600 (0:00:00.027)       0:00:04.041 ********
ok: [/home/rmeggins/.cache/linux-system-roles/rhel-8-y.qcow2.snap] => {
    "changed": false,
    "cmd": [
        "update-crypto-policies",
        "--show"
    ],
    "delta": "0:00:00.067432",
    "end": "2022-06-22 16:47:15.658127",
    "rc": 0,
    "start": "2022-06-22 16:47:15.590695"
}

STDOUT:

FUTURE

...

TASK [linux-system-roles.crypto_policies : Set current policy fact] ************
task path: /home/rmeggins/linux-system-roles/crypto_policies/tests/roles/linux-system-roles.crypto_policies/tasks/gather_facts.yml:9
Wednesday 22 June 2022  14:47:15 -0600 (0:00:00.460)       0:00:04.501 ********
ok: [/home/rmeggins/.cache/linux-system-roles/rhel-8-y.qcow2.snap] => {
    "ansible_facts": {
        "crypto_policies_active": "FUTURE"
    },
    "changed": false
}
META: role_complete for /home/rmeggins/.cache/linux-system-roles/rhel-8-y.qcow2.snap

...


TASK [Check the current policy is DEFAULT and common variables] ****************
task path: /home/rmeggins/linux-system-roles/crypto_policies/tests/tests_default.yml:13
Wednesday 22 June 2022  14:47:16 -0600 (0:00:00.009)       0:00:04.556 ********
fatal: [/home/rmeggins/.cache/linux-system-roles/rhel-8-y.qcow2.snap]: FAILED! => {
    "assertion": "crypto_policies_active == 'DEFAULT'",
    "changed": false,
    "evaluated_to": false
}

MSG:

Assertion failed

Not sure how it happened that your crypto policy is future. Either some previous test that failed to clean up left it in this state or something weird is going on there.

In any case, Alex took the crypto policies role so I reassigned the bug.

(In reply to Jakub Jelen from comment #2)
> Not sure how it happened that your crypto policy is future. Either some
> previous test that failed to clean up left it in this state or something
> weird is going on there.

Yes, that's it - the test does not reset the state of the system.  We recently changed our testing to use a single VM for each set of tests, rather than for each test playbook.  This means each test needs to reset the system so that the next test can complete.  Something like this:

tests_something.yml

block:
  - include_role with given vars

  - verify settings were applied correctly
always:
  - reset system to default settings
    tags:
      - tests::cleanup

We tag the cleanup/reset tasks so that we can skip them if we are using the VM per-test
 
> In any case, Alex took the crypto policies role so I reassigned the bug.

Ok.  Alex, I think a couple of the crypto policies tests need to be changed - not all of them - tests_reboot.yml and a couple of other ones.

That complicates matters around quite a lot around crypto_policies_reboot_required

I've tried to follow your guidance in https://github.com/linux-system-roles/crypto_policies/pull/42

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:8117