mirror of
https://github.com/trailofbits/algo.git
synced 2025-09-02 10:03:01 +02:00
146e2dcf24
* fix: Fix IPv6 address selection on BSD systems (#1843) BSD systems return IPv6 addresses in the order they were added to the interface, not sorted by scope like Linux. This causes ansible_default_ipv6 to contain link-local addresses (fe80::) with interface suffixes (%em0) instead of global addresses, breaking certificate generation. This fix: - Adds a new task file to properly select global IPv6 addresses on BSD - Filters out link-local addresses and interface suffixes - Falls back to ansible_all_ipv6_addresses when needed - Ensures certificates are generated with valid global IPv6 addresses The workaround is implemented in Algo rather than waiting for the upstream Ansible issue (#16977) to be fixed, which has been open since 2016. Fixes #1843 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * chore: Remove duplicate condition in BSD IPv6 facts Removed redundant 'global_ipv6_address is not defined' condition that was checked twice in the same when clause. * improve: simplify regex for IPv6 interface suffix removal Change regex from '(.*)%.*' to '%.*' for better readability and performance when stripping interface suffixes from IPv6 addresses. The simplified regex is equivalent but more concise and easier to understand. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: resolve yamllint trailing spaces in BSD IPv6 test Remove trailing spaces from test_bsd_ipv6.yml to ensure CI passes 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: resolve yamllint issues across repository - Remove trailing spaces from server.yml, WireGuard test files, and keys.yml - Add missing newlines at end of test files - Ensure all YAML files pass yamllint validation for CI 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
65 lines
2 KiB
YAML
65 lines
2 KiB
YAML
---
|
|
# CRITICAL TEST: WireGuard Async Structure Debugging
|
|
# ==================================================
|
|
# This test validates the complex triple-nested data structure created by:
|
|
# async + register + loop -> async_status + register + loop
|
|
#
|
|
# DO NOT DELETE: This test prevented production deployment failures by revealing
|
|
# that the access pattern is item.item.item (not item.item as initially assumed).
|
|
#
|
|
# Run with: ansible-playbook tests/test-wireguard-real-async.yml -v
|
|
# Purpose: Debug and validate the async result structure when using with_items
|
|
- name: Test real WireGuard async pattern
|
|
hosts: localhost
|
|
gather_facts: no
|
|
vars:
|
|
test_users: ["testuser1", "testuser2"]
|
|
IP_subject_alt_name: "127.0.0.1"
|
|
wireguard_pki_path: "/tmp/test-real-wireguard"
|
|
|
|
tasks:
|
|
- name: Create test directory
|
|
file:
|
|
path: "{{ wireguard_pki_path }}/private"
|
|
state: directory
|
|
mode: '0700'
|
|
|
|
- name: Simulate the actual async pattern - Generate keys (parallel)
|
|
command: echo "mock_private_key_for_{{ item }}"
|
|
register: wg_genkey
|
|
with_items:
|
|
- "{{ test_users }}"
|
|
- "{{ IP_subject_alt_name }}"
|
|
async: 10
|
|
poll: 0
|
|
|
|
- name: Debug - Show wg_genkey structure
|
|
debug:
|
|
var: wg_genkey
|
|
|
|
- name: Simulate the actual async pattern - Wait for completion
|
|
async_status:
|
|
jid: "{{ item.ansible_job_id }}"
|
|
with_items: "{{ wg_genkey.results }}"
|
|
register: wg_genkey_results
|
|
until: wg_genkey_results.finished
|
|
retries: 15
|
|
delay: 1
|
|
|
|
- name: Debug - Show wg_genkey_results structure (the real issue)
|
|
debug:
|
|
var: wg_genkey_results
|
|
|
|
- name: Try to save using the current failing pattern
|
|
copy:
|
|
dest: "{{ wireguard_pki_path }}/private/{{ item.item }}"
|
|
content: "{{ item.stdout }}"
|
|
mode: "0600"
|
|
when: item.changed
|
|
with_items: "{{ wg_genkey_results.results }}"
|
|
ignore_errors: true
|
|
|
|
- name: Cleanup
|
|
file:
|
|
path: "{{ wireguard_pki_path }}"
|
|
state: absent
|