test: add test cleanup, add flush_handlers

[richm]

Ensure tests cleanup after run

Do flush_handlers after running the role to ensure services are started
or restarted.

Signed-off-by: Rich Megginson rmeggins@redhat.com

Summary by Sourcery

Improve reliability and isolation of trustee_client integration tests by ensuring role handlers are flushed and test resources are cleaned up after each run.

Tests:

• Wrap existing trustee_client test tasks in blocks with standardized "Run the tests" structure and per-play cleanup sections.
• Add meta flush_handlers calls after running the role in tests so services started by handlers are available for assertions.
• Introduce a shared tests/tasks/cleanup.yml playbook to stop/disable trustee-related services, remove quadlet units, configs, and helper scripts, and reload systemd between tests.

[sourcery-ai]

Reviewer's Guide

Test playbooks for the trustee_client role are refactored to run inside guarded blocks with explicit handler flushing and a shared cleanup task, ensuring services started by the role are flushed, validated, and then reliably torn down after each test scenario.

File-Level Changes

Change	Details	Files
Wrap each test scenario in a block with an always cleanup section to ensure trustee_client resources are removed after tests.	Encapsulate main test tasks under a top-level 'Run the tests' block for each playbook. Add an always: section that includes a new tasks/cleanup.yml file tagged tests::cleanup. Gate cleanup execution on the same skip facts used for the associated test assertions where applicable.	tests/tests_encrypt_disk.yml tests/tests_kbs_config.yml tests/tests_default.yml tests/tests_trustee_gc_disabled.yml tests/tests_secret_registration_client.yml
Ensure role-managed services and handlers are flushed before assertions to make tests reliable.	Insert ansible.builtin.meta: flush_handlers after running the trustee_client role or tasks to guarantee handlers have executed before validations. In encrypt disk tests, flush handlers after include_tasks/run_role_with_clear_facts.yml or include_role/linux-system-roles.trustee_client conditions. In KBS-related and default/secret_registration tests, flush handlers before checking config files, packages, and systemd services.	tests/tests_encrypt_disk.yml tests/tests_kbs_config.yml tests/tests_default.yml tests/tests_trustee_gc_disabled.yml tests/tests_secret_registration_client.yml
Introduce a shared cleanup task file that stops/disables services and removes trustee_client artifacts created during tests.	Create tests/tasks/cleanup.yml to stop and disable trustee-gc pod services derived from quadlet .pod files. Stop and disable any services listed in __trustee_client_services with systemd, ignoring failures. Delete trustee-gc quadlet unit files, the /etc/trustee-gc config directory, the secret_registration_client script, and its systemd unit, then reload systemd. Guard filesystem operations with stat/find checks and safe handling when results are skipped or empty.	tests/tasks/cleanup.yml
Adjust role inclusions to mark them public so test tasks can interact with role-defined variables and handlers correctly.	Pass __sr_public: true when including tasks/run_role_with_clear_facts.yml in tests that rely on role facts or handlers. Set public: true on include_role calls for linux-system-roles.trustee_client where tests expect access to role outputs.	tests/tests_encrypt_disk.yml tests/tests_kbs_config.yml tests/tests_default.yml tests/tests_trustee_gc_disabled.yml tests/tests_secret_registration_client.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• The new tests/tasks/cleanup.yml assumes __trustee_client_quadlet_install_dir and __trustee_client_services are always defined; consider adding sane defaults or when guards so future tests that include cleanup.yml without running the role first don't fail with undefined-variable errors.
• Cleanup uses the systemd module unconditionally (including daemon_reload: true); it may be safer to guard these tasks with when: ansible_service_mgr == 'systemd' to avoid issues on non-systemd test targets.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The new `tests/tasks/cleanup.yml` assumes `__trustee_client_quadlet_install_dir` and `__trustee_client_services` are always defined; consider adding sane defaults or `when` guards so future tests that include `cleanup.yml` without running the role first don't fail with undefined-variable errors.
- Cleanup uses the `systemd` module unconditionally (including `daemon_reload: true`); it may be safer to guard these tasks with `when: ansible_service_mgr == 'systemd'` to avoid issues on non-systemd test targets.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[richm]

[citest]