blob: d46b783d746a35ce22f4f79121651ef68d00bac0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
- block:
- name: Create a local temporary directory
shell: mktemp -d /tmp/ansible_test.XXXXXXXXX
register: tempfile_result
delegate_to: localhost
- set_fact:
local_temp_dir: '{{ tempfile_result.stdout }}'
remote_dir: '{{ remote_tmp_dir }}/copy'
symlinks:
ansible-test-abs-link: /tmp/ansible-test-abs-link
ansible-test-abs-link-dir: /tmp/ansible-test-abs-link-dir
circles: ../
invalid: invalid
invalid2: ../invalid
out_of_tree_circle: /tmp/ansible-test-link-dir/out_of_tree_circle
subdir3: ../subdir2/subdir3
bar.txt: ../bar.txt
- file: path={{local_temp_dir}} state=directory
name: ensure temp dir exists
# file cannot do this properly, use command instead
- name: Create symbolic link
command: "ln -s '{{ item.value }}' '{{ item.key }}'"
args:
chdir: '{{role_path}}/files/subdir/subdir1'
with_dict: "{{ symlinks }}"
delegate_to: localhost
- name: Create group for remote unprivileged user
group:
name: '{{ remote_unprivileged_user_group }}'
register: group
- name: Create remote unprivileged remote user
user:
name: '{{ remote_unprivileged_user }}'
group: '{{ remote_unprivileged_user_group }}'
register: user
- name: Check sudoers dir
stat:
path: /etc/sudoers.d
register: etc_sudoers
- name: Set sudoers.d path fact
set_fact:
sudoers_d_file: "{{ '/etc/sudoers.d' if etc_sudoers.stat.exists else '/usr/local/etc/sudoers.d' }}/{{ remote_unprivileged_user }}"
- name: Create sudoers file
copy:
dest: "{{ sudoers_d_file }}"
content: "{{ remote_unprivileged_user }} ALL=(ALL) NOPASSWD: ALL"
- file:
path: "{{ user.home }}/.ssh"
owner: '{{ remote_unprivileged_user }}'
state: directory
mode: 0700
- name: Duplicate authorized_keys
copy:
src: $HOME/.ssh/authorized_keys
dest: '{{ user.home }}/.ssh/authorized_keys'
owner: '{{ remote_unprivileged_user }}'
mode: 0600
remote_src: yes
- file:
path: "{{ remote_dir }}"
state: directory
remote_user: '{{ remote_unprivileged_user }}'
# execute tests tasks using an unprivileged user, this is useful to avoid
# local/remote ambiguity when controller and managed hosts are identical.
- import_tasks: tests.yml
remote_user: '{{ remote_unprivileged_user }}'
- import_tasks: acls.yml
when: ansible_system == 'Linux'
- import_tasks: selinux.yml
when: ansible_os_family == 'RedHat' and ansible_selinux.get('mode') == 'enforcing'
- import_tasks: setgid.yml
- import_tasks: no_log.yml
delegate_to: localhost
- import_tasks: check_mode.yml
# https://github.com/ansible/ansible/issues/57618
# https://github.com/ansible/ansible/issues/79749
- name: Test diff contents
copy:
content: 'Ansible managed\n'
dest: "{{ local_temp_dir }}/file.txt"
diff: yes
register: diff_output
- assert:
that:
- 'diff_output.diff[0].before == ""'
- '"Ansible managed" in diff_output.diff[0].after'
- '"file.txt" in diff_output.diff[0].after_header'
- name: tests with remote_src and non files
import_tasks: src_remote_file_is_not_file.yml
always:
- name: Cleaning
file:
path: '{{ local_temp_dir }}'
state: absent
delegate_to: localhost
- name: Remove symbolic link
file:
path: '{{ role_path }}/files/subdir/subdir1/{{ item.key }}'
state: absent
delegate_to: localhost
with_dict: "{{ symlinks }}"
- name: Remote unprivileged remote user
user:
name: '{{ remote_unprivileged_user }}'
state: absent
remove: yes
force: yes
- name: Remove group for remote unprivileged user
group:
name: '{{ remote_unprivileged_user_group }}'
state: absent
- name: Remove sudoers.d file
file:
path: "{{ sudoers_d_file }}"
state: absent
|
