diff options
Diffstat (limited to 'test/integration/targets/become_unprivileged/common_remote_group')
3 files changed, 114 insertions, 0 deletions
diff --git a/test/integration/targets/become_unprivileged/common_remote_group/cleanup.yml b/test/integration/targets/become_unprivileged/common_remote_group/cleanup.yml new file mode 100644 index 0000000..41784fc --- /dev/null +++ b/test/integration/targets/become_unprivileged/common_remote_group/cleanup.yml @@ -0,0 +1,35 @@ +- name: Cleanup (as root) + hosts: ssh + gather_facts: yes + remote_user: root + tasks: + - name: Remove group for unprivileged users + group: + name: commongroup + state: absent + + - name: Check if /usr/bin/setfacl exists + stat: + path: /usr/bin/setfacl + register: usr_bin_setfacl + + - name: Check if /bin/setfacl exists + stat: + path: /bin/setfacl + register: bin_setfacl + + - name: Set path to setfacl + set_fact: + setfacl_path: /usr/bin/setfacl + when: usr_bin_setfacl.stat.exists + + - name: Set path to setfacl + set_fact: + setfacl_path: /bin/setfacl + when: bin_setfacl.stat.exists + + - name: chmod +x setfacl + file: + path: "{{ setfacl_path }}" + mode: a+x + when: setfacl_path is defined diff --git a/test/integration/targets/become_unprivileged/common_remote_group/setup.yml b/test/integration/targets/become_unprivileged/common_remote_group/setup.yml new file mode 100644 index 0000000..1e799c4 --- /dev/null +++ b/test/integration/targets/become_unprivileged/common_remote_group/setup.yml @@ -0,0 +1,43 @@ +- name: Prep (as root) + hosts: ssh + gather_facts: yes + remote_user: root + tasks: + - name: Create group for unprivileged users + group: + name: commongroup + + - name: Add them to the group + user: + name: "{{ item }}" + groups: commongroup + append: yes + with_items: + - unpriv1 + - unpriv2 + + - name: Check if /usr/bin/setfacl exists + stat: + path: /usr/bin/setfacl + register: usr_bin_setfacl + + - name: Check if /bin/setfacl exists + stat: + path: /bin/setfacl + register: bin_setfacl + + - name: Set path to setfacl + set_fact: + setfacl_path: /usr/bin/setfacl + when: usr_bin_setfacl.stat.exists + + - name: Set path to setfacl + set_fact: + setfacl_path: /bin/setfacl + when: bin_setfacl.stat.exists + + - name: chmod -x setfacl to disable it + file: + path: "{{ setfacl_path }}" + mode: a-x + when: setfacl_path is defined diff --git a/test/integration/targets/become_unprivileged/common_remote_group/test.yml b/test/integration/targets/become_unprivileged/common_remote_group/test.yml new file mode 100644 index 0000000..4bc51f8 --- /dev/null +++ b/test/integration/targets/become_unprivileged/common_remote_group/test.yml @@ -0,0 +1,36 @@ +- name: Tests for ANSIBLE_COMMON_REMOTE_GROUP functionality + hosts: ssh + gather_facts: yes + remote_user: unpriv1 + + tasks: + - name: foo + action: tmpdir + register: tmpdir + become_user: unpriv2 + become: yes + + - name: run whoami with become + command: whoami + register: whoami + become_user: unpriv2 + become: yes + + - set_fact: + stat_cmd: stat -c '%U %G' {{ tmpdir.tmpdir }}/* + when: ansible_distribution not in ['MacOSX', 'FreeBSD'] + + - set_fact: + stat_cmd: stat -f '%Su %Sg' {{ tmpdir.tmpdir }}/* + when: ansible_distribution in ['MacOSX', 'FreeBSD'] + + - name: Ensure we tested the right fallback + shell: "{{ stat_cmd }}" + register: stat + become_user: unpriv2 + become: yes + + - assert: + that: + - whoami.stdout == "unpriv2" + - stat.stdout == 'unpriv1 commongroup' |