# Test setting epoch 0 expiration when creating a new account, then removing the expiry # https://github.com/ansible/ansible/issues/47114 - name: Remove ansibulluser user: name: ansibulluser state: absent - name: Create user account with epoch 0 expiration user: name: ansibulluser state: present expires: 0 register: user_test_expires_create0_1 - name: Create user account with epoch 0 expiration again user: name: ansibulluser state: present expires: 0 register: user_test_expires_create0_2 - name: Change the user account to remove the expiry time user: name: ansibulluser expires: -1 register: user_test_remove_expires_1 - name: Change the user account to remove the expiry time again user: name: ansibulluser expires: -1 register: user_test_remove_expires_2 - name: Verify un expiration date for Linux block: - name: LINUX | Ensure changes were made appropriately assert: msg: Creating an account with 'expries=0' then removing that expriation with 'expires=-1' resulted in incorrect changes that: - user_test_expires_create0_1 is changed - user_test_expires_create0_2 is not changed - user_test_remove_expires_1 is changed - user_test_remove_expires_2 is not changed - name: LINUX | Get expiration date for ansibulluser getent: database: shadow key: ansibulluser - name: LINUX | Ensure proper expiration date was set assert: msg: "expiry is supposed to be empty or -1, not {{ getent_shadow['ansibulluser'][6] }}" that: - not getent_shadow['ansibulluser'][6] or getent_shadow['ansibulluser'][6] | int < 0 when: ansible_facts.os_family in ['RedHat', 'Debian', 'Suse'] - name: Verify proper expiration behavior for BSD block: - name: BSD | Ensure changes were made appropriately assert: msg: Creating an account with 'expries=0' then removing that expriation with 'expires=-1' resulted in incorrect changes that: - user_test_expires_create0_1 is changed - user_test_expires_create0_2 is not changed - user_test_remove_expires_1 is not changed - user_test_remove_expires_2 is not changed when: ansible_facts.os_family == 'FreeBSD' # Test expiration with a very large negative number. This should have the same # result as setting -1. - name: Set expiration date using very long negative number user: name: ansibulluser state: present expires: -2529881062 register: user_test_expires5 - name: Ensure no change was made assert: that: - user_test_expires5 is not changed - name: Verify un expiration date for Linux block: - name: LINUX | Get expiration date for ansibulluser getent: database: shadow key: ansibulluser - name: LINUX | Ensure proper expiration date was set assert: msg: "expiry is supposed to be empty or -1, not {{ getent_shadow['ansibulluser'][6] }}" that: - not getent_shadow['ansibulluser'][6] or getent_shadow['ansibulluser'][6] | int < 0 when: ansible_facts.os_family in ['RedHat', 'Debian', 'Suse'] - name: Verify un expiration date for BSD block: - name: BSD | Get expiration date for ansibulluser shell: 'grep ansibulluser /etc/master.passwd | cut -d: -f 7' changed_when: no register: bsd_account_expiration - name: BSD | Ensure proper expiration date was set assert: msg: "expiry is supposed to be '0', not {{ bsd_account_expiration.stdout }}" that: - bsd_account_expiration.stdout == '0' when: ansible_facts.os_family == 'FreeBSD'