## Check local mode # Even if we don't have a system that is bound to a directory, it's useful # to run with local: true to exercise the code path that reads through the local # user database file. # https://github.com/ansible/ansible/issues/50947 - name: Create /etc/gshadow file: path: /etc/gshadow state: touch when: ansible_facts.os_family == 'Suse' tags: - user_test_local_mode - name: Create /etc/libuser.conf file: path: /etc/libuser.conf state: touch when: - ansible_facts.distribution == 'Ubuntu' - ansible_facts.distribution_major_version is version_compare('16', '==') tags: - user_test_local_mode - name: Ensure luseradd is present action: "{{ ansible_facts.pkg_mgr }}" args: name: libuser state: present when: ansible_facts.system in ['Linux'] tags: - user_test_local_mode - name: Create local account that already exists to check for warning user: name: root local: yes register: local_existing tags: - user_test_local_mode - name: Create local_ansibulluser user: name: local_ansibulluser state: present local: yes register: local_user_test_1 tags: - user_test_local_mode - name: Create local_ansibulluser again user: name: local_ansibulluser state: present local: yes register: local_user_test_2 tags: - user_test_local_mode - name: Remove local_ansibulluser user: name: local_ansibulluser state: absent remove: yes local: yes register: local_user_test_remove_1 tags: - user_test_local_mode - name: Remove local_ansibulluser again user: name: local_ansibulluser state: absent remove: yes local: yes register: local_user_test_remove_2 tags: - user_test_local_mode - name: Create test groups group: name: "{{ item }}" loop: - testgroup1 - testgroup2 - testgroup3 - testgroup4 - testgroup5 - local_ansibulluser tags: - user_test_local_mode - name: Create local_ansibulluser with groups user: name: local_ansibulluser state: present local: yes groups: ['testgroup1', 'testgroup2'] register: local_user_test_3 ignore_errors: yes tags: - user_test_local_mode - name: Append groups for local_ansibulluser user: name: local_ansibulluser state: present local: yes groups: ['testgroup3', 'testgroup4'] append: yes register: local_user_test_4 ignore_errors: yes tags: - user_test_local_mode - name: Test append without groups for local_ansibulluser user: name: local_ansibulluser state: present append: yes register: local_user_test_5 ignore_errors: yes tags: - user_test_local_mode - name: Assign named group for local_ansibulluser user: name: local_ansibulluser state: present local: yes group: testgroup5 register: local_user_test_6 tags: - user_test_local_mode # If we don't re-assign, then "Set user expiration" will # fail. - name: Re-assign named group for local_ansibulluser user: name: local_ansibulluser state: present local: yes group: local_ansibulluser ignore_errors: yes tags: - user_test_local_mode - name: Remove local_ansibulluser again user: name: local_ansibulluser state: absent remove: yes local: yes tags: - user_test_local_mode - name: Remove test groups group: name: "{{ item }}" state: absent loop: - testgroup1 - testgroup2 - testgroup3 - testgroup4 - testgroup5 - local_ansibulluser tags: - user_test_local_mode - name: Ensure local user accounts were created and removed properly assert: that: - local_user_test_1 is changed - local_user_test_2 is not changed - local_user_test_3 is changed - local_user_test_4 is changed - local_user_test_6 is changed - local_user_test_remove_1 is changed - local_user_test_remove_2 is not changed tags: - user_test_local_mode - name: Ensure warnings were displayed properly assert: that: - local_user_test_1['warnings'] | length > 0 - local_user_test_1['warnings'] | first is search('The local user account may already exist') - local_user_test_5['warnings'] is search("'append' is set, but no 'groups' are specified. Use 'groups'") - local_existing['warnings'] is not defined when: ansible_facts.system in ['Linux'] tags: - user_test_local_mode - name: Test expires for local users import_tasks: test_local_expires.yml