blob: 71317f9c29dbd12f29166e24f893f67fb6df8fdb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
- hosts: testhost
gather_facts: no
tasks:
- name: make sure the test user is available
include_role:
name: setup_test_user
- name: verify AnsibleModule works when cwd is missing
test_cwd_missing:
register: missing
- name: record the mode of the connection user's home directory
stat:
path: "~"
vars:
ansible_become: no
register: connection_user_home
- name: limit access to the connection user's home directory
file:
state: directory
path: "{{ connection_user_home.stat.path }}"
mode: "0700"
vars:
ansible_become: no
- block:
- name: verify AnsibleModule works when cwd is unreadable
test_cwd_unreadable:
register: unreadable
vars: &test_user_become
ansible_become: yes
ansible_become_user: "{{ test_user_name }}" # root can read cwd regardless of permissions, so a non-root user is required here
ansible_become_password: "{{ test_user_plaintext_password }}"
always:
- name: restore access to the connection user's home directory
file:
state: directory
path: "{{ connection_user_home.stat.path }}"
mode: "{{ connection_user_home.stat.mode }}"
vars:
ansible_become: no
- name: get real path of home directory of the unprivileged user
raw: "{{ ansible_python_interpreter }} -c 'import os.path; print(os.path.realpath(os.path.expanduser(\"~\")))'"
register: home
vars: *test_user_become
- name: verify AnsibleModule was able to adjust cwd as expected
assert:
that:
- missing.before != missing.after
- unreadable.before != unreadable.after or unreadable.before == '/' or unreadable.before == home.stdout.strip() # allow / and $HOME fallback on macOS when using an unprivileged user
|