blob: 02aae00399964e1493cf77141868d1224bc8dda9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
# test user add with password
- name: add an encrypted password for user
user:
name: ansibulluser
password: "$6$rounds=656000$TT4O7jz2M57npccl$33LF6FcUMSW11qrESXL1HX0BS.bsiT6aenFLLiVpsQh6hDtI9pJh5iY7x8J7ePkN4fP8hmElidHXaeD51pbGS."
state: present
update_password: always
register: test_user_encrypt0
- name: there should not be warnings
assert:
that: "'warnings' not in test_user_encrypt0"
# https://github.com/ansible/ansible/issues/65711
- name: Test updating password only on creation
user:
name: ansibulluser
password: '*'
update_password: on_create
register: test_user_update_password
- name: Ensure password was not changed
assert:
that:
- test_user_update_password is not changed
- name: Verify password hash for Linux
when: ansible_facts.os_family in ['RedHat', 'Debian', 'Suse']
block:
- name: LINUX | Get shadow entry for ansibulluser
getent:
database: shadow
key: ansibulluser
- name: LINUX | Ensure password hash was not removed
assert:
that:
- getent_shadow['ansibulluser'][1] != '*'
- name: Test plaintext warning
when: ansible_facts.system != 'Darwin'
block:
- name: add an plaintext password for user
user:
name: ansibulluser
password: "plaintextpassword"
state: present
update_password: always
register: test_user_encrypt1
- name: there should be a warning complains that the password is plaintext
assert:
that: "'warnings' in test_user_encrypt1"
- name: add an invalid hashed password
user:
name: ansibulluser
password: "$6$rounds=656000$tgK3gYTyRLUmhyv2$lAFrYUQwn7E6VsjPOwQwoSx30lmpiU9r/E0Al7tzKrR9mkodcMEZGe9OXD0H/clOn6qdsUnaL4zefy5fG+++++"
state: present
update_password: always
register: test_user_encrypt2
- name: there should be a warning complains about the character set of password
assert:
that: "'warnings' in test_user_encrypt2"
- name: change password to '!'
user:
name: ansibulluser
password: '!'
register: test_user_encrypt3
- name: change password to '*'
user:
name: ansibulluser
password: '*'
register: test_user_encrypt4
- name: change password to '*************'
user:
name: ansibulluser
password: '*************'
register: test_user_encrypt5
- name: there should be no warnings when setting the password to '!', '*' or '*************'
assert:
that:
- "'warnings' not in test_user_encrypt3"
- "'warnings' not in test_user_encrypt4"
- "'warnings' not in test_user_encrypt5"
|