blob: dd4f23dae959ea5d64047856446fe4b82f1178fa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
- name: Test password lock
when: ansible_facts.system in ['FreeBSD', 'OpenBSD', 'Linux']
block:
- name: Remove ansibulluser
user:
name: ansibulluser
state: absent
remove: yes
- name: Create ansibulluser with password and locked
user:
name: ansibulluser
password: "$6$rounds=656000$TT4O7jz2M57npccl$33LF6FcUMSW11qrESXL1HX0BS.bsiT6aenFLLiVpsQh6hDtI9pJh5iY7x8J7ePkN4fP8hmElidHXaeD51pbGS."
password_lock: yes
register: create_with_lock_1
- name: Create ansibulluser with password and locked again
user:
name: ansibulluser
password: "$6$rounds=656000$TT4O7jz2M57npccl$33LF6FcUMSW11qrESXL1HX0BS.bsiT6aenFLLiVpsQh6hDtI9pJh5iY7x8J7ePkN4fP8hmElidHXaeD51pbGS."
password_lock: yes
register: create_with_lock_2
- name: Ensure task reported changes appropriately
assert:
msg: The password_lock tasks did not make changes appropriately
that:
- create_with_lock_1 is changed
- create_with_lock_2 is not changed
- name: Verify account lock for BSD
when: ansible_facts.system in ['FreeBSD', 'OpenBSD']
block:
- name: BSD | Get account status
shell: "{{ status_command[ansible_facts['system']] }}"
register: account_status_locked
- name: FreeBSD | Ensure account is locked
assert:
that:
- "'LOCKED' in account_status_locked.stdout"
when: ansible_facts.system == 'FreeBSD'
- name: Verify account lock for Linux
when: ansible_facts.system == 'Linux'
block:
- name: LINUX | Get account status
getent:
database: shadow
key: ansibulluser
- name: LINUX | Ensure account is locked
assert:
that:
- getent_shadow['ansibulluser'][0].startswith('!')
always:
- name: Unlock account
user:
name: ansibulluser
password_lock: no
|
