ansible/test/integration/targets/unarchive/tasks/test_unprivileged_user.yml

- name: Create unarchivetest1 user
  user:
    name: unarchivetest1
    uid: 1002610001
    group: "{{ group_table[ansible_facts['distribution']] | default(omit) }}"
  register: user
  vars:
    group_table:
      MacOSX: staff

- name: Test unarchiving twice as unprivileged user
  become: yes
  become_user: unarchivetest1
  block:
    - name: prep our file
      copy:
        src: foo.txt
        dest: "{{ user.home }}/foo-unarchive.txt"

    - name: Prep a zip file as unarchivetest1 user
      shell: zip unarchivetest1-unarchive.zip foo-unarchive.txt
      args:
        chdir: "{{ user.home }}"
        creates: "{{ user.home }}/unarchivetest1-unarchive.zip"

    - name: create our zip unarchive destination as unarchivetest1 user
      file:
        path: "{{ user.home }}/unarchivetest1-unarchive-zip"
        state: directory

    - name: unarchive a zip file as unarchivetest1 user
      unarchive:
        src: "{{ user.home }}/unarchivetest1-unarchive.zip"
        dest: "{{ user.home }}/unarchivetest1-unarchive-zip"
        remote_src: yes
        list_files: True
      register: unarchive10

    - name: verify that the file was marked as changed
      assert:
        that:
          - "unarchive10.changed == true"
          # Verify that file list is generated
          - "'files' in unarchive10"
          - "{{unarchive10['files']| length}} == 1"
          - "'foo-unarchive.txt' in unarchive10['files']"

    - name: verify that the file was unarchived
      file:
        path: "{{ user.home }}/unarchivetest1-unarchive-zip/{{ item }}"
        state: file
      loop:
        - foo-unarchive.txt

    - name: repeat the last request to verify no changes
      unarchive:
        src: "{{ user.home }}/unarchivetest1-unarchive.zip"
        dest: "{{ user.home }}/unarchivetest1-unarchive-zip"
        remote_src: yes
        list_files: True
      register: unarchive10b

    - name: verify that the task was not marked as changed
      assert:
        that:
          - "unarchive10b.changed == false"

  always:
    - name: remove our unarchivetest1 user and files
      user:
        name: unarchivetest1
        state: absent
        remove: yes
      become: no

    - name: Remove user home directory on macOS
      file:
        path: /Users/unarchivetest1
        state: absent
      become: no
      when: ansible_facts.distribution == 'MacOSX'
unarchive - Check 'fut_gid' against 'run_gid' in addition to supplemental groups (#65666) Add integration tests for unarchiving as unprivileged user Break tasks into separate files for easier reading and maintenance Create a user by specifying a default group of 'staff' for macOS. The user module does not actually remove the user directory on macOS, so explicitly remove it. Put the removal tasks in an always block to ensure they always run Co-authored-by: Philip Douglass <philip.douglass@amadeus.com> Co-authored-by: Sam Doran <sdoran@redhat.com> 4 years ago			`- name: Create unarchivetest1 user`
			`user:`
			`name: unarchivetest1`
			`uid: 1002610001`
			`group: "{{ group_table[ansible_facts['distribution']] \| default(omit) }}"`
			`register: user`
			`vars:`
			`group_table:`
			`MacOSX: staff`

			`- name: Test unarchiving twice as unprivileged user`
			`become: yes`
			`become_user: unarchivetest1`
			`block:`
			`- name: prep our file`
			`copy:`
			`src: foo.txt`
			`dest: "{{ user.home }}/foo-unarchive.txt"`

			`- name: Prep a zip file as unarchivetest1 user`
			`shell: zip unarchivetest1-unarchive.zip foo-unarchive.txt`
			`args:`
			`chdir: "{{ user.home }}"`
			`creates: "{{ user.home }}/unarchivetest1-unarchive.zip"`

			`- name: create our zip unarchive destination as unarchivetest1 user`
			`file:`
			`path: "{{ user.home }}/unarchivetest1-unarchive-zip"`
			`state: directory`

			`- name: unarchive a zip file as unarchivetest1 user`
			`unarchive:`
			`src: "{{ user.home }}/unarchivetest1-unarchive.zip"`
			`dest: "{{ user.home }}/unarchivetest1-unarchive-zip"`
			`remote_src: yes`
			`list_files: True`
			`register: unarchive10`

			`- name: verify that the file was marked as changed`
			`assert:`
			`that:`
			`- "unarchive10.changed == true"`
			`# Verify that file list is generated`
			`- "'files' in unarchive10"`
			`- "{{unarchive10['files']\| length}} == 1"`
			`- "'foo-unarchive.txt' in unarchive10['files']"`

			`- name: verify that the file was unarchived`
			`file:`
			`path: "{{ user.home }}/unarchivetest1-unarchive-zip/{{ item }}"`
			`state: file`
			`loop:`
			`- foo-unarchive.txt`

			`- name: repeat the last request to verify no changes`
			`unarchive:`
			`src: "{{ user.home }}/unarchivetest1-unarchive.zip"`
			`dest: "{{ user.home }}/unarchivetest1-unarchive-zip"`
			`remote_src: yes`
			`list_files: True`
			`register: unarchive10b`

			`- name: verify that the task was not marked as changed`
			`assert:`
			`that:`
			`- "unarchive10b.changed == false"`

			`always:`
			`- name: remove our unarchivetest1 user and files`
			`user:`
			`name: unarchivetest1`
			`state: absent`
			`remove: yes`
			`become: no`

			`- name: Remove user home directory on macOS`
			`file:`
			`path: /Users/unarchivetest1`
			`state: absent`
			`become: no`
			`when: ansible_facts.distribution == 'MacOSX'`