|
|
|
- hosts: testhost
|
|
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
|
|
- import_role:
|
|
|
|
name: ../setup_remote_tmp_dir
|
|
|
|
- name: define test directory
|
|
|
|
set_fact:
|
|
|
|
testudir: '{{remote_tmp_dir}}/unsafe_writes_test'
|
|
|
|
- name: define test file
|
|
|
|
set_fact:
|
|
|
|
testufile: '{{testudir}}/unreplacablefile.txt'
|
|
|
|
- name: define test environment with unsafe writes set
|
|
|
|
set_fact:
|
|
|
|
test_env:
|
|
|
|
ANSIBLE_UNSAFE_WRITES: "{{ lookup('env', 'ANSIBLE_UNSAFE_WRITES') }}"
|
|
|
|
when: lookup('env', 'ANSIBLE_UNSAFE_WRITES')
|
|
|
|
- name: define test environment without unsafe writes set
|
|
|
|
set_fact:
|
|
|
|
test_env: {}
|
|
|
|
when: not lookup('env', 'ANSIBLE_UNSAFE_WRITES')
|
|
|
|
- name: test unsafe_writes on immutable dir (file cannot be atomically replaced)
|
|
|
|
block:
|
|
|
|
- name: create target dir
|
|
|
|
file: path={{testudir}} state=directory
|
|
|
|
- name: setup test file
|
|
|
|
copy: content=ORIGINAL dest={{testufile}}
|
|
|
|
- name: make target dir immutable (cannot write to file w/o unsafe_writes)
|
|
|
|
file: path={{testudir}} state=directory attributes="+i"
|
|
|
|
become: yes
|
|
|
|
ignore_errors: true
|
|
|
|
register: madeimmutable
|
|
|
|
|
|
|
|
- name: only run if immutable dir command worked, some of our test systems don't allow for it
|
|
|
|
when: madeimmutable is success
|
|
|
|
block:
|
|
|
|
- name: test this is actually immmutable working as we expect
|
|
|
|
file: path={{testufile}} state=absent
|
|
|
|
register: breakimmutable
|
|
|
|
ignore_errors: True
|
|
|
|
|
|
|
|
- name: only run if reallyh immutable dir
|
|
|
|
when: breakimmutable is failed
|
|
|
|
block:
|
|
|
|
- name: test overwriting file w/o unsafe
|
|
|
|
copy: content=NEW dest={{testufile}} unsafe_writes=False
|
|
|
|
ignore_errors: true
|
|
|
|
register: copy_without
|
|
|
|
|
|
|
|
- name: ensure we properly failed
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- copy_without is failed
|
|
|
|
|
|
|
|
- name: test overwriting file with unsafe
|
|
|
|
copy: content=NEWNOREALLY dest={{testufile}} unsafe_writes=True
|
|
|
|
register: copy_with
|
|
|
|
|
|
|
|
- name: ensure we properly changed
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- copy_with is changed
|
|
|
|
|
|
|
|
- name: test fallback env var
|
|
|
|
when: lookup('env', 'ANSIBLE_UNSAFE_WRITES') not in ('', None)
|
|
|
|
vars:
|
|
|
|
env_enabled: "{{lookup('env', 'ANSIBLE_UNSAFE_WRITES')|bool}}"
|
|
|
|
block:
|
|
|
|
- name: test overwriting file with unsafe depending on fallback environment setting
|
|
|
|
copy: content=NEWBUTNOTDIFFERENT dest={{testufile}}
|
|
|
|
register: copy_with_env
|
|
|
|
ignore_errors: True
|
|
|
|
|
|
|
|
- name: ensure we properly follow env var
|
|
|
|
assert:
|
|
|
|
msg: "Failed with envvar: {{env_enabled}}, due AUW: to {{q('env', 'ANSIBLE_UNSAFE_WRITES')}}"
|
|
|
|
that:
|
|
|
|
- env_enabled and copy_with_env is changed or not env_enabled and copy_with_env is failed
|
|
|
|
environment: "{{ test_env }}"
|
|
|
|
always:
|
|
|
|
- name: remove immutable flag from dir to prevent issues with cleanup
|
|
|
|
file: path={{testudir}} state=directory attributes="-i"
|
|
|
|
ignore_errors: true
|
|
|
|
become: yes
|