From 39c5c558f82a0e74e01ae14f3990c7d54c91a506 Mon Sep 17 00:00:00 2001 From: Matt Clay Date: Wed, 21 Sep 2016 13:58:35 -0700 Subject: [PATCH] Switch tests from sudo to become. (#17694) --- test/integration/amazon.yml | 2 +- .../roles/test_copy/tasks/main.yml | 4 +- .../roles/test_ec2_elb/tasks/main.yml | 4 +- .../roles/test_fetch/tasks/main.yml | 8 +- .../roles/test_file/tasks/main.yml | 4 +- .../roles/test_postgresql/tasks/main.yml | 280 +++++++++--------- .../roles/test_win_copy/tasks/main.yml | 4 +- .../roles/test_win_file/tasks/main.yml | 4 +- test/units/playbook/test_play.py | 4 +- 9 files changed, 157 insertions(+), 157 deletions(-) diff --git a/test/integration/amazon.yml b/test/integration/amazon.yml index 0ccebebf7ec..c0fea475c92 100644 --- a/test/integration/amazon.yml +++ b/test/integration/amazon.yml @@ -24,7 +24,7 @@ - hosts: ec2 gather_facts: no remote_user: ec2-user - sudo: true + become: true roles: - { role: ec2_elb_instance_setup, tags: test_ec2_elb } diff --git a/test/integration/roles/test_copy/tasks/main.yml b/test/integration/roles/test_copy/tasks/main.yml index 526695acc3c..a36de973830 100644 --- a/test/integration/roles/test_copy/tasks/main.yml +++ b/test/integration/roles/test_copy/tasks/main.yml @@ -214,8 +214,8 @@ - name: overwrite the file as user nobody copy: dest=/tmp/worldwritable/file.txt content="baz" - sudo: yes - sudo_user: nobody + become: yes + become_user: nobody register: copy_result7 - name: assert the file was overwritten diff --git a/test/integration/roles/test_ec2_elb/tasks/main.yml b/test/integration/roles/test_ec2_elb/tasks/main.yml index 97a25de5b5e..d613f985abf 100644 --- a/test/integration/roles/test_ec2_elb/tasks/main.yml +++ b/test/integration/roles/test_ec2_elb/tasks/main.yml @@ -92,8 +92,8 @@ - name: "shutdown the apache service on the first instance ({{ec2_provision_result.instances[0].public_ip}})" service: name=httpd state=stopped remote_user: "ec2-user" - sudo: yes - sudo_user: root + become: yes + become_user: root delegate_to: "{{ec2_provision_result.instances[0].public_ip}}" - name: assert that the httpd service was stopped diff --git a/test/integration/roles/test_fetch/tasks/main.yml b/test/integration/roles/test_fetch/tasks/main.yml index 2b4aef90a07..4b6fb611e24 100644 --- a/test/integration/roles/test_fetch/tasks/main.yml +++ b/test/integration/roles/test_fetch/tasks/main.yml @@ -25,8 +25,8 @@ - debug: var=fetched -# TODO: check the sudo and non-sudo forms of fetch because in one form we'll do -# the get method of the connection plugin and in the sudo case we'll use the +# TODO: check the become and non-become forms of fetch because in one form we'll do +# the get method of the connection plugin and in the become case we'll use the # fetch module. - name: diff what we fetched with the original file @@ -82,8 +82,8 @@ - debug: var=fetched -# TODO: check the sudo and non-sudo forms of fetch because in one form we'll do -# the get method of the connection plugin and in the sudo case we'll use the +# TODO: check the become and non-become forms of fetch because in one form we'll do +# the get method of the connection plugin and in the become case we'll use the # fetch module. - name: diff what we fetched with the original file diff --git a/test/integration/roles/test_file/tasks/main.yml b/test/integration/roles/test_file/tasks/main.yml index d5ba22645d8..c6cbd6f6ade 100644 --- a/test/integration/roles/test_file/tasks/main.yml +++ b/test/integration/roles/test_file/tasks/main.yml @@ -70,8 +70,8 @@ - name: Ask to create a file without enough perms to change ownership file: path=/tmp/worldwritable/baz.txt state=touch owner=root - sudo: yes - sudo_user: nobody + become: yes + become_user: nobody register: chown_result ignore_errors: True diff --git a/test/integration/roles/test_postgresql/tasks/main.yml b/test/integration/roles/test_postgresql/tasks/main.yml index e814b5fd9ee..8949fe1efa7 100644 --- a/test/integration/roles/test_postgresql/tasks/main.yml +++ b/test/integration/roles/test_postgresql/tasks/main.yml @@ -2,8 +2,8 @@ # Create and destroy db # - name: Create DB - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_db: state: present name: "{{ db_name }}" @@ -16,8 +16,8 @@ - "result.db =='{{ db_name }}'" - name: Check that database created - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql register: result @@ -26,8 +26,8 @@ - "result.stdout_lines[-1] == '(1 row)'" - name: Run create on an already created db - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_db: state: present name: "{{ db_name }}" @@ -39,8 +39,8 @@ - "result.changed == false" - name: Destroy DB - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_db: state: absent name: "{{ db_name }}" @@ -52,8 +52,8 @@ - "result.changed == true" - name: Check that database was destroyed - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql register: result @@ -62,8 +62,8 @@ - "result.stdout_lines[-1] == '(0 rows)'" - name: Destroy DB - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_db: state: absent name: "{{ db_name }}" @@ -100,8 +100,8 @@ # Test encoding, collate, ctype, template options # - name: Create a DB with encoding, collate, ctype, and template options - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_db: name: '{{ db_name }}' state: 'present' @@ -111,8 +111,8 @@ template: 'template0' - name: Check that the DB has all of our options - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql register: result @@ -126,8 +126,8 @@ - "'en_US' not in result.stdout_lines[-2]" - name: Check that running db cration with options a second time does nothing - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_db: name: '{{ db_name }}' state: 'present' @@ -143,8 +143,8 @@ - name: Check that attempting to change encoding returns an error - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_db: name: '{{ db_name }}' state: 'present' @@ -160,15 +160,15 @@ - 'result.failed == True' - name: Cleanup test DB - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_db: name: '{{ db_name }}' state: 'absent' - shell: echo "select datname, pg_encoding_to_char(encoding), datcollate, datctype from pg_database where datname = '{{ db_name }}';" | psql - sudo_user: postgres - sudo: True + become_user: postgres + become: True register: result - assert: @@ -179,8 +179,8 @@ # Create and destroy user # - name: Create a user - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_user: name: "{{ db_user1 }}" encrypted: 'yes' @@ -193,8 +193,8 @@ - "result.changed == True" - name: Check that they were created - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql register: result @@ -203,8 +203,8 @@ - "result.stdout_lines[-1] == '(1 row)'" - name: Check that creating user a second time does nothing - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_user: name: "{{ db_user1 }}" encrypted: 'yes' @@ -217,8 +217,8 @@ - "result.changed == False" - name: Remove user - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_user: name: "{{ db_user1 }}" state: 'absent' @@ -230,8 +230,8 @@ - "result.changed == True" - name: Check that they were removed - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql register: result @@ -240,8 +240,8 @@ - "result.stdout_lines[-1] == '(0 rows)'" - name: Check that removing user a second time does nothing - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_user: name: "{{ db_user1 }}" state: 'absent' @@ -253,16 +253,16 @@ - "result.changed == False" - name: Create a user with all role attributes - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_user: name: "{{ db_user1 }}" state: "present" role_attr_flags: "SUPERUSER,CREATEROLE,CREATEDB,INHERIT,login" - name: Check that the user has the requested role attributes - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql register: result @@ -276,8 +276,8 @@ - "'login:t' in result.stdout_lines[-2]" - name: Modify a user to have no role attributes - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_user: name: "{{ db_user1 }}" state: "present" @@ -290,8 +290,8 @@ - "result.changed == True" - name: Check that the user has the requested role attributes - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql register: result @@ -305,8 +305,8 @@ - "'login:f' in result.stdout_lines[-2]" - name: Modify a single role attribute on a user - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_user: name: "{{ db_user1 }}" state: "present" @@ -319,8 +319,8 @@ - "result.changed == True" - name: Check that the user has the requested role attributes - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select 'super:'||rolsuper, 'createrole:'||rolcreaterole, 'create:'||rolcreatedb, 'inherit:'||rolinherit, 'login:'||rolcanlogin from pg_roles where rolname='{{ db_user1 }}';" | psql register: result @@ -334,15 +334,15 @@ - "'login:t' in result.stdout_lines[-2]" - name: Cleanup the user - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_user: name: "{{ db_user1 }}" state: 'absent' - name: Check that they were removed - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql register: result @@ -356,24 +356,24 @@ # Test db ownership # - name: Create an unprivileged user to own a DB - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_user: name: "{{ db_user1 }}" encrypted: 'yes' password: "md55c8ccfd9d6711fc69a7eae647fc54f51" - name: Create db with user ownership - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_db: name: "{{ db_name }}" state: "present" owner: "{{ db_user1 }}" - name: Check that the user owns the newly created DB - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql register: result @@ -383,8 +383,8 @@ - "'{{ db_user1 }}' == '{{ result.stdout_lines[-2] | trim }}'" - name: Change the owner on an existing db - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_db: name: "{{ db_name }}" state: "present" @@ -397,8 +397,8 @@ - "result.changed == True" - name: Check that the user owns the newly created DB - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select pg_catalog.pg_get_userbyid(datdba) from pg_catalog.pg_database where datname = '{{ db_name }}';" | psql register: result @@ -408,15 +408,15 @@ - "'postgres' == '{{ result.stdout_lines[-2] | trim }}'" - name: Cleanup db - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_db: name: "{{ db_name }}" state: "absent" - name: Check that database was destroyed - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql register: result @@ -425,15 +425,15 @@ - "result.stdout_lines[-1] == '(0 rows)'" - name: Cleanup test user - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_user: name: "{{ db_user1 }}" state: 'absent' - name: Check that they were removed - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql register: result @@ -445,24 +445,24 @@ # Test settings privleges # - name: Create db - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_db: name: "{{ db_name }}" state: "present" - name: Create some tables on the db - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "create table test_table1 (field text);" | psql {{ db_name }} -- sudo_user: postgres - sudo: True +- become_user: postgres + become: True shell: echo "create table test_table2 (field text);" | psql {{ db_name }} - name: Create a user with some permissions on the db - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_user: name: "{{ db_user1 }}" encrypted: 'yes' @@ -471,20 +471,20 @@ priv: 'test_table1:INSERT,SELECT,UPDATE,DELETE,TRUNCATE,REFERENCES,TRIGGER/test_table2:INSERT/CREATE,CONNECT,TEMP' - name: Check that the user has the requested permissions (table1) - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }} register: result_table1 - name: Check that the user has the requested permissions (table2) - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} register: result_table2 - name: Check that the user has the requested permissions (database) - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }} register: result_database @@ -504,8 +504,8 @@ - "'{{ db_user1 }}=CTc/postgres' in result_database.stdout_lines[-2]" - name: Add another permission for the user - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_user: name: "{{ db_user1 }}" encrypted: 'yes' @@ -520,8 +520,8 @@ - "results.changed == True" - name: Check that the user has the requested permissions (table2) - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} register: result_table2 @@ -538,8 +538,8 @@ # - name: Revoke a privilege - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_privs: type: "table" state: "absent" @@ -555,8 +555,8 @@ - "results.changed == True" - name: Check that the user has the requested permissions (table2) - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} register: result_table2 @@ -566,8 +566,8 @@ - "'SELECT' == '{{ result_table2.stdout_lines[-2] | trim }}'" - name: Revoke many privileges on multiple tables - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_privs: state: "absent" roles: "{{ db_user1 }}" @@ -582,14 +582,14 @@ - "results.changed == True" - name: Check that permissions were revoked (table1) - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }} register: result_table1 - name: Check that permissions were revoked (table2) - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} register: result_table2 @@ -599,8 +599,8 @@ - "result_table2.stdout_lines[-1] == '(0 rows)'" - name: Revoke database privileges - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_privs: type: "database" state: "absent" @@ -610,8 +610,8 @@ db: "{{ db_name }}" - name: Check that the user has the requested permissions (database) - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }} register: result_database @@ -621,8 +621,8 @@ - "'{{ db_user1 }}' not in result_database.stdout" - name: Grant database privileges - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_privs: type: "database" state: "present" @@ -638,8 +638,8 @@ - "results.changed == True" - name: Check that the user has the requested permissions (database) - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }} register: result_database @@ -649,8 +649,8 @@ - "'{{ db_user1 }}=Cc' in result_database.stdout" - name: Grant a single privilege on a table - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_privs: state: "present" roles: "{{ db_user1 }}" @@ -659,8 +659,8 @@ db: "{{ db_name }}" - name: Check that permissions were added (table1) - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }} register: result_table1 @@ -670,8 +670,8 @@ - "'{{ result_table1.stdout_lines[-2] | trim }}' == 'INSERT'" - name: Grant many privileges on multiple tables - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_privs: state: "present" roles: "{{ db_user1 }}" @@ -680,14 +680,14 @@ db: "{{ db_name }}" - name: Check that permissions were added (table1) - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table1';" | psql {{ db_name }} register: result_table1 - name: Check that permissions were added (table2) - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select privilege_type from information_schema.role_table_grants where grantee='{{ db_user1 }}' and table_name='test_table2';" | psql {{ db_name }} register: result_table2 @@ -714,15 +714,15 @@ # Cleanup # - name: Cleanup db - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_db: name: "{{ db_name }}" state: "absent" - name: Check that database was destroyed - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql register: result @@ -731,15 +731,15 @@ - "result.stdout_lines[-1] == '(0 rows)'" - name: Cleanup test user - sudo_user: postgres - sudo: True + become_user: postgres + become: True postgresql_user: name: "{{ db_user1 }}" state: 'absent' - name: Check that they were removed - sudo_user: postgres - sudo: True + become_user: postgres + become: True shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql register: result @@ -751,8 +751,8 @@ # Test login_user functionality # - name: Create a user to test login module parameters - sudo: True - sudo_user: postgres + become: True + become_user: postgres postgresql_user: name: "{{ db_user1 }}" state: "present" @@ -769,8 +769,8 @@ login_host: "localhost" - name: Check that database created - sudo: True - sudo_user: postgres + become: True + become_user: postgres shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql register: result @@ -790,8 +790,8 @@ login_host: "localhost" - name: Check that they were created - sudo: True - sudo_user: postgres + become: True + become_user: postgres shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql register: result @@ -812,8 +812,8 @@ host: "localhost" - name: Check that the user has the requested permissions (database) - sudo: True - sudo_user: postgres + become: True + become_user: postgres shell: echo "select datacl from pg_database where datname='{{ db_name }}';" | psql {{ db_name }} register: result_database @@ -833,8 +833,8 @@ login_host: "localhost" - name: Check that they were removed - sudo: True - sudo_user: postgres + become: True + become_user: postgres shell: echo "select * from pg_user where usename='{{ db_user2 }}';" | psql register: result @@ -851,8 +851,8 @@ login_host: "localhost" - name: Check that database was destroyed - sudo: True - sudo_user: postgres + become: True + become_user: postgres shell: echo "select datname from pg_database where datname = '{{ db_name }}';" | psql register: result @@ -864,15 +864,15 @@ # Cleanup # - name: Cleanup test user - sudo: True - sudo_user: postgres + become: True + become_user: postgres postgresql_user: name: "{{ db_user1 }}" state: 'absent' - name: Check that they were removed - sudo: True - sudo_user: postgres + become: True + become_user: postgres shell: echo "select * from pg_user where usename='{{ db_user1 }}';" | psql register: result diff --git a/test/integration/roles/test_win_copy/tasks/main.yml b/test/integration/roles/test_win_copy/tasks/main.yml index ff26117e64d..f23ebf63500 100644 --- a/test/integration/roles/test_win_copy/tasks/main.yml +++ b/test/integration/roles/test_win_copy/tasks/main.yml @@ -242,8 +242,8 @@ #- name: overwrite the file as user nobody # win_copy: dest=/tmp/worldwritable/file.txt content="baz" -# sudo: yes -# sudo_user: nobody +# become: yes +# become_user: nobody # register: copy_result7 #- name: assert the file was overwritten diff --git a/test/integration/roles/test_win_file/tasks/main.yml b/test/integration/roles/test_win_file/tasks/main.yml index b128715226a..674a18f3579 100644 --- a/test/integration/roles/test_win_file/tasks/main.yml +++ b/test/integration/roles/test_win_file/tasks/main.yml @@ -70,8 +70,8 @@ #- name: Ask to create a file without enough perms to change ownership # win_file: path=/tmp/worldwritable/baz.txt state=touch owner=root -# sudo: yes -# sudo_user: nobody +# become: yes +# become_user: nobody # register: chown_result # ignore_errors: True diff --git a/test/units/playbook/test_play.py b/test/units/playbook/test_play.py index bb47ee418bd..eb96248884a 100644 --- a/test/units/playbook/test_play.py +++ b/test/units/playbook/test_play.py @@ -50,8 +50,8 @@ class TestPlay(unittest.TestCase): gather_facts=False, connection='local', remote_user="root", - sudo=True, - sudo_user="testing", + become=True, + become_user="testing", )) def test_play_with_user_conflict(self):