group - correctly determine if a local group exists. (#59772) (#67176)

Fixes #58619
Add integration test

(cherry picked from commit 80c4b86abe)
pull/67297/head
Ruediger Pluem 5 years ago committed by GitHub
parent 0ed22d1fbc
commit 481327ec37
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -0,0 +1,5 @@
bugfixes:
- >
group - The group module was not correctly detecting whether a local
group is existing or not with local set to yes if the same group
exists in a non local group repository e.g. LDAP. (https://github.com/ansible/ansible/issues/58619)

@ -75,6 +75,7 @@ EXAMPLES = '''
'''
import grp
import os
from ansible.module_utils._text import to_bytes
from ansible.module_utils.basic import AnsibleModule, load_platform_subclass
@ -167,11 +168,36 @@ class Group(object):
return self.execute_command(cmd)
def group_exists(self):
try:
if grp.getgrnam(self.name):
return True
except KeyError:
return False
# The grp module does not distinguish between local and directory accounts.
# It's output cannot be used to determine whether or not a group exists locally.
# It returns True if the group exists locally or in the directory, so instead
# look in the local GROUP file for an existing account.
if self.local:
if not os.path.exists(self.GROUPFILE):
self.module.fail_json(msg="'local: true' specified but unable to find local group file {0} to parse.".format(self.GROUPFILE))
exists = False
name_test = '{0}:'.format(self.name)
with open(self.GROUPFILE, 'rb') as f:
reversed_lines = f.readlines()[::-1]
for line in reversed_lines:
if line.startswith(to_bytes(name_test)):
exists = True
break
if not exists:
self.module.warn(
"'local: true' specified and group was not found in {file}. "
"The local group may already exist if the local group database exists somewhere other than {file}.".format(file=self.GROUPFILE))
return exists
else:
try:
if grp.getgrnam(self.name):
return True
except KeyError:
return False
def group_info(self):
if not self.group_exists():

@ -267,3 +267,50 @@
state: absent
# only applicable to Linux, limit further to CentOS where 'luseradd' is installed
when: ansible_distribution == 'CentOS'
# https://github.com/ansible/ansible/pull/59772
- block:
- name: create group with a gid
group:
name: group1_test
gid: 1337
local: no
state: present
register: create_group_gid
- name: get gid of created group
command: "{{ ansible_python_interpreter | quote }} -c \"import grp; print(grp.getgrnam('group1_test').gr_gid)\""
register: create_group_gid_actual
- name: assert create group with a gid
assert:
that:
- create_group_gid is changed
- create_group_gid.gid | int == 1337 | int
- create_group_gid_actual.stdout | trim | int == 1337 | int
- name: create local group with the same gid
group:
name: group1_test
gid: 1337
local: yes
state: present
register: create_local_group_gid
- name: assert create local group with a gid
assert:
that:
- create_local_group_gid.gid | int == 1337 | int
always:
- name: Cleanup create group with a gid
group:
name: group1_test
local: no
state: absent
- name: Cleanup create local group with the same gid
group:
name: group1_test
local: yes
state: absent
# only applicable to Linux, limit further to CentOS where 'lgroupadd' is installed
when: ansible_distribution == 'CentOS'

Loading…
Cancel
Save