From 714598e91b66325547edf40305394525e98d6365 Mon Sep 17 00:00:00 2001 From: Martin Krizek Date: Thu, 9 Nov 2017 10:31:33 +0100 Subject: [PATCH] acl: do not remove all default entries (#32615) --- lib/ansible/modules/files/acl.py | 5 +- test/integration/targets/acl/tasks/acl.yml | 74 ++++++++++++++++++---- 2 files changed, 61 insertions(+), 18 deletions(-) diff --git a/lib/ansible/modules/files/acl.py b/lib/ansible/modules/files/acl.py index 934b16af3cc..7267bf15d4a 100644 --- a/lib/ansible/modules/files/acl.py +++ b/lib/ansible/modules/files/acl.py @@ -199,10 +199,7 @@ def build_command(module, mode, path, follow, default, recursive, entry=''): cmd.append('-h') if default: - if mode == 'rm': - cmd.insert(1, '-k') - else: # mode == 'set' or mode == 'get' - cmd.insert(1, '-d') + cmd.insert(1, '-d') cmd.append(path) return cmd diff --git a/test/integration/targets/acl/tasks/acl.yml b/test/integration/targets/acl/tasks/acl.yml index 5ee0b34400a..3f40b8fac84 100644 --- a/test/integration/targets/acl/tasks/acl.yml +++ b/test/integration/targets/acl/tasks/acl.yml @@ -17,6 +17,7 @@ - set_fact: ansible_user: ansible_user + ansible_group: ansible_group ansible_file: /tmp/ansible_file ansible_dir: /tmp/ansible_dir @@ -24,6 +25,10 @@ user: name: "{{ ansible_user }}" +- name: Create ansible group + group: + name: "{{ ansible_group }}" + - name: Create ansible file file: path: "{{ ansible_file }}" @@ -52,8 +57,8 @@ that: - output|changed - not output|failed - - "'user:ansible_user:r--' in output.acl" - - "'user:ansible_user:r--' in getfacl_output.stdout_lines" + - "'user:{{ ansible_user }}:r--' in output.acl" + - "'user:{{ ansible_user }}:r--' in getfacl_output.stdout_lines" ############################################################################## - name: Obtain the acl for a specific file acl: @@ -70,12 +75,12 @@ - not output|changed - not output|failed - "'user::rw-' in output.acl" - - "'user:ansible_user:r--' in output.acl" + - "'user:{{ ansible_user }}:r--' in output.acl" - "'group::r--' in output.acl" - "'mask::r--' in output.acl" - "'other::r--' in output.acl" - "'user::rw-' in getfacl_output.stdout_lines" - - "'user:ansible_user:r--' in getfacl_output.stdout_lines" + - "'user:{{ ansible_user }}:r--' in getfacl_output.stdout_lines" - "'group::r--' in getfacl_output.stdout_lines" - "'mask::r--' in getfacl_output.stdout_lines" - "'other::r--' in getfacl_output.stdout_lines" @@ -97,8 +102,8 @@ that: - output|changed - not output|failed - - "'user:ansible_user:r--' not in output.acl" - - "'user:ansible_user:r--' not in getfacl_output.stdout_lines" + - "'user:{{ ansible_user }}:r--' not in output.acl" + - "'user:{{ ansible_user }}:r--' not in getfacl_output.stdout_lines" ############################################################################## - name: Sets default acl for ansible user on ansible dir acl: @@ -119,8 +124,8 @@ that: - output|changed - not output|failed - - "'user:ansible_user:rw-' in output.acl" - - "'default:user:ansible_user:rw-' in getfacl_output.stdout_lines" + - "'user:{{ ansible_user }}:rw-' in output.acl" + - "'default:user:{{ ansible_user }}:rw-' in getfacl_output.stdout_lines" ############################################################################## - name: Cleanup shell: "setfacl -b {{ ansible_dir }}" @@ -128,7 +133,8 @@ - name: Same as previous but using entry shorthand acl: path: "{{ ansible_dir }}" - entry: "default:user:{{ ansible_user }}:rw-" + entry: "user:{{ ansible_user }}:rw-" + default: yes state: present register: output @@ -141,13 +147,14 @@ that: - output|changed - not output|failed - - "'user:ansible_user:rw-' in output.acl" - - "'default:user:ansible_user:rw-' in getfacl_output.stdout_lines" + - "'user:{{ ansible_user }}:rw-' in output.acl" + - "'default:user:{{ ansible_user }}:rw-' in getfacl_output.stdout_lines" ############################################################################## - name: Same as previous, to test idempotence acl: path: "{{ ansible_dir }}" - entry: "default:user:{{ ansible_user }}:rw-" + entry: "user:{{ ansible_user }}:rw-" + default: yes state: present register: output @@ -160,6 +167,45 @@ that: - not output|changed - not output|failed - - "'user:ansible_user:rw-' in output.acl" - - "'default:user:ansible_user:rw-' in getfacl_output.stdout_lines" + - "'user:{{ ansible_user }}:rw-' in output.acl" + - "'default:user:{{ ansible_user }}:rw-' in getfacl_output.stdout_lines" ############################################################################## +- name: Cleanup + shell: "setfacl -b {{ ansible_dir }}" +############################################################################## +- name: Set default acls + acl: + path: "{{ ansible_dir }}" + entry: "{{ item }}" + default: yes + state: present + with_items: + - "user:{{ ansible_user }}:rw-" + - "group:{{ ansible_group }}:rw-" + +- name: Remove default group ansible_user acl + acl: + path: "{{ ansible_dir }}" + entry: "group:{{ ansible_group }}:rw-" + default: yes + state: absent + register: output + +- name: get getfacl output + shell: "getfacl {{ ansible_dir }}" + register: getfacl_output + +- name: verify output + assert: + that: + - output|changed + - not output|failed + - "'user::rwx' in getfacl_output.stdout_lines" + - "'group::r-x' in getfacl_output.stdout_lines" + - "'other::r-x' in getfacl_output.stdout_lines" + - "'default:user::rwx' in getfacl_output.stdout_lines" + - "'default:user:{{ ansible_user }}:rw-' in getfacl_output.stdout_lines" + - "'default:group::r-x' in getfacl_output.stdout_lines" + - "'default:mask::rwx' in getfacl_output.stdout_lines" + - "'default:other::r-x' in getfacl_output.stdout_lines" + - "'default:group:{{ ansible_group }}:rw-' not in getfacl_output.stdout_lines"