diff --git a/test/integration/targets/connection/test_connection.yml b/test/integration/targets/connection/test_connection.yml index a24bcf63ae0..f3c074bce70 100644 --- a/test/integration/targets/connection/test_connection.yml +++ b/test/integration/targets/connection/test_connection.yml @@ -68,3 +68,21 @@ ### test wait_for_connection plugin - wait_for_connection: + + + ### test check permission of ~/.ssh + + - name: check if ~/.ssh is exists with 0700 permission + block: + - name: gather information about ~/.ssh + stat: + path: "~/.ssh" + register: perms + + - name: check if the ~/.ssh is 0700 permission + assert: + that: + - perms.stat.mode == '0700' + when: perms.stat.exists | bool + + when: ansible_connection == 'paramiko_ssh' or ansible_connection == 'paramiko' diff --git a/test/units/plugins/connection/test_paramiko_ssh.py b/test/units/plugins/connection/test_paramiko_ssh.py index 708ae746115..13a090712da 100644 --- a/test/units/plugins/connection/test_paramiko_ssh.py +++ b/test/units/plugins/connection/test_paramiko_ssh.py @@ -18,12 +18,14 @@ from __future__ import annotations +import os from io import StringIO import pytest from ansible.plugins.connection import paramiko_ssh as paramiko_ssh_module from ansible.plugins.loader import connection_loader from ansible.playbook.play_context import PlayContext +from ansible.utils.path import makedirs_safe @pytest.fixture @@ -54,3 +56,11 @@ def test_paramiko_connect(play_context, in_stream, mocker): assert isinstance(connection, paramiko_ssh_module.Connection) assert connection._connected is True + + +def test_create_ssh_directory(): + fixed_permissions = 0o700 + path = os.path.expanduser("~/.ssh") + makedirs_safe(path, fixed_permissions) + ssh_dir_stat = os.stat(path) + assert (ssh_dir_stat.st_mode & 0o7777) == fixed_permissions