@ -15,41 +15,35 @@
# You should have received a copy of the GNU General Public License
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- set_fact:
ansible_user : ansible_user
ansible_group : ansible_group
ansible_file : /tmp/ansible_file
ansible_dir : /tmp/ansible_dir
- name : Create ansible user
- name : Create ansible user
user:
user:
name : "{{ ansible _user }}"
name : "{{ test_user }}"
- name : Create ansible group
- name : Create ansible group
group:
group:
name : "{{ ansible _group }}"
name : "{{ test _group }}"
- name : Create ansible file
- name : Create ansible file
file:
file:
path : "{{ ansible _file }}"
path : "{{ test _file }}"
state : touch
state : touch
- name : Create ansible dir
- name : Create ansible dir
file:
file:
path : "{{ ansible _dir }}"
path : "{{ test _dir }}"
state : directory
state : directory
##############################################################################
##############################################################################
- name : Grant ansible user read access to a file
- name : Grant ansible user read access to a file
acl:
acl:
path : "{{ ansible _file }}"
path : "{{ test _file }}"
entity : "{{ ansible _user }}"
entity : "{{ test _user }}"
etype : user
etype : user
permissions : r
permissions : r
state : present
state : present
register : output
register : output
- name : get getfacl output
- name : get getfacl output
shell : "getfacl {{ ansible _file }}"
shell : "getfacl {{ test _file }}"
register : getfacl_output
register : getfacl_output
- name : verify output
- name : verify output
@ -57,16 +51,16 @@
that:
that:
- output is changed
- output is changed
- output is not failed
- output is not failed
- "'user:{{ ansible _user }}:r--' in output.acl"
- "'user:{{ test _user }}:r--' in output.acl"
- "'user:{{ ansible _user }}:r--' in getfacl_output.stdout_lines"
- "'user:{{ test _user }}:r--' in getfacl_output.stdout_lines"
##############################################################################
##############################################################################
- name : Obtain the acl for a specific file
- name : Obtain the acl for a specific file
acl:
acl:
path : "{{ ansible _file }}"
path : "{{ test _file }}"
register : output
register : output
- name : get getfacl output
- name : get getfacl output
shell : "getfacl {{ ansible _file }}"
shell : "getfacl {{ test _file }}"
register : getfacl_output
register : getfacl_output
- name : verify output
- name : verify output
@ -75,26 +69,26 @@
- output is not changed
- output is not changed
- output is not failed
- output is not failed
- "'user::rw-' in output.acl"
- "'user::rw-' in output.acl"
- "'user:{{ ansible _user }}:r--' in output.acl"
- "'user:{{ test _user }}:r--' in output.acl"
- "'group::r--' in output.acl"
- "'group::r--' in output.acl"
- "'mask::r--' in output.acl"
- "'mask::r--' in output.acl"
- "'other::r--' in output.acl"
- "'other::r--' in output.acl"
- "'user::rw-' in getfacl_output.stdout_lines"
- "'user::rw-' in getfacl_output.stdout_lines"
- "'user:{{ ansible _user }}:r--' in getfacl_output.stdout_lines"
- "'user:{{ test _user }}:r--' in getfacl_output.stdout_lines"
- "'group::r--' in getfacl_output.stdout_lines"
- "'group::r--' in getfacl_output.stdout_lines"
- "'mask::r--' in getfacl_output.stdout_lines"
- "'mask::r--' in getfacl_output.stdout_lines"
- "'other::r--' in getfacl_output.stdout_lines"
- "'other::r--' in getfacl_output.stdout_lines"
##############################################################################
##############################################################################
- name : Removes the acl for ansible user on a specific file
- name : Removes the acl for ansible user on a specific file
acl:
acl:
path : "{{ ansible _file }}"
path : "{{ test _file }}"
entity : "{{ ansible _user }}"
entity : "{{ test _user }}"
etype : user
etype : user
state : absent
state : absent
register : output
register : output
- name : get getfacl output
- name : get getfacl output
shell : "getfacl {{ ansible _file }}"
shell : "getfacl {{ test _file }}"
register : getfacl_output
register : getfacl_output
- name : verify output
- name : verify output
@ -102,13 +96,13 @@
that:
that:
- output is changed
- output is changed
- output is not failed
- output is not failed
- "'user:{{ ansible _user }}:r--' not in output.acl"
- "'user:{{ test _user }}:r--' not in output.acl"
- "'user:{{ ansible _user }}:r--' not in getfacl_output.stdout_lines"
- "'user:{{ test _user }}:r--' not in getfacl_output.stdout_lines"
##############################################################################
##############################################################################
- name : Sets default acl for ansible user on ansible dir
- name : Sets default acl for ansible user on ansible dir
acl:
acl:
path : "{{ ansible _dir }}"
path : "{{ test _dir }}"
entity : "{{ ansible _user }}"
entity : "{{ test _user }}"
etype : user
etype : user
permissions : rw
permissions : rw
default : yes
default : yes
@ -116,7 +110,7 @@
register : output
register : output
- name : get getfacl output
- name : get getfacl output
shell : "getfacl {{ ansible _dir }}"
shell : "getfacl {{ test _dir }}"
register : getfacl_output
register : getfacl_output
- name : verify output
- name : verify output
@ -124,22 +118,22 @@
that:
that:
- output is changed
- output is changed
- output is not failed
- output is not failed
- "'user:{{ ansible _user }}:rw-' in output.acl"
- "'user:{{ test _user }}:rw-' in output.acl"
- "'default:user:{{ ansible _user }}:rw-' in getfacl_output.stdout_lines"
- "'default:user:{{ test _user }}:rw-' in getfacl_output.stdout_lines"
##############################################################################
##############################################################################
- name : Cleanup
- name : Cleanup
shell : "setfacl -b {{ ansible _dir }}"
shell : "setfacl -b {{ test _dir }}"
##############################################################################
##############################################################################
- name : Same as previous but using entry shorthand
- name : Same as previous but using entry shorthand
acl:
acl:
path : "{{ ansible _dir }}"
path : "{{ test _dir }}"
entry : "user:{{ ansible _user }}:rw-"
entry : "user:{{ test _user }}:rw-"
default : yes
default : yes
state : present
state : present
register : output
register : output
- name : get getfacl output
- name : get getfacl output
shell : "getfacl {{ ansible _dir }}"
shell : "getfacl {{ test _dir }}"
register : getfacl_output
register : getfacl_output
- name : verify output
- name : verify output
@ -147,19 +141,19 @@
that:
that:
- output is changed
- output is changed
- output is not failed
- output is not failed
- "'user:{{ ansible _user }}:rw-' in output.acl"
- "'user:{{ test _user }}:rw-' in output.acl"
- "'default:user:{{ ansible _user }}:rw-' in getfacl_output.stdout_lines"
- "'default:user:{{ test _user }}:rw-' in getfacl_output.stdout_lines"
##############################################################################
##############################################################################
- name : Same as previous, to test idempotence
- name : Same as previous, to test idempotence
acl:
acl:
path : "{{ ansible _dir }}"
path : "{{ test _dir }}"
entry : "user:{{ ansible _user }}:rw-"
entry : "user:{{ test _user }}:rw-"
default : yes
default : yes
state : present
state : present
register : output
register : output
- name : get getfacl output
- name : get getfacl output
shell : "getfacl {{ ansible _dir }}"
shell : "getfacl {{ test _dir }}"
register : getfacl_output
register : getfacl_output
- name : verify output
- name : verify output
@ -167,32 +161,32 @@
that:
that:
- output is not changed
- output is not changed
- output is not failed
- output is not failed
- "'user:{{ ansible _user }}:rw-' in output.acl"
- "'user:{{ test _user }}:rw-' in output.acl"
- "'default:user:{{ ansible _user }}:rw-' in getfacl_output.stdout_lines"
- "'default:user:{{ test _user }}:rw-' in getfacl_output.stdout_lines"
##############################################################################
##############################################################################
- name : Cleanup
- name : Cleanup
shell : "setfacl -b {{ ansible _dir }}"
shell : "setfacl -b {{ test _dir }}"
##############################################################################
##############################################################################
- name : Set default acls
- name : Set default acls
acl:
acl:
path : "{{ ansible _dir }}"
path : "{{ test _dir }}"
entry : "{{ item }}"
entry : "{{ item }}"
default : yes
default : yes
state : present
state : present
with_items:
with_items:
- "user:{{ ansible _user }}:rw-"
- "user:{{ test _user }}:rw-"
- "group:{{ ansible _group }}:rw-"
- "group:{{ test _group }}:rw-"
- name : Remove default group ansible _user acl
- name : Remove default group test _user acl
acl:
acl:
path : "{{ ansible _dir }}"
path : "{{ test _dir }}"
entry : "group:{{ ansible _group }}:rw-"
entry : "group:{{ test _group }}:rw-"
default : yes
default : yes
state : absent
state : absent
register : output
register : output
- name : get getfacl output
- name : get getfacl output
shell : "getfacl {{ ansible _dir }}"
shell : "getfacl {{ test _dir }}"
register : getfacl_output
register : getfacl_output
- name : verify output
- name : verify output
@ -204,8 +198,8 @@
- "'group::r-x' in getfacl_output.stdout_lines"
- "'group::r-x' in getfacl_output.stdout_lines"
- "'other::r-x' in getfacl_output.stdout_lines"
- "'other::r-x' in getfacl_output.stdout_lines"
- "'default:user::rwx' in getfacl_output.stdout_lines"
- "'default:user::rwx' in getfacl_output.stdout_lines"
- "'default:user:{{ ansible _user }}:rw-' in getfacl_output.stdout_lines"
- "'default:user:{{ test _user }}:rw-' in getfacl_output.stdout_lines"
- "'default:group::r-x' in getfacl_output.stdout_lines"
- "'default:group::r-x' in getfacl_output.stdout_lines"
- "'default:mask::rwx' in getfacl_output.stdout_lines"
- "'default:mask::rwx' in getfacl_output.stdout_lines"
- "'default:other::r-x' in getfacl_output.stdout_lines"
- "'default:other::r-x' in getfacl_output.stdout_lines"
- "'default:group:{{ ansible _group }}:rw-' not in getfacl_output.stdout_lines"
- "'default:group:{{ test _group }}:rw-' not in getfacl_output.stdout_lines"