archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge 5d154ae05b into 7b4d4ed672

Browse Source
lum7na 2 days ago committed by GitHub
parent 7b4d4ed672 5d154ae05b
commit e7029b4907
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
changelogs/fragments/85542-warning-when-using-seuser-on-alpine.yml
Unescape Escape View File

@ -0,0 +1,2 @@
bugfixes:
- user - The seuser parameter will be ignored on Alpine and print a warning (https://github.com/ansible/ansible/issues/85542).

10
lib/ansible/modules/user.py
Unescape Escape View File

@ -44,6 +44,7 @@ options:
seuser: seuser:
description: description:
- Optionally sets the C(seuser) type C(user_u) on SELinux enabled systems. - Optionally sets the C(seuser) type C(user_u) on SELinux enabled systems.
- This parameter will be ignored on macOS, *BSD, BusyBox-based distros and Buildroot.
type: str type: str
version_added: "2.1" version_added: "2.1"
group: group:
@ -1345,6 +1346,12 @@ class User(object):
return None return None
return ssh_public_key return ssh_public_key
def check_seuser_support(self):
# Now only Generic platform supports the seuser parameter
if self.platform != 'Generic':
self.module.warn(f"The 'seuser' parameter is not supported on {self.distribution or self.platform} "
"as it lacks SELinux support and has been ignored.")
def create_user(self): def create_user(self):
# by default we use the create_user_useradd method # by default we use the create_user_useradd method
return self.create_user_useradd() return self.create_user_useradd()
@ -3355,6 +3362,9 @@ def main():
if not os.path.isdir(parent): if not os.path.isdir(parent):
path_needs_parents = True path_needs_parents = True
if user.seuser:
user.check_seuser_support()
(rc, out, err) = user.create_user() (rc, out, err) = user.create_user()
# If the home path had parent directories that needed to be created, # If the home path had parent directories that needed to be created,

3
test/integration/targets/user/tasks/main.yml
Unescape Escape View File

@ -34,3 +34,6 @@
- ansible_facts.system == 'Linux' - ansible_facts.system == 'Linux'
- ansible_distribution != 'Alpine' - ansible_distribution != 'Alpine'
- import_tasks: ssh_keygen.yml - import_tasks: ssh_keygen.yml
- import_tasks: test_seuser.yml
when:
- ansible_facts.system in ['FreeBSD', 'OpenBSD', 'Darwin'] or ansible_distribution == 'Alpine'

16
test/integration/targets/user/tasks/test_seuser.yml
Unescape Escape View File

@ -0,0 +1,16 @@
- name: Try creating user with nonexistent SELinux user
user:
name: badseuser
seuser: nonexistent_u
state: present
register: test_seuser
- name: there should be warnings
assert:
that: test_seuser.warnings[0] is contains "lacks SELinux support"
- name: Cleanup test account
user:
name: badseuser
state: absent
remove: yes
Write Preview
Loading…
Cancel
Save