Split integration test fixes. (#78281)

* Add setup_test_user integration target. This integration target creates a temporary test user and removes it when the current integration target finishes. This user is configured with a password so it can be used with become, even when the current user is unprivileged. * Fix slurp integration test. * Fix unarchive integration test. * Fix module_utils integration test.
2 years ago · ee4588abca
parent b63812bc08
commit ee4588abca
14 changed files with 152 additions and 115 deletions
--- a/test/integration/targets/module_utils/aliases
+++ b/test/integration/targets/module_utils/aliases
@ -1,5 +1,6 @@
 shippable/posix/group3
 needs/root
-needs/target/setup_nobody
+needs/target/setup_test_user
 needs/target/setup_remote_tmp_dir
 context/target
+destructive
--- a/test/integration/targets/module_utils/module_utils_basic_setcwd.yml
+++ b/test/integration/targets/module_utils/module_utils_basic_setcwd.yml
@ -1,25 +1,50 @@
 - hosts: testhost
  gather_facts: no
  tasks:
-    - name: make sure the nobody user is available
+    - name: make sure the test user is available
      include_role:
-        name: setup_nobody
+        name: setup_test_user

    - name: verify AnsibleModule works when cwd is missing
      test_cwd_missing:
      register: missing

-    - name: verify AnsibleModule works when cwd is unreadable
-      test_cwd_unreadable:
-      register: unreadable
-      become: yes
-      become_user: nobody  # root can read cwd regardless of permissions, so a non-root user is required here
+    - name: record the mode of the connection user's home directory
+      stat:
+        path: "~"
+      vars:
+        ansible_become: no
+      register: connection_user_home
+
+    - name: limit access to the connection user's home directory
+      file:
+        state: directory
+        path: "{{ connection_user_home.stat.path }}"
+        mode: "0700"
+      vars:
+        ansible_become: no
+
+    - block:
+        - name: verify AnsibleModule works when cwd is unreadable
+          test_cwd_unreadable:
+          register: unreadable
+          vars: &test_user_become
+            ansible_become: yes
+            ansible_become_user: "{{ test_user_name }}"  # root can read cwd regardless of permissions, so a non-root user is required here
+            ansible_become_password: "{{ test_user_plaintext_password }}"
+      always:
+        - name: restore access to the connection user's home directory
+          file:
+            state: directory
+            path: "{{ connection_user_home.stat.path }}"
+            mode: "{{ connection_user_home.stat.mode }}"
+          vars:
+            ansible_become: no

    - name: get real path of home directory of the unprivileged user
      raw: "{{ ansible_python_interpreter }} -c 'import os.path; print(os.path.realpath(os.path.expanduser(\"~\")))'"
      register: home
-      become: yes
-      become_user: nobody
+      vars: *test_user_become

    - name: verify AnsibleModule was able to adjust cwd as expected
      assert:
--- a/test/integration/targets/setup_test_user/handlers/main.yml
+++ b/test/integration/targets/setup_test_user/handlers/main.yml
@ -0,0 +1,6 @@
+- name: delete test user
+  user:
+    name: "{{ test_user_name }}"
+    state: absent
+    remove: yes
+    force: yes
--- a/test/integration/targets/setup_test_user/tasks/default.yml
+++ b/test/integration/targets/setup_test_user/tasks/default.yml
@ -0,0 +1,14 @@
+- name: set variables
+  set_fact:
+    test_user_name: ansibletest0
+    test_user_group: null
+
+- name: set plaintext password
+  no_log: yes
+  set_fact:
+    test_user_plaintext_password: "{{ lookup('password', '/dev/null') }}"
+
+- name: set hashed password
+  no_log: yes
+  set_fact:
+    test_user_hashed_password: "{{ test_user_plaintext_password | password_hash('sha512') }}"
--- a/test/integration/targets/setup_test_user/tasks/macosx.yml
+++ b/test/integration/targets/setup_test_user/tasks/macosx.yml
@ -0,0 +1,14 @@
+- name: set variables
+  set_fact:
+    test_user_name: ansibletest0
+    test_user_group: staff
+
+- name: set plaintext password
+  no_log: yes
+  set_fact:
+    test_user_plaintext_password: "{{ lookup('password', '/dev/null') }}"
+
+- name: set hashed password
+  no_log: yes
+  set_fact:
+    test_user_hashed_password: "{{ test_user_plaintext_password }}"
--- a/test/integration/targets/setup_test_user/tasks/main.yml
+++ b/test/integration/targets/setup_test_user/tasks/main.yml
@ -0,0 +1,37 @@
+- name: gather distribution facts
+  gather_facts:
+    gather_subset: distribution
+  when: ansible_distribution is not defined
+
+- name: include distribution specific tasks
+  include_tasks: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution | lower }}.yml"
+        - default.yml
+      paths:
+        - tasks
+
+- name: create test user
+  user:
+    name: "{{ test_user_name }}"
+    group: "{{ test_user_group or omit }}"
+    password: "{{ test_user_hashed_password or omit }}"
+  register: test_user
+  notify:
+    - delete test user
+
+- name: run whoami as the test user
+  shell: whoami
+  vars:
+    # ansible_become_method and ansible_become_flags are not set, allowing them to be provided by inventory
+    ansible_become: yes
+    ansible_become_user: "{{ test_user_name }}"
+    ansible_become_password: "{{ test_user_plaintext_password }}"
+  register: whoami
+
+- name: verify becoming the test user worked
+  assert:
+    that:
+      - whoami.stdout == test_user_name
--- a/test/integration/targets/slurp/aliases
+++ b/test/integration/targets/slurp/aliases
@ -1 +1,2 @@
 shippable/posix/group1
+destructive
--- a/test/integration/targets/slurp/defaults/main.yml
+++ b/test/integration/targets/slurp/defaults/main.yml
@ -1 +0,0 @@
-become_test_user: testuser
--- a/test/integration/targets/slurp/handlers/main.yml
+++ b/test/integration/targets/slurp/handlers/main.yml
@ -1,6 +0,0 @@
- name: remove test user and their home dir
-  user:
-    name: "{{ become_test_user }}"
-    state: absent
-    remove: yes
-    force: yes
--- a/test/integration/targets/slurp/meta/main.yml
+++ b/test/integration/targets/slurp/meta/main.yml
@ -1,2 +1,3 @@
 dependencies:
  - setup_remote_tmp_dir
+  - setup_test_user
--- a/test/integration/targets/slurp/tasks/test_unreadable.yml
+++ b/test/integration/targets/slurp/tasks/test_unreadable.yml
@ -17,12 +17,6 @@

 # Ensure unreadable file and directory handling and error messages
 # https://github.com/ansible/ansible/issues/67340
- name: create test user
-  user:
-    name: "{{ become_test_user }}"
-    create_home: yes
-  notify:
-    - "remove test user and their home dir"

 - name: create unreadable file
  copy:
@ -35,9 +29,10 @@
  slurp:
    src: "{{ remote_tmp_dir }}/qux.txt"
  register: slurp_unreadable_file
-  become: yes
-  become_user: "{{ become_test_user }}"
-  become_method: su
+  vars: &test_user_become
+    ansible_become: yes
+    ansible_become_user: "{{ test_user_name }}"
+    ansible_become_password: "{{ test_user_plaintext_password }}"
  ignore_errors: yes

 - name: create unreadable directory
@ -51,9 +46,7 @@
  slurp:
    src: "{{ remote_tmp_dir }}/test_data"
  register: slurp_unreadable_dir
-  become: yes
-  become_user: "{{ become_test_user }}"
-  become_method: su
+  vars: *test_user_become
  ignore_errors: yes

 - name: Try to access file as directory
--- a/test/integration/targets/unarchive/meta/main.yml
+++ b/test/integration/targets/unarchive/meta/main.yml
@ -1,4 +1,4 @@
 dependencies:
-  - prepare_tests
  - setup_remote_tmp_dir
  - setup_gnutar
+  - setup_test_user
--- a/test/integration/targets/unarchive/tasks/test_ownership_top_folder.yml
+++ b/test/integration/targets/unarchive/tasks/test_ownership_top_folder.yml
@ -1,73 +1,50 @@
- name: Create unarchivetest3 user
-  user:
-    name: unarchivetest3
-    group: "{{ group_table[ansible_facts['distribution']] | default(omit) }}"
-  register: user
-  vars:
-    group_table:
-      MacOSX: staff
-
 - name: Test unarchiving as root and apply different ownership to top folder
-  become: yes
-  become_user: root
+  vars:
+    ansible_become: yes
+    ansible_become_user: root
+    ansible_become_password: null
  block:
-
    - name: Create top folder owned by root
      file:
-        path: "{{ user.home }}/tarball-top-folder"
+        path: "{{ test_user.home }}/tarball-top-folder"
        state: directory
        owner: root

    - name: Add a file owned by root
      copy:
        src: foo.txt
-        dest: "{{ user.home }}/tarball-top-folder/foo-unarchive.txt"
+        dest: "{{ test_user.home }}/tarball-top-folder/foo-unarchive.txt"
        mode: preserve

    - name: Create a tarball as root. This tarball won't list the top folder when doing "tar tvf test-tarball.tar.gz"
      shell: tar -czf test-tarball.tar.gz tarball-top-folder/foo-unarchive.txt
      args:
-        chdir: "{{ user.home }}"
-        creates: "{{ user.home }}/test-tarball.tar.gz"
+        chdir: "{{ test_user.home }}"
+        creates: "{{ test_user.home }}/test-tarball.tar.gz"

-    - name: Create unarchive destination folder in /home/unarchivetest3/unarchivetest3-unarchive
+    - name: Create unarchive destination folder in {{ test_user.home }}/unarchivetest3-unarchive
      file:
-        path: "{{ user.home }}/unarchivetest3-unarchive"
+        path: "{{ test_user.home }}/unarchivetest3-unarchive"
        state: directory
-        owner: unarchivetest3
-        group: "{{ user.group }}"
+        owner: "{{ test_user.name }}"
+        group: "{{ test_user.group }}"

-    - name: unarchive the tarball as root. apply ownership for unarchivetest3
+    - name: "unarchive the tarball as root. apply ownership for {{ test_user.name }}"
      unarchive:
-        src: "{{ user.home }}/test-tarball.tar.gz"
-        dest: "{{ user.home }}/unarchivetest3-unarchive"
+        src: "{{ test_user.home }}/test-tarball.tar.gz"
+        dest: "{{ test_user.home }}/unarchivetest3-unarchive"
        remote_src: yes
        list_files: True
-        owner: unarchivetest3
-        group: "{{ user.group }}"
+        owner: "{{ test_user.name }}"
+        group: "{{ test_user.group }}"

    - name: Stat the extracted top folder
      stat:
-        path: "{{ user.home }}/unarchivetest3-unarchive/tarball-top-folder"
+        path: "{{ test_user.home }}/unarchivetest3-unarchive/tarball-top-folder"
      register: top_folder_info

-    - name: verify that extracted top folder is owned by unarchivetest3
+    - name: "verify that extracted top folder is owned by {{ test_user.name }}"
      assert:
        that:
-          - top_folder_info.stat.pw_name == "unarchivetest3"
-          - top_folder_info.stat.gid == {{ user.group }}
-
-  always:
-    - name: remove our unarchivetest3 user and files
-      user:
-        name: unarchivetest3
-        state: absent
-        remove: yes
-      become: no
-
-    - name: Remove user home directory on macOS
-      file:
-        path: /Users/unarchivetest3
-        state: absent
-      become: no
-      when: ansible_facts.distribution == 'MacOSX'
+          - top_folder_info.stat.pw_name == test_user.name
+          - top_folder_info.stat.gid == test_user.group
--- a/test/integration/targets/unarchive/tasks/test_unprivileged_user.yml
+++ b/test/integration/targets/unarchive/tasks/test_unprivileged_user.yml
@ -1,44 +1,37 @@
- name: Create unarchivetest1 user
-  user:
-    name: unarchivetest1
-    group: "{{ group_table[ansible_facts['distribution']] | default(omit) }}"
-  register: user
-  vars:
-    group_table:
-      MacOSX: staff
-
 - name: Test unarchiving twice as unprivileged user
-  become: yes
-  become_user: unarchivetest1
+  vars:
+    ansible_become: yes
+    ansible_become_user: "{{ test_user_name }}"
+    ansible_become_password: "{{ test_user_plaintext_password }}"
  block:
    - name: prep our file
      copy:
        src: foo.txt
-        dest: "{{ user.home }}/foo-unarchive.txt"
+        dest: "{{ test_user.home }}/foo-unarchive.txt"
        mode: preserve

-    - name: Prep a zip file as unarchivetest1 user
+    - name: Prep a zip file as {{ test_user.name }} user
      shell: zip unarchivetest1-unarchive.zip foo-unarchive.txt
      args:
-        chdir: "{{ user.home }}"
-        creates: "{{ user.home }}/unarchivetest1-unarchive.zip"
+        chdir: "{{ test_user.home }}"
+        creates: "{{ test_user.home }}/unarchivetest1-unarchive.zip"

-    - name: create our zip unarchive destination as unarchivetest1 user
+    - name: create our zip unarchive destination as {{ test_user.name }} user
      file:
-        path: "{{ user.home }}/unarchivetest1-unarchive-zip"
+        path: "{{ test_user.home }}/unarchivetest1-unarchive-zip"
        state: directory

-    - name: unarchive a zip file as unarchivetest1 user
+    - name: unarchive a zip file as {{ test_user.name }} user
      unarchive:
-        src: "{{ user.home }}/unarchivetest1-unarchive.zip"
-        dest: "{{ user.home }}/unarchivetest1-unarchive-zip"
+        src: "{{ test_user.home }}/unarchivetest1-unarchive.zip"
+        dest: "{{ test_user.home }}/unarchivetest1-unarchive-zip"
        remote_src: yes
        list_files: True
      register: unarchive10

    - name: stat the unarchived file
      stat:
-        path: "{{ user.home }}/unarchivetest1-unarchive-zip/foo-unarchive.txt"
+        path: "{{ test_user.home }}/unarchivetest1-unarchive-zip/foo-unarchive.txt"
      register: archive_path

    - name: verify that the tasks performed as expected
@ -53,8 +46,8 @@

    - name: repeat the last request to verify no changes
      unarchive:
-        src: "{{ user.home }}/unarchivetest1-unarchive.zip"
-        dest: "{{ user.home }}/unarchivetest1-unarchive-zip"
+        src: "{{ test_user.home }}/unarchivetest1-unarchive.zip"
+        dest: "{{ test_user.home }}/unarchivetest1-unarchive-zip"
        remote_src: yes
        list_files: True
      register: unarchive10b
@ -68,21 +61,3 @@
        that:
          - unarchive10b is not changed
      ignore_errors: yes
-
-  always:
-    - name: remove our unarchivetest1 user and files
-      user:
-        name: unarchivetest1
-        state: absent
-        remove: yes
-        force: yes
-      become: yes
-      become_user: root
-
-    - name: ensure home directory has been removed
-      stat:
-        path: "{{ user.home }}"
-      become: yes
-      become_user: root
-      register: home_dir
-      failed_when: home_dir.stat.exists