# (c) 2017, Martin Krizek # This file is part of Ansible # # Ansible is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Ansible is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Ansible. If not, see . - name: Create ansible user user: name: "{{ test_user }}" - name: Create ansible group group: name: "{{ test_group }}" - name: Create ansible file file: path: "{{ test_file }}" state: touch - name: Create ansible dir file: path: "{{ test_dir }}" state: directory ############################################################################## - name: Grant ansible user read access to a file acl: path: "{{ test_file }}" entity: "{{ test_user }}" etype: user permissions: r state: present register: output - name: get getfacl output shell: "getfacl {{ test_file }}" register: getfacl_output - name: verify output assert: that: - output is changed - output is not failed - "'user:{{ test_user }}:r--' in output.acl" - "'user:{{ test_user }}:r--' in getfacl_output.stdout_lines" ############################################################################## - name: Obtain the acl for a specific file acl: path: "{{ test_file }}" register: output - name: get getfacl output shell: "getfacl {{ test_file }}" register: getfacl_output - name: verify output assert: that: - output is not changed - output is not failed - "'user::rw-' in output.acl" - "'user:{{ test_user }}:r--' in output.acl" - "'group::r--' in output.acl" - "'mask::r--' in output.acl" - "'other::r--' in output.acl" - "'user::rw-' in getfacl_output.stdout_lines" - "'user:{{ test_user }}:r--' in getfacl_output.stdout_lines" - "'group::r--' in getfacl_output.stdout_lines" - "'mask::r--' in getfacl_output.stdout_lines" - "'other::r--' in getfacl_output.stdout_lines" ############################################################################## - name: Removes the acl for ansible user on a specific file acl: path: "{{ test_file }}" entity: "{{ test_user }}" etype: user state: absent register: output - name: get getfacl output shell: "getfacl {{ test_file }}" register: getfacl_output - name: verify output assert: that: - output is changed - output is not failed - "'user:{{ test_user }}:r--' not in output.acl" - "'user:{{ test_user }}:r--' not in getfacl_output.stdout_lines" ############################################################################## - name: Sets default acl for ansible user on ansible dir acl: path: "{{ test_dir }}" entity: "{{ test_user }}" etype: user permissions: rw default: yes state: present register: output - name: get getfacl output shell: "getfacl {{ test_dir }}" register: getfacl_output - name: verify output assert: that: - output is changed - output is not failed - "'user:{{ test_user }}:rw-' in output.acl" - "'default:user:{{ test_user }}:rw-' in getfacl_output.stdout_lines" ############################################################################## - name: Cleanup shell: "setfacl -b {{ test_dir }}" ############################################################################## - name: Same as previous but using entry shorthand acl: path: "{{ test_dir }}" entry: "user:{{ test_user }}:rw-" default: yes state: present register: output - name: get getfacl output shell: "getfacl {{ test_dir }}" register: getfacl_output - name: verify output assert: that: - output is changed - output is not failed - "'user:{{ test_user }}:rw-' in output.acl" - "'default:user:{{ test_user }}:rw-' in getfacl_output.stdout_lines" ############################################################################## - name: Same as previous, to test idempotence acl: path: "{{ test_dir }}" entry: "user:{{ test_user }}:rw-" default: yes state: present register: output - name: get getfacl output shell: "getfacl {{ test_dir }}" register: getfacl_output - name: verify output assert: that: - output is not changed - output is not failed - "'user:{{ test_user }}:rw-' in output.acl" - "'default:user:{{ test_user }}:rw-' in getfacl_output.stdout_lines" ############################################################################## - name: Cleanup shell: "setfacl -b {{ test_dir }}" ############################################################################## - name: Set default acls acl: path: "{{ test_dir }}" entry: "{{ item }}" default: yes state: present with_items: - "user:{{ test_user }}:rw-" - "group:{{ test_group }}:rw-" - name: Remove default group test_user acl acl: path: "{{ test_dir }}" entry: "group:{{ test_group }}:rw-" default: yes state: absent register: output - name: get getfacl output shell: "getfacl {{ test_dir }}" register: getfacl_output - name: verify output assert: that: - output is changed - output is not failed - "'user::rwx' in getfacl_output.stdout_lines" - "'group::r-x' in getfacl_output.stdout_lines" - "'other::r-x' in getfacl_output.stdout_lines" - "'default:user::rwx' in getfacl_output.stdout_lines" - "'default:user:{{ test_user }}:rw-' in getfacl_output.stdout_lines" - "'default:group::r-x' in getfacl_output.stdout_lines" - "'default:mask::rwx' in getfacl_output.stdout_lines" - "'default:other::r-x' in getfacl_output.stdout_lines" - "'default:group:{{ test_group }}:rw-' not in getfacl_output.stdout_lines"