- block: - name: Create a local temporary directory shell: mktemp -d /tmp/ansible_test.XXXXXXXXX register: tempfile_result delegate_to: localhost - set_fact: local_temp_dir: '{{ tempfile_result.stdout }}' remote_dir: '{{ output_dir }}' symlinks: ansible-test-abs-link: /tmp/ansible-test-abs-link ansible-test-abs-link-dir: /tmp/ansible-test-abs-link-dir circles: ../ invalid: invalid invalid2: ../invalid out_of_tree_circle: /tmp/ansible-test-link-dir/out_of_tree_circle subdir3: ../subdir2/subdir3 - file: path={{local_temp_dir}} state=directory name: ensure temp dir exists # file cannot do this properly, use command instead - name: Create symbolic link command: "ln -s '{{ item.value }}' '{{ item.key }}'" args: chdir: '{{role_path}}/files/subdir/subdir1' warn: no with_dict: "{{ symlinks }}" delegate_to: localhost - name: Create remote unprivileged remote user user: name: '{{ remote_unprivileged_user }}' register: user - name: Check sudoers dir stat: path: /etc/sudoers.d register: etc_sudoers - name: Set sudoers.d path fact set_fact: sudoers_d_file: "{{ '/etc/sudoers.d' if etc_sudoers.stat.exists else '/usr/local/etc/sudoers.d' }}/{{ remote_unprivileged_user }}" - name: Create sudoers file copy: dest: "{{ sudoers_d_file }}" content: "{{ remote_unprivileged_user }} ALL=(ALL) NOPASSWD: ALL" - file: path: "{{ user.home }}/.ssh" owner: '{{ remote_unprivileged_user }}' state: directory mode: 0700 - name: Duplicate authorized_keys copy: src: $HOME/.ssh/authorized_keys dest: '{{ user.home }}/.ssh/authorized_keys' owner: '{{ remote_unprivileged_user }}' mode: 0600 remote_src: yes - file: path: "{{ remote_dir }}" state: directory remote_user: '{{ remote_unprivileged_user }}' # execute tests tasks using an unprivileged user, this is useful to avoid # local/remote ambiguity when controller and managed hosts are identical. - import_tasks: tests.yml remote_user: '{{ remote_unprivileged_user }}' - import_tasks: acls.yml when: ansible_system == 'Linux' - import_tasks: selinux.yml when: ansible_os_family == 'RedHat' and ansible_selinux.get('mode') == 'enforcing' - import_tasks: no_log.yml delegate_to: localhost - import_tasks: check_mode.yml # https://github.com/ansible/ansible/issues/57618 - name: Test diff contents copy: content: 'Ansible managed\n' dest: "{{ local_temp_dir }}/file.txt" diff: yes register: diff_output - assert: that: - 'diff_output.diff[0].before == ""' - '"Ansible managed" in diff_output.diff[0].after' always: - name: Cleaning file: path: '{{ local_temp_dir }}' state: absent delegate_to: localhost - name: Remove symbolic link file: path: '{{ role_path }}/files/subdir/subdir1/{{ item.key }}' state: absent delegate_to: localhost with_dict: "{{ symlinks }}" - name: Remote unprivileged remote user user: name: '{{ remote_unprivileged_user }}' state: absent remove: yes - name: Remove sudoers.d file file: path: "{{ sudoers_d_file }}" state: absent