mirror of https://github.com/ansible/ansible.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
91 lines
2.7 KiB
YAML
91 lines
2.7 KiB
YAML
# test user add with password
|
|
- name: add an encrypted password for user
|
|
user:
|
|
name: ansibulluser
|
|
password: "$6$rounds=656000$TT4O7jz2M57npccl$33LF6FcUMSW11qrESXL1HX0BS.bsiT6aenFLLiVpsQh6hDtI9pJh5iY7x8J7ePkN4fP8hmElidHXaeD51pbGS."
|
|
state: present
|
|
update_password: always
|
|
register: test_user_encrypt0
|
|
|
|
- name: there should not be warnings
|
|
assert:
|
|
that: "'warnings' not in test_user_encrypt0"
|
|
|
|
# https://github.com/ansible/ansible/issues/65711
|
|
- name: Test updating password only on creation
|
|
user:
|
|
name: ansibulluser
|
|
password: '*'
|
|
update_password: on_create
|
|
register: test_user_update_password
|
|
|
|
- name: Ensure password was not changed
|
|
assert:
|
|
that:
|
|
- test_user_update_password is not changed
|
|
|
|
- name: Verify password hash for Linux
|
|
when: ansible_facts.os_family in ['RedHat', 'Debian', 'Suse']
|
|
block:
|
|
- name: LINUX | Get shadow entry for ansibulluser
|
|
getent:
|
|
database: shadow
|
|
key: ansibulluser
|
|
|
|
- name: LINUX | Ensure password hash was not removed
|
|
assert:
|
|
that:
|
|
- getent_shadow['ansibulluser'][1] != '*'
|
|
|
|
- name: Test plaintext warning
|
|
when: ansible_facts.system != 'Darwin'
|
|
block:
|
|
- name: add an plaintext password for user
|
|
user:
|
|
name: ansibulluser
|
|
password: "plaintextpassword"
|
|
state: present
|
|
update_password: always
|
|
register: test_user_encrypt1
|
|
|
|
- name: there should be a warning complains that the password is plaintext
|
|
assert:
|
|
that: "'warnings' in test_user_encrypt1"
|
|
|
|
- name: add an invalid hashed password
|
|
user:
|
|
name: ansibulluser
|
|
password: "$6$rounds=656000$tgK3gYTyRLUmhyv2$lAFrYUQwn7E6VsjPOwQwoSx30lmpiU9r/E0Al7tzKrR9mkodcMEZGe9OXD0H/clOn6qdsUnaL4zefy5fG+++++"
|
|
state: present
|
|
update_password: always
|
|
register: test_user_encrypt2
|
|
|
|
- name: there should be a warning complains about the character set of password
|
|
assert:
|
|
that: "'warnings' in test_user_encrypt2"
|
|
|
|
- name: change password to '!'
|
|
user:
|
|
name: ansibulluser
|
|
password: '!'
|
|
register: test_user_encrypt3
|
|
|
|
- name: change password to '*'
|
|
user:
|
|
name: ansibulluser
|
|
password: '*'
|
|
register: test_user_encrypt4
|
|
|
|
- name: change password to '*************'
|
|
user:
|
|
name: ansibulluser
|
|
password: '*************'
|
|
register: test_user_encrypt5
|
|
|
|
- name: there should be no warnings when setting the password to '!', '*' or '*************'
|
|
assert:
|
|
that:
|
|
- "'warnings' not in test_user_encrypt3"
|
|
- "'warnings' not in test_user_encrypt4"
|
|
- "'warnings' not in test_user_encrypt5"
|