ansible/test/integration/targets/user/tasks/test_expires_new_account_epoch_negative.yml

# Test setting epoch 0 expiration when creating a new account, then removing the expiry
# https://github.com/ansible/ansible/issues/47114
- name: Remove ansibulluser
  user:
    name: ansibulluser
    state: absent

- name: Create user account with epoch 0 expiration
  user:
    name: ansibulluser
    state: present
    expires: 0
  register: user_test_expires_create0_1

- name: Create user account with epoch 0 expiration again
  user:
    name: ansibulluser
    state: present
    expires: 0
  register: user_test_expires_create0_2

- name: Change the user account to remove the expiry time
  user:
    name: ansibulluser
    expires: -1
  register: user_test_remove_expires_1

- name: Change the user account to remove the expiry time again
  user:
    name: ansibulluser
    expires: -1
  register: user_test_remove_expires_2


- name: Verify un expiration date for Linux
  block:
    - name: LINUX | Ensure changes were made appropriately
      assert:
        msg: Creating an account with 'expries=0' then removing that expriation with 'expires=-1' resulted in incorrect changes
        that:
          - user_test_expires_create0_1 is changed
          - user_test_expires_create0_2 is not changed
          - user_test_remove_expires_1 is changed
          - user_test_remove_expires_2 is not changed

    - name: LINUX | Get expiration date for ansibulluser
      getent:
        database: shadow
        key: ansibulluser

    - name: LINUX | Ensure proper expiration date was set
      assert:
        msg: "expiry is supposed to be empty or -1, not {{ getent_shadow['ansibulluser'][6] }}"
        that:
          - not getent_shadow['ansibulluser'][6] or getent_shadow['ansibulluser'][6] | int < 0
  when: ansible_facts.os_family in ['RedHat', 'Debian', 'Suse']


- name: Verify proper expiration behavior for BSD
  block:
    - name: BSD | Ensure changes were made appropriately
      assert:
        msg: Creating an account with 'expries=0' then removing that expriation with 'expires=-1' resulted in incorrect changes
        that:
          - user_test_expires_create0_1 is changed
          - user_test_expires_create0_2 is not changed
          - user_test_remove_expires_1 is not changed
          - user_test_remove_expires_2 is not changed
  when: ansible_facts.os_family == 'FreeBSD'


# Test expiration with a very large negative number. This should have the same
# result as setting -1.
- name: Set expiration date using very long negative number
  user:
    name: ansibulluser
    state: present
    expires: -2529881062
  register: user_test_expires5

- name: Ensure no change was made
  assert:
    that:
      - user_test_expires5 is not changed

- name: Verify un expiration date for Linux
  block:
    - name: LINUX | Get expiration date for ansibulluser
      getent:
        database: shadow
        key: ansibulluser

    - name: LINUX | Ensure proper expiration date was set
      assert:
        msg: "expiry is supposed to be empty or -1, not {{ getent_shadow['ansibulluser'][6] }}"
        that:
          - not getent_shadow['ansibulluser'][6] or getent_shadow['ansibulluser'][6] | int < 0
  when: ansible_facts.os_family in ['RedHat', 'Debian', 'Suse']

- name: Verify un expiration date for BSD
  block:
    - name: BSD | Get expiration date for ansibulluser
      shell: 'grep ansibulluser /etc/master.passwd | cut -d: -f 7'
      changed_when: no
      register: bsd_account_expiration

    - name: BSD | Ensure proper expiration date was set
      assert:
        msg: "expiry is supposed to be '0', not {{ bsd_account_expiration.stdout }}"
        that:
          - bsd_account_expiration.stdout == '0'
  when: ansible_facts.os_family == 'FreeBSD'