mirror of https://github.com/ansible/ansible.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
64 lines
2.0 KiB
YAML
64 lines
2.0 KiB
YAML
- name: Test password lock
|
|
when: ansible_facts.system in ['FreeBSD', 'OpenBSD', 'Linux']
|
|
block:
|
|
- name: Remove ansibulluser
|
|
user:
|
|
name: ansibulluser
|
|
state: absent
|
|
remove: yes
|
|
|
|
- name: Create ansibulluser with password and locked
|
|
user:
|
|
name: ansibulluser
|
|
password: "$6$rounds=656000$TT4O7jz2M57npccl$33LF6FcUMSW11qrESXL1HX0BS.bsiT6aenFLLiVpsQh6hDtI9pJh5iY7x8J7ePkN4fP8hmElidHXaeD51pbGS."
|
|
password_lock: yes
|
|
register: create_with_lock_1
|
|
|
|
- name: Create ansibulluser with password and locked again
|
|
user:
|
|
name: ansibulluser
|
|
password: "$6$rounds=656000$TT4O7jz2M57npccl$33LF6FcUMSW11qrESXL1HX0BS.bsiT6aenFLLiVpsQh6hDtI9pJh5iY7x8J7ePkN4fP8hmElidHXaeD51pbGS."
|
|
password_lock: yes
|
|
register: create_with_lock_2
|
|
|
|
- name: Ensure task reported changes appropriately
|
|
assert:
|
|
msg: The password_lock tasks did not make changes appropriately
|
|
that:
|
|
- create_with_lock_1 is changed
|
|
- create_with_lock_2 is not changed
|
|
|
|
- name: Verify account lock for BSD
|
|
when: ansible_facts.system in ['FreeBSD', 'OpenBSD']
|
|
block:
|
|
- name: BSD | Get account status
|
|
shell: "{{ status_command[ansible_facts['system']] }}"
|
|
register: account_status_locked
|
|
|
|
- name: FreeBSD | Ensure account is locked
|
|
assert:
|
|
that:
|
|
- "'LOCKED' in account_status_locked.stdout"
|
|
when: ansible_facts.system == 'FreeBSD'
|
|
|
|
|
|
- name: Verify account lock for Linux
|
|
when: ansible_facts.system == 'Linux'
|
|
block:
|
|
- name: LINUX | Get account status
|
|
getent:
|
|
database: shadow
|
|
key: ansibulluser
|
|
|
|
- name: LINUX | Ensure account is locked
|
|
assert:
|
|
that:
|
|
- getent_shadow['ansibulluser'][0].startswith('!')
|
|
|
|
|
|
always:
|
|
- name: Unlock account
|
|
user:
|
|
name: ansibulluser
|
|
password_lock: no
|