mirror of https://github.com/ansible/ansible.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
54 lines
1.9 KiB
YAML
54 lines
1.9 KiB
YAML
- hosts: testhost
|
|
gather_facts: no
|
|
tasks:
|
|
- name: make sure the test user is available
|
|
include_role:
|
|
name: setup_test_user
|
|
|
|
- name: verify AnsibleModule works when cwd is missing
|
|
test_cwd_missing:
|
|
register: missing
|
|
|
|
- name: record the mode of the connection user's home directory
|
|
stat:
|
|
path: "~"
|
|
vars:
|
|
ansible_become: no
|
|
register: connection_user_home
|
|
|
|
- name: limit access to the connection user's home directory
|
|
file:
|
|
state: directory
|
|
path: "{{ connection_user_home.stat.path }}"
|
|
mode: "0700"
|
|
vars:
|
|
ansible_become: no
|
|
|
|
- block:
|
|
- name: verify AnsibleModule works when cwd is unreadable
|
|
test_cwd_unreadable:
|
|
register: unreadable
|
|
vars: &test_user_become
|
|
ansible_become: yes
|
|
ansible_become_user: "{{ test_user_name }}" # root can read cwd regardless of permissions, so a non-root user is required here
|
|
ansible_become_password: "{{ test_user_plaintext_password }}"
|
|
always:
|
|
- name: restore access to the connection user's home directory
|
|
file:
|
|
state: directory
|
|
path: "{{ connection_user_home.stat.path }}"
|
|
mode: "{{ connection_user_home.stat.mode }}"
|
|
vars:
|
|
ansible_become: no
|
|
|
|
- name: get real path of home directory of the unprivileged user
|
|
raw: "{{ ansible_python_interpreter }} -c 'import os.path; print(os.path.realpath(os.path.expanduser(\"~\")))'"
|
|
register: home
|
|
vars: *test_user_become
|
|
|
|
- name: verify AnsibleModule was able to adjust cwd as expected
|
|
assert:
|
|
that:
|
|
- missing.before != missing.after
|
|
- unreadable.before != unreadable.after or unreadable.before == '/' or unreadable.before == home.stdout.strip() # allow / and $HOME fallback on macOS when using an unprivileged user
|