|
|
|
- name: integration/become/sudo_nonexistent.yml
|
|
|
|
hosts: test-targets
|
|
|
|
tasks:
|
|
|
|
|
|
|
|
- name: Verify behaviour for non-existent accounts.
|
|
|
|
shell: whoami
|
|
|
|
become: true
|
|
|
|
become_user: slartibartfast
|
|
|
|
ignore_errors: true
|
|
|
|
register: out
|
|
|
|
when:
|
|
|
|
# https://github.com/ansible/ansible/pull/70785
|
|
|
|
- ansible_facts.distribution not in ["MacOSX"]
|
|
|
|
or ansible_version.full is version("2.11", ">=", strict=True)
|
|
|
|
or is_mitogen
|
|
|
|
|
|
|
|
- name: Verify raw module output.
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- out.failed
|
|
|
|
# sudo-1.8.6p3-29.el6_10.3 on RHEL & CentOS 6.10 (final release)
|
|
|
|
# removed user/group error messages, as defence against CVE-2019-14287.
|
|
|
|
- >-
|
|
|
|
(out.module_stderr | default(out.module_stdout, true) | default(out.msg, true)) is search('sudo: unknown user:? slartibartfast')
|
|
|
|
or (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_version == '6.10')
|
|
|
|
fail_msg: |
|
|
|
|
out={{ out }}
|
|
|
|
when:
|
|
|
|
# https://github.com/ansible/ansible/pull/70785
|
|
|
|
- ansible_facts.distribution not in ["MacOSX"]
|
|
|
|
or ansible_version.full is version("2.11", ">=", strict=True)
|
|
|
|
or is_mitogen
|
|
|
|
tags:
|
|
|
|
- sudo
|
|
|
|
- sudo_nonexistent
|