mitogen/tests/ansible/integration/become/sudo_nonexistent.yml

- name: integration/become/sudo_nonexistent.yml
  hosts: test-targets
  any_errors_fatal: true
  tasks:

    - name: Verify behaviour for non-existent accounts.
      shell: whoami
      become: true
      become_user: slartibartfast
      ignore_errors: true
      register: out
      when:
        # https://github.com/ansible/ansible/pull/70785
        - ansible_facts.distribution not in ["MacOSX"]
          or ansible_version.full is version("2.11", ">=", strict=True)
          or is_mitogen

    - name: Verify raw module output.
      assert:
        that:
          - out.failed
          # sudo-1.8.6p3-29.el6_10.3 on RHEL & CentOS 6.10 (final release)
          # removed user/group error messages, as defence against CVE-2019-14287.
          - >-
            'sudo: unknown user: slartibartfast' in out.module_stdout | default(out.msg)
            or 'sudo: unknown user: slartibartfast' in out.module_stderr | default(out.msg)
            or (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_version == '6.10')
        fail_msg: out={{out}}
      when:
        # https://github.com/ansible/ansible/pull/70785
        - ansible_facts.distribution not in ["MacOSX"]
          or ansible_version.full is version("2.11", ">=", strict=True)
          or is_mitogen
  tags:
    - sudo
    - sudo_nonexistent
tests: consistent play naming everywhere 7 years ago			`- name: integration/become/sudo_nonexistent.yml`
tests: use test-targets group, not all group 7 years ago			`hosts: test-targets`
ansible: tests for sudo behaviour; closes #143. 7 years ago			`any_errors_fatal: true`
			`tasks:`

			`- name: Verify behaviour for non-existent accounts.`
			`shell: whoami`
			`become: true`
			`become_user: slartibartfast`
			`ignore_errors: true`
			`register: out`
CI: Skip unprivileged become tests on MacOS with Ansible < 2.11 Ansible 2.10 and earlier try to use setfacl, which is not present on MacOS. Ansible 2.11 and later use chmod +a instead. 3 years ago			`when:`
			`# https://github.com/ansible/ansible/pull/70785`
			`- ansible_facts.distribution not in ["MacOSX"]`
			`or ansible_version.full is version("2.11", ">=", strict=True)`
			`or is_mitogen`
ansible: tests for sudo behaviour; closes #143. 7 years ago
			`- name: Verify raw module output.`
			`assert:`
tests: Rebuild Docker containers A few changes are bundled in this - Ansible 2.10.x and Mitogen 0.3.x are used to build nearly all images (Ansile 2.3.x is retained for CentOS 5, because it uses Python 2.4). - Tox is used to install/run Ansible, replacing build_docker_images.py - A static inventory, identifying containers by name rather than ID. - debian-test image is renamed to debian9-test - debian9-test image is now based on debian:9 - centos6-test image is now based on moreati/centos6-vault following the same scheme as centos5-test. - Images are now uploaded to Amazon Elastic Container Registry (ECR). See #809. - Debian recommended packages aren't installed (e.g. build-essential) - Python 2.x and Python 3.x are installed wherever available. - Python Virtualenv is installed wherever available. 4 years ago			`that:`
			`- out.failed`
			`# sudo-1.8.6p3-29.el6_10.3 on RHEL & CentOS 6.10 (final release)`
			`# removed user/group error messages, as defence against CVE-2019-14287.`
			`- >-`
Support for Ansible 3 & 4 fixes #834 Co-authored-by: Claude Becker (@upekkha) Co-authored-by: Dolph Mathews (@dolph) 3 years ago			`'sudo: unknown user: slartibartfast' in out.module_stdout \| default(out.msg)`
			`or 'sudo: unknown user: slartibartfast' in out.module_stderr \| default(out.msg)`
tests: Rebuild Docker containers A few changes are bundled in this - Ansible 2.10.x and Mitogen 0.3.x are used to build nearly all images (Ansile 2.3.x is retained for CentOS 5, because it uses Python 2.4). - Tox is used to install/run Ansible, replacing build_docker_images.py - A static inventory, identifying containers by name rather than ID. - debian-test image is renamed to debian9-test - debian9-test image is now based on debian:9 - centos6-test image is now based on moreati/centos6-vault following the same scheme as centos5-test. - Images are now uploaded to Amazon Elastic Container Registry (ECR). See #809. - Debian recommended packages aren't installed (e.g. build-essential) - Python 2.x and Python 3.x are installed wherever available. - Python Virtualenv is installed wherever available. 4 years ago			`or (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_version == '6.10')`
tests: Print variables on failure of assert tasks Fixes #852 3 years ago			`fail_msg: out={{out}}`
CI: Skip unprivileged become tests on MacOS with Ansible < 2.11 Ansible 2.10 and earlier try to use setfacl, which is not present on MacOS. Ansible 2.11 and later use chmod +a instead. 3 years ago			`when:`
			`# https://github.com/ansible/ansible/pull/70785`
			`- ansible_facts.distribution not in ["MacOSX"]`
			`or ansible_version.full is version("2.11", ">=", strict=True)`
			`or is_mitogen`
tests: Tag Ansible tests This makes it easier to run subsets using ANSIBLE_RUN_TAGS=... 3 years ago			`tags:`
			`- sudo`
			`- sudo_nonexistent`