You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
# Verify passwordful su behaviour
|
|
|
|
# Ansible can't handle this on OS X. I don't care why.
|
|
|
|
|
|
|
|
- name: integration/become/su_password.yml
|
|
|
|
hosts: test-targets
|
|
|
|
become_method: su
|
|
|
|
tasks:
|
|
|
|
|
|
|
|
- name: Ensure su password absent but required.
|
|
|
|
shell: whoami
|
|
|
|
become: true
|
|
|
|
become_user: mitogen__user1
|
|
|
|
register: out
|
|
|
|
ignore_errors: true
|
|
|
|
when: is_mitogen
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- out.failed
|
|
|
|
- (
|
|
|
|
('password is required' in out.msg) or
|
|
|
|
('password is required' in out.module_stderr)
|
|
|
|
)
|
|
|
|
fail_msg: out={{out}}
|
|
|
|
when: is_mitogen
|
|
|
|
|
|
|
|
|
|
|
|
- name: Ensure password su incorrect.
|
|
|
|
shell: whoami
|
|
|
|
become: true
|
|
|
|
become_user: mitogen__user1
|
|
|
|
register: out
|
|
|
|
vars:
|
|
|
|
ansible_become_pass: nopes
|
|
|
|
ignore_errors: true
|
|
|
|
when: is_mitogen
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that: |
|
|
|
|
out.failed and (
|
|
|
|
('Incorrect su password' in out.msg) or
|
|
|
|
('su password is incorrect' in out.msg)
|
|
|
|
)
|
|
|
|
fail_msg: out={{out}}
|
|
|
|
when: is_mitogen
|
|
|
|
|
|
|
|
- name: Ensure password su succeeds.
|
|
|
|
shell: whoami
|
|
|
|
become: true
|
|
|
|
become_user: mitogen__user1
|
|
|
|
register: out
|
|
|
|
vars:
|
|
|
|
ansible_become_pass: user1_password
|
|
|
|
when: is_mitogen
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- out.stdout == 'mitogen__user1'
|
|
|
|
fail_msg: out={{out}}
|
|
|
|
when: is_mitogen
|
|
|
|
tags:
|
|
|
|
- su
|
|
|
|
- su_password
|