tests: Enable su tests under vanilla Ansible >= 2.11

cwd_show was useful when debugging these tests, worth keeping around.
pull/1032/head
Alex Willmer 9 months ago
parent e2f4d9275c
commit 2973d90670

@ -0,0 +1,22 @@
#!/usr/bin/env bash
# Show permissions and identities that impact the current working directory.
# On macOS libc cwd() can return EACCES after su or sudo.
# See also
# - https://github.com/ansible/ansible/pull/7078
# - https://github.com/python/cpython/issues/115911
set -o errexit
set -o nounset
set -o pipefail
whoami
groups
pwd
d=$(pwd)
while [[ "$d" != "/" && -n "$d" ]]; do
ls -ld "$d"
d=$(dirname "$d")
done
ls -ld /

@ -1,5 +1,4 @@
# Verify passwordful su behaviour # Verify passwordful su behaviour
# Ansible can't handle this on OS X. I don't care why.
- name: integration/become/su_password.yml - name: integration/become/su_password.yml
hosts: test-targets hosts: test-targets
@ -44,20 +43,54 @@
fail_msg: out={{out}} fail_msg: out={{out}}
when: is_mitogen when: is_mitogen
- name: Ensure password su succeeds. - name: Ensure password su with chdir succeeds
shell: whoami shell: whoami
args:
chdir: ~mitogen__user1
become: true become: true
become_user: mitogen__user1 become_user: mitogen__user1
register: out register: out
vars: vars:
ansible_become_pass: user1_password ansible_become_pass: user1_password
when: is_mitogen when:
# https://github.com/ansible/ansible/pull/70785
- ansible_facts.distribution not in ["MacOSX"]
or ansible_version.full is version("2.11", ">=", strict=True)
or is_mitogen
- assert: - assert:
that: that:
- out.stdout == 'mitogen__user1' - out.stdout == 'mitogen__user1'
fail_msg: out={{out}} fail_msg: out={{out}}
when: is_mitogen when:
# https://github.com/ansible/ansible/pull/70785
- ansible_facts.distribution not in ["MacOSX"]
or ansible_version.full is version("2.11", ">=", strict=True)
or is_mitogen
- name: Ensure password su without chdir succeeds
shell: whoami
become: true
become_user: mitogen__user1
register: out
vars:
ansible_become_pass: user1_password
when:
# https://github.com/ansible/ansible/pull/70785
- ansible_facts.distribution not in ["MacOSX"]
or ansible_version.full is version("2.11", ">=", strict=True)
or is_mitogen
- assert:
that:
- out.stdout == 'mitogen__user1'
fail_msg: out={{out}}
when:
# https://github.com/ansible/ansible/pull/70785
- ansible_facts.distribution not in ["MacOSX"]
or ansible_version.full is version("2.11", ">=", strict=True)
or is_mitogen
tags: tags:
- su - su
- su_password - su_password

Loading…
Cancel
Save