Commit Graph

27 Commits (e120cd2caeb41fccd2502b427628ff9ff6b66ac3)

Author SHA1 Message Date
Alex Willmer 8a34b925a4 tests: Re-enable become/sudo tests, fix them on macOS runners
The tasks in tests/imageprep/_user_accounts.yml that create users did not
specify a primary group for those users - this left the decision to Ansible's
user module, and/or the underlying OS. In Ansible 9+ (ansible-core 2.16+ the
user module defaults to primary group "staff." Earlier don't supply a default,
which releases probably results in a primary group nameed "None" (due to
stringifying the Python singleton of the same name), or whatever the macOS
Directory Services has for no data/NULL.

The invalid GID 4294967295 (MAX_UINT32 == 2**32-1) in the sudo error probably
enters the mix via something similar to sudo CVE-2019-14287.

Fixes #692

See
- https://github.com/ansible/ansible/pull/79999
- https://github.com/ansible/ansible/commit/c69c83c962f987c78af98da0746527df
- https://www.sudo.ws/security/advisories/minus_1_uid/

> Bruce Wayne : [confused]  Am I meant to understand any of that?
> Lucius Fox : Not at all, I just wanted you to know how hard it was.
> -- Batman Begins
1 month ago
Alex Willmer 6accc87da1 tests: Improve Ansible fail_msg formatting
By switching to block style (`|`) with clip (no `-` or `+`) the failure
messages don't require quoting and gain a single trailing newline. This causes
Ansible to print them as block style, when using the yaml stdout callback
plugin. As a result the values have one less layer of quoting and quote
escaping, making them much easier to read.
2 months ago
Alex Willmer 45c42d386a tests: Replace uses of ``include:``, unify skipping of mitogen only tests
The tag mitogen_only is only informational for now. It may be possible to use
it with ANSIBLE_SKIP_TAGS in the future.
8 months ago
Alex Willmer db0ffae352 tests: Enable stricter error handling, fix resulting failures 2 years ago
Alex Willmer 3c58215a91 tests: Tag Ansible tests
This makes it easier to run subsets using ANSIBLE_RUN_TAGS=...
3 years ago
Alex Willmer cfa5888547 tests: Print variables on failure of assert tasks
Fixes #852
3 years ago
Steven Robertson b26a636bba remove ansible 2.4-specific test 4 years ago
Steven Robertson ecb15cd5f0 disable failing Azure test but that works locally 5 years ago
Steven Robertson 79b8814142 bump macOS test vm to replicate what passes locally 5 years ago
Steven Robertson a7fe74cdba forgot to dump gid info 5 years ago
Steven Robertson 96f896b56c added debugging to figure out what's up with become_user and sudo runas gid not found 5 years ago
Steven Robertson 371ef07683 with statement doesn't exist in early python 5 years ago
Steven Robertson 9eedff97a6 closed fp after writing to temp files 5 years ago
David Wilson f36b4b47bf issue #554: don't rely on tmp_path autoremoval in test.
Ansible doesn't do this, so we shouldn't either.
6 years ago
David Wilson 2eb3ea78d6 tests: remove a bunch of stray debug 6 years ago
David Wilson 5521945bd2 ansible: temporary files take 5. 6 years ago
David Wilson 001b63074c tests: fix another typo. 6 years ago
David Wilson d5524178bf tests: fix bonehead syntax error. 6 years ago
David Wilson 65f03e03f5 tests: remote_tmp test fixes. 6 years ago
David Wilson ac9b84d237 issue #321: 2.4+ compatibility fixes, disable test on Vanilla. 6 years ago
David Wilson a2686b1a2c issue #321: simplify temp directory handling. 6 years ago
David Wilson a8e4dcc98d issue #301: correct remote_tmp evaluation context.
Vanilla Ansible expands remote_tmp variables in the context of the login
account, not any become_user account.
6 years ago
David Wilson 962ba862e9 tests: use test-targets group, not all group 7 years ago
David Wilson ce260933d9 tests: consistent play naming everywhere 7 years ago
David Wilson 63e2ec6406 tests: expanduser lookup runs locally 7 years ago
David Wilson 472610805f tests: fix remote_tmp test on 2.5.x. 7 years ago
David Wilson b9d4ec57b3 issue #164: some more ActionMixin tests. 7 years ago