# Verify passwordful su behaviour - name: integration/become/su_password.yml hosts: test-targets become_method: su tasks: - name: Ensure su password absent but required. shell: whoami become: true become_user: mitogen__user1 register: out ignore_errors: true when: is_mitogen - assert: that: - out.failed - ( ('password is required' in out.msg) or ('password is required' in out.module_stderr) ) fail_msg: out={{out}} when: is_mitogen - name: Ensure password su incorrect. shell: whoami become: true become_user: mitogen__user1 register: out vars: ansible_become_pass: nopes ignore_errors: true when: is_mitogen - assert: that: | out.failed and ( ('Incorrect su password' in out.msg) or ('su password is incorrect' in out.msg) ) fail_msg: out={{out}} when: is_mitogen - name: Ensure password su with chdir succeeds shell: whoami args: chdir: ~mitogen__user1 become: true become_user: mitogen__user1 register: out vars: ansible_become_pass: user1_password when: # https://github.com/ansible/ansible/pull/70785 - ansible_facts.distribution not in ["MacOSX"] or ansible_version.full is version("2.11", ">=", strict=True) or is_mitogen - assert: that: - out.stdout == 'mitogen__user1' fail_msg: out={{out}} when: # https://github.com/ansible/ansible/pull/70785 - ansible_facts.distribution not in ["MacOSX"] or ansible_version.full is version("2.11", ">=", strict=True) or is_mitogen - name: Ensure password su without chdir succeeds shell: whoami become: true become_user: mitogen__user1 register: out vars: ansible_become_pass: user1_password when: # https://github.com/ansible/ansible/pull/70785 - ansible_facts.distribution not in ["MacOSX"] or ansible_version.full is version("2.11", ">=", strict=True) or is_mitogen - assert: that: - out.stdout == 'mitogen__user1' fail_msg: out={{out}} when: # https://github.com/ansible/ansible/pull/70785 - ansible_facts.distribution not in ["MacOSX"] or ansible_version.full is version("2.11", ">=", strict=True) or is_mitogen tags: - su - su_password