- name: integration/become/sudo_nonexistent.yml hosts: test-targets tasks: - name: Verify behaviour for non-existent accounts. shell: whoami become: true become_user: slartibartfast ignore_errors: true register: out when: # https://github.com/ansible/ansible/pull/70785 - ansible_facts.distribution not in ["MacOSX"] or ansible_version.full is version("2.11", ">=", strict=True) or is_mitogen - name: Verify raw module output. assert: that: - out.failed # sudo-1.8.6p3-29.el6_10.3 on RHEL & CentOS 6.10 (final release) # removed user/group error messages, as defence against CVE-2019-14287. - >- (out.module_stderr | default(out.module_stdout, true) | default(out.msg, true)) is search('sudo: unknown user:? slartibartfast') or (ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_version == '6.10') fail_msg: | out={{ out }} when: # https://github.com/ansible/ansible/pull/70785 - ansible_facts.distribution not in ["MacOSX"] or ansible_version.full is version("2.11", ">=", strict=True) or is_mitogen tags: - sudo - sudo_nonexistent