You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
mitogen/tests/ansible/integration/become/su_password.yml

105 lines
2.8 KiB
YAML

# Verify passwordful su behaviour
- name: integration/become/su_password.yml
hosts: test-targets
become_method: su
tasks:
- name: Ensure su password absent but required.
shell: whoami
become: true
become_user: mitogen__user1
register: out
ignore_errors: true
when: is_mitogen
- assert:
that:
- out.failed
- (
('password is required' in out.msg) or
('password is required' in out.module_stderr)
)
fail_msg: |
out={{ out }}
when: is_mitogen
- name: Ensure password su incorrect.
shell: whoami
become: true
become_user: mitogen__user1
register: out
vars:
ansible_become_pass: nopes
ignore_errors: true
when: is_mitogen
- assert:
that: |
out.failed and (
('Incorrect su password' in out.msg) or
('su password is incorrect' in out.msg)
)
fail_msg: |
out={{ out }}
when: is_mitogen
- name: Ensure password su with chdir succeeds
shell: whoami
args:
chdir: ~mitogen__user1
become: true
become_user: mitogen__user1
register: out
vars:
ansible_become_pass: user1_password
when:
# CI containers lack `setfacl` for unpriv -> unpriv
# https://github.com/mitogen-hq/mitogen/issues/1118
- is_mitogen
or (ansible_facts.distribution in ["MacOSX"]
and ansible_version.full is version("2.11", ">=", strict=True))
- assert:
that:
- out.stdout == 'mitogen__user1'
fail_msg: |
out={{ out }}
when:
# CI containers lack `setfacl` for unpriv -> unpriv
# https://github.com/mitogen-hq/mitogen/issues/1118
- is_mitogen
or (ansible_facts.distribution in ["MacOSX"]
and ansible_version.full is version("2.11", ">=", strict=True))
- name: Ensure password su without chdir succeeds
shell: whoami
become: true
become_user: mitogen__user1
register: out
vars:
ansible_become_pass: user1_password
when:
# CI containers lack `setfacl` for unpriv -> unpriv
# https://github.com/mitogen-hq/mitogen/issues/1118
- is_mitogen
or (ansible_facts.distribution in ["MacOSX"]
and ansible_version.full is version("2.11", ">=", strict=True))
- assert:
that:
- out.stdout == 'mitogen__user1'
fail_msg: |
out={{ out }}
when:
# CI containers lack `setfacl` for unpriv -> unpriv
# https://github.com/mitogen-hq/mitogen/issues/1118
- is_mitogen
or (ansible_facts.distribution in ["MacOSX"]
and ansible_version.full is version("2.11", ">=", strict=True))
tags:
- su
- su_password