You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
97 lines
2.5 KiB
YAML
97 lines
2.5 KiB
YAML
# Verify passwordful su behaviour
|
|
|
|
- name: integration/become/su_password.yml
|
|
hosts: test-targets
|
|
become_method: su
|
|
tasks:
|
|
|
|
- name: Ensure su password absent but required.
|
|
shell: whoami
|
|
become: true
|
|
become_user: mitogen__user1
|
|
register: out
|
|
ignore_errors: true
|
|
when: is_mitogen
|
|
|
|
- assert:
|
|
that:
|
|
- out.failed
|
|
- (
|
|
('password is required' in out.msg) or
|
|
('password is required' in out.module_stderr)
|
|
)
|
|
fail_msg: out={{out}}
|
|
when: is_mitogen
|
|
|
|
|
|
- name: Ensure password su incorrect.
|
|
shell: whoami
|
|
become: true
|
|
become_user: mitogen__user1
|
|
register: out
|
|
vars:
|
|
ansible_become_pass: nopes
|
|
ignore_errors: true
|
|
when: is_mitogen
|
|
|
|
- assert:
|
|
that: |
|
|
out.failed and (
|
|
('Incorrect su password' in out.msg) or
|
|
('su password is incorrect' in out.msg)
|
|
)
|
|
fail_msg: out={{out}}
|
|
when: is_mitogen
|
|
|
|
- name: Ensure password su with chdir succeeds
|
|
shell: whoami
|
|
args:
|
|
chdir: ~mitogen__user1
|
|
become: true
|
|
become_user: mitogen__user1
|
|
register: out
|
|
vars:
|
|
ansible_become_pass: user1_password
|
|
when:
|
|
# https://github.com/ansible/ansible/pull/70785
|
|
- ansible_facts.distribution not in ["MacOSX"]
|
|
or ansible_version.full is version("2.11", ">=", strict=True)
|
|
or is_mitogen
|
|
|
|
- assert:
|
|
that:
|
|
- out.stdout == 'mitogen__user1'
|
|
fail_msg: out={{out}}
|
|
when:
|
|
# https://github.com/ansible/ansible/pull/70785
|
|
- ansible_facts.distribution not in ["MacOSX"]
|
|
or ansible_version.full is version("2.11", ">=", strict=True)
|
|
or is_mitogen
|
|
|
|
- name: Ensure password su without chdir succeeds
|
|
shell: whoami
|
|
become: true
|
|
become_user: mitogen__user1
|
|
register: out
|
|
vars:
|
|
ansible_become_pass: user1_password
|
|
when:
|
|
# https://github.com/ansible/ansible/pull/70785
|
|
- ansible_facts.distribution not in ["MacOSX"]
|
|
or ansible_version.full is version("2.11", ">=", strict=True)
|
|
or is_mitogen
|
|
|
|
- assert:
|
|
that:
|
|
- out.stdout == 'mitogen__user1'
|
|
fail_msg: out={{out}}
|
|
when:
|
|
# https://github.com/ansible/ansible/pull/70785
|
|
- ansible_facts.distribution not in ["MacOSX"]
|
|
or ansible_version.full is version("2.11", ">=", strict=True)
|
|
or is_mitogen
|
|
|
|
tags:
|
|
- su
|
|
- su_password
|