mitogen/tests/ansible/integration/become/sudo_password.yml

# Verify passwordful sudo behaviour

- name: integration/become/sudo_password.yml
  hosts: test-targets
  tasks:

    - name: Ensure sudo password absent but required.
      shell: whoami
      become: true
      become_user: mitogen__pw_required
      register: out
      ignore_errors: true
      when:
        # https://github.com/ansible/ansible/pull/70785
        - ansible_facts.distribution not in ["MacOSX"]
          or ansible_version.full is version("2.11", ">=", strict=True)
          or is_mitogen

    - assert:
        that: |
          out.failed and (
            ('password is required' in out.msg) or
            ('Missing sudo password' in out.msg) or
            ('password is required' in out.module_stderr)
          )          
        fail_msg: out={{out}}
      when:
        # https://github.com/ansible/ansible/pull/70785
        - ansible_facts.distribution not in ["MacOSX"]
          or ansible_version.full is version("2.11", ">=", strict=True)
          or is_mitogen

    - name: Ensure password sudo incorrect.
      shell: whoami
      become: true
      become_user: mitogen__pw_required
      register: out
      vars:
        ansible_become_pass: nopes
      ignore_errors: true
      when:
        # https://github.com/ansible/ansible/pull/70785
        - ansible_facts.distribution not in ["MacOSX"]
          or ansible_version.full is version("2.11", ">=", strict=True)
          or is_mitogen

    - assert:
        that: |
          out.failed and (
            ('Incorrect sudo password' in out.msg) or
            ('sudo password is incorrect' in out.msg)
          )          
        fail_msg: out={{out}}
      when:
        # https://github.com/ansible/ansible/pull/70785
        - ansible_facts.distribution not in ["MacOSX"]
          or ansible_version.full is version("2.11", ">=", strict=True)
          or is_mitogen

    # TODO: https://github.com/dw/mitogen/issues/692
    # - name: Ensure password sudo succeeds.
    #   shell: whoami
    #   become: true
    #   become_user: mitogen__pw_required
    #   register: out
    #   vars:
    #     ansible_become_pass: pw_required_password

    # - assert:
    #     that:
    #       - out.stdout == 'mitogen__pw_required'
  tags:
    - sudo
    - sudo_password