blob: 601312fa08965307aa063ddf678018ca0305730e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
- block:
- name: Create a local temporary directory
shell: mktemp -d /tmp/ansible_test.XXXXXXXXX
register: tempfile_result
delegate_to: localhost
- set_fact:
local_temp_dir: '{{ tempfile_result.stdout }}'
remote_dir: '{{ remote_tmp_dir }}/copy'
symlinks:
ansible-test-abs-link: /tmp/ansible-test-abs-link
ansible-test-abs-link-dir: /tmp/ansible-test-abs-link-dir
circles: ../
invalid: invalid
invalid2: ../invalid
out_of_tree_circle: /tmp/ansible-test-link-dir/out_of_tree_circle
subdir3: ../subdir2/subdir3
bar.txt: ../bar.txt
- file: path={{local_temp_dir}} state=directory
name: ensure temp dir exists
# file cannot do this properly, use command instead
- name: Create symbolic link
command: "ln -s '{{ item.value }}' '{{ item.key }}'"
args:
chdir: '{{role_path}}/files/subdir/subdir1'
with_dict: "{{ symlinks }}"
delegate_to: localhost
- name: Create remote unprivileged remote user
user:
name: '{{ remote_unprivileged_user }}'
register: user
- name: Check sudoers dir
stat:
path: /etc/sudoers.d
register: etc_sudoers
- name: Set sudoers.d path fact
set_fact:
sudoers_d_file: "{{ '/etc/sudoers.d' if etc_sudoers.stat.exists else '/usr/local/etc/sudoers.d' }}/{{ remote_unprivileged_user }}"
- name: Create sudoers file
copy:
dest: "{{ sudoers_d_file }}"
content: "{{ remote_unprivileged_user }} ALL=(ALL) NOPASSWD: ALL"
- file:
path: "{{ user.home }}/.ssh"
owner: '{{ remote_unprivileged_user }}'
state: directory
mode: 0700
- name: Duplicate authorized_keys
copy:
src: $HOME/.ssh/authorized_keys
dest: '{{ user.home }}/.ssh/authorized_keys'
owner: '{{ remote_unprivileged_user }}'
mode: 0600
remote_src: yes
- file:
path: "{{ remote_dir }}"
state: directory
remote_user: '{{ remote_unprivileged_user }}'
# execute tests tasks using an unprivileged user, this is useful to avoid
# local/remote ambiguity when controller and managed hosts are identical.
- import_tasks: tests.yml
remote_user: '{{ remote_unprivileged_user }}'
- import_tasks: acls.yml
when: ansible_system == 'Linux'
- import_tasks: selinux.yml
when: ansible_os_family == 'RedHat' and ansible_selinux.get('mode') == 'enforcing'
- import_tasks: no_log.yml
delegate_to: localhost
- import_tasks: check_mode.yml
# https://github.com/ansible/ansible/issues/57618
# https://github.com/ansible/ansible/issues/79749
- name: Test diff contents
copy:
content: 'Ansible managed\n'
dest: "{{ local_temp_dir }}/file.txt"
diff: yes
register: diff_output
- assert:
that:
- 'diff_output.diff[0].before == ""'
- '"Ansible managed" in diff_output.diff[0].after'
- '"file.txt" in diff_output.diff[0].after_header'
- name: tests with remote_src and non files
import_tasks: src_remote_file_is_not_file.yml
always:
- name: Cleaning
file:
path: '{{ local_temp_dir }}'
state: absent
delegate_to: localhost
- name: Remove symbolic link
file:
path: '{{ role_path }}/files/subdir/subdir1/{{ item.key }}'
state: absent
delegate_to: localhost
with_dict: "{{ symlinks }}"
- name: Remote unprivileged remote user
user:
name: '{{ remote_unprivileged_user }}'
state: absent
remove: yes
force: yes
- name: Remove sudoers.d file
file:
path: "{{ sudoers_d_file }}"
state: absent
|