ansible/test/integration/targets/become_unprivileged/chmod_acl_macos/test.yml

- name: Tests for chmod +a ACL functionality on macOS
  hosts: ssh
  gather_facts: yes
  remote_user: unpriv1
  become: yes
  become_user: unpriv2

  tasks:
    - name: Get AnsiballZ temp directory
      action: tmpdir
      register: tmpdir
      become_user: unpriv2
      become: yes

    - name: run whoami
      command: whoami
      register: whoami

    - name: Ensure we used the right fallback
      shell: ls -le /var/tmp/ansible*/*_command.py
      register: ls

    - assert:
        that:
          - whoami.stdout == "unpriv2"
          - "'user:unpriv2 allow read' in ls.stdout"
Allow macOS ACLs to work for unpriv -> unpriv (#70785) Change: - Use `chmod +a` in the fallback chain to allow MacOS to use ACLs to allow an unprivileged user to become an unprivileged user. Test Plan: - CI, new tests Tickets: - Fixes #70648 Signed-off-by: Rick Elrod <rick@elrod.me> 2020-08-04 20:32:48 +02:00			`- name: Tests for chmod +a ACL functionality on macOS`
			`hosts: ssh`
			`gather_facts: yes`
			`remote_user: unpriv1`
			`become: yes`
			`become_user: unpriv2`

			`tasks:`
			`- name: Get AnsiballZ temp directory`
			`action: tmpdir`
			`register: tmpdir`
			`become_user: unpriv2`
			`become: yes`

			`- name: run whoami`
			`command: whoami`
			`register: whoami`

			`- name: Ensure we used the right fallback`
			`shell: ls -le /var/tmp/ansible/_command.py`
			`register: ls`

			`- assert:`
			`that:`
			`- whoami.stdout == "unpriv2"`
			`- "'user:unpriv2 allow read' in ls.stdout"`