user - warn if "append" is set but not "groups" (#65795)

This fixes people unknowingly changing the primary group rather than adding a secondary group. * Add integration test
2020-02-04 18:35:05 +01:00 · 2020-02-04 18:35:05 +01:00 · 3b32f95fb3
commit 3b32f95fb3
parent fe454d27a1
3 changed files with 21 additions and 2 deletions
--- a/changelogs/fragments/65795-warn-if-user-has-set-append-but-not-set-groups.yaml
+++ b/changelogs/fragments/65795-warn-if-user-has-set-append-but-not-set-groups.yaml
@ -0,0 +1,2 @@
+minor_changes:
+  - 'user - usage of ``append: True`` without setting a list of groups. This is currently a no-op with a warning, and will change to an error in 2.14. (https://github.com/ansible/ansible/pull/65795)'
--- a/lib/ansible/modules/system/user.py
+++ b/lib/ansible/modules/system/user.py
@ -511,6 +511,12 @@ class User(object):
        else:
            self.ssh_file = os.path.join('.ssh', 'id_%s' % self.ssh_type)

+        if self.groups is None and self.append:
+            # Change the argument_spec in 2.14 and remove this warning
+            # required_by={'append': ['groups']}
+            module.warn("'append' is set, but no 'groups' are specified. Use 'groups' for appending new groups."
+                        "This will change to an error in Ansible 2.14.")
+
    def check_password_encrypted(self):
        # Darwin needs cleartext password, so skip validation
        if self.module.params['password'] and self.platform != 'Darwin':
--- a/test/integration/targets/user/tasks/main.yml
+++ b/test/integration/targets/user/tasks/main.yml
@ -1022,15 +1022,25 @@
  tags:
    - user_test_local_mode

+- name: Test append without groups for local_ansibulluser
+  user:
+    name: local_ansibulluser
+    state: present
+    append: yes
+  register: local_user_test_5
+  ignore_errors: yes
+  tags:
+    - user_test_local_mode
+
 - name: Ensure local user accounts were created and removed properly
  assert:
    that:
      - local_user_test_1 is changed
      - local_user_test_2 is not changed
      - local_user_test_3 is failed
-      - "local_user_test_3['msg'] is search('parameters are mutually exclusive: groups|local')"
+      - 'local_user_test_3["msg"] is search("parameters are mutually exclusive: groups|local")'
      - local_user_test_4 is failed
-      - "local_user_test_4['msg'] is search('parameters are mutually exclusive: groups|append')"
+      - 'local_user_test_4["msg"] is search("parameters are mutually exclusive: groups|append")'
      - local_user_test_remove_1 is changed
      - local_user_test_remove_2 is not changed
  tags:
@ -1041,6 +1051,7 @@
    that:
      - local_user_test_1['warnings'] | length > 0
      - local_user_test_1['warnings'] | first is search('The local user account may already exist')
+      - local_user_test_5['warnings'] is search("'append' is set, but no 'groups' are specified. Use 'groups'")
      - local_existing['warnings'] is not defined
  when: ansible_facts.system in ['Linux']
  tags: