[stable-2.8] Omit -A and -G options in local mode since luseradd does not support these (#55401) (#58480)
* [stable-2.8] Omit -A and -G options in local mode since luseradd does not support these (#55401) Add integration tests (cherry picked from commit20ad120829
) Co-authored-by: Sam Doran <sdoran@redhat.com> * User - make groups and append mutually exclusive with local (#59309) * Update intigration tests (cherry picked from commit8edad83ae0
)
This commit is contained in:
parent
302de41a31
commit
e0dbe1bf26
3 changed files with 57 additions and 8 deletions
2
changelogs/fragments/user-local-mode-group-append.yaml
Normal file
2
changelogs/fragments/user-local-mode-group-append.yaml
Normal file
|
@ -0,0 +1,2 @@
|
|||
bugfixes:
|
||||
- user - omit incompatible options when operating in local mode (https://github.com/ansible/ansible/issues/48722)
|
|
@ -60,12 +60,14 @@ options:
|
|||
C(null), or C(~), the user is removed from all groups except the
|
||||
primary group. (C(~) means C(null) in YAML)
|
||||
- Before Ansible 2.3, the only input format allowed was a comma separated string.
|
||||
- Mutually exclusive with C(local)
|
||||
type: list
|
||||
append:
|
||||
description:
|
||||
- If C(yes), add the user to the groups specified in C(groups).
|
||||
- If C(no), user will only be added to the groups specified in C(groups),
|
||||
removing them from all other groups.
|
||||
- Mutually exclusive with C(local)
|
||||
type: bool
|
||||
default: no
|
||||
shell:
|
||||
|
@ -209,6 +211,7 @@ options:
|
|||
- This will check C(/etc/passwd) for an existing account before invoking commands. If the local account database
|
||||
exists somewhere other than C(/etc/passwd), this setting will not work properly.
|
||||
- This requires that the above commands as well as C(/etc/passwd) must exist on the target host, otherwise it will be a fatal error.
|
||||
- Mutually exclusive with C(groups) and C(append)
|
||||
type: bool
|
||||
default: no
|
||||
version_added: "2.4"
|
||||
|
@ -616,7 +619,7 @@ class User(object):
|
|||
else:
|
||||
cmd.append('-N')
|
||||
|
||||
if self.groups is not None and len(self.groups):
|
||||
if self.groups is not None and not self.local and len(self.groups):
|
||||
groups = self.get_groups_set()
|
||||
cmd.append('-G')
|
||||
cmd.append(','.join(groups))
|
||||
|
@ -737,7 +740,7 @@ class User(object):
|
|||
else:
|
||||
groups_need_mod = True
|
||||
|
||||
if groups_need_mod:
|
||||
if groups_need_mod and not self.local:
|
||||
if self.append and not has_append:
|
||||
cmd.append('-A')
|
||||
cmd.append(','.join(group_diff))
|
||||
|
@ -2852,7 +2855,11 @@ def main():
|
|||
authorization=dict(type='str'),
|
||||
role=dict(type='str'),
|
||||
),
|
||||
supports_check_mode=True
|
||||
supports_check_mode=True,
|
||||
mutually_exclusive=[
|
||||
('local', 'groups'),
|
||||
('local', 'append')
|
||||
]
|
||||
)
|
||||
|
||||
user = User(module)
|
||||
|
|
|
@ -853,7 +853,7 @@
|
|||
state: absent
|
||||
remove: yes
|
||||
local: yes
|
||||
register: local_user_test_3
|
||||
register: local_user_test_remove_1
|
||||
tags:
|
||||
- user_test_local_mode
|
||||
|
||||
|
@ -863,16 +863,56 @@
|
|||
state: absent
|
||||
remove: yes
|
||||
local: yes
|
||||
register: local_user_test_4
|
||||
register: local_user_test_remove_2
|
||||
tags:
|
||||
- user_test_local_mode
|
||||
|
||||
- name: Ensure local user accounts were created
|
||||
- name: Create test group
|
||||
group:
|
||||
name: testgroup
|
||||
tags:
|
||||
- user_test_local_mode
|
||||
|
||||
- name: Create local_ansibulluser with groups
|
||||
user:
|
||||
name: local_ansibulluser
|
||||
state: present
|
||||
local: yes
|
||||
groups: testgroup
|
||||
register: local_user_test_3
|
||||
ignore_errors: yes
|
||||
tags:
|
||||
- user_test_local_mode
|
||||
|
||||
- name: Append groups for local_ansibulluser
|
||||
user:
|
||||
name: local_ansibulluser
|
||||
state: present
|
||||
local: yes
|
||||
append: yes
|
||||
register: local_user_test_4
|
||||
ignore_errors: yes
|
||||
tags:
|
||||
- user_test_local_mode
|
||||
|
||||
- name: Ensure local user accounts were created and removed properly
|
||||
assert:
|
||||
that:
|
||||
- local_user_test_1 is changed
|
||||
- local_user_test_2 is not changed
|
||||
- local_user_test_3 is changed
|
||||
- local_user_test_4 is not changed
|
||||
- local_user_test_3 is failed
|
||||
- "local_user_test_3['msg'] is search('parameters are mutually exclusive: groups|local')"
|
||||
- local_user_test_4 is failed
|
||||
- "local_user_test_4['msg'] is search('parameters are mutually exclusive: groups|append')"
|
||||
- local_user_test_remove_1 is changed
|
||||
- local_user_test_remove_2 is not changed
|
||||
tags:
|
||||
- user_test_local_mode
|
||||
|
||||
- name: Ensure warnings were displayed
|
||||
assert:
|
||||
that:
|
||||
- local_user_test_1['warnings'] | length > 0
|
||||
- "'user was not found in /etc/passwd. The local user account may already exist if the local account
|
||||
database exists somewhere other than /etc/passwd.' in local_user_test_1['warnings'][0]"
|
||||
when: ansible_facts.system in ['Linux']
|
||||
|
|
Loading…
Add table
Reference in a new issue