[stable-2.8] Omit -A and -G options in local mode since luseradd does not support these (#55401) (#58480)

* [stable-2.8] Omit -A and -G options in local mode since luseradd does not support these (#55401)

Add integration tests
(cherry picked from commit 20ad120829)

Co-authored-by: Sam Doran <sdoran@redhat.com>

* User - make groups and append mutually exclusive with local (#59309)

* Update intigration tests

(cherry picked from commit 8edad83ae0)
This commit is contained in:
Sam Doran 2019-07-22 19:48:28 -04:00 committed by Toshio Kuratomi
parent 302de41a31
commit e0dbe1bf26
3 changed files with 57 additions and 8 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- user - omit incompatible options when operating in local mode (https://github.com/ansible/ansible/issues/48722)

View file

@ -60,12 +60,14 @@ options:
C(null), or C(~), the user is removed from all groups except the
primary group. (C(~) means C(null) in YAML)
- Before Ansible 2.3, the only input format allowed was a comma separated string.
- Mutually exclusive with C(local)
type: list
append:
description:
- If C(yes), add the user to the groups specified in C(groups).
- If C(no), user will only be added to the groups specified in C(groups),
removing them from all other groups.
- Mutually exclusive with C(local)
type: bool
default: no
shell:
@ -209,6 +211,7 @@ options:
- This will check C(/etc/passwd) for an existing account before invoking commands. If the local account database
exists somewhere other than C(/etc/passwd), this setting will not work properly.
- This requires that the above commands as well as C(/etc/passwd) must exist on the target host, otherwise it will be a fatal error.
- Mutually exclusive with C(groups) and C(append)
type: bool
default: no
version_added: "2.4"
@ -616,7 +619,7 @@ class User(object):
else:
cmd.append('-N')
if self.groups is not None and len(self.groups):
if self.groups is not None and not self.local and len(self.groups):
groups = self.get_groups_set()
cmd.append('-G')
cmd.append(','.join(groups))
@ -737,7 +740,7 @@ class User(object):
else:
groups_need_mod = True
if groups_need_mod:
if groups_need_mod and not self.local:
if self.append and not has_append:
cmd.append('-A')
cmd.append(','.join(group_diff))
@ -2852,7 +2855,11 @@ def main():
authorization=dict(type='str'),
role=dict(type='str'),
),
supports_check_mode=True
supports_check_mode=True,
mutually_exclusive=[
('local', 'groups'),
('local', 'append')
]
)
user = User(module)

View file

@ -853,7 +853,7 @@
state: absent
remove: yes
local: yes
register: local_user_test_3
register: local_user_test_remove_1
tags:
- user_test_local_mode
@ -863,16 +863,56 @@
state: absent
remove: yes
local: yes
register: local_user_test_4
register: local_user_test_remove_2
tags:
- user_test_local_mode
- name: Ensure local user accounts were created
- name: Create test group
group:
name: testgroup
tags:
- user_test_local_mode
- name: Create local_ansibulluser with groups
user:
name: local_ansibulluser
state: present
local: yes
groups: testgroup
register: local_user_test_3
ignore_errors: yes
tags:
- user_test_local_mode
- name: Append groups for local_ansibulluser
user:
name: local_ansibulluser
state: present
local: yes
append: yes
register: local_user_test_4
ignore_errors: yes
tags:
- user_test_local_mode
- name: Ensure local user accounts were created and removed properly
assert:
that:
- local_user_test_1 is changed
- local_user_test_2 is not changed
- local_user_test_3 is changed
- local_user_test_4 is not changed
- local_user_test_3 is failed
- "local_user_test_3['msg'] is search('parameters are mutually exclusive: groups|local')"
- local_user_test_4 is failed
- "local_user_test_4['msg'] is search('parameters are mutually exclusive: groups|append')"
- local_user_test_remove_1 is changed
- local_user_test_remove_2 is not changed
tags:
- user_test_local_mode
- name: Ensure warnings were displayed
assert:
that:
- local_user_test_1['warnings'] | length > 0
- "'user was not found in /etc/passwd. The local user account may already exist if the local account
database exists somewhere other than /etc/passwd.' in local_user_test_1['warnings'][0]"
when: ansible_facts.system in ['Linux']