ansible/test/integration/targets/become_unprivileged/cleanup_unpriv_users.yml
Rick Elrod 69472a5f8d
Refactor _fixup_perms2 to remove way-nested logic (#70701)
Change:
- Refactoring to make it harder to get wrong and easier to read.
- Generalize become_unprivileged tests and fix some that never worked
  but also never failed.

Test Plan:
- CI, new units/integration tests

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-07-20 18:46:47 -05:00

53 lines
1.3 KiB
YAML

- name: Clean up host and remove unprivileged users
hosts: ssh
gather_facts: yes
remote_user: root
tasks:
# Do this first so we can use tilde notation while the user still exists
- name: Delete homedirs
file:
path: '~{{ item }}'
state: absent
with_items:
- unpriv1
- unpriv2
- name: Delete users
user:
name: "{{ item }}"
state: absent
force: yes # I think this is needed in case pipelining is used and the session remains open
with_items:
- unpriv1
- unpriv2
- name: Delete groups
group:
name: "{{ item }}"
state: absent
with_items:
- acommongroup
- unpriv1
- unpriv2
- name: Fix sudoers.d path for FreeBSD
set_fact:
sudoers_etc: /usr/local/etc
when: ansible_distribution == 'FreeBSD'
- name: Fix sudoers.d path for everything else
set_fact:
sudoers_etc: /etc
when: ansible_distribution != 'FreeBSD'
- name: Undo OpenSUSE
lineinfile:
path: "{{ sudoers_etc }}/sudoers"
regexp: '^### Defaults targetpw'
line: 'Defaults targetpw'
backrefs: yes
- name: Nuke custom sudoers file
file:
path: "{{ sudoers_etc }}/sudoers.d/unpriv1"
state: absent