d15812fabf
The controller's fixup_perms2 uses filesystem acls to make the temporary file for copy readable by an unprivileged become user. On Python3, the acls are then copied to the destination filename so we have to remove them from there. We can't remove them prior to the copy because we may not have permission to read the file if the acls are not present. We can't remove them in atomic_move() because the move function shouldn't know anything about controller features. We may want to generalize this into a helper function, though. Fixes #44412 Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
82 lines
2.4 KiB
YAML
82 lines
2.4 KiB
YAML
- block:
|
|
|
|
- name: Create a local temporary directory
|
|
shell: mktemp -d /tmp/ansible_test.XXXXXXXXX
|
|
register: tempfile_result
|
|
connection: local
|
|
|
|
- set_fact:
|
|
local_temp_dir: '{{ tempfile_result.stdout }}'
|
|
# output_dir is hardcoded in test/runner/lib/executor.py and created there
|
|
remote_dir: '{{ output_dir }}'
|
|
symlinks:
|
|
ansible-test-abs-link: /tmp/ansible-test-abs-link
|
|
ansible-test-abs-link-dir: /tmp/ansible-test-abs-link-dir
|
|
circles: ../
|
|
invalid: invalid
|
|
invalid2: ../invalid
|
|
out_of_tree_circle: /tmp/ansible-test-link-dir/out_of_tree_circle
|
|
subdir3: ../subdir2/subdir3
|
|
|
|
- file: path={{local_temp_dir}} state=directory
|
|
name: ensure temp dir exists
|
|
|
|
# file cannot do this properly, use command instead
|
|
- name: Create symbolic link
|
|
command: "ln -s '{{ item.value }}' '{{ item.key }}'"
|
|
args:
|
|
chdir: '{{role_path}}/files/subdir/subdir1'
|
|
warn: no
|
|
with_dict: "{{ symlinks }}"
|
|
|
|
- name: Create remote unprivileged remote user
|
|
user:
|
|
name: '{{ remote_unprivileged_user }}'
|
|
register: user
|
|
|
|
- file:
|
|
path: "{{ user.home }}/.ssh"
|
|
owner: '{{ remote_unprivileged_user }}'
|
|
state: directory
|
|
mode: 0700
|
|
|
|
- name: Duplicate authorized_keys
|
|
copy:
|
|
src: $HOME/.ssh/authorized_keys
|
|
dest: '{{ user.home }}/.ssh/authorized_keys'
|
|
owner: '{{ remote_unprivileged_user }}'
|
|
mode: 0600
|
|
remote_src: yes
|
|
|
|
- file:
|
|
path: "{{ remote_dir }}"
|
|
state: directory
|
|
remote_user: '{{ remote_unprivileged_user }}'
|
|
|
|
# execute tests tasks using an unprivileged user, this is useful to avoid
|
|
# local/remote ambiguity when controller and managed hosts are identical.
|
|
- import_tasks: tests.yml
|
|
remote_user: '{{ remote_unprivileged_user }}'
|
|
|
|
- import_tasks: acls.yml
|
|
when: ansible_system == 'Linux'
|
|
|
|
always:
|
|
- name: Cleaning
|
|
file:
|
|
path: '{{ local_temp_dir }}'
|
|
state: absent
|
|
connection: local
|
|
|
|
- name: Remove symbolic link
|
|
file:
|
|
path: '{{ role_path }}/files/subdir/subdir1/{{ item.key }}'
|
|
state: absent
|
|
connection: local
|
|
with_dict: "{{ symlinks }}"
|
|
|
|
- name: Remote unprivileged remote user
|
|
user:
|
|
name: '{{ remote_unprivileged_user }}'
|
|
state: absent
|
|
remove: yes
|