ansible/test/integration/targets/copy/tasks/main.yml
Sloane Hertel 991714b9d1
copy - redact 'content' from invocation in check mode ()
* sanitize copy module invocation secrets in check mode
2020-08-03 11:41:45 -04:00

120 lines
3.4 KiB
YAML

- block:
- name: Create a local temporary directory
shell: mktemp -d /tmp/ansible_test.XXXXXXXXX
register: tempfile_result
delegate_to: localhost
- set_fact:
local_temp_dir: '{{ tempfile_result.stdout }}'
remote_dir: '{{ output_dir }}'
symlinks:
ansible-test-abs-link: /tmp/ansible-test-abs-link
ansible-test-abs-link-dir: /tmp/ansible-test-abs-link-dir
circles: ../
invalid: invalid
invalid2: ../invalid
out_of_tree_circle: /tmp/ansible-test-link-dir/out_of_tree_circle
subdir3: ../subdir2/subdir3
- file: path={{local_temp_dir}} state=directory
name: ensure temp dir exists
# file cannot do this properly, use command instead
- name: Create symbolic link
command: "ln -s '{{ item.value }}' '{{ item.key }}'"
args:
chdir: '{{role_path}}/files/subdir/subdir1'
warn: no
with_dict: "{{ symlinks }}"
- name: Create remote unprivileged remote user
user:
name: '{{ remote_unprivileged_user }}'
register: user
- name: Check sudoers dir
stat:
path: /etc/sudoers.d
register: etc_sudoers
- name: Set sudoers.d path fact
set_fact:
sudoers_d_file: "{{ '/etc/sudoers.d' if etc_sudoers.stat.exists else '/usr/local/etc/sudoers.d' }}/{{ remote_unprivileged_user }}"
- name: Create sudoers file
copy:
dest: "{{ sudoers_d_file }}"
content: "{{ remote_unprivileged_user }} ALL=(ALL) NOPASSWD: ALL"
- file:
path: "{{ user.home }}/.ssh"
owner: '{{ remote_unprivileged_user }}'
state: directory
mode: 0700
- name: Duplicate authorized_keys
copy:
src: $HOME/.ssh/authorized_keys
dest: '{{ user.home }}/.ssh/authorized_keys'
owner: '{{ remote_unprivileged_user }}'
mode: 0600
remote_src: yes
- file:
path: "{{ remote_dir }}"
state: directory
remote_user: '{{ remote_unprivileged_user }}'
# execute tests tasks using an unprivileged user, this is useful to avoid
# local/remote ambiguity when controller and managed hosts are identical.
- import_tasks: tests.yml
remote_user: '{{ remote_unprivileged_user }}'
- import_tasks: acls.yml
when: ansible_system == 'Linux'
- import_tasks: selinux.yml
when: ansible_os_family == 'RedHat' and ansible_selinux.get('mode') == 'enforcing'
- import_tasks: no_log.yml
- import_tasks: check_mode.yml
# https://github.com/ansible/ansible/issues/57618
- name: Test diff contents
copy:
content: 'Ansible managed\n'
dest: "{{ local_temp_dir }}/file.txt"
diff: yes
register: diff_output
- assert:
that:
- 'diff_output.diff[0].before == ""'
- '"Ansible managed" in diff_output.diff[0].after'
always:
- name: Cleaning
file:
path: '{{ local_temp_dir }}'
state: absent
delegate_to: localhost
- name: Remove symbolic link
file:
path: '{{ role_path }}/files/subdir/subdir1/{{ item.key }}'
state: absent
delegate_to: localhost
with_dict: "{{ symlinks }}"
- name: Remote unprivileged remote user
user:
name: '{{ remote_unprivileged_user }}'
state: absent
remove: yes
- name: Remove sudoers.d file
file:
path: "{{ sudoers_d_file }}"
state: absent