mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-24 21:14:00 -07:00 
			
		
		
		
	acl: add integration tests (#32494)
This commit is contained in:
		
					parent
					
						
							
								67b1d0f274
							
						
					
				
			
			
				commit
				
					
						7cf3811d29
					
				
			
		
					 3 changed files with 185 additions and 0 deletions
				
			
		
							
								
								
									
										1
									
								
								test/integration/targets/acl/aliases
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								test/integration/targets/acl/aliases
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1 @@ | ||||||
|  | posix/ci/group2 | ||||||
							
								
								
									
										165
									
								
								test/integration/targets/acl/tasks/acl.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										165
									
								
								test/integration/targets/acl/tasks/acl.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,165 @@ | ||||||
|  | # (c) 2017, Martin Krizek <mkrizek@redhat.com> | ||||||
|  | 
 | ||||||
|  | # This file is part of Ansible | ||||||
|  | # | ||||||
|  | # Ansible is free software: you can redistribute it and/or modify | ||||||
|  | # it under the terms of the GNU General Public License as published by | ||||||
|  | # the Free Software Foundation, either version 3 of the License, or | ||||||
|  | # (at your option) any later version. | ||||||
|  | # | ||||||
|  | # Ansible is distributed in the hope that it will be useful, | ||||||
|  | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||||
|  | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||||
|  | # GNU General Public License for more details. | ||||||
|  | # | ||||||
|  | # You should have received a copy of the GNU General Public License | ||||||
|  | # along with Ansible.  If not, see <http://www.gnu.org/licenses/>. | ||||||
|  | 
 | ||||||
|  | - set_fact: | ||||||
|  |     ansible_user: ansible_user | ||||||
|  |     ansible_file: /tmp/ansible_file | ||||||
|  |     ansible_dir: /tmp/ansible_dir | ||||||
|  | 
 | ||||||
|  | - name: Create ansible user | ||||||
|  |   user: | ||||||
|  |     name: "{{ ansible_user }}" | ||||||
|  | 
 | ||||||
|  | - name: Create ansible file | ||||||
|  |   file: | ||||||
|  |     path: "{{ ansible_file }}" | ||||||
|  |     state: touch | ||||||
|  | 
 | ||||||
|  | - name: Create ansible dir | ||||||
|  |   file: | ||||||
|  |     path: "{{ ansible_dir }}" | ||||||
|  |     state: directory | ||||||
|  | ############################################################################## | ||||||
|  | - name: Grant ansible user read access to a file | ||||||
|  |   acl: | ||||||
|  |     path: "{{ ansible_file }}" | ||||||
|  |     entity: "{{ ansible_user }}" | ||||||
|  |     etype: user | ||||||
|  |     permissions: r | ||||||
|  |     state: present | ||||||
|  |   register: output | ||||||
|  | 
 | ||||||
|  | - name: get getfacl output | ||||||
|  |   shell: "getfacl {{ ansible_file }}" | ||||||
|  |   register: getfacl_output | ||||||
|  | 
 | ||||||
|  | - name: verify output | ||||||
|  |   assert: | ||||||
|  |     that: | ||||||
|  |       - output|changed | ||||||
|  |       - not output|failed | ||||||
|  |       - "'user:ansible_user:r--' in output.acl" | ||||||
|  |       - "'user:ansible_user:r--' in getfacl_output.stdout_lines" | ||||||
|  | ############################################################################## | ||||||
|  | - name: Obtain the acl for a specific file | ||||||
|  |   acl: | ||||||
|  |     path: "{{ ansible_file }}" | ||||||
|  |   register: output | ||||||
|  | 
 | ||||||
|  | - name: get getfacl output | ||||||
|  |   shell: "getfacl {{ ansible_file }}" | ||||||
|  |   register: getfacl_output | ||||||
|  | 
 | ||||||
|  | - name: verify output | ||||||
|  |   assert: | ||||||
|  |     that: | ||||||
|  |       - not output|changed | ||||||
|  |       - not output|failed | ||||||
|  |       - "'user::rw-' in output.acl" | ||||||
|  |       - "'user:ansible_user:r--' in output.acl" | ||||||
|  |       - "'group::r--' in output.acl" | ||||||
|  |       - "'mask::r--' in output.acl" | ||||||
|  |       - "'other::r--' in output.acl" | ||||||
|  |       - "'user::rw-' in getfacl_output.stdout_lines" | ||||||
|  |       - "'user:ansible_user:r--' in getfacl_output.stdout_lines" | ||||||
|  |       - "'group::r--' in getfacl_output.stdout_lines" | ||||||
|  |       - "'mask::r--' in getfacl_output.stdout_lines" | ||||||
|  |       - "'other::r--' in getfacl_output.stdout_lines" | ||||||
|  | ############################################################################## | ||||||
|  | - name: Removes the acl for ansible user on a specific file | ||||||
|  |   acl: | ||||||
|  |     path: "{{ ansible_file }}" | ||||||
|  |     entity: "{{ ansible_user }}" | ||||||
|  |     etype: user | ||||||
|  |     state: absent | ||||||
|  |   register: output | ||||||
|  | 
 | ||||||
|  | - name: get getfacl output | ||||||
|  |   shell: "getfacl {{ ansible_file }}" | ||||||
|  |   register: getfacl_output | ||||||
|  | 
 | ||||||
|  | - name: verify output | ||||||
|  |   assert: | ||||||
|  |     that: | ||||||
|  |       - output|changed | ||||||
|  |       - not output|failed | ||||||
|  |       - "'user:ansible_user:r--' not in output.acl" | ||||||
|  |       - "'user:ansible_user:r--' not in getfacl_output.stdout_lines" | ||||||
|  | ############################################################################## | ||||||
|  | - name: Sets default acl for ansible user on ansible dir | ||||||
|  |   acl: | ||||||
|  |     path: "{{ ansible_dir }}" | ||||||
|  |     entity: "{{ ansible_user }}" | ||||||
|  |     etype: user | ||||||
|  |     permissions: rw | ||||||
|  |     default: yes | ||||||
|  |     state: present | ||||||
|  |   register: output | ||||||
|  | 
 | ||||||
|  | - name: get getfacl output | ||||||
|  |   shell: "getfacl {{ ansible_dir }}" | ||||||
|  |   register: getfacl_output | ||||||
|  | 
 | ||||||
|  | - name: verify output | ||||||
|  |   assert: | ||||||
|  |     that: | ||||||
|  |       - output|changed | ||||||
|  |       - not output|failed | ||||||
|  |       - "'user:ansible_user:rw-' in output.acl" | ||||||
|  |       - "'default:user:ansible_user:rw-' in getfacl_output.stdout_lines" | ||||||
|  | ############################################################################## | ||||||
|  | - name: Cleanup | ||||||
|  |   shell: "setfacl -b {{ ansible_dir }}" | ||||||
|  | ############################################################################## | ||||||
|  | - name: Same as previous but using entry shorthand | ||||||
|  |   acl: | ||||||
|  |     path: "{{ ansible_dir }}" | ||||||
|  |     entry: "default:user:{{ ansible_user }}:rw-" | ||||||
|  |     state: present | ||||||
|  |   register: output | ||||||
|  | 
 | ||||||
|  | - name: get getfacl output | ||||||
|  |   shell: "getfacl {{ ansible_dir }}" | ||||||
|  |   register: getfacl_output | ||||||
|  | 
 | ||||||
|  | - name: verify output | ||||||
|  |   assert: | ||||||
|  |     that: | ||||||
|  |       - output|changed | ||||||
|  |       - not output|failed | ||||||
|  |       - "'user:ansible_user:rw-' in output.acl" | ||||||
|  |       - "'default:user:ansible_user:rw-' in getfacl_output.stdout_lines" | ||||||
|  | ############################################################################## | ||||||
|  | - name: Same as previous, to test idempotence | ||||||
|  |   acl: | ||||||
|  |     path: "{{ ansible_dir }}" | ||||||
|  |     entry: "default:user:{{ ansible_user }}:rw-" | ||||||
|  |     state: present | ||||||
|  |   register: output | ||||||
|  | 
 | ||||||
|  | - name: get getfacl output | ||||||
|  |   shell: "getfacl {{ ansible_dir }}" | ||||||
|  |   register: getfacl_output | ||||||
|  | 
 | ||||||
|  | - name: verify output | ||||||
|  |   assert: | ||||||
|  |     that: | ||||||
|  |       - not output|changed | ||||||
|  |       - not output|failed | ||||||
|  |       - "'user:ansible_user:rw-' in output.acl" | ||||||
|  |       - "'default:user:ansible_user:rw-' in getfacl_output.stdout_lines" | ||||||
|  | ############################################################################## | ||||||
							
								
								
									
										19
									
								
								test/integration/targets/acl/tasks/main.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										19
									
								
								test/integration/targets/acl/tasks/main.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,19 @@ | ||||||
|  | # (c) 2017, Martin Krizek <mkrizek@redhat.com> | ||||||
|  | 
 | ||||||
|  | # This file is part of Ansible | ||||||
|  | # | ||||||
|  | # Ansible is free software: you can redistribute it and/or modify | ||||||
|  | # it under the terms of the GNU General Public License as published by | ||||||
|  | # the Free Software Foundation, either version 3 of the License, or | ||||||
|  | # (at your option) any later version. | ||||||
|  | # | ||||||
|  | # Ansible is distributed in the hope that it will be useful, | ||||||
|  | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||||
|  | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||||
|  | # GNU General Public License for more details. | ||||||
|  | # | ||||||
|  | # You should have received a copy of the GNU General Public License | ||||||
|  | # along with Ansible.  If not, see <http://www.gnu.org/licenses/>. | ||||||
|  | 
 | ||||||
|  | - include: acl.yml | ||||||
|  |   when: ansible_system == 'Linux'  # TODO enable acls mount option on FreeBSD to test it there too | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue