1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
# Verify passwordful sudo behaviour
- name: integration/become/sudo_password.yml
hosts: test-targets
tasks:
- name: Ensure sudo password absent but required.
become: true
become_user: mitogen__pw_required
command:
cmd: whoami
register: out
changed_when: false
ignore_errors: true
when:
- become_unpriv_available
- assert:
that: |
out.failed and (
('password is required' in out.msg) or
('Missing sudo password' in out.msg) or
('password is required' in out.module_stderr)
)
fail_msg: |
out={{ out }}
when:
- become_unpriv_available
- name: Ensure password sudo incorrect.
become: true
become_user: mitogen__pw_required
command:
cmd: whoami
register: out
changed_when: false
vars:
ansible_become_pass: nopes
ignore_errors: true
when:
- become_unpriv_available
- assert:
that: |
out.failed and (
('Incorrect sudo password' in out.msg) or
('sudo password is incorrect' in out.msg)
)
fail_msg: |
out={{ out }}
when:
- become_unpriv_available
- block:
- name: Ensure password sudo succeeds
become: true
become_user: mitogen__pw_required
vars:
ansible_become_pass: pw_required_password
command:
cmd: whoami
register: sudo_password_success_whoami
changed_when: false
- assert:
that:
- sudo_password_success_whoami.stdout == 'mitogen__pw_required'
fail_msg: |
sudo_password_success_whoami={{ sudo_password_success_whoami }}
when:
- become_unpriv_available
tags:
- sudo
- sudo_password
|
