community.general/tests/integration/targets/homectl/tasks/main.yml

# Get systemd version and if it doesn't exist don't run these tests.
- name: check systemd version
  command: "systemctl --version"
  register: systemd_version
  ignore_errors: yes

- name: check homectl version
  command: homectl --version
  register: homectl_version
  ignore_errors: yes

- block:
    - name: Check and start systemd-homed service
      service:
        name: systemd-homed.service
        state: started
        enabled: yes

    - name: Add a user 'james'
      community.general.homectl:
        name: james
        password: myreallysecurepassword1!
        state: present

    - name: verify user added
      command: homectl inspect james
      register: james_info

    - name: Add the user 'tom' with a zsh shell, uid of 1000, and gid of 1000
      community.general.homectl:
        name: tom
        password: myreallysecurepassword1!
        state: present
        shell: /bin/zsh
        uid: 1000
        gid: 1000
        disksize: 10G
      register: tom_userinfo

    - name: Try to add user 'james' that already exists
      community.general.homectl:
        name: james
        password: myreallysecurepassword1!
        state: present
        shell: /bin/ksh
      register: user_exists

    - name: Try to use 'resize=yes' option without 'disksize' option (not allowed)
      community.general.homectl:
        name: foo
        password: uq4895738!@#$%dfd
        state: present
        resize: yes
      register: resize_out
      ignore_errors: yes

    - name: Use option 'disksize=1G' without option resize (allowed)
      community.general.homectl:
        name: foobar
        password: "uq4895738!@#$%dfd"
        state: present
        disksize: 1G
      register: disk_out
      ignore_errors: yes

    - name: Try to Create user without giving password
      community.general.homectl:
        name: danielle
      register: danielle_out
      ignore_errors: yes

    - name: remove user 'foobar' without requiring password
      community.general.homectl:
        name: foobar
        state: absent
      register: delete_foobar_out

    - name: modify user 'james' to have zsh shell and timezone 'America/New_York'
      community.general.homectl:
        name: james
        password: myreallysecurepassword1!
        state: present
        shell: /bin/zsh
        timezone: America/New_York
      register: lukuser_modify_out

    - name: create user 'jake' with all mount options
      community.general.homectl:
        name: jake
        password: myreallysecurepassword12!
        mountopts: noexec,nosuid,nodev
        sshkeys: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDUSW/q2qFZPr2vS0qrmAs+1iQI1jLIBdJ4CVIhE3KnIwxkkiInS8mJ+t0FBTeK3ks3GZLPVYC1v9o2P+oqyUk1CiBnCsMXGJud+L/t8b5r8MiJMyP7Jzd6yhmcvenjvz+vY06jQ9chWAtThEknuaOMongIpQQzSLGbdMy0yMsz4GEjicwdcj1PDwItPvUt4TL4K7V9NE672idADlRt6qng4UwpziqlYgsyIG46ettDras8hGAPricrhFWUS2rLDsCD0thkPFdR8HL1ZWTZ6LtolhO4MYtgntzXn708TTmFC2oIDluzyxVoUYmsfVotVdXFZcOWffnwbCgU+tn75JXTLozgTbV3VWmkxpJFErCWPerxcZv3+7b0f36/Y0gRNjM9HERLDSE1c8yz29NOLY0qH5306aByjOaerxNq9+ZOU/Fmf5/VfGIUp/FdLxDw+V0AzejFG580VAcstEMsOHSdwTbi3gf6LoGSiRyWKKDod0TZCMC6RzfdsfdsfI9CClGl0s= test@router.home"
      register: jake_out

    - name: Try to remove user 'janet' that doesn't exist
      community.general.homectl:
        name: janet
        state: absent
      register: user_not_exist
      ignore_errors: yes

    - name: Use check_mode to try and create user 'diana'
      community.general.homectl:
        name: diana
        password: helloworld123!@
        state: present
      check_mode: yes
      register: diana_create_checkmode_out

    - name: Verify user 'diana' was not created with check_mode
      command: homectl inspect diana
      register: user_diana_exists
      ignore_errors: yes

    - name: Try to modify user 'jake' with only noexec mount option in check_mode
      community.general.homectl:
        name: jake
        password: myreallysecurepassword12!
        state: present
        mountopts: noexec
      check_mode: yes
      register: jake_checkmode_out

    - name: Verify user 'jake' was not modified and still has all mount options
      command: homectl inspect jake
      register: user_jake_details_out

    - name: Modify user 'jake' with only noexec mount option
      community.general.homectl:
        name: jake
        password: myreallysecurepassword12!
        state: present
        mountopts: noexec
      register: jake_modify_out

    - name: modify user 'jake' again with only noexec mount option to make sure changed is false as nothing has changed.
      community.general.homectl:
        name: jake
        password: myreallysecurepassword12!
        state: present
        mountopts: noexec
      register: jake_modify_again_out

    - name: Try to modify user 'jake' with an incorrect password
      community.general.homectl:
        name: jake
        password: incorrectPassword!
        state: present
        mountopts: noexec
        locked: yes
      ignore_errors: yes
      register: jake_incorrect_pass_out

    - assert:
        that:
          - james_info.rc == 0
          - tom_userinfo.data['gid'] == 1000 and tom_userinfo.data['uid'] == 1000
          - user_exists is changed and user_exists.data['shell'] == '/bin/ksh'
          - resize_out is not changed
          - disk_out is changed
          - delete_foobar_out is changed
          - danielle_out is not changed
          - lukuser_modify_out.data['timeZone'] == "America/New_York" and lukuser_modify_out.data['shell'] == "/bin/zsh"
          - user_not_exist is not changed and user_not_exist.msg == "User does not exist!"
          - jake_out is changed and jake_out.data['mountNoDevices'] == True and jake_out.data['mountNoSuid'] == True and jake_out.data['mountNoExecute'] == True
          - diana_create_checkmode_out is changed and 'No home for user diana known' in user_diana_exists.stderr
          - "jake_checkmode_out is changed and 'Mount Flags: nosuid nodev noexec' in user_jake_details_out.stdout"
          - jake_modify_out is changed and jake_modify_out.data['privileged']['sshAuthorizedKeys'] is not none
          - jake_modify_out.data['mountNoDevices'] == False and jake_modify_out.data['mountNoExecute'] == True and jake_modify_out.data['mountNoSuid'] == False
          - jake_modify_again_out is not changed
          - jake_incorrect_pass_out is not changed and jake_incorrect_pass_out is failed and jake_incorrect_pass_out.msg == 'User exists but password is incorrect!'

  # homectl was first introduced in systemd 245 so check version  >= 245 and make sure system has systemd and homectl command
  when:
    - systemd_version.rc == 0 and (systemd_version.stdout | regex_search('[0-9][0-9][0-9]') | int >= 245) and homectl_version.rc == 0
    - ansible_distribution != 'Archlinux'  # TODO!
    - ansible_distribution != 'Fedora' or ansible_distribution_major_version|int < 36 # TODO!
New Module: Homectl module for managing systemd-homed (#4018) * initial development of homectl module * botmeta * fix some linting * Update .github/BOTMETA.yml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * use array form of run_command Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * added mofifying user record and cleaned up based on comments * added updating records/multiple changes regarding options, examples doc, return doc * add integration tests and more overall improvements * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * removed modify handle within present * adding more options and better checking of user records when updating * Apply suggestions from code review Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/system/homectl.py Co-authored-by: Felix Fontein <felix@fontein.de> * Add code review changes - remove unsafe_shell with run_command. - use dict.pop() in user_metadata dict. - consistent quoting to single quotes. - change logic to determine check mode better - fix integration tests and added check_mode tests * Fix handling of mount opts When a user is created without mountopts homed will use nodev and nosuid by default, however the user record metadata will not contain these values. This commit takes extra care that correct value is being set to true or false. So if a user gives mountopts with just nodev we need to make sure the nosuid and noexec gets set to false, etc. If mountopts are same as currently in user record make sure nothing would be changed and outputs correctly. Also fixed some tests. * change fmethod modify_user to prepare_modify_user_command * Code review fixes and add existing user pw checking - Added methods to check existing users password is correct by comparing the hash stored in homed user record and the hash of given password - Updated integration tests for above case - Added aliases file so CI can run * Apply suggestions from code review Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> 2022-01-28 07:11:12 +01:00			`# Get systemd version and if it doesn't exist don't run these tests.`
			`- name: check systemd version`
			`command: "systemctl --version"`
			`register: systemd_version`
			`ignore_errors: yes`

			`- name: check homectl version`
			`command: homectl --version`
			`register: homectl_version`
			`ignore_errors: yes`

			`- block:`
			`- name: Check and start systemd-homed service`
			`service:`
			`name: systemd-homed.service`
			`state: started`
			`enabled: yes`

			`- name: Add a user 'james'`
			`community.general.homectl:`
			`name: james`
			`password: myreallysecurepassword1!`
			`state: present`

			`- name: verify user added`
			`command: homectl inspect james`
			`register: james_info`

			`- name: Add the user 'tom' with a zsh shell, uid of 1000, and gid of 1000`
			`community.general.homectl:`
			`name: tom`
			`password: myreallysecurepassword1!`
			`state: present`
			`shell: /bin/zsh`
			`uid: 1000`
			`gid: 1000`
			`disksize: 10G`
			`register: tom_userinfo`

			`- name: Try to add user 'james' that already exists`
			`community.general.homectl:`
			`name: james`
			`password: myreallysecurepassword1!`
			`state: present`
			`shell: /bin/ksh`
			`register: user_exists`

			`- name: Try to use 'resize=yes' option without 'disksize' option (not allowed)`
			`community.general.homectl:`
			`name: foo`
			`password: uq4895738!@#$%dfd`
			`state: present`
			`resize: yes`
			`register: resize_out`
			`ignore_errors: yes`

			`- name: Use option 'disksize=1G' without option resize (allowed)`
			`community.general.homectl:`
			`name: foobar`
			`password: "uq4895738!@#$%dfd"`
			`state: present`
			`disksize: 1G`
			`register: disk_out`
			`ignore_errors: yes`

			`- name: Try to Create user without giving password`
			`community.general.homectl:`
			`name: danielle`
			`register: danielle_out`
			`ignore_errors: yes`

			`- name: remove user 'foobar' without requiring password`
			`community.general.homectl:`
			`name: foobar`
			`state: absent`
			`register: delete_foobar_out`

			`- name: modify user 'james' to have zsh shell and timezone 'America/New_York'`
			`community.general.homectl:`
			`name: james`
			`password: myreallysecurepassword1!`
			`state: present`
			`shell: /bin/zsh`
			`timezone: America/New_York`
			`register: lukuser_modify_out`

			`- name: create user 'jake' with all mount options`
			`community.general.homectl:`
			`name: jake`
			`password: myreallysecurepassword12!`
			`mountopts: noexec,nosuid,nodev`
			sshkeys: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDUSW/q2qFZPr2vS0qrmAs+1iQI1jLIBdJ4CVIhE3KnIwxkkiInS8mJ+t0FBTeK3ks3GZLPVYC1v9o2P+oqyUk1CiBnCsMXGJud+L/t8b5r8MiJMyP7Jzd6yhmcvenjvz+vY06jQ9chWAtThEknuaOMongIpQQzSLGbdMy0yMsz4GEjicwdcj1PDwItPvUt4TL4K7V9NE672idADlRt6qng4UwpziqlYgsyIG46ettDras8hGAPricrhFWUS2rLDsCD0thkPFdR8HL1ZWTZ6LtolhO4MYtgntzXn708TTmFC2oIDluzyxVoUYmsfVotVdXFZcOWffnwbCgU+tn75JXTLozgTbV3VWmkxpJFErCWPerxcZv3+7b0f36/Y0gRNjM9HERLDSE1c8yz29NOLY0qH5306aByjOaerxNq9+ZOU/Fmf5/VfGIUp/FdLxDw+V0AzejFG580VAcstEMsOHSdwTbi3gf6LoGSiRyWKKDod0TZCMC6RzfdsfdsfI9CClGl0s= test@router.home"
			`register: jake_out`

			`- name: Try to remove user 'janet' that doesn't exist`
			`community.general.homectl:`
			`name: janet`
			`state: absent`
			`register: user_not_exist`
			`ignore_errors: yes`

			`- name: Use check_mode to try and create user 'diana'`
			`community.general.homectl:`
			`name: diana`
			`password: helloworld123!@`
			`state: present`
			`check_mode: yes`
			`register: diana_create_checkmode_out`

			`- name: Verify user 'diana' was not created with check_mode`
			`command: homectl inspect diana`
			`register: user_diana_exists`
			`ignore_errors: yes`

			`- name: Try to modify user 'jake' with only noexec mount option in check_mode`
			`community.general.homectl:`
			`name: jake`
			`password: myreallysecurepassword12!`
			`state: present`
			`mountopts: noexec`
			`check_mode: yes`
			`register: jake_checkmode_out`

			`- name: Verify user 'jake' was not modified and still has all mount options`
			`command: homectl inspect jake`
			`register: user_jake_details_out`

			`- name: Modify user 'jake' with only noexec mount option`
			`community.general.homectl:`
			`name: jake`
			`password: myreallysecurepassword12!`
			`state: present`
			`mountopts: noexec`
			`register: jake_modify_out`

			`- name: modify user 'jake' again with only noexec mount option to make sure changed is false as nothing has changed.`
			`community.general.homectl:`
			`name: jake`
			`password: myreallysecurepassword12!`
			`state: present`
			`mountopts: noexec`
			`register: jake_modify_again_out`

			`- name: Try to modify user 'jake' with an incorrect password`
			`community.general.homectl:`
			`name: jake`
			`password: incorrectPassword!`
			`state: present`
			`mountopts: noexec`
			`locked: yes`
			`ignore_errors: yes`
			`register: jake_incorrect_pass_out`

			`- assert:`
			`that:`
			`- james_info.rc == 0`
			`- tom_userinfo.data['gid'] == 1000 and tom_userinfo.data['uid'] == 1000`
			`- user_exists is changed and user_exists.data['shell'] == '/bin/ksh'`
			`- resize_out is not changed`
			`- disk_out is changed`
			`- delete_foobar_out is changed`
			`- danielle_out is not changed`
			`- lukuser_modify_out.data['timeZone'] == "America/New_York" and lukuser_modify_out.data['shell'] == "/bin/zsh"`
			`- user_not_exist is not changed and user_not_exist.msg == "User does not exist!"`
			`- jake_out is changed and jake_out.data['mountNoDevices'] == True and jake_out.data['mountNoSuid'] == True and jake_out.data['mountNoExecute'] == True`
			`- diana_create_checkmode_out is changed and 'No home for user diana known' in user_diana_exists.stderr`
			`- "jake_checkmode_out is changed and 'Mount Flags: nosuid nodev noexec' in user_jake_details_out.stdout"`
			`- jake_modify_out is changed and jake_modify_out.data['privileged']['sshAuthorizedKeys'] is not none`
			`- jake_modify_out.data['mountNoDevices'] == False and jake_modify_out.data['mountNoExecute'] == True and jake_modify_out.data['mountNoSuid'] == False`
			`- jake_modify_again_out is not changed`
			`- jake_incorrect_pass_out is not changed and jake_incorrect_pass_out is failed and jake_incorrect_pass_out.msg == 'User exists but password is incorrect!'`

			`# homectl was first introduced in systemd 245 so check version >= 245 and make sure system has systemd and homectl command`
CI: Add ArchLinux, Debian Bullseye, CentOS Stream 8, and Alpine 3 (#4222) * Add ArchLinux, Debian Bullseye and CentOS Stream 8 to CI. * Add Alpine to CI matrix as well. 2022-02-21 21:14:45 +01:00			`when:`
			`- systemd_version.rc == 0 and (systemd_version.stdout \| regex_search('[0-9][0-9][0-9]') \| int >= 245) and homectl_version.rc == 0`
			`- ansible_distribution != 'Archlinux' # TODO!`
Add RHEL 9.0, FreeBSD 13.1, Ubuntu 22.04 and Fedora 36 to CI, fix bug in filesystem module (#4700) * Add RHEL 9.0 and FreeBSD 13.1 to CI. * RHEL 9 has no pyOpenSSL apparently. * Adjust URL for EPEL. * Fix cargo install on FreeBSD 13.1. * Add Ubuntu 22.04 and Fedora 36 to CI. * Fix logic. * filesystem: do not die output line does not contain ':' * Skip django_manage tests on RHEL 9 as well. * homectl tests don't work with RHEL 9.0. * Improve error handling, improve fatresize output handling. * Skip Fedora 36. * Skip filesystem vfat tests on Ubuntu 22.04. There, resizing fails with a bug: Bug: Assertion (disk != NULL) at ../../libparted/disk.c:1620 in function ped_disk_get_partition_by_sector() failed. * 'trusty' is 14.04. Adding 22.04 to skip list. * Skip jail tests for FreeBSD 13.1. * Add config for postgres on Ubuntu 22.04. * Make CentOS 6 happy. * Adjust postgres version. * Try installing EPEL a bit differently. * Skip ufw and iso_extract tests on RHEL 9. * Skip odbc tests on RHEL 9. * Skip RHEL 9.0 for snap tests. * Add changelog fragment for filesystem code changes. 2022-05-22 17:20:30 +02:00			`- ansible_distribution != 'Fedora' or ansible_distribution_major_version\|int < 36 # TODO!`