From 7cf3811d298a34e1f1fe09763ffa107d91c72c8f Mon Sep 17 00:00:00 2001 From: Martin Krizek Date: Thu, 2 Nov 2017 16:55:42 +0100 Subject: [PATCH] acl: add integration tests (#32494) --- test/integration/targets/acl/aliases | 1 + test/integration/targets/acl/tasks/acl.yml | 165 ++++++++++++++++++++ test/integration/targets/acl/tasks/main.yml | 19 +++ 3 files changed, 185 insertions(+) create mode 100644 test/integration/targets/acl/aliases create mode 100644 test/integration/targets/acl/tasks/acl.yml create mode 100644 test/integration/targets/acl/tasks/main.yml diff --git a/test/integration/targets/acl/aliases b/test/integration/targets/acl/aliases new file mode 100644 index 0000000000..7af8b7f05b --- /dev/null +++ b/test/integration/targets/acl/aliases @@ -0,0 +1 @@ +posix/ci/group2 diff --git a/test/integration/targets/acl/tasks/acl.yml b/test/integration/targets/acl/tasks/acl.yml new file mode 100644 index 0000000000..5ee0b34400 --- /dev/null +++ b/test/integration/targets/acl/tasks/acl.yml @@ -0,0 +1,165 @@ +# (c) 2017, Martin Krizek + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +- set_fact: + ansible_user: ansible_user + ansible_file: /tmp/ansible_file + ansible_dir: /tmp/ansible_dir + +- name: Create ansible user + user: + name: "{{ ansible_user }}" + +- name: Create ansible file + file: + path: "{{ ansible_file }}" + state: touch + +- name: Create ansible dir + file: + path: "{{ ansible_dir }}" + state: directory +############################################################################## +- name: Grant ansible user read access to a file + acl: + path: "{{ ansible_file }}" + entity: "{{ ansible_user }}" + etype: user + permissions: r + state: present + register: output + +- name: get getfacl output + shell: "getfacl {{ ansible_file }}" + register: getfacl_output + +- name: verify output + assert: + that: + - output|changed + - not output|failed + - "'user:ansible_user:r--' in output.acl" + - "'user:ansible_user:r--' in getfacl_output.stdout_lines" +############################################################################## +- name: Obtain the acl for a specific file + acl: + path: "{{ ansible_file }}" + register: output + +- name: get getfacl output + shell: "getfacl {{ ansible_file }}" + register: getfacl_output + +- name: verify output + assert: + that: + - not output|changed + - not output|failed + - "'user::rw-' in output.acl" + - "'user:ansible_user:r--' in output.acl" + - "'group::r--' in output.acl" + - "'mask::r--' in output.acl" + - "'other::r--' in output.acl" + - "'user::rw-' in getfacl_output.stdout_lines" + - "'user:ansible_user:r--' in getfacl_output.stdout_lines" + - "'group::r--' in getfacl_output.stdout_lines" + - "'mask::r--' in getfacl_output.stdout_lines" + - "'other::r--' in getfacl_output.stdout_lines" +############################################################################## +- name: Removes the acl for ansible user on a specific file + acl: + path: "{{ ansible_file }}" + entity: "{{ ansible_user }}" + etype: user + state: absent + register: output + +- name: get getfacl output + shell: "getfacl {{ ansible_file }}" + register: getfacl_output + +- name: verify output + assert: + that: + - output|changed + - not output|failed + - "'user:ansible_user:r--' not in output.acl" + - "'user:ansible_user:r--' not in getfacl_output.stdout_lines" +############################################################################## +- name: Sets default acl for ansible user on ansible dir + acl: + path: "{{ ansible_dir }}" + entity: "{{ ansible_user }}" + etype: user + permissions: rw + default: yes + state: present + register: output + +- name: get getfacl output + shell: "getfacl {{ ansible_dir }}" + register: getfacl_output + +- name: verify output + assert: + that: + - output|changed + - not output|failed + - "'user:ansible_user:rw-' in output.acl" + - "'default:user:ansible_user:rw-' in getfacl_output.stdout_lines" +############################################################################## +- name: Cleanup + shell: "setfacl -b {{ ansible_dir }}" +############################################################################## +- name: Same as previous but using entry shorthand + acl: + path: "{{ ansible_dir }}" + entry: "default:user:{{ ansible_user }}:rw-" + state: present + register: output + +- name: get getfacl output + shell: "getfacl {{ ansible_dir }}" + register: getfacl_output + +- name: verify output + assert: + that: + - output|changed + - not output|failed + - "'user:ansible_user:rw-' in output.acl" + - "'default:user:ansible_user:rw-' in getfacl_output.stdout_lines" +############################################################################## +- name: Same as previous, to test idempotence + acl: + path: "{{ ansible_dir }}" + entry: "default:user:{{ ansible_user }}:rw-" + state: present + register: output + +- name: get getfacl output + shell: "getfacl {{ ansible_dir }}" + register: getfacl_output + +- name: verify output + assert: + that: + - not output|changed + - not output|failed + - "'user:ansible_user:rw-' in output.acl" + - "'default:user:ansible_user:rw-' in getfacl_output.stdout_lines" +############################################################################## diff --git a/test/integration/targets/acl/tasks/main.yml b/test/integration/targets/acl/tasks/main.yml new file mode 100644 index 0000000000..c71bae0be0 --- /dev/null +++ b/test/integration/targets/acl/tasks/main.yml @@ -0,0 +1,19 @@ +# (c) 2017, Martin Krizek + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +- include: acl.yml + when: ansible_system == 'Linux' # TODO enable acls mount option on FreeBSD to test it there too