ansible: tests for all SSH variables.

Closes #184.
2018-05-08 18:30:44 +01:00 · 2018-05-08 18:30:44 +01:00 · 68d6e6bf34
parent f01f237e6d
commit 68d6e6bf34
3 changed files with 126 additions and 0 deletions
--- a/tests/ansible/integration/ssh/all.yml
+++ b/tests/ansible/integration/ssh/all.yml
@ -1 +1,2 @@
 - import_playbook: timeouts.yml
+- import_playbook: variables.yml
--- a/tests/ansible/integration/ssh/variables.yml
+++ b/tests/ansible/integration/ssh/variables.yml
@ -0,0 +1,101 @@
+
+- name: integration/ssh/variables.yml
+  hosts: test-targets
+  connection: local
+  vars:
+    # ControlMaster has the effect of caching the previous auth to the same
+    # account, so disable it. Can't disable with ControlMaster no since that
+    # already appears on command line, so override ControlPath with junk.
+    ansible_ssh_common_args: |
+      -o "ControlPath /tmp/mitogen-ansible-test-{{18446744073709551615|random}}"
+
+  tasks:
+    - name: ansible_ssh_user
+      # Remaining tests just use "ansible_user".
+      shell: >
+        ANSIBLE_STRATEGY=mitogen_linear
+        ANSIBLE_SSH_ARGS=""
+        ansible -m shell -a whoami -i "{{inventory_file}}" test-targets
+        -e ansible_ssh_user=mitogen__has_sudo
+        -e ansible_ssh_pass=has_sudo_password
+      register: out
+
+    - shell: >
+        ANSIBLE_STRATEGY=mitogen_linear
+        ANSIBLE_SSH_ARGS=""
+        ansible -m shell -a whoami -i "{{inventory_file}}" test-targets
+        -e ansible_ssh_user=mitogen__has_sudo
+        -e ansible_ssh_pass=wrong_password
+      register: out
+      ignore_errors: true
+
+    - assert:
+        that: out.rc == 4  # unreachable
+
+
+    - name: ansible_ssh_pass
+      shell: >
+        ANSIBLE_STRATEGY=mitogen_linear
+        ANSIBLE_SSH_ARGS=""
+        ansible -m shell -a whoami -i "{{inventory_file}}" test-targets
+        -e ansible_user=mitogen__has_sudo
+        -e ansible_ssh_pass=has_sudo_password
+      register: out
+
+    - shell: >
+        ANSIBLE_STRATEGY=mitogen_linear
+        ANSIBLE_SSH_ARGS=""
+        ansible -m shell -a whoami -i "{{inventory_file}}" test-targets
+        -e ansible_user=mitogen__has_sudo
+        -e ansible_ssh_pass=wrong_password
+      register: out
+      ignore_errors: true
+
+    - assert:
+        that: out.rc == 4  # unreachable
+
+
+    - name: ansible_password
+      shell: >
+        ANSIBLE_STRATEGY=mitogen_linear
+        ANSIBLE_SSH_ARGS=""
+        ansible -m shell -a whoami -i "{{inventory_file}}" test-targets
+        -e ansible_user=mitogen__has_sudo
+        -e ansible_password=has_sudo_password
+      register: out
+
+    - shell: >
+        ANSIBLE_STRATEGY=mitogen_linear
+        ANSIBLE_SSH_ARGS=""
+        ansible -m shell -a whoami -i "{{inventory_file}}" test-targets
+        -e ansible_user=mitogen__has_sudo
+        -e ansible_password=wrong_password
+      register: out
+      ignore_errors: true
+
+    - assert:
+        that: out.rc == 4  # unreachable
+
+
+    - name: ansible_ssh_private_key_file
+      shell: >
+        ANSIBLE_STRATEGY=mitogen_linear
+        ANSIBLE_SSH_ARGS=""
+        ansible -m shell -a whoami -i "{{inventory_file}}" test-targets
+        -e ansible_user=mitogen__has_sudo_pubkey
+        -e ansible_ssh_private_key_file=../data/docker/mitogen__has_sudo_pubkey.key
+      register: out
+
+    - shell: >
+        ANSIBLE_STRATEGY=mitogen_linear
+        ANSIBLE_SSH_ARGS=""
+        ansible -m shell -a whoami -i "{{inventory_file}}" test-targets
+        -e ansible_user=mitogen__has_sudo
+        -e ansible_ssh_private_key_file=/dev/null
+      register: out
+      ignore_errors: true
+
+    - assert:
+        that: out.rc == 4  # unreachable
+
+
--- a/tests/ansible/osx_setup.yml
+++ b/tests/ansible/osx_setup.yml
@ -20,12 +20,19 @@
    #
    # Hashed passwords.
    #
+    - name: Create Mitogen test group
+      group:
+        name: "mitogen__group"
+
    - name: Create Mitogen test users
      user:
        name: "mitogen__{{item}}"
        shell: /bin/bash
+        groups: mitogen__group
        password: "{{ (item + '_password') | password_hash('sha256') }}"
      with_items:
+        - has_sudo
+        - has_sudo_pubkey
        - require_tty
        - pw_required
        - require_tty_pw_required
@ -47,8 +54,11 @@
      user:
        name: "mitogen__{{item}}"
        shell: /bin/bash
+        groups: mitogen__group
        password: "{{item}}_password"
      with_items:
+        - has_sudo
+        - has_sudo_pubkey
        - require_tty
        - pw_required
        - require_tty_pw_required
@ -98,6 +108,20 @@
      - bashrc
      - profile

+    - name: Install pubkey for one account
+      file:
+        path: ~mitogen__has_sudo_pubkey/.ssh
+        state: directory
+        mode: go=
+        owner: mitogen__has_sudo_pubkey
+
+    - name: Install pubkey for one account
+      copy:
+        dest: ~mitogen__has_sudo_pubkey/.ssh/authorized_keys
+        src: ../data/docker/mitogen__has_sudo_pubkey.key.pub
+        mode: go=
+        owner: mitogen__has_sudo_pubkey
+
    - name: Require a TTY for two accounts
      lineinfile:
        path: /etc/sudoers