diff options
author | Erwin Oegema <blablaechthema@hotmail.com> | 2020-02-04 18:35:05 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-04 12:35:05 -0500 |
commit | 3b32f95fb39a0faf810bf3aa6024d704d99c7156 (patch) | |
tree | 0650d50175db2205ea83b996231f5fa939d6f158 | |
parent | fe454d27a1aa5386801563ffe8dde44064f84302 (diff) | |
download | ansible-3b32f95fb39a0faf810bf3aa6024d704d99c7156.tar.gz |
user - warn if "append" is set but not "groups" (#65795)
This fixes people unknowingly changing the primary group rather than adding a secondary group.
* Add integration test
-rw-r--r-- | changelogs/fragments/65795-warn-if-user-has-set-append-but-not-set-groups.yaml | 2 | ||||
-rw-r--r-- | lib/ansible/modules/system/user.py | 6 | ||||
-rw-r--r-- | test/integration/targets/user/tasks/main.yml | 15 |
3 files changed, 21 insertions, 2 deletions
diff --git a/changelogs/fragments/65795-warn-if-user-has-set-append-but-not-set-groups.yaml b/changelogs/fragments/65795-warn-if-user-has-set-append-but-not-set-groups.yaml new file mode 100644 index 0000000000..03a73e3bd0 --- /dev/null +++ b/changelogs/fragments/65795-warn-if-user-has-set-append-but-not-set-groups.yaml @@ -0,0 +1,2 @@ +minor_changes: + - 'user - usage of ``append: True`` without setting a list of groups. This is currently a no-op with a warning, and will change to an error in 2.14. (https://github.com/ansible/ansible/pull/65795)' diff --git a/lib/ansible/modules/system/user.py b/lib/ansible/modules/system/user.py index 6f4b8d0b11..2fada8d0fd 100644 --- a/lib/ansible/modules/system/user.py +++ b/lib/ansible/modules/system/user.py @@ -511,6 +511,12 @@ class User(object): else: self.ssh_file = os.path.join('.ssh', 'id_%s' % self.ssh_type) + if self.groups is None and self.append: + # Change the argument_spec in 2.14 and remove this warning + # required_by={'append': ['groups']} + module.warn("'append' is set, but no 'groups' are specified. Use 'groups' for appending new groups." + "This will change to an error in Ansible 2.14.") + def check_password_encrypted(self): # Darwin needs cleartext password, so skip validation if self.module.params['password'] and self.platform != 'Darwin': diff --git a/test/integration/targets/user/tasks/main.yml b/test/integration/targets/user/tasks/main.yml index bee81aabab..8fd23904a0 100644 --- a/test/integration/targets/user/tasks/main.yml +++ b/test/integration/targets/user/tasks/main.yml @@ -1022,15 +1022,25 @@ tags: - user_test_local_mode +- name: Test append without groups for local_ansibulluser + user: + name: local_ansibulluser + state: present + append: yes + register: local_user_test_5 + ignore_errors: yes + tags: + - user_test_local_mode + - name: Ensure local user accounts were created and removed properly assert: that: - local_user_test_1 is changed - local_user_test_2 is not changed - local_user_test_3 is failed - - "local_user_test_3['msg'] is search('parameters are mutually exclusive: groups|local')" + - 'local_user_test_3["msg"] is search("parameters are mutually exclusive: groups|local")' - local_user_test_4 is failed - - "local_user_test_4['msg'] is search('parameters are mutually exclusive: groups|append')" + - 'local_user_test_4["msg"] is search("parameters are mutually exclusive: groups|append")' - local_user_test_remove_1 is changed - local_user_test_remove_2 is not changed tags: @@ -1041,6 +1051,7 @@ that: - local_user_test_1['warnings'] | length > 0 - local_user_test_1['warnings'] | first is search('The local user account may already exist') + - local_user_test_5['warnings'] is search("'append' is set, but no 'groups' are specified. Use 'groups'") - local_existing['warnings'] is not defined when: ansible_facts.system in ['Linux'] tags: |