diff options
| author | Matt Martz <matt@sivel.net> | 2021-08-04 15:37:49 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-04 15:37:49 -0500 |
| commit | cab637a733d30118fa44ab80fe6616f8f8bf60f2 (patch) | |
| tree | 9daa940b82d4a13ecb92daa45f48812ac3ae9d02 /test | |
| parent | ae758749dff0208cf5336e028dc1ef5152d24dc8 (diff) | |
| download | ansible-cab637a733d30118fa44ab80fe6616f8f8bf60f2.tar.gz | |
[stable-2.9] allow env to override unspecified unsafe_writes (#73282) (#75397)
* [stable-2.9] allow env to override unspecified unsafe_writes (#73282)
* allow env var for fallback value for unspecified unsafe_writes.
(cherry picked from commit c7d4acc12f672d1b3a86119940193b3324584ac0)
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
* ensure unsafe writes fallback (#70722)
* Ensure we actually fallback to unsafe_writes when set to true
add integration test
add fix for get_url not passing the parameter from args
(cherry picked from commit 932ba3616067007fd5e449611a34e7e3837fc8ae)
* Added clog missing for issue 70722 (#73175)
(cherry picked from commit d6670da1d7bc81dccd522d1bc27cc25164ef1aba)
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Diffstat (limited to 'test')
| -rw-r--r-- | test/integration/targets/unsafe_writes/aliases | 6 | ||||
| -rw-r--r-- | test/integration/targets/unsafe_writes/basic.yml | 68 | ||||
| -rwxr-xr-x | test/integration/targets/unsafe_writes/runme.sh | 12 | ||||
| -rw-r--r-- | test/units/module_utils/basic/test_atomic_move.py | 1 |
4 files changed, 87 insertions, 0 deletions
diff --git a/test/integration/targets/unsafe_writes/aliases b/test/integration/targets/unsafe_writes/aliases new file mode 100644 index 0000000000..4fb7a11640 --- /dev/null +++ b/test/integration/targets/unsafe_writes/aliases @@ -0,0 +1,6 @@ +needs/root +skip/freebsd +skip/osx +skip/macos +skip/aix +shippable/posix/group3 diff --git a/test/integration/targets/unsafe_writes/basic.yml b/test/integration/targets/unsafe_writes/basic.yml new file mode 100644 index 0000000000..410726ad0e --- /dev/null +++ b/test/integration/targets/unsafe_writes/basic.yml @@ -0,0 +1,68 @@ +- hosts: testhost + gather_facts: false + vars: + testudir: '{{output_dir}}/unsafe_writes_test' + testufile: '{{testudir}}/unreplacablefile.txt' + tasks: + - name: test unsafe_writes on immutable dir (file cannot be atomically replaced) + block: + - name: create target dir + file: path={{testudir}} state=directory + - name: setup test file + copy: content=ORIGINAL dest={{testufile}} + - name: make target dir immutable (cannot write to file w/o unsafe_writes) + file: path={{testudir}} state=directory attributes="+i" + become: yes + ignore_errors: true + register: madeimmutable + + - name: only run if immutable dir command worked, some of our test systems don't allow for it + when: madeimmutable is success + block: + - name: test this is actually immmutable working as we expect + file: path={{testufile}} state=absent + register: breakimmutable + ignore_errors: True + + - name: only run if reallyh immutable dir + when: breakimmutable is failed + block: + - name: test overwriting file w/o unsafe + copy: content=NEW dest={{testufile}} unsafe_writes=False + ignore_errors: true + register: copy_without + + - name: ensure we properly failed + assert: + that: + - copy_without is failed + + - name: test overwriting file with unsafe + copy: content=NEWNOREALLY dest={{testufile}} unsafe_writes=True + register: copy_with + + - name: ensure we properly changed + assert: + that: + - copy_with is changed + + - name: test fallback env var + when: lookup('env', 'ANSIBLE_UNSAFE_WRITES') not in ('', None) + vars: + env_enabled: "{{lookup('env', 'ANSIBLE_UNSAFE_WRITES')|bool}}" + block: + - name: test overwriting file with unsafe depending on fallback environment setting + copy: content=NEWBUTNOTDIFFERENT dest={{testufile}} + register: copy_with_env + ignore_errors: True + + - name: ensure we properly follow env var + assert: + msg: "Failed with envvar: {{env_enabled}}, due AUW: to {{q('env', 'ANSIBLE_UNSAFE_WRITES')}}" + that: + - env_enabled and copy_with_env is changed or not env_enabled and copy_with_env is failed + always: + - name: remove immutable flag from dir to prevent issues with cleanup + file: path={{testudir}} state=directory attributes="-i" + ignore_errors: true + become: yes diff --git a/test/integration/targets/unsafe_writes/runme.sh b/test/integration/targets/unsafe_writes/runme.sh new file mode 100755 index 0000000000..791a5676b4 --- /dev/null +++ b/test/integration/targets/unsafe_writes/runme.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +set -eux + +# test w/o fallback env var +ansible-playbook basic.yml -i ../../inventory -e "output_dir=${OUTPUT_DIR}" "$@" + +# test enabled fallback env var +ANSIBLE_UNSAFE_WRITES=1 ansible-playbook basic.yml -i ../../inventory -e "output_dir=${OUTPUT_DIR}" "$@" + +# test disnabled fallback env var +ANSIBLE_UNSAFE_WRITES=0 ansible-playbook basic.yml -i ../../inventory -e "output_dir=${OUTPUT_DIR}" "$@" diff --git a/test/units/module_utils/basic/test_atomic_move.py b/test/units/module_utils/basic/test_atomic_move.py index 7bd9496edd..bbdb051966 100644 --- a/test/units/module_utils/basic/test_atomic_move.py +++ b/test/units/module_utils/basic/test_atomic_move.py @@ -23,6 +23,7 @@ def atomic_am(am, mocker): am.selinux_context = mocker.MagicMock() am.selinux_default_context = mocker.MagicMock() am.set_context_if_different = mocker.MagicMock() + am._unsafe_writes = mocker.MagicMock() yield am |