homeserver/roles/nickjj.ansible-user/tests/test.yml

---

- hosts: "all"
  become: True

  vars:
    user_local_ssh_key_path: "/root/.ssh/id_rsa.pub"
    user_groups: ["foo", "bar"]

  roles:
    - "role_under_test"

  pre_tasks:
    - name: "Create fake SSH directory"
      file:
        path: "/root/.ssh"
        state: "directory"
        owner: "root"
        group: "root"
        mode: "0755"

    - name: "Generate fake SSH key"
      lineinfile:
        path: "/root/.ssh/id_rsa.pub"
        line: "ssh-rsa foo hello@world"
        state: "present"
        create: True

  post_tasks:
    - name: "Ensure user belongs to the correct groups"
      command: groups {{ user_name }}
      register: result
      changed_when: result.stdout.split(":")[1] | trim != ([user_name] + user_groups) | join(" ")

    - name: "Ensure authorized_key is set"
      command: cat /root/.ssh/id_rsa.pub
      register: result
      changed_when: result.stdout != "ssh-rsa foo hello@world"

    - name: "Ensure /etc/sudoers.d/deploy contains 'NOPASSWD:ALL'"
      command: grep NOPASSWD:ALL /etc/sudoers.d/deploy
      register: result
      changed_when: result.rc != 0

    - name: "Ensure passwordless sudo works"
      become_user: "{{ user_name }}"
      command: sudo whoami
      register: result
      changed_when: result.stdout != "root"
first commit 2020-08-18 11:57:53 +02:00			`---`

			`- hosts: "all"`
			`become: True`

			`vars:`
			`user_local_ssh_key_path: "/root/.ssh/id_rsa.pub"`
			`user_groups: ["foo", "bar"]`

			`roles:`
			`- "role_under_test"`

			`pre_tasks:`
			`- name: "Create fake SSH directory"`
			`file:`
			`path: "/root/.ssh"`
			`state: "directory"`
			`owner: "root"`
			`group: "root"`
			`mode: "0755"`

			`- name: "Generate fake SSH key"`
			`lineinfile:`
			`path: "/root/.ssh/id_rsa.pub"`
			`line: "ssh-rsa foo hello@world"`
			`state: "present"`
			`create: True`

			`post_tasks:`
			`- name: "Ensure user belongs to the correct groups"`
			`command: groups {{ user_name }}`
			`register: result`
			`changed_when: result.stdout.split(":")[1] \| trim != ([user_name] + user_groups) \| join(" ")`

			`- name: "Ensure authorized_key is set"`
			`command: cat /root/.ssh/id_rsa.pub`
			`register: result`
			`changed_when: result.stdout != "ssh-rsa foo hello@world"`

			`- name: "Ensure /etc/sudoers.d/deploy contains 'NOPASSWD:ALL'"`
			`command: grep NOPASSWD:ALL /etc/sudoers.d/deploy`
			`register: result`
			`changed_when: result.rc != 0`

			`- name: "Ensure passwordless sudo works"`
			`become_user: "{{ user_name }}"`
			`command: sudo whoami`
			`register: result`
			`changed_when: result.stdout != "root"`