tests: Skip vanilla Ansible on Linux unpriviliged -> unprivileged become

CI containers lack the necessary `setfacl` command. This has not previously been noticed because no vanilla Ansible jobs were being run on Linux, only on macOS. refs mitogen-hq#1118
moreati · Sep 26, 2024 · 2976b3e · 2976b3e
1 parent 5e44a8a
commit 2976b3e
Showing 1 changed file with 20 additions and 16 deletions.
diff --git a/tests/ansible/integration/become/su_password.yml b/tests/ansible/integration/become/su_password.yml
@@ -53,20 +53,22 @@
       vars:
         ansible_become_pass: user1_password
       when:
-        # https://github.com/ansible/ansible/pull/70785
-        - ansible_facts.distribution not in ["MacOSX"]
-          or ansible_version.full is version("2.11", ">=", strict=True)
-          or is_mitogen
+        # CI containers lack `setfacl` for unpriv -> unpriv
+        # https://github.com/mitogen-hq/mitogen/issues/1118
+        - is_mitogen
+          or (ansible_facts.distribution in ["MacOSX"]
+              and ansible_version.full is version("2.11", ">=", strict=True))
 
     - assert:
         that:
           - out.stdout == 'mitogen__user1'
         fail_msg: out={{out}}
       when:
-        # https://github.com/ansible/ansible/pull/70785
-        - ansible_facts.distribution not in ["MacOSX"]
-          or ansible_version.full is version("2.11", ">=", strict=True)
-          or is_mitogen
+        # CI containers lack `setfacl` for unpriv -> unpriv
+        # https://github.com/mitogen-hq/mitogen/issues/1118
+        - is_mitogen
+          or (ansible_facts.distribution in ["MacOSX"]
+              and ansible_version.full is version("2.11", ">=", strict=True))
 
     - name: Ensure password su without chdir succeeds
       shell: whoami
@@ -76,20 +78,22 @@
       vars:
         ansible_become_pass: user1_password
       when:
-        # https://github.com/ansible/ansible/pull/70785
-        - ansible_facts.distribution not in ["MacOSX"]
-          or ansible_version.full is version("2.11", ">=", strict=True)
-          or is_mitogen
+        # CI containers lack `setfacl` for unpriv -> unpriv
+        # https://github.com/mitogen-hq/mitogen/issues/1118
+        - is_mitogen
+          or (ansible_facts.distribution in ["MacOSX"]
+              and ansible_version.full is version("2.11", ">=", strict=True))
 
     - assert:
         that:
           - out.stdout == 'mitogen__user1'
         fail_msg: out={{out}}
       when:
-        # https://github.com/ansible/ansible/pull/70785
-        - ansible_facts.distribution not in ["MacOSX"]
-          or ansible_version.full is version("2.11", ">=", strict=True)
-          or is_mitogen
+        # CI containers lack `setfacl` for unpriv -> unpriv
+        # https://github.com/mitogen-hq/mitogen/issues/1118
+        - is_mitogen
+          or (ansible_facts.distribution in ["MacOSX"]
+              and ansible_version.full is version("2.11", ">=", strict=True))
 
   tags:
     - su