From c6c8bfb690b8423b140917c9f5e9dcca72f17d30 Mon Sep 17 00:00:00 2001
From: Alex Willmer <alex@moreati.org.uk>
Date: Wed, 25 Sep 2024 13:30:22 +0100
Subject: [PATCH] tests: Skip vanilla Ansible on Linux unpriviliged ->
 unprivileged become

CI containers lack the necessary `setfacl` command. This has not previously
been noticed because no vanilla Ansible jobs were being run on Linux, only on
macOS.

refs #1118
---
 .../integration/become/su_password.yml        | 36 ++++++++++---------
 1 file changed, 20 insertions(+), 16 deletions(-)

diff --git a/tests/ansible/integration/become/su_password.yml b/tests/ansible/integration/become/su_password.yml
index 52d420dbf..207980c49 100644
--- a/tests/ansible/integration/become/su_password.yml
+++ b/tests/ansible/integration/become/su_password.yml
@@ -53,20 +53,22 @@
       vars:
         ansible_become_pass: user1_password
       when:
-        # https://github.com/ansible/ansible/pull/70785
-        - ansible_facts.distribution not in ["MacOSX"]
-          or ansible_version.full is version("2.11", ">=", strict=True)
-          or is_mitogen
+        # CI containers lack `setfacl` for unpriv -> unpriv
+        # https://github.com/mitogen-hq/mitogen/issues/1118
+        - is_mitogen
+          or (ansible_facts.distribution in ["MacOSX"]
+              and ansible_version.full is version("2.11", ">=", strict=True))
 
     - assert:
         that:
           - out.stdout == 'mitogen__user1'
         fail_msg: out={{out}}
       when:
-        # https://github.com/ansible/ansible/pull/70785
-        - ansible_facts.distribution not in ["MacOSX"]
-          or ansible_version.full is version("2.11", ">=", strict=True)
-          or is_mitogen
+        # CI containers lack `setfacl` for unpriv -> unpriv
+        # https://github.com/mitogen-hq/mitogen/issues/1118
+        - is_mitogen
+          or (ansible_facts.distribution in ["MacOSX"]
+              and ansible_version.full is version("2.11", ">=", strict=True))
 
     - name: Ensure password su without chdir succeeds
       shell: whoami
@@ -76,20 +78,22 @@
       vars:
         ansible_become_pass: user1_password
       when:
-        # https://github.com/ansible/ansible/pull/70785
-        - ansible_facts.distribution not in ["MacOSX"]
-          or ansible_version.full is version("2.11", ">=", strict=True)
-          or is_mitogen
+        # CI containers lack `setfacl` for unpriv -> unpriv
+        # https://github.com/mitogen-hq/mitogen/issues/1118
+        - is_mitogen
+          or (ansible_facts.distribution in ["MacOSX"]
+              and ansible_version.full is version("2.11", ">=", strict=True))
 
     - assert:
         that:
           - out.stdout == 'mitogen__user1'
         fail_msg: out={{out}}
       when:
-        # https://github.com/ansible/ansible/pull/70785
-        - ansible_facts.distribution not in ["MacOSX"]
-          or ansible_version.full is version("2.11", ">=", strict=True)
-          or is_mitogen
+        # CI containers lack `setfacl` for unpriv -> unpriv
+        # https://github.com/mitogen-hq/mitogen/issues/1118
+        - is_mitogen
+          or (ansible_facts.distribution in ["MacOSX"]
+              and ansible_version.full is version("2.11", ">=", strict=True))
 
   tags:
     - su