From e43fc50d9e28a4b9c416c9773cb45c23d632b810 Mon Sep 17 00:00:00 2001
From: Percy Grunwald <percy.grunwald@gmail.com>
Date: Mon, 11 Feb 2019 13:26:11 +0800
Subject: [PATCH] Ensure that an `ansible` user that can `sudo` exists and
 update tests to confirm this fact

---
 .travis.yml | 6 ++++++
 Dockerfile  | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index 28a7223..33f1317 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,6 +6,9 @@ before_install:
   - sudo apt-get update
   - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
 
+env:
+  ANSIBLE_USER: ansible
+
 script:
   # Test building Dockerfile.
   - docker build -t docker-ansible .
@@ -13,5 +16,8 @@ script:
   # Test running the container.
   - docker run --name test-container -d --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro docker-ansible
 
+  # Verify that `ansible` user exists and is a sudoer
+  - docker exec --tty test-container env TERM=xterm sudo -u ${ANSIBLE_USER} sudo -v
+
   # Verify Ansible is available in the container.
   - docker exec --tty test-container env TERM=xterm ansible --version
diff --git a/Dockerfile b/Dockerfile
index 267ba6d..cafbf0b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,5 +26,13 @@ RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin
 RUN mkdir -p /etc/ansible
 RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
 
+# Create `ansible` user with sudo permissions
+ENV ANSIBLE_USER=ansible SUDO_GROUP=sudo
+RUN set -xe \
+  && groupadd -r ${ANSIBLE_USER} \
+  && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \
+  && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \
+  && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers
+
 VOLUME ["/sys/fs/cgroup", "/tmp", "/run"]
 CMD ["/lib/systemd/systemd"]