mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-24 22:00:22 -07:00
preliminary privlege escalation unification + pbrun
- become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
This commit is contained in:
parent
17c710e713
commit
5f6db0e164
45 changed files with 841 additions and 472 deletions
|
@ -125,7 +125,7 @@ class ActionModule(object):
|
|||
xfered = self.runner._transfer_str(conn, tmp, 'src', resultant)
|
||||
|
||||
# fix file permissions when the copy is done as a different user
|
||||
if self.runner.sudo and self.runner.sudo_user != 'root' or self.runner.su and self.runner.su_user != 'root':
|
||||
if self.runner.become and self.runner.become_user != 'root':
|
||||
self.runner._remote_chmod(conn, 'a+r', xfered, tmp)
|
||||
|
||||
# run the copy module
|
||||
|
|
|
@ -234,7 +234,7 @@ class ActionModule(object):
|
|||
self._remove_tempfile_if_content_defined(content, content_tempfile)
|
||||
|
||||
# fix file permissions when the copy is done as a different user
|
||||
if (self.runner.sudo and self.runner.sudo_user != 'root' or self.runner.su and self.runner.su_user != 'root') and not raw:
|
||||
if self.runner.become and self.runner.become_user != 'root' and not raw:
|
||||
self.runner._remote_chmod(conn, 'a+r', tmp_src, tmp_path)
|
||||
|
||||
if raw:
|
||||
|
|
|
@ -78,7 +78,7 @@ class ActionModule(object):
|
|||
|
||||
# use slurp if sudo and permissions are lacking
|
||||
remote_data = None
|
||||
if remote_checksum in ('1', '2') or self.runner.sudo:
|
||||
if remote_checksum in ('1', '2') or self.runner.become:
|
||||
slurpres = self.runner._execute_module(conn, tmp, 'slurp', 'src=%s' % source, inject=inject)
|
||||
if slurpres.is_successful():
|
||||
if slurpres.result['encoding'] == 'base64':
|
||||
|
|
|
@ -50,7 +50,7 @@ class ActionModule(object):
|
|||
tmp_src = tmp + src
|
||||
conn.put_file(src, tmp_src)
|
||||
|
||||
if self.runner.sudo and self.runner.sudo_user != 'root' or self.runner.su and self.runner.su_user != 'root':
|
||||
if self.runner.become and self.runner.become_user != 'root':
|
||||
if not self.runner.noop_on_check(inject):
|
||||
self.runner._remote_chmod(conn, 'a+r', tmp_src, tmp)
|
||||
|
||||
|
|
|
@ -113,8 +113,7 @@ class ActionModule(object):
|
|||
|
||||
sudoable = True
|
||||
# set file permissions, more permissive when the copy is done as a different user
|
||||
if ((self.runner.sudo and self.runner.sudo_user != 'root') or
|
||||
(self.runner.su and self.runner.su_user != 'root')):
|
||||
if self.runner.become and self.runner.become_user != 'root':
|
||||
chmod_mode = 'a+rx'
|
||||
sudoable = False
|
||||
else:
|
||||
|
|
|
@ -78,7 +78,7 @@ class ActionModule(object):
|
|||
|
||||
# Store original transport and sudo values.
|
||||
self.original_transport = inject.get('ansible_connection', self.runner.transport)
|
||||
self.original_sudo = self.runner.sudo
|
||||
self.original_become = self.runner.become
|
||||
self.transport_overridden = False
|
||||
|
||||
if inject.get('delegate_to') is None:
|
||||
|
@ -87,7 +87,7 @@ class ActionModule(object):
|
|||
if self.original_transport != 'local':
|
||||
inject['ansible_connection'] = 'local'
|
||||
self.transport_overridden = True
|
||||
self.runner.sudo = False
|
||||
self.runner.become = False
|
||||
|
||||
def run(self, conn, tmp, module_name, module_args,
|
||||
inject, complex_args=None, **kwargs):
|
||||
|
@ -143,7 +143,7 @@ class ActionModule(object):
|
|||
# use a delegate host instead of localhost
|
||||
use_delegate = True
|
||||
|
||||
# COMPARE DELEGATE, HOST AND TRANSPORT
|
||||
# COMPARE DELEGATE, HOST AND TRANSPORT
|
||||
process_args = False
|
||||
if not dest_host is src_host and self.original_transport != 'local':
|
||||
# interpret and inject remote host info into src or dest
|
||||
|
@ -160,7 +160,7 @@ class ActionModule(object):
|
|||
if not use_delegate or not user:
|
||||
user = inject.get('ansible_ssh_user',
|
||||
self.runner.remote_user)
|
||||
|
||||
|
||||
if use_delegate:
|
||||
# FIXME
|
||||
private_key = inject.get('ansible_ssh_private_key_file', self.runner.private_key_file)
|
||||
|
@ -172,7 +172,7 @@ class ActionModule(object):
|
|||
if not private_key is None:
|
||||
private_key = os.path.expanduser(private_key)
|
||||
options['private_key'] = private_key
|
||||
|
||||
|
||||
# use the mode to define src and dest's url
|
||||
if options.get('mode', 'push') == 'pull':
|
||||
# src is a remote path: <user>@<host>, dest is a local path
|
||||
|
@ -192,7 +192,7 @@ class ActionModule(object):
|
|||
rsync_path = options.get('rsync_path', None)
|
||||
|
||||
# If no rsync_path is set, sudo was originally set, and dest is remote then add 'sudo rsync' argument.
|
||||
if not rsync_path and self.transport_overridden and self.original_sudo and not dest_is_local:
|
||||
if not rsync_path and self.transport_overridden and self.original_become and not dest_is_local and self.runner.become_method == 'sudo':
|
||||
rsync_path = 'sudo rsync'
|
||||
|
||||
# make sure rsync path is quoted.
|
||||
|
@ -206,8 +206,8 @@ class ActionModule(object):
|
|||
# run the module and store the result
|
||||
result = self.runner._execute_module(conn, tmp, 'synchronize', module_args, complex_args=options, inject=inject)
|
||||
|
||||
# reset the sudo property
|
||||
self.runner.sudo = self.original_sudo
|
||||
# reset the sudo property
|
||||
self.runner.become = self.original_become
|
||||
|
||||
return result
|
||||
|
||||
|
|
|
@ -133,7 +133,7 @@ class ActionModule(object):
|
|||
xfered = self.runner._transfer_str(conn, tmp, 'source', resultant)
|
||||
|
||||
# fix file permissions when the copy is done as a different user
|
||||
if self.runner.sudo and self.runner.sudo_user != 'root' or self.runner.su and self.runner.su_user != 'root':
|
||||
if self.runner.become and self.runner.become_user != 'root' or self.runner.su and self.runner.su_user != 'root':
|
||||
self.runner._remote_chmod(conn, 'a+r', xfered, tmp)
|
||||
|
||||
# run the copy module
|
||||
|
|
|
@ -99,7 +99,7 @@ class ActionModule(object):
|
|||
# handle check mode client side
|
||||
# fix file permissions when the copy is done as a different user
|
||||
if copy:
|
||||
if self.runner.sudo and self.runner.sudo_user != 'root' or self.runner.su and self.runner.su_user != 'root':
|
||||
if self.runner.become and self.runner.become_user != 'root':
|
||||
if not self.runner.noop_on_check(inject):
|
||||
self.runner._remote_chmod(conn, 'a+r', tmp_src, tmp)
|
||||
# Build temporary module_args.
|
||||
|
|
|
@ -230,7 +230,7 @@ class ActionModule(object):
|
|||
self._remove_tempfile_if_content_defined(content, content_tempfile)
|
||||
|
||||
# fix file permissions when the copy is done as a different user
|
||||
if (self.runner.sudo and self.runner.sudo_user != 'root' or self.runner.su and self.runner.su_user != 'root') and not raw:
|
||||
if self.runner.become and self.runner.become_user != 'root' and not raw:
|
||||
self.runner._remote_chmod(conn, 'a+r', tmp_src, tmp_path)
|
||||
|
||||
if raw:
|
||||
|
|
|
@ -109,7 +109,7 @@ class ActionModule(object):
|
|||
xfered = self.runner._transfer_str(conn, tmp, 'source', resultant)
|
||||
|
||||
# fix file permissions when the copy is done as a different user
|
||||
if self.runner.sudo and self.runner.sudo_user != 'root' or self.runner.su and self.runner.su_user != 'root':
|
||||
if self.runner.become and self.runner.become_user != 'root':
|
||||
self.runner._remote_chmod(conn, 'a+r', xfered, tmp)
|
||||
|
||||
# run the copy module
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue