preliminary privlege escalation unification + pbrun

- become constants inherit existing sudo/su ones - become command line options, marked sudo/su as deprecated and moved sudo/su passwords to runas group - changed method signatures as privlege escalation is collapsed to become - added tests for su and become, diabled su for lack of support in local.py - updated playbook,play and task objects to become - added become to runner - added whoami test for become/sudo/su - added home override dir for plugins - removed useless method from ask pass - forced become pass to always be string also uses to_bytes - fixed fakerunner for tests - corrected reference in synchronize action plugin - added pfexec (needs testing) - removed unused sudo/su in runner init - removed deprecated info - updated pe tests to allow to run under sudo and not need root - normalized become options into a funciton to avoid duplication and inconsistencies - pushed suppored list to connection classs property - updated all connection plugins to latest 'become' pe - includes fixes from feedback (including typos) - added draft docs - stub of become_exe, leaving for future v2 fixes
2025-07-22 12:50:22 -07:00 · 2014-11-24 16:36:31 -05:00 · 2014-11-24 16:36:31 -05:00 · 5f6db0e164
commit 5f6db0e164
parent 17c710e713
45 changed files with 841 additions and 472 deletions
--- a/test/integration/destructive.yml
+++ b/test/integration/destructive.yml
@ -3,6 +3,8 @@
  roles:
    # In destructive because it creates and removes a user
    - { role: test_sudo, tags: test_sudo}
+    #- { role: test_su, tags: test_su} # wait till su support is added to local connection, needs tty
+    - { role: test_become, tags: test_become}
    - { role: test_service, tags: test_service }
    # Current pip unconditionally uses md5.  We can re-enable if pip switches
    # to a different hash or allows us to not check md5
--- a/test/integration/roles/test_become/files/baz.txt
+++ b/test/integration/roles/test_become/files/baz.txt
@ -0,0 +1 @@
+testing tilde expansion with become
--- a/test/integration/roles/test_become/tasks/main.yml
+++ b/test/integration/roles/test_become/tasks/main.yml
@ -0,0 +1,77 @@
+- include_vars: default.yml
+
+- name: Create test user
+  become: True
+  become_user: root
+  user:
+    name: "{{ become_test_user }}"
+
+- name: test becoming user
+  shell: whoami
+  become: True
+  become_user: "{{ become_test_user }}"
+  register: results
+
+- assert:
+    that:
+      - "results.stdout == '{{ become_test_user }}'"
+
+- name: tilde expansion honors become in file
+  become: True
+  become_user: "{{ become_test_user }}"
+  file:
+    path: "~/foo.txt"
+    state: touch
+
+- name: check that the path in the user's home dir was created
+  stat:
+    path: "~{{ become_test_user }}/foo.txt"
+  register: results
+
+- assert:
+    that:
+      - "results.stat.exists == True"
+      - "results.stat.path|dirname|basename == '{{ become_test_user }}'"
+
+- name: tilde expansion honors become in template
+  become: True
+  become_user: "{{ become_test_user }}"
+  template:
+    src: "bar.j2"
+    dest: "~/bar.txt"
+
+- name: check that the path in the user's home dir was created
+  stat:
+    path: "~{{ become_test_user }}/bar.txt"
+  register: results
+
+- assert:
+    that:
+      - "results.stat.exists == True"
+      - "results.stat.path|dirname|basename == '{{ become_test_user }}'"
+
+- name: tilde expansion honors become in copy
+  become: True
+  become_user: "{{ become_test_user }}"
+  copy:
+    src: baz.txt
+    dest: "~/baz.txt"
+
+- name: check that the path in the user's home dir was created
+  stat:
+    path: "~{{ become_test_user }}/baz.txt"
+  register: results
+
+- assert:
+    that:
+      - "results.stat.exists == True"
+      - "results.stat.path|dirname|basename == '{{ become_test_user }}'"
+
+- name: Remove test user and their home dir
+  become: True
+  become_user: root
+  user:
+    name: "{{ become_test_user }}"
+    state: "absent"
+    remove: "yes"
+
--- a/test/integration/roles/test_become/templates/bar.j2
+++ b/test/integration/roles/test_become/templates/bar.j2
@ -0,0 +1 @@
+{{ become_test_user }}
--- a/test/integration/roles/test_become/vars/default.yml
+++ b/test/integration/roles/test_become/vars/default.yml
@ -0,0 +1 @@
+become_test_user: ansibletest1
--- a/test/integration/roles/test_su/files/baz.txt
+++ b/test/integration/roles/test_su/files/baz.txt
@ -0,0 +1 @@
+testing tilde expansion with su
--- a/test/integration/roles/test_su/tasks/main.yml
+++ b/test/integration/roles/test_su/tasks/main.yml
@ -0,0 +1,75 @@
+- include_vars: default.yml
+
+- name: Create test user
+  su: True
+  user:
+    name: "{{ su_test_user }}"
+
+- name: test becoming user
+  shell: whoami
+  su: True
+  su_user: "{{ su_test_user }}"
+  register: results
+
+- assert:
+    that:
+      - "results.stdout == '{{ su_test_user }}'"
+
+- name: tilde expansion honors su in file
+  su: True
+  su_user: "{{ su_test_user }}"
+  file:
+    path: "~/foo.txt"
+    state: touch
+
+- name: check that the path in the user's home dir was created
+  stat:
+    path: "~{{ su_test_user }}/foo.txt"
+  register: results
+
+- assert:
+    that:
+      - "results.stat.exists == True"
+      - "results.stat.path|dirname|basename == '{{ su_test_user }}'"
+
+- name: tilde expansion honors su in template
+  su: True
+  su_user: "{{ su_test_user }}"
+  template:
+    src: "bar.j2"
+    dest: "~/bar.txt"
+
+- name: check that the path in the user's home dir was created
+  stat:
+    path: "~{{ su_test_user }}/bar.txt"
+  register: results
+
+- assert:
+    that:
+      - "results.stat.exists == True"
+      - "results.stat.path|dirname|basename == '{{ su_test_user }}'"
+
+- name: tilde expansion honors su in copy
+  su: True
+  su_user: "{{ su_test_user }}"
+  copy:
+    src: baz.txt
+    dest: "~/baz.txt"
+
+- name: check that the path in the user's home dir was created
+  stat:
+    path: "~{{ su_test_user }}/baz.txt"
+  register: results
+
+- assert:
+    that:
+      - "results.stat.exists == True"
+      - "results.stat.path|dirname|basename == '{{ su_test_user }}'"
+
+- name: Remove test user and their home dir
+  su: True
+  user:
+    name: "{{ su_test_user }}"
+    state: "absent"
+    remove: "yes"
+
--- a/test/integration/roles/test_su/templates/bar.j2
+++ b/test/integration/roles/test_su/templates/bar.j2
@ -0,0 +1 @@
+{{ su_test_user }}
--- a/test/integration/roles/test_su/vars/default.yml
+++ b/test/integration/roles/test_su/vars/default.yml
@ -0,0 +1 @@
+su_test_user: ansibletest1
--- a/test/integration/roles/test_sudo/tasks/main.yml
+++ b/test/integration/roles/test_sudo/tasks/main.yml
@ -1,9 +1,20 @@
 - include_vars: default.yml

 - name: Create test user
+  sudo: true
  user:
    name: "{{ sudo_test_user }}"

+- name: test becoming user
+  shell: whoami
+  sudo: True
+  sudo_user: "{{ sudo_test_user }}"
+  register: results
+
+- assert:
+    that:
+      - "results.stdout == '{{ sudo_test_user }}'"
+
 - name: tilde expansion honors sudo in file
  sudo: True
  sudo_user: "{{ sudo_test_user }}"
@ -56,6 +67,7 @@
      - "results.stat.path|dirname|basename == '{{ sudo_test_user }}'"

 - name: Remove test user and their home dir
+  sudo: true
  user:
    name: "{{ sudo_test_user }}"
    state: "absent"