mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-24 05:40:23 -07:00
add privileged role validation for nxos become (#50312)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
This commit is contained in:
parent
71113ee291
commit
97621852db
1 changed files with 16 additions and 0 deletions
|
@ -64,6 +64,9 @@ class TerminalModule(TerminalBase):
|
||||||
if '15' in out:
|
if '15' in out:
|
||||||
return
|
return
|
||||||
|
|
||||||
|
if self.validate_user_role():
|
||||||
|
return
|
||||||
|
|
||||||
cmd = {u'command': u'enable'}
|
cmd = {u'command': u'enable'}
|
||||||
if passwd:
|
if passwd:
|
||||||
cmd[u'prompt'] = to_text(r"(?i)[\r\n]?Password: $", errors='surrogate_or_strict')
|
cmd[u'prompt'] = to_text(r"(?i)[\r\n]?Password: $", errors='surrogate_or_strict')
|
||||||
|
@ -98,3 +101,16 @@ class TerminalModule(TerminalBase):
|
||||||
self._exec_cli_command(cmd)
|
self._exec_cli_command(cmd)
|
||||||
except AnsibleConnectionFailure:
|
except AnsibleConnectionFailure:
|
||||||
raise AnsibleConnectionFailure('unable to set terminal parameters')
|
raise AnsibleConnectionFailure('unable to set terminal parameters')
|
||||||
|
|
||||||
|
def validate_user_role(self):
|
||||||
|
user = self._connection._play_context.remote_user
|
||||||
|
|
||||||
|
out = self._exec_cli_command('show user-account %s' % user)
|
||||||
|
out = to_text(out, errors='surrogate_then_replace').strip()
|
||||||
|
|
||||||
|
match = re.search(r'roles:(.+)$', out, re.M)
|
||||||
|
if match:
|
||||||
|
roles = match.group(1).split()
|
||||||
|
if 'network-admin' in roles:
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue