Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
A
ansible
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
OpenEdx
ansible
Commits
d875699a
Commit
d875699a
authored
Sep 17, 2015
by
James Cammarata
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'apollo13-sudo_on_if_needed' into devel
parents
8532ddd5
ba82e574
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
73 additions
and
1 deletions
+73
-1
docsite/rst/intro_configuration.rst
+12
-0
lib/ansible/constants.py
+1
-0
lib/ansible/plugins/action/__init__.py
+3
-1
test/units/plugins/action/test_action.py
+57
-0
No files found.
docsite/rst/intro_configuration.rst
View file @
d875699a
...
...
@@ -699,6 +699,18 @@ Ask for privilege escalation password, the default is False::
become_ask_pass=True
.. _become_allow_same_user:
become_allow_same_user
======================
Most of the time, using *sudo* to run a command as the same user who is running
*sudo* itself is unnecessary overhead, so Ansible does not allow it. However,
depending on the *sudo* configuration, it may be necessary to run a command as
the same user through *sudo*, such as to switch SELinux contexts. For this
reason, you can set ``become_allow_same_user`` to ``True`` and disable this
optimization.
.. _paramiko_settings:
Paramiko Specific Settings
...
...
lib/ansible/constants.py
View file @
d875699a
...
...
@@ -173,6 +173,7 @@ DEFAULT_ASK_SUDO_PASS = get_config(p, DEFAULTS, 'ask_sudo_pass', 'ANSIBLE
# Become
BECOME_ERROR_STRINGS
=
{
'sudo'
:
'Sorry, try again.'
,
'su'
:
'Authentication failure'
,
'pbrun'
:
''
,
'pfexec'
:
''
,
'runas'
:
''
,
'doas'
:
'Permission denied'
}
#FIXME: deal with i18n
BECOME_METHODS
=
[
'sudo'
,
'su'
,
'pbrun'
,
'pfexec'
,
'runas'
,
'doas'
]
BECOME_ALLOW_SAME_USER
=
get_config
(
p
,
'privilege_escalation'
,
'become_allow_same_user'
,
'ANSIBLE_BECOME_ALLOW_SAME_USER'
,
False
,
boolean
=
True
)
DEFAULT_BECOME_METHOD
=
get_config
(
p
,
'privilege_escalation'
,
'become_method'
,
'ANSIBLE_BECOME_METHOD'
,
'sudo'
if
DEFAULT_SUDO
else
'su'
if
DEFAULT_SU
else
'sudo'
)
.
lower
()
DEFAULT_BECOME
=
get_config
(
p
,
'privilege_escalation'
,
'become'
,
'ANSIBLE_BECOME'
,
False
,
boolean
=
True
)
DEFAULT_BECOME_USER
=
get_config
(
p
,
'privilege_escalation'
,
'become_user'
,
'ANSIBLE_BECOME_USER'
,
'root'
)
...
...
lib/ansible/plugins/action/__init__.py
View file @
d875699a
...
...
@@ -453,7 +453,9 @@ class ActionBase:
self
.
_display
.
debug
(
"no command, exiting _low_level_execute_command()"
)
return
dict
(
stdout
=
''
,
stderr
=
''
)
if
sudoable
and
self
.
_play_context
.
become
:
allow_same_user
=
C
.
BECOME_ALLOW_SAME_USER
same_user
=
self
.
_play_context
.
become_user
==
self
.
_play_context
.
remote_user
if
sudoable
and
self
.
_play_context
.
become
and
(
allow_same_user
or
not
same_user
):
self
.
_display
.
debug
(
"using become for this command"
)
cmd
=
self
.
_play_context
.
make_become_cmd
(
cmd
,
executable
=
executable
)
...
...
test/units/plugins/action/test_action.py
0 → 100644
View file @
d875699a
# (c) 2015, Florian Apolloner <florian@apolloner.eu>
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# Make coding more python3-ish
from
__future__
import
(
absolute_import
,
division
,
print_function
)
__metaclass__
=
type
from
ansible
import
constants
as
C
from
ansible.compat.tests
import
unittest
from
ansible.compat.tests.mock
import
Mock
from
ansible.playbook.play_context
import
PlayContext
from
ansible.plugins.action
import
ActionBase
class
TestActionBase
(
unittest
.
TestCase
):
def
test_sudo_only_if_user_differs
(
self
):
play_context
=
PlayContext
()
action_base
=
ActionBase
(
None
,
None
,
play_context
,
None
,
None
,
None
)
action_base
.
_connection
=
Mock
(
exec_command
=
Mock
(
return_value
=
(
0
,
''
,
''
,
''
)))
play_context
.
become
=
True
play_context
.
become_user
=
play_context
.
remote_user
=
'root'
play_context
.
make_become_cmd
=
Mock
(
return_value
=
'CMD'
)
action_base
.
_low_level_execute_command
(
'ECHO'
,
'/tmp'
,
sudoable
=
True
)
play_context
.
make_become_cmd
.
assert_not_called
()
play_context
.
remote_user
=
'apo'
action_base
.
_low_level_execute_command
(
'ECHO'
,
'/tmp'
,
sudoable
=
True
)
play_context
.
make_become_cmd
.
assert_called_once_with
(
'ECHO'
,
executable
=
None
)
play_context
.
make_become_cmd
.
reset_mock
()
become_allow_same_user
=
C
.
BECOME_ALLOW_SAME_USER
C
.
BECOME_ALLOW_SAME_USER
=
True
try
:
play_context
.
remote_user
=
'root'
action_base
.
_low_level_execute_command
(
'ECHO SAME'
,
'/tmp'
,
sudoable
=
True
)
play_context
.
make_become_cmd
.
assert_called_once_with
(
'ECHO SAME'
,
executable
=
None
)
finally
:
C
.
BECOME_ALLOW_SAME_USER
=
become_allow_same_user
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment