From 01d1bd61e79076bd18ca4aaecb4b95254f00ed26 Mon Sep 17 00:00:00 2001 From: Paul Durivage Date: Tue, 21 Jan 2014 14:20:33 -0600 Subject: [PATCH] Disallow su and sudo params in same play/task --- lib/ansible/playbook/play.py | 5 +++++ lib/ansible/playbook/task.py | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/lib/ansible/playbook/play.py b/lib/ansible/playbook/play.py index a1651f5f3cc..eb4ecc2c6d4 100644 --- a/lib/ansible/playbook/play.py +++ b/lib/ansible/playbook/play.py @@ -125,6 +125,11 @@ class Play(object): self.su = ds.get('su', self.playbook.su) self.su_user = ds.get('su_user', self.playbook.su_user) + # Fail out if user specifies a sudo param with a su param in a given play + if (ds.get('sudo') or ds.get('sudo_user')) and (ds.get('su') or ds.get('su_user')): + raise errors.AnsibleError('sudo params ("sudo", "sudo_user") and su params ' + '("su", "su_user") cannot be used together') + load_vars = {} load_vars['playbook_dir'] = self.basedir if self.playbook.inventory.basedir() is not None: diff --git a/lib/ansible/playbook/task.py b/lib/ansible/playbook/task.py index 0350ca2ac21..a048b11f1d3 100644 --- a/lib/ansible/playbook/task.py +++ b/lib/ansible/playbook/task.py @@ -157,6 +157,13 @@ class Task(object): self.su_user = ds.get('su_user', play.su_user) self.su_pass = ds.get('su_pass', play.playbook.su_pass) + # Fail out if user specifies a sudo param with a su param in a given play + if (ds.get('sudo') or ds.get('sudo_user') or ds.get('sudo_pass')) and \ + (ds.get('su') or ds.get('su_user') or ds.get('su_pass')): + raise errors.AnsibleError('sudo params ("sudo", "sudo_user", "sudo_pass") ' + 'and su params "su", "su_user", "su_pass") ' + 'cannot be used together') + # Both are defined if ('action' in ds) and ('local_action' in ds): raise errors.AnsibleError("the 'action' and 'local_action' attributes can not be used together")