Deprecate AGNOSTIC_BECOME_PROMPT

Fixes: #81501

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

changelogs/fragments/become_prompt.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - become - deprecate AGNOSTIC_BECOME_PROMPT (https://github.com/ansible/ansible/issues/81501).

lib/ansible/cli/__init__.py

@@ -324,7 +324,16 @@ class CLI(ABC):
         becomepass = None
         become_prompt = ''
 
-        become_prompt_method = "BECOME" if C.AGNOSTIC_BECOME_PROMPT else op['become_method'].upper()
+        if C.AGNOSTIC_BECOME_PROMPT:
+            become_prompt_method = "BECOME"
+        else:
+            display.deprecated(
+                'The setting AGNOSTIC_BECOME_PROMPT to False is deprecated and no longer used. '
+                'Ensure that you have configured any interactive script to accept "BECOME" '
+                'to identify become password prompt.',
+                version='2.22'
+            )
+            become_prompt_method = op['become_method'].upper()
 
         try:
             become_prompt = "%s password: " % become_prompt_method

lib/ansible/config/base.yml

@@ -153,12 +153,18 @@ AGNOSTIC_BECOME_PROMPT:
   name: Display an agnostic become prompt
   default: True
   type: boolean
-  description: Display an agnostic become prompt instead of displaying a prompt containing the command line supplied become method.
+  description:
+    - If set to True, any become password prompt will begin with "BECOME" instead of user provided become_method in uppercase.
+    - This allows a simplified and become method agnostic way of identifying the need for entering the password.
   env: [{name: ANSIBLE_AGNOSTIC_BECOME_PROMPT}]
   ini:
     - {key: agnostic_become_prompt, section: privilege_escalation}
   yaml: {key: privilege_escalation.agnostic_become_prompt}
   version_added: "2.5"
+  deprecated:
+    why: The value "BECOME" at the start of the become password prompt is default now.
+    version: "2.22"
+    alternatives: Modify any user scripts to identify "BECOME" as become password prompt for interaction.
 CACHE_PLUGIN:
   name: Persistent Cache plugin
   default: memory

test/integration/targets/become_prompt/aliases

@@ -0,0 +1,6 @@
+destructive
+needs/root
+needs/ssh
+needs/target/setup_pexpect
+shippable/posix/group5
+context/controller

test/integration/targets/become_prompt/runme.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+set -eux
+
+ANSIBLE_ROLES_PATH=../ ansible-playbook setup.yml

test/integration/targets/become_prompt/setup.yml

@@ -0,0 +1,42 @@
+- hosts: localhost
+  gather_facts: yes
+  roles:
+    - setup_pexpect
+
+  tasks:
+    - name: Test ansible-playbook with AGNOSTIC_BECOME_PROMPT=False
+      block:
+        - name: Create user to connect as
+          user:
+            name: cliuser1
+            shell: /bin/bash
+            groups: wheel
+            append: yes
+            password: "{{ 'secretpassword' | password_hash('sha512', 'mysecretsalt') }}"
+        - name: Create user to become
+          user:
+            name: cliuser2
+            shell: /bin/bash
+            password: "{{ 'secretpassword' | password_hash('sha512', 'mysecretsalt') }}"
+        # Sometimes this file doesn't get removed, and we need it gone to ssh
+        - name: Remove /run/nologin
+          file:
+            path: /run/nologin
+            state: absent
+        # Make Ansible run Python to run Ansible
+        - name: Run the test
+          shell: python test-become-prompt.py {{ ansible_python_interpreter }}
+      always:
+        - name: Remove users
+          user:
+            name: "{{ item }}"
+            state: absent
+          with_items:
+            - cliuser1
+            - cliuser2
+      # For now, we don't test this everywhere, because `user` works differently
+      # on some platforms, as does sudo/sudoers. On Fedora, we can just add
+      # the user to 'wheel' and things magically work.
+      # TODO: In theory, we should test this with all the different 'become'
+      # plugins in base.
+      when: ansible_distribution == 'Fedora'

test/integration/targets/become_prompt/test-become-prompt.py

@@ -0,0 +1,28 @@
+#!/usr/bin/env python
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import annotations
+
+import os
+import sys
+
+import pexpect
+
+
+os.environ['ANSIBLE_AGNOSTIC_BECOME_PROMPT'] = 'False'
+
+out = pexpect.run(
+    'ansible -c ssh -i localhost, -u cliuser1 -e ansible_python_interpreter={0} '
+    '-m command -a whoami -Kkb --become-user cliuser2 localhost'.format(sys.argv[1]),
+    events={
+        'SSH password:': 'secretpassword\n',
+        'SUDO password': 'secretpassword\n',
+    },
+    timeout=10
+)
+
+print(out)
+
+assert b'The setting AGNOSTIC_BECOME_PROMPT to False' in out
+
+