From d85f4a443fb4e449b1b8c2750fd80f2949b1a8ac Mon Sep 17 00:00:00 2001 From: Matt Davis Date: Mon, 3 Apr 2017 13:46:51 -0700 Subject: [PATCH] mark runas become method experimental (#23235) Due to the number of "real world" caveats in the current runas become method, it was agreed that we'd warn that it's experimental on use. A potential future version based on LogonUser/CreateProcessAsUser will have very different requirements and limitations. --- CHANGELOG.md | 2 +- docs/docsite/rst/roadmap/ROADMAP_2_3.rst | 6 +++--- lib/ansible/playbook/play_context.py | 1 + 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fa24bd84c2d..1517c59df2e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -48,7 +48,7 @@ Ansible Changes By Release * Allow module_utils for custom modules to be placed in site-specific directories and shipped in roles * On platforms that support it, use more modern system polling API instead of select in the ssh connection plugin. This removes one limitation on how many parallel forks are feasible on these systems. -* Windows/WinRM supports become method "runas" to run modules and scripts as a different user, and to transparently access network resources. +* Windows/WinRM supports (experimental) become method "runas" to run modules and scripts as a different user, and to transparently access network resources. * The WinRM connection plugin now uses pipelining when executing modules, resulting in significantly faster execution for small tasks. * The WinRM connection plugin can now manage Kerberos tickets automatically when `ansible_winrm_transport=kerberos` and `ansible_user`/`ansible_password` are specified. * Refactored/standardized most Windows modules, adding check-mode and diff support where possible. diff --git a/docs/docsite/rst/roadmap/ROADMAP_2_3.rst b/docs/docsite/rst/roadmap/ROADMAP_2_3.rst index 541e8198cad..aaef550504c 100644 --- a/docs/docsite/rst/roadmap/ROADMAP_2_3.rst +++ b/docs/docsite/rst/roadmap/ROADMAP_2_3.rst @@ -39,11 +39,11 @@ Target: Mid April 2017 - **Windows platform** (nitzmahone) - Pipelining support **(done)** - - Become support **(done)** + - Become support **(done/experimental)** - Integrated kerberos ticket management (via ansible_user/ansible_password) **(done)** - Switch PS input encoding to BOM-less UTF8 **(done)** - - Server 2016 support/testing (now RTM’d) **(in progress)** - - Modularize Windows module_utils (allow N files) **(in progress)** + - Server 2016 support/testing (now RTM’d) **(partial)** + - Modularize Windows module_utils (allow N files) **(partial)** - Declarative argspec for PS / .NET **(bumped to 2.4)** - Kerberos encryption (via notting, pywinrm/requests_kerberos/pykerberos) **(in progress, available in pywinrm post 2.3 release)** - Fix plugin-specific connection var lookup/delegation (either registered explicitly by plugins or ansible_(plugin)_*) **(bumped to 2.4)** diff --git a/lib/ansible/playbook/play_context.py b/lib/ansible/playbook/play_context.py index abe0e89adb2..b5dcb03cfb0 100644 --- a/lib/ansible/playbook/play_context.py +++ b/lib/ansible/playbook/play_context.py @@ -552,6 +552,7 @@ class PlayContext(Base): elif self.become_method == 'runas': # become is handled inside the WinRM connection plugin + display.warning("The Windows 'runas' become method is experimental, and may change significantly in future Ansible releases.") becomecmd = cmd elif self.become_method == 'doas':