ansible-test - Use sudo for all remotes. (#78310)

changelogs/fragments/ansible-test-remote-become.yml

@@ -0,0 +1,3 @@
+minor_changes:
+  - ansible-test - Alpine remotes now use ``sudo`` for tests, using ``doas`` only for bootstrapping.
+  - ansible-test - FreeBSD remotes now use ``sudo`` for tests, using ``su`` only for bootstrapping.

test/lib/ansible_test/_data/completion/remote.txt

@@ -1,11 +1,11 @@
-alpine/3.16 python=3.10 become=doas provider=aws arch=x86_64
-alpine become=doas provider=aws arch=x86_64
+alpine/3.16 python=3.10 become=doas_sudo provider=aws arch=x86_64
+alpine become=doas_sudo provider=aws arch=x86_64
 fedora/35 python=3.10 become=sudo provider=aws arch=x86_64
 fedora/36 python=3.10 become=sudo provider=aws arch=x86_64
 fedora become=sudo provider=aws arch=x86_64
-freebsd/12.3 python=3.8 python_dir=/usr/local/bin become=su provider=aws arch=x86_64
-freebsd/13.1 python=3.8,3.7,3.9,3.10 python_dir=/usr/local/bin become=su provider=aws arch=x86_64
-freebsd python_dir=/usr/local/bin become=su provider=aws arch=x86_64
+freebsd/12.3 python=3.8 python_dir=/usr/local/bin become=su_sudo provider=aws arch=x86_64
+freebsd/13.1 python=3.8,3.7,3.9,3.10 python_dir=/usr/local/bin become=su_sudo provider=aws arch=x86_64
+freebsd python_dir=/usr/local/bin become=su_sudo provider=aws arch=x86_64
 macos/12.0 python=3.10 python_dir=/usr/local/bin become=sudo provider=parallels arch=x86_64
 macos python_dir=/usr/local/bin become=sudo provider=parallels arch=x86_64
 rhel/7.9 python=2.7 become=sudo provider=aws arch=x86_64

test/lib/ansible_test/_internal/become.py

@@ -12,6 +12,11 @@ from .util import (
 
 class Become(metaclass=abc.ABCMeta):
     """Base class for become implementations."""
+    @classmethod
+    def name(cls):
+        """The name of this plugin."""
+        return cls.__name__.lower()
+
     @property
     @abc.abstractmethod
     def method(self):  # type: () -> str
@@ -41,6 +46,19 @@ class Doas(Become):
         return become
 
 
+class DoasSudo(Doas):
+    """Become using 'doas' in ansible-test and then after bootstrapping use 'sudo' for other ansible commands."""
+    @classmethod
+    def name(cls):
+        """The name of this plugin."""
+        return 'doas_sudo'
+
+    @property
+    def method(self):  # type: () -> str
+        """The name of the Ansible become plugin that is equivalent to this."""
+        return 'sudo'
+
+
 class Su(Become):
     """Become using 'su'."""
     @property
@@ -58,6 +76,19 @@ class Su(Become):
         return become
 
 
+class SuSudo(Su):
+    """Become using 'su' in ansible-test and then after bootstrapping use 'sudo' for other ansible commands."""
+    @classmethod
+    def name(cls):
+        """The name of this plugin."""
+        return 'su_sudo'
+
+    @property
+    def method(self):  # type: () -> str
+        """The name of the Ansible become plugin that is equivalent to this."""
+        return 'sudo'
+
+
 class Sudo(Become):
     """Become using 'sudo'."""
     @property
@@ -75,4 +106,4 @@ class Sudo(Become):
         return become
 
 
-SUPPORTED_BECOME_METHODS = {cls.__name__.lower(): cls for cls in get_subclasses(Become)}
+SUPPORTED_BECOME_METHODS = {cls.name(): cls for cls in get_subclasses(Become)}

test/lib/ansible_test/_util/target/setup/bootstrap.sh

@@ -90,6 +90,7 @@ bootstrap_remote_alpine()
         gcc
         python3-dev
         ${py_pkg_prefix}-pip
+        sudo
         "
 
     if [ "${controller}" ]; then
@@ -213,6 +214,9 @@ prefer-binary = yes
     mount -o acls "${fs_device}" "${fs_path}"
     awk 'BEGIN{FS=" "}; /'"${fs_device_escaped}"'/ {gsub(/^rw$/,"rw,acls", $4); print; next} // {print}' /etc/fstab > /etc/fstab.new
     mv /etc/fstab.new /etc/fstab
+
+    # enable sudo without a password for the wheel group, allowing ansible to use the sudo become plugin
+    echo '%wheel ALL=(ALL:ALL) NOPASSWD: ALL' > /usr/local/etc/sudoers.d/ansible-test
 }
 
 bootstrap_remote_macos()